Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

LipeZO

[Resolvido] Não consigo instalar nada no PC!

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

LipeZO    0

LipeZO
Postado

Boa noite aos que ajudarem, e aos demais.

 

Vamos la, montei um novo pc para jogar, porem estou com problemas. Não consigo instalar mais nada no pc, ja tentei de tudo e até agora nada, e não queria formatar o pc agora pois perderei muitas coisas. Não tenho como fazer um backup ainda. Alguem pode me ajudar?

 

Acho que é isso né?

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:27, on 23/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Users\Panje\AppData\Roaming\Curse Client\Bin\Curse.exe
C:\Program Files (x86)\Diebold\Warsaw\core.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files (x86)\Diebold\Warsaw\core.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [LightShot] C:\Users\Panje\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
O4 - Startup: Curse.lnk = Panje\AppData\Roaming\Curse Client\Bin\Curse.exe
O4 - Global Startup: NETGEAR WNDA3100v2 Genie.lnk = ?
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files (x86)\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
--
End of file - 10170 bytes

 

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! LipeZO

 

> Baixe: < FRST_Logo.jpg> ( ... by Farbar )

 

> Para sistemas 32 bit!

> Baixe: < Farbar Recovery Scan Tool 64-Bit> (64 bit)

> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

 

FRST_Addition_Scan_zpsa9fe21c8.jpg

 

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Poste o relatório! (FRST.txt+Addition.txt)
> Ps: O relatório "Addition.txt" estará disponibilizado na execução da ferramenta.

