Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Help with Whatsapp Virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 marcelimca

marcelimca

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 10 February 2016 - 04:28 PM

Hi, guys! How are you? Hope you're fine!
I'm with a lil' problem.. Hope you can help me to solve this :)
Since last year I'm with a strange virus in my e-mail.
It sends an e-mail for my friends, asking them to look at a whatsapp voice message.
I already used SuperAntispyware, Spybot and Malware AntiMalware at first, but it doesn't solved it.
I used it again today, but I decided to post the log here and maybe try the ComboFix. 
 
Here's the log:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:35, on 10/02/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal
 
Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Maria de Fátima\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - Startup: Dropbox.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://*.hola.org
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMSEmulator - Unknown owner - C:\ProgramData\KMSAuto\KMSES.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12670 bytes

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 11 February 2016 - 08:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs.

Let me know if the problems persists.
===

p.s.
HijackThis is no longer supported.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 marcelimca

marcelimca
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 12 February 2016 - 06:12 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Maria de Fátima (administrator) on MDF-PC (12-02-2016 20:08:24)
Running from C:\Users\Maria de Fátima\Desktop\What
Loaded Profiles: Maria de Fátima (Available Profiles: Maria de Fátima)
Platform: Windows 8 Pro with Media Center (X64) Language: Inglês (Estados Unidos)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\KMSAuto\KMSES.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [MMReminderService] => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe [37728 2011-09-14] (Mindjet)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-05-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-01-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2016-02-10] (SUPERAntiSpyware)
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\Run: [Dropbox Update] => C:\Users\Maria de Fátima\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-08] (Dropbox, Inc.)
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1945472 2015-11-04] (Banco do Brasil)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Maria de Fátima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-01-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Maria de Fátima\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 187.18.187.4 187.18.187.2
Tcpip\..\Interfaces\{744967BE-F562-452C-A942-8DE3998344EA}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{DA4513C3-B8FD-4534-8ACD-A418A0318672}: [DhcpNameServer] 187.18.187.4 187.18.187.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll [2011-09-14] (Mindjet)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-06] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-11-04] (Banco do Brasil)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-06] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-01-29] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-01-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2091671654-4090505553-4131776105-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Maria de Fátima\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
 