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

LipeZO    0

LipeZO
Postado

Segue o FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Panje (administrator) on PANJE-PC on 24-10-2014 22:53:58
Running from C:\Users\Panje\Downloads
Loaded Profile: Panje (Available profiles: Panje)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Windows\DAODx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1261712 2014-04-30] (Highresolution Enterprises)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [uTorrent] => C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-24] (BitTorrent Inc.)
HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [LightShot] => C:\Users\Panje\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Panje\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 187.122.127.58 187.122.127.34
FireFox:
========
FF ProfilePath: C:\Users\Panje\AppData\Roaming\Mozilla\Firefox\Profiles\kx51i4pf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Panje\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: gastecnologia.com.br/sf/uni -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Bloqueador de sites perigosos - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Teclado Virtual - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-11]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (panda dumpling) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\caaclfkfmcnlppkambfehbfhlekhpenf [2014-08-12]
CHR Extension: (Proteção Kaspersky) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-11]
CHR Extension: (AdBlock) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-12]
CHR Extension: (Twitch Live) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-08-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-08-16]
CHR Extension: (São Paulo FC News) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfljmhgodnmcoeddiiaefkegoindhnj [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Gmail) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [527928 2014-05-05] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-17] (Echobit, LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-08-11] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 22:53 - 2014-10-24 22:54 - 00020928 _____ () C:\Users\Panje\Downloads\FRST.txt
2014-10-24 22:53 - 2014-10-24 22:53 - 02112000 _____ (Farbar) C:\Users\Panje\Downloads\FRST64.exe
2014-10-24 22:53 - 2014-10-24 22:53 - 00000000 ____D () C:\FRST
2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log
2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi
2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk
2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt
2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log
2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log
2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip
2014-10-22 22:25 - 2014-10-22 22:25 - 00000222 _____ () C:\Users\Panje\Desktop\F.E.A.R. Online.url
2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-22 22:10 - 2014-10-22 22:11 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222210349045
2014-10-22 21:26 - 2014-10-22 21:26 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125429423
2014-10-22 21:25 - 2014-10-22 21:25 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125219123
2014-10-22 20:51 - 2014-10-23 19:13 - 00000000 ____D () C:\Users\Panje\Downloads\[R.G. Mechanics] Sleeping Dogs - Definitive Edition
2014-10-22 20:49 - 2014-10-22 20:49 - 00039057 _____ () C:\Users\Panje\Downloads\Sleeping Dogs DEF. ED + DLC'S - By StiffGamerHD.torrent
2014-10-21 23:12 - 2014-10-21 23:12 - 00000000 ____D () C:\Users\Panje\Documents\Vindictus
2014-10-21 23:07 - 2014-10-21 23:07 - 00001987 _____ () C:\Users\Panje\Documents\Recommended Software.lnk
2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper
2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Time Stopper
2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-10-21 23:04 - 2014-10-21 23:05 - 17919572 _____ () C:\Users\Panje\Downloads\pz_setup_2.0.1.zip
2014-10-21 23:03 - 2014-10-21 23:04 - 00960031 _____ () C:\Users\Panje\Downloads\time stopper.zip
2014-10-21 23:01 - 2014-10-22 19:13 - 00000000 ____D () C:\Nexon
2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\Users\Todos os Usuários\NexonUS
2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\ProgramData\NexonUS
2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log
2014-10-21 22:00 - 2014-10-21 22:00 - 02500904 _____ () C:\Users\Panje\Downloads\Vindictus_Downloader.exe
2014-10-21 21:57 - 2014-10-22 19:14 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-10-21 21:56 - 2014-10-21 21:57 - 10117512 _____ () C:\Users\Panje\Downloads\NexonLauncherSetup.exe
2014-10-21 21:30 - 2014-10-21 21:30 - 02450636 _____ () C:\Users\Panje\Downloads\resource.rar
2014-10-21 21:30 - 2014-10-21 21:30 - 00584422 _____ () C:\Users\Panje\Downloads\Launcher_Images.rar
2014-10-18 22:13 - 2014-10-18 22:13 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Panje\Downloads\Shockwave_Installer_Slim.exe
2014-10-18 22:13 - 2014-10-18 22:13 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Unity
2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Local\Unity
2014-10-18 22:07 - 2014-10-18 22:07 - 01080416 _____ (Unity Technologies ApS) C:\Users\Panje\Downloads\UnityWebPlayer.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-09 23:57 - 2014-10-09 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5853747A.sys
2014-10-08 14:37 - 2014-10-08 14:37 - 00000000 ____D () C:\Users\Panje\Desktop\Chameleon
2014-10-05 03:22 - 2014-10-06 21:33 - 00000000 ____D () C:\Users\Panje\Documents\dragoon
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Panje\AppData\Local\SCE
2014-10-05 01:58 - 2014-10-05 01:59 - 20319368 _____ () C:\Users\Panje\Downloads\DPT_setup.exe
2014-10-04 23:31 - 2014-10-04 23:31 - 27870824 _____ (Riot Games) C:\Users\Panje\Downloads\LeagueofLegends_BR_Installer_9_15_2014.exe
2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install.exe
2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install (1).exe
2014-10-04 02:10 - 2014-10-04 02:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\78A047BA.sys
2014-10-04 00:58 - 2014-10-04 00:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0D54124A.sys
2014-10-02 00:16 - 2014-10-02 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\778F5AFC.sys
2014-09-29 22:35 - 2014-09-29 22:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37987A55.sys
2014-09-29 00:19 - 2014-09-29 00:19 - 00001943 _____ () C:\Users\Panje\Desktop\Strife.lnk
2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\Documents\Strife
2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-29 00:16 - 2014-10-23 21:10 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-27 15:37 - 2014-10-24 21:55 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 15:37 - 2014-10-22 23:06 - 00000000 ____D () C:\Users\Panje\AppData\Local\Adobe
2014-09-27 15:37 - 2014-09-27 15:37 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 22:27 - 2014-09-24 22:53 - 00000000 ____D () C:\Users\Panje\Downloads\FIFA 15-ULTIMATE TEAM EDITION-FULL UNLOCKED-SG
2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-24 21:01 - 2014-09-24 21:01 - 13087456 _____ (Microsoft Corporation) C:\Users\Panje\Downloads\Silverlight_x64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 22:51 - 2014-08-10 23:56 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\TS3Client
2014-10-24 22:50 - 2014-08-10 23:12 - 02004881 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 22:28 - 2014-08-11 01:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 21:55 - 2014-08-11 20:43 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-10-24 19:11 - 2014-08-16 00:40 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\uTorrent
2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 18:59 - 2009-07-29 14:08 - 00703370 _____ () C:\Windows\system32\prfh0416.dat
2014-10-24 18:59 - 2009-07-29 14:08 - 00146156 _____ () C:\Windows\system32\prfc0416.dat
2014-10-24 18:59 - 2009-07-14 03:13 - 01628224 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab
2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-24 18:53 - 2014-08-11 20:43 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-24 18:53 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 21:04 - 2014-08-10 23:14 - 00000000 ____D () C:\Users\Panje\AppData\Local\VirtualStore
2014-10-23 20:01 - 2014-08-11 22:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox
2014-10-23 19:56 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\ProgramData\Temp
2014-10-19 22:50 - 2014-08-11 20:43 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 22:50 - 2014-08-11 20:43 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 17:53 - 2014-08-10 23:16 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 14:23 - 2014-08-11 00:37 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-10-16 20:34 - 2014-08-20 21:15 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Curse Client
2014-10-15 20:44 - 2014-08-11 01:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-10-10 00:18 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Local\Battle.net
2014-10-08 22:10 - 2014-08-11 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 00:38 - 2014-09-08 22:15 - 00000000 ____D () C:\Users\Panje\Desktop\SSSSSSS
2014-10-04 04:42 - 2014-08-11 20:51 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-10-04 04:42 - 2014-08-11 20:51 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-10-04 04:41 - 2014-08-11 20:51 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-10-04 04:41 - 2014-08-11 20:51 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-10-01 12:11 - 2014-08-11 01:12 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 12:11 - 2014-08-11 01:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 12:11 - 2014-08-11 01:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-29 00:31 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\NVIDIA
2014-09-27 15:37 - 2014-08-17 17:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-27 15:37 - 2014-08-17 17:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 20:07 - 2014-09-09 20:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-18 17:56
==================== End Of Log ============================Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by Panje (administrator) on PANJE-PC on 24-10-2014 22:53:58
Running from C:\Users\Panje\Downloads
Loaded Profile: Panje (Available profiles: Panje)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Windows\DAODx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(GAS Tecnologia LTDA) C:\Program Files (x86)\Diebold\Warsaw\core.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1261712 2014-04-30] (Highresolution Enterprises)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Diebold - Warsaw] => C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [uTorrent] => C:\Users\Panje\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-24] (BitTorrent Inc.)
HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Run: [LightShot] => C:\Users\Panje\AppData\Local\Skillbrains\lightshot\Lightshot.exe [226560 2014-07-01] ()
HKU\S-1-5-21-3850311949-3553885960-1088866172-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Panje\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1586744 2014-05-05] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 187.122.127.58 187.122.127.34