Chrome: 
=======
CHR Profile: C:\Users\Maria de Fátima\AppData\Local\Google\Chrome\User Data\Default
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-23] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2016-01-15] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-11-04] (GAS Tecnologia)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 KMSEmulator; C:\ProgramData\KMSAuto\KMSES.exe [275968 2013-04-07] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-23] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-12-19] (Advanced Micro Devices) [File not signed]
S3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek                                            )
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-05-16] (DT Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-02-12] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-02-12] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [5353888 2012-12-14] (Intel Corporation) [File not signed]
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [34424 2015-02-09] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-02-12] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 20:08 - 2016-02-12 20:08 - 00000000 ____D C:\FRST
2016-02-12 19:53 - 2016-02-12 19:53 - 00000000 _____ C:\Users\Maria de Fátima\Desktop\Novo Documento de Texto.txt
2016-02-12 19:46 - 2016-02-12 20:06 - 00000000 ____D C:\AdwCleaner
2016-02-12 19:45 - 2016-02-12 20:08 - 00000000 ____D C:\Users\Maria de Fátima\Desktop\What
2016-02-12 19:41 - 2015-07-02 10:14 - 01329246 _____ C:\Users\Maria de Fátima\Downloads\AP699E9N3.BW6-4-OSK-Dlink-D1503241908_webupload(0409102513).img
2016-02-12 19:39 - 2016-02-12 19:39 - 01327616 _____ C:\Users\Maria de Fátima\Downloads\ap699e9n3.bw6-4-osk-dlink-d1503241908_webupload0409102513.zip
2016-02-10 17:57 - 2016-02-10 17:57 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-10 16:18 - 2016-02-10 16:19 - 00000000 ___SD C:\ComboFix
2016-02-10 16:05 - 2016-02-10 16:05 - 05657611 ____R (Swearware) C:\ComboFix.exe
2016-02-09 21:18 - 2016-01-14 22:24 - 00033456 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-09 21:18 - 2016-01-14 21:54 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-09 21:18 - 2016-01-14 21:54 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-09 21:18 - 2016-01-14 21:54 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-09 21:18 - 2016-01-14 21:53 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-09 21:18 - 2016-01-14 21:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-09 21:18 - 2016-01-10 01:43 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-05 10:23 - 2016-02-10 15:10 - 00018001 _____ C:\Users\Maria de Fátima\Desktop\Investimentos.xlsx
2016-02-03 06:51 - 2016-02-03 06:51 - 00000000 ___HD C:\$Windows.~WS
2016-02-02 01:24 - 2016-02-02 01:24 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-02-02 01:07 - 2016-02-06 04:13 - 00000000 ___RD C:\Users\Maria de Fátima\Creative Cloud Files
2016-02-02 01:07 - 2016-02-03 12:38 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-02 01:05 - 2016-02-02 01:05 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-02-02 01:05 - 2016-02-02 01:05 - 00001213 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-02-02 00:54 - 2016-02-02 00:54 - 00003518 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-mdf-pc-Maria de Fátima
2016-02-02 00:49 - 2016-02-02 01:32 - 00000000 ____D C:\Program Files\Adobe
2016-02-02 00:49 - 2016-02-02 00:49 - 00001068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2016-02-02 00:47 - 2016-02-02 00:47 - 00000000 ____D C:\adobeTemp
2016-02-02 00:46 - 2016-02-02 01:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-01 19:02 - 2016-02-01 19:23 - 00000000 ____D C:\Users\Maria de Fátima\Downloads\Adobe Photoshop CC 14.0 Final Multilanguage [ChingLiu]
2016-01-16 03:25 - 2016-02-05 10:22 - 00000233 _____ C:\Users\Maria de Fátima\Desktop\INVESTIR.txt
2016-01-13 09:34 - 2015-12-14 21:01 - 14269440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 09:34 - 2015-12-14 21:01 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 09:34 - 2015-12-14 21:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 09:34 - 2015-12-14 21:01 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 09:34 - 2015-12-14 21:01 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 09:34 - 2015-12-14 21:01 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 19349504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 15422976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 13723648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 03805696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 02658304 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 09:34 - 2015-12-14 21:00 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 09:34 - 2015-12-14 20:59 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 09:34 - 2015-12-09 11:27 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 09:34 - 2015-12-08 12:16 - 01303040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 09:34 - 2015-12-05 15:48 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 09:34 - 2015-12-04 13:29 - 01636784 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 09:34 - 2015-12-04 13:12 - 00793312 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 09:34 - 2015-12-04 13:12 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-01-13 09:34 - 2015-12-04 13:12 - 00446872 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-01-13 09:34 - 2015-12-04 13:12 - 00253624 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-01-13 09:34 - 2015-12-04 11:55 - 00612528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 