FireFox:
========
FF ProfilePath: C:\Users\Panje\AppData\Roaming\Mozilla\Firefox\Profiles\kx51i4pf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Panje\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: gastecnologia.com.br/sf/uni -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Bloqueador de sites perigosos - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Teclado Virtual - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-11]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-11]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: Guardião - Itaú 30 horas - C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-08-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (panda dumpling) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\caaclfkfmcnlppkambfehbfhlekhpenf [2014-08-12]
CHR Extension: (Proteção Kaspersky) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-11]
CHR Extension: (AdBlock) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-12]
CHR Extension: (Twitch Live) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-08-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-08-16]
CHR Extension: (São Paulo FC News) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfljmhgodnmcoeddiiaefkegoindhnj [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Gmail) - C:\Users\Panje\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [527928 2014-05-05] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
R2 Warsaw Technology; C:\Program Files (x86)\Diebold\Warsaw\core.exe [518968 2014-07-12] (GAS Tecnologia LTDA)
S2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [303360 2011-12-14] ()
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-08-17] (Echobit, LLC)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [140352 2014-08-11] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [792128 2014-08-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 22:53 - 2014-10-24 22:54 - 00020928 _____ () C:\Users\Panje\Downloads\FRST.txt
2014-10-24 22:53 - 2014-10-24 22:53 - 02112000 _____ (Farbar) C:\Users\Panje\Downloads\FRST64.exe
2014-10-24 22:53 - 2014-10-24 22:53 - 00000000 ____D () C:\FRST
2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log
2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi
2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk
2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt
2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log
2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log
2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip
2014-10-22 22:25 - 2014-10-22 22:25 - 00000222 _____ () C:\Users\Panje\Desktop\F.E.A.R. Online.url
2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe
2014-10-22 22:12 - 2014-10-22 22:12 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-22 22:10 - 2014-10-22 22:11 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222210349045
2014-10-22 21:26 - 2014-10-22 21:26 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125429423
2014-10-22 21:25 - 2014-10-22 21:25 - 00001109 _____ () C:\Users\Panje\Downloads\Vestibular Fatec - Boleto - 201410222125219123
2014-10-22 20:51 - 2014-10-23 19:13 - 00000000 ____D () C:\Users\Panje\Downloads\[R.G. Mechanics] Sleeping Dogs - Definitive Edition
2014-10-22 20:49 - 2014-10-22 20:49 - 00039057 _____ () C:\Users\Panje\Downloads\Sleeping Dogs DEF. ED + DLC'S - By StiffGamerHD.torrent
2014-10-21 23:12 - 2014-10-21 23:12 - 00000000 ____D () C:\Users\Panje\Documents\Vindictus
2014-10-21 23:07 - 2014-10-21 23:07 - 00001987 _____ () C:\Users\Panje\Documents\Recommended Software.lnk
2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Time Stopper
2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\Time Stopper
2014-10-21 23:07 - 2014-10-21 23:07 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-10-21 23:04 - 2014-10-21 23:05 - 17919572 _____ () C:\Users\Panje\Downloads\pz_setup_2.0.1.zip
2014-10-21 23:03 - 2014-10-21 23:04 - 00960031 _____ () C:\Users\Panje\Downloads\time stopper.zip
2014-10-21 23:01 - 2014-10-22 19:13 - 00000000 ____D () C:\Nexon
2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\Users\Todos os Usuários\NexonUS
2014-10-21 22:59 - 2014-10-22 19:14 - 00000000 ____D () C:\ProgramData\NexonUS
2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log
2014-10-21 22:00 - 2014-10-21 22:00 - 02500904 _____ () C:\Users\Panje\Downloads\Vindictus_Downloader.exe
2014-10-21 21:57 - 2014-10-22 19:14 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-10-21 21:56 - 2014-10-21 21:57 - 10117512 _____ () C:\Users\Panje\Downloads\NexonLauncherSetup.exe
2014-10-21 21:30 - 2014-10-21 21:30 - 02450636 _____ () C:\Users\Panje\Downloads\resource.rar
2014-10-21 21:30 - 2014-10-21 21:30 - 00584422 _____ () C:\Users\Panje\Downloads\Launcher_Images.rar
2014-10-18 22:13 - 2014-10-18 22:13 - 04991400 _____ (Adobe Systems Inc.) C:\Users\Panje\Downloads\Shockwave_Installer_Slim.exe
2014-10-18 22:13 - 2014-10-18 22:13 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Unity
2014-10-18 22:08 - 2014-10-18 22:08 - 00000000 ____D () C:\Users\Panje\AppData\Local\Unity
2014-10-18 22:07 - 2014-10-18 22:07 - 01080416 _____ (Unity Technologies ApS) C:\Users\Panje\Downloads\UnityWebPlayer.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-15 20:33 - 2014-10-15 20:33 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-15 20:33 - 2014-10-15 20:33 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-09 23:57 - 2014-10-09 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5853747A.sys
2014-10-08 14:37 - 2014-10-08 14:37 - 00000000 ____D () C:\Users\Panje\Desktop\Chameleon
2014-10-05 03:22 - 2014-10-06 21:33 - 00000000 ____D () C:\Users\Panje\Documents\dragoon
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Public\Sony Online Entertainment
2014-10-05 02:00 - 2014-10-05 02:00 - 00000000 ____D () C:\Users\Panje\AppData\Local\SCE
2014-10-05 01:58 - 2014-10-05 01:59 - 20319368 _____ () C:\Users\Panje\Downloads\DPT_setup.exe
2014-10-04 23:31 - 2014-10-04 23:31 - 27870824 _____ (Riot Games) C:\Users\Panje\Downloads\LeagueofLegends_BR_Installer_9_15_2014.exe
2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install.exe
2014-10-04 02:46 - 2014-10-04 02:46 - 00230400 _____ () C:\Users\Panje\Downloads\flashplayer_install (1).exe
2014-10-04 02:10 - 2014-10-04 02:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\78A047BA.sys
2014-10-04 00:58 - 2014-10-04 00:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0D54124A.sys
2014-10-02 00:16 - 2014-10-02 00:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\778F5AFC.sys
2014-09-29 22:35 - 2014-09-29 22:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\37987A55.sys
2014-09-29 00:19 - 2014-09-29 00:19 - 00001943 _____ () C:\Users\Panje\Desktop\Strife.lnk
2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\Documents\Strife
2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-29 00:19 - 2014-09-29 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strife
2014-09-29 00:16 - 2014-10-23 21:10 - 00000000 ____D () C:\Program Files (x86)\Strife
2014-09-27 15:37 - 2014-10-24 21:55 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-27 15:37 - 2014-10-22 23:06 - 00000000 ____D () C:\Users\Panje\AppData\Local\Adobe
2014-09-27 15:37 - 2014-09-27 15:37 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 22:27 - 2014-09-24 22:53 - 00000000 ____D () C:\Users\Panje\Downloads\FIFA 15-ULTIMATE TEAM EDITION-FULL UNLOCKED-SG
2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-24 21:02 - 2014-09-24 21:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-24 21:01 - 2014-09-24 21:01 - 13087456 _____ (Microsoft Corporation) C:\Users\Panje\Downloads\Silverlight_x64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 22:51 - 2014-08-10 23:56 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\TS3Client
2014-10-24 22:50 - 2014-08-10 23:12 - 02004881 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 22:28 - 2014-08-11 01:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 21:55 - 2014-08-11 20:43 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\Users\Todos os Usuários\GAS Tecnologia
2014-10-24 19:12 - 2014-08-16 23:22 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-10-24 19:11 - 2014-08-16 00:40 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\uTorrent
2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:01 - 2009-07-14 02:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 18:59 - 2009-07-29 14:08 - 00703370 _____ () C:\Windows\system32\prfh0416.dat
2014-10-24 18:59 - 2009-07-29 14:08 - 00146156 _____ () C:\Windows\system32\prfc0416.dat
2014-10-24 18:59 - 2009-07-14 03:13 - 01628224 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab
2014-10-24 18:54 - 2014-08-11 01:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-24 18:53 - 2014-08-11 20:43 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-10-24 18:53 - 2014-08-10 23:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-24 18:53 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 21:04 - 2014-08-10 23:14 - 00000000 ____D () C:\Users\Panje\AppData\Local\VirtualStore
2014-10-23 20:01 - 2014-08-11 22:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox
2014-10-23 19:56 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\Users\Todos os Usuários\Temp
2014-10-23 19:53 - 2014-08-16 23:21 - 00000000 ____D () C:\ProgramData\Temp
2014-10-19 22:50 - 2014-08-11 20:43 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 22:50 - 2014-08-11 20:43 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-19 17:53 - 2014-08-10 23:16 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-18 14:23 - 2014-08-11 00:37 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-10-16 20:34 - 2014-08-20 21:15 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Curse Client
2014-10-15 20:44 - 2014-08-11 01:12 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-15 20:44 - 2014-08-11 01:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2014-10-15 20:34 - 2014-08-25 22:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2014-10-13 21:18 - 2014-09-22 00:59 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-10-10 00:18 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Local\Battle.net
2014-10-08 22:10 - 2014-08-11 20:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-10-06 00:38 - 2014-09-08 22:15 - 00000000 ____D () C:\Users\Panje\Desktop\SSSSSSS
2014-10-04 04:42 - 2014-08-11 20:51 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-10-04 04:42 - 2014-08-11 20:51 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-10-04 04:41 - 2014-08-11 20:51 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-10-04 04:41 - 2014-08-11 20:51 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-10-01 12:11 - 2014-08-11 01:12 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 12:11 - 2014-08-11 01:12 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 12:11 - 2014-08-11 01:12 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-29 00:31 - 2014-08-11 20:50 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\NVIDIA
2014-09-27 15:37 - 2014-08-17 17:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-27 15:37 - 2014-08-17 17:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 20:07 - 2014-09-09 20:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-18 17:56
==================== End Of Log ============================