09:34 - 2015-12-04 11:55 - 00463880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-01-13 09:34 - 2015-12-04 11:55 - 00324456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-01-13 09:34 - 2015-12-04 11:52 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 02615808 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 01770496 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 01376256 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 01350656 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 01150464 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-01-13 09:34 - 2015-12-04 11:52 - 01100800 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 09:34 - 2015-12-04 11:52 - 01073664 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 00577536 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 09:34 - 2015-12-04 11:52 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 02893824 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 01593344 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 01208832 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 01174016 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 01151488 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 09:34 - 2015-12-04 11:51 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 09:34 - 2015-12-04 11:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 09:34 - 2015-12-04 11:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 09:34 - 2015-12-04 11:46 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 02312704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 01468928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 01374208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 09:34 - 2015-12-04 11:46 - 00904192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2016-01-13 09:34 - 2015-12-04 11:46 - 00846336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 00722944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 09:34 - 2015-12-04 11:46 - 00382464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-01-13 09:34 - 2015-12-04 11:46 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 09:34 - 2015-12-04 11:46 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 09:34 - 2015-12-04 11:46 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 02400256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00946688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 00929792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 00571392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00546304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00436736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 09:34 - 2015-12-04 11:45 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 09:34 - 2015-12-04 11:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 09:34 - 2015-12-04 11:45 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 09:34 - 2015-12-03 16:57 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 09:33 - 2015-12-14 21:01 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 09:33 - 2015-12-14 21:00 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 09:33 - 2015-12-05 19:20 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 09:33 - 2015-12-05 19:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 09:33 - 2015-12-05 19:19 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-01-13 09:33 - 2015-12-05 11:49 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 09:33 - 2015-12-05 11:49 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 09:33 - 2015-12-05 11:49 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-01-13 09:32 - 2015-12-30 20:29 - 06972760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 09:32 - 2015-12-08 12:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 09:32 - 2015-12-08 12:16 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 09:31 - 2015-12-03 21:55 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 09:31 - 2015-12-03 18:47 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-12 20:02 - 2013-04-19 07:35 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2091671654-4090505553-4131776105-1001
2016-02-12 19:59 - 2016-01-08 14:54 - 00001084 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2091671654-4090505553-4131776105-1001UA.job
2016-02-12 19:56 - 2013-04-19 07:41 - 00763656 _____ C:\Windows\system32\prfh0416.dat
2016-02-12 19:56 - 2013-04-19 07:41 - 00154946 _____ C:\Windows\system32\prfc0416.dat
2016-02-12 19:56 - 2012-07-26 04:28 - 01769104 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-12 19:56 - 2012-07-26 02:37 - 00000000 ____D C:\Windows\Inf
2016-02-12 19:54 - 2015-12-23 13:15 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2016-02-12 19:52 - 2015-12-30 15:03 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-02-12 19:52 - 2015-12-30 15:01 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-02-12 19:52 - 2015-12-30 15:01 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-02-12 19:52 - 2015-12-30 15:01 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-12 19:52 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-12 19:51 - 2015-12-30 15:01 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-12 19:51 - 2015-12-21 18:54 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-02-12 19:51 - 2014-06-26 11:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-12 19:51 - 2013-06-12 00:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-12 19:50 - 2013-04-19 07:28 - 00000000 ____D C:\Users\Maria de Fátima
2016-02-12 19:45 - 2013-05-14 15:57 - 00000000 ___RD C:\Users\Maria de Fátima\Desktop\Instaladores