Segue Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by Panje at 2014-10-24 22:54:30
Running from C:\Users\Panje\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Out of date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0215.456.8750 - Nome de sua empresa:) Hidden
AMD Catalyst Install Manager (HKLM\...\{3096080B-BFA4-F2E5-0E2B-D289933054C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2014.0215.456.8750 - Nome de sua empresa:) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Atualizações da NVIDIA 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
Auslogics BoostSpeed (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 6.5.6.0 - Auslogics Labs Pty Ltd)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0215.456.8750 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0215.456.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0215.0455.8750 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0215.456.8750 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DriverEasy 4.7.4 (HKLM\...\DriverEasy_is1) (Version: 4.7.4.0 - Easeware)
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version: - InPlay Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Guardião - Itaú 30 horas (HKLM-x32\...\{70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1) (Version: 3.8.0.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lightshot-5.1.4.6 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.6 - Skillbrains)
Malwarebytes Anti-Malware versão 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (HKLM\...\Microsoft .NET Framework 4 Client Profile FRA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
My Program version 1.5 (HKLM-x32\...\My Program_is1) (Version: 1.5 - )
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA Driver de áudio HD 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Driver de gráficos 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 16.13.56 (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Software do sistema PhysX 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.56 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
Painel de controle da NVIDIA 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Strife (HKLM-x32\...\Strife) (Version: - S2 Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Time Stopper (HKLM-x32\...\Time Stopper3.00) (Version: 3.00 - DilSoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
Warsaw 1.3.1 (HKLM-x32\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.3.1 - GAS Tecnologia)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
X-Mouse Button Control 2.7 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.7 - Highresolution Enterprises)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3850311949-3553885960-1088866172-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-3850311949-3553885960-1088866172-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\Panje\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll (GAS Tecnologia)
==================== Restore Points =========================
23-10-2014 01:04:44 Instalado Microsoft Visual C++ 2005 Redistributable
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 00:34 - 2014-10-23 19:56 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3FE40270-A5D8-4164-B997-4B27DCFDE1BA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4DA2C2DF-FCA0-491D-AFAC-07F2A489C557} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2014-08-04] (Easeware)
Task: {5FF224F9-D97C-4022-A151-98E0DFBA88A3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {821644E3-781A-4CB5-8CB1-65E6D6D25720} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {9393BB02-DBBC-49D3-AE56-C3389ABFC30D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.)
Task: {A309160D-99FB-4D6E-9A5B-67BFC22920A8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {B7FB2A11-AE96-46BA-B3B0-5574170CC4C7} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {C36D7F8E-CEFF-4364-8DF9-1B1F3875EA85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-08-10 23:28 - 2014-09-13 19:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-15 05:59 - 2014-02-15 05:59 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-11-04 16:03 - 2013-11-04 16:03 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-11-04 16:03 - 2013-11-04 16:03 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2009-03-30 04:32 - 2009-03-30 04:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-08-10 23:34 - 2011-12-14 18:55 - 08453376 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-02-28 07:14 - 2014-02-28 07:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 12:51 - 2014-02-27 12:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 12:51 - 2014-02-27 12:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 11:43 - 2014-08-04 11:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 11:43 - 2014-08-04 11:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 12:51 - 2014-02-27 12:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 12:51 - 2014-02-27 12:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 11:46 - 2014-08-04 11:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 11:46 - 2014-08-04 11:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 12:51 - 2014-02-27 12:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-08-10 23:34 - 2011-12-14 11:43 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2014-10-19 17:53 - 2014-10-10 00:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-19 17:53 - 2014-10-10 00:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-19 17:53 - 2014-10-10 00:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-19 17:53 - 2014-10-10 00:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-19 17:53 - 2014-10-10 00:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\System32:BFC9D1AB_Uni.gbp