2016-02-12 19:39 - 2014-06-24 00:42 - 00000000 ____D C:\Users\Maria de Fátima\AppData\Local\Adobe
2016-02-10 17:59 - 2014-09-23 03:09 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-02-10 17:22 - 2013-09-25 17:15 - 00000000 ____D C:\Windows\Minidump
2016-02-10 17:22 - 2013-05-16 03:36 - 00000000 ____D C:\Users\Maria de Fátima\AppData\Roaming\DAEMON Tools Lite
2016-02-10 17:22 - 2013-04-19 08:16 - 00000000 ____D C:\Users\Maria de Fátima\AppData\Roaming\uTorrent
2016-02-10 16:20 - 2014-06-26 11:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-10 16:18 - 2015-06-26 10:11 - 00000000 ____D C:\Qoobox
2016-02-10 16:10 - 2014-06-26 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-10 16:10 - 2013-06-11 22:20 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-10 14:59 - 2016-01-08 14:54 - 00001032 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2091671654-4090505553-4131776105-1001Core.job
2016-02-10 12:55 - 2013-04-19 07:28 - 00000000 ____D C:\Users\Maria de Fátima\AppData\Local\Packages
2016-02-10 00:03 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-02-10 00:01 - 2012-07-26 05:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-09 22:15 - 2013-05-28 22:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-09 22:13 - 2012-07-26 02:26 - 00000167 _____ C:\Windows\win.ini
2016-02-09 22:12 - 2014-12-16 20:18 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-09 22:12 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp
2016-02-09 22:10 - 2013-08-15 10:11 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 22:08 - 2013-04-19 08:49 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-06 07:01 - 2016-01-12 03:02 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-06 07:00 - 2016-01-12 03:03 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-06 07:00 - 2016-01-12 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-06 07:00 - 2016-01-12 02:57 - 00000000 ____D C:\Users\Maria de Fátima\.oracle_jre_usage
2016-02-06 06:47 - 2015-12-23 22:38 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-04 21:36 - 2014-06-19 23:40 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1373346618
2016-02-04 21:36 - 2013-07-09 02:10 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-03 12:36 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-02-03 06:51 - 2016-01-05 09:34 - 00008759 _____ C:\Windows\diagwrn.xml
2016-02-03 06:51 - 2016-01-05 09:34 - 00005031 _____ C:\Windows\diagerr.xml
2016-02-03 06:51 - 2013-04-19 12:24 - 00000000 ____D C:\Windows\Panther
2016-02-02 18:55 - 2013-05-14 16:08 - 00000000 ___RD C:\Users\Maria de Fátima\Desktop\Músicas
2016-02-02 11:38 - 2016-01-02 00:55 - 05120944 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-02 01:46 - 2013-05-15 14:06 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-02 01:46 - 2013-04-19 07:29 - 00000000 ____D C:\Users\Maria de Fátima\AppData\Roaming\Adobe
2016-02-02 01:33 - 2013-05-15 14:03 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-02 01:24 - 2013-05-26 01:56 - 00000000 ____D C:\Users\Maria de Fátima\Documents\Adobe
2016-02-02 01:22 - 2014-06-09 19:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-02 01:07 - 2013-05-14 22:49 - 00000000 ____D C:\ProgramData\Adobe
2016-02-01 22:38 - 2015-04-16 01:48 - 00000000 ___RD C:\Users\Maria de Fátima\Dropbox
2016-02-01 22:38 - 2015-04-16 01:35 - 00000000 ____D C:\Users\Maria de Fátima\AppData\Roaming\Dropbox
2016-02-01 15:53 - 2013-05-14 17:00 - 00000000 ___RD C:\Users\Maria de Fátima\Documents\Meus arquivos recebidos
2016-01-27 22:05 - 2013-05-14 15:50 - 00000000 ___RD C:\Users\Maria de Fátima\Desktop\Besteiras
2016-01-26 01:59 - 2015-12-23 22:38 - 00003944 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-01-18 21:14 - 2013-05-14 16:08 - 00000000 ___RD C:\Users\Maria de Fátima\Desktop\Vídeos
2016-01-16 03:16 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\NDF
2016-01-15 13:31 - 2015-12-23 21:29 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-15 13:31 - 2014-12-25 19:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 21:14 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\rescache
2016-01-14 19:37 - 2014-07-11 20:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 19:35 - 2014-09-06 02:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-14 19:35 - 2014-09-06 02:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-13 09:46 - 2014-09-06 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2013-10-07 18:33 - 2013-10-07 18:33 - 0000132 _____ () C:\Users\Maria de Fátima\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-07-23 12:41 - 2014-05-06 21:30 - 0000132 _____ () C:\Users\Maria de Fátima\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-05-26 02:02 - 2013-11-03 15:41 - 0001456 _____ () C:\Users\Maria de Fátima\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-08-22 15:51 - 2013-08-22 15:51 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-05 00:01
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 13 February 2016 - 09:26 AM


If not already done, please run the AdwCleaner tool and remove everything that will be Identified.

==


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

[B]HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Task: {D6FB4C21-2661-4B46-AD5A-0723B772B430} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-11-17] ()
Task: {DF80547A-D1B9-4C3C-9276-32F3C36910C0} - \AutoKMSCustom -> No File <==== ATTENTION
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\...\100sexlinks.com -> www.100sexlinks.com
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2091671654-4090505553-4131776105-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Program Files\Diebold