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrador (S-1-5-21-3850311949-3553885960-1088866172-500 - Administrator - Disabled)
Convidado (S-1-5-21-3850311949-3553885960-1088866172-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3850311949-3553885960-1088866172-1003 - Limited - Enabled)
Panje (S-1-5-21-3850311949-3553885960-1088866172-1000 - Administrator - Enabled) => C:\Users\Panje
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/24/2014 10:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: nvtray.exe, versão: 7.17.13.4411, carimbo de hora: 0x5414b512
Nome do módulo de falhas: NvGFTrayPlugin.dll, versão: 16.13.56.0, carimbo de hora: 0x542f944c
Código de exceção: 0xc0000409
Deslocamento com falha: 0x0000000000232690
Identificação do processo com falha: 0xb14
Hora de início do aplicativo com falha: 0xnvtray.exe0
Caminho do aplicativo com falha: nvtray.exe1
FCaminho do módulo de falhas: nvtray.exe2
Identificação do Relatório: nvtray.exe3
Error: (10/23/2014 09:01:35 PM) (Source: MsiInstaller) (EventID: 11704) (User: Panje-PC)
Description: Product: HiJackThis -- Error 1704. An installation for Microsoft Visual C++ 2005 Redistributable is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (10/23/2014 08:36:01 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}
Error: (10/23/2014 07:27:35 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}
Error: (10/22/2014 11:10:17 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}
Error: (10/22/2014 10:17:44 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Adobe Reader XI - Português -- Erro 1935. An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0-D845BA35C93D}. HRESULT: 0x800736FD. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.VC90.CRT,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"
Error: (10/21/2014 10:53:20 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}
Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
System errors:
=============
Error: (10/24/2014 08:41:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o erro:
%%126
Error: (10/24/2014 08:40:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o erro:
%%126
Error: (10/24/2014 06:57:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (10/24/2014 06:57:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o erro:
%%126
Error: (10/23/2014 11:19:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (10/23/2014 11:18:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o erro:
%%126
Error: (10/23/2014 08:52:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: O serviço Windows Update não foi desligado corretamente após receber um controle de pré-desligamento.
Error: (10/23/2014 08:52:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o erro:
%%126
Error: (10/23/2014 08:52:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o erro:
%%126
Error: (10/23/2014 08:51:36 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Instalador de Módulos do Windows terminou com o erro:
%%126
Microsoft Office Sessions:
=========================
Error: (10/24/2014 10:50:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.44115414b512NvGFTrayPlugin.dll16.13.56.0542f944cc00004090000000000232690b1401cfefcc99cd78b9C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\Update Core\NvGFTrayPlugin.dlleb3753ea-5be0-11e4-8ef8-e03f49a48bd9
Error: (10/23/2014 09:01:35 PM) (Source: MsiInstaller) (EventID: 11704) (User: Panje-PC)
Description: Product: HiJackThis -- Error 1704. An installation for Microsoft Visual C++ 2005 Redistributable is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/23/2014 08:36:01 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/23/2014 07:27:35 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/22/2014 11:10:17 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/22/2014 10:17:44 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Adobe Reader XI - Português -- Erro 1935. An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0-D845BA35C93D}. HRESULT: 0x800736FD. assembly interface: IAssemblyCacheItem, function: Commit, assembly name: Microsoft.VC90.CRT,version="9.0.21022.8",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/21/2014 10:53:20 PM) (Source: MsiInstaller) (EventID: 11935) (User: Panje-PC)
Description: Produto: Microsoft Visual C++ 2005 Redistributable -- Error 1935.Erro ao instalar o assembly 'Microsoft.VC80.ATL,type="win32",version="8.0.50727.4053",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Consulte a Ajuda e Suporte para obter mais informações. HRESULT: 0x800736FD. interface de assembly: IAssemblyCacheItem, função: Commit, componente: {97F81AF1-0E47-DC99-A01F-C8B3B9A1E18E}(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (10/21/2014 07:11:30 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
CodeIntegrity Errors:
===================================
Date: 2014-10-24 21:11:01.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.473
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-24 21:11:01.427
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-10-23 20:21:56.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD FX-6300 Six-Core Processor
Percentage of memory in use: 25%
Total physical RAM: 8089.46 MB
Available physical RAM: 6033.3 MB
Total Pagefile: 16177.1 MB
Available Pagefile: 12124.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:302.76 GB) NTFS
Drive d: (D3C1.0.0) (CDROM) (Total:7.43 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E1EA2E24)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Desde já agradeço a atenção. Um Abraço!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Bom Dia! LipeZO


> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-a com o nome fixlist.txt.

> Salve-a na pasta Downloads! ( C:\Users\Panje\Downloads )


start

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log

2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi

2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk

2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt

2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log

2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log

2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip

2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log

2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox

end


> Execute FRST/FRST64 >> Clique "Fix". << Aguarde!

> Poste o relatório! (Fixlog.txt)


A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

LipeZO    0

LipeZO
Postado

Obrigado a ajuda, consegui instalar o que precisava, por curiosidade, qual era o meu problema? Estou fazendo vestibular pra TI e tenho uma curiosidade, qual área é essa? Quero um dia poder resolver meus problemas também.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Obrigado a ajuda, consegui instalar o que precisava, por curiosidade, qual era o meu problema? Estou fazendo vestibular pra TI e tenho uma curiosidade, qual área é essa? Quero um dia poder resolver meus problemas também.

Boa Tarde! LipeZO

 

> Políticas restritivas ao navegador Chrome,foram detectadas e uma extensão suspeita foi removida.

> A área que atuo é a de Analista de logs ou de Segurança,voltada à remoção de malwares.

> A ferramenta não gerou relatório?

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

LipeZO    0

LipeZO
Postado
start

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com...01_hao123_br_ie

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho []

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

2014-10-23 21:05 - 2014-10-23 21:05 - 00010172 _____ () C:\Users\Panje\Desktop\hijackthis.log

2014-10-23 21:01 - 2014-10-23 21:01 - 01402880 _____ () C:\Users\Panje\Downloads\HijackThis.msi

2014-10-23 21:01 - 2014-10-23 21:01 - 00002975 _____ () C:\Users\Panje\Desktop\HiJackThis.lnk

2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Users\Panje\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2014-10-23 21:01 - 2014-10-23 21:01 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-10-23 20:00 - 2014-10-23 20:00 - 00024141 _____ () C:\ComboFix.txt

2014-10-23 19:56 - 2014-10-24 18:53 - 00000504 _____ () C:\Windows\setupact.log

2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-23 19:55 - 2014-10-23 19:55 - 00000558 _____ () C:\Windows\PFRO.log

2014-10-23 19:24 - 2014-10-23 19:24 - 04909382 _____ () C:\Users\Panje\Downloads\mbam-chameleon-3.1.7.0.zip

2014-10-21 22:01 - 2014-10-21 22:01 - 00000178 _____ () C:\console.log

2014-10-23 20:00 - 2014-08-11 00:53 - 00000000 ____D () C:\Qoobox

end

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! LipeZO

 

> Ok! O relatório veio incompleto,mostrando o script que acompanha o log.

>

> Vamos remover as ferramentas que foram utilizadas na desinfecção!

> Baixe: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )

DelFix_Download_zpsb5d944c7.jpg

> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

DelFix_RCL_zpscdf4940b.jpg

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador!
> Tudo Ok?

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

LipeZO    0

LipeZO
Postado

Removido : C:\FRST

Removido : C:\Users\Panje\Downloads\FRST-OlderVersion

Removido : C:\Users\Panje\Downloads\Addition.txt

Removido : C:\Users\Panje\Downloads\ComboFix.exe

Removido : C:\Users\Panje\Downloads\Fixlog.txt

Removido : C:\Users\Panje\Downloads\FRST.txt

Removido : C:\Users\Panje\Downloads\FRST64.exe

Removido : C:\Windows\grep.exe

Removido : C:\Windows\PEV.exe

Removido : C:\Windows\NIRCMD.exe

Removido : C:\Windows\MBR.exe

Removido : C:\Windows\SED.exe

Removido : C:\Windows\SWREG.exe

Removido : C:\Windows\SWSC.exe

Removido : C:\Windows\SWXCACLS.exe

Removido : C:\Windows\Zip.exe

Removido : HKLM\SOFTWARE\Swearware

Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe


~ Criando backup do registro ... OK


~ Limpando pontos da restauração do sistema ...


Removido : RP #76 [instalado Microsoft Visual C++ 2005 Redistributable (x64) | 10/25/2014 13:43:30]

Removido : RP #77 [DirectX instalado | 10/25/2014 14:09:34]

Removido : RP #78 [DirectX instalado | 10/25/2014 14:41:03]

Removido : RP #79 [DirectX instalado | 10/25/2014 15:40:07]

Removido : RP #80 [instalado Arc | 10/25/2014 15:40:55]

Removido : RP #81 [DirectX instalado | 10/25/2014 15:51:59]

Removido : RP #82 [DirectX instalado | 10/25/2014 18:05:41]

Removido : RP #83 [DirectX instalado | 10/25/2014 18:06:04]


Novo ponto de restauração criado !


########## - EOF - ##########


Só reiniciar agora, obrigado mais uma vez, ótimo trabalho o de vocês.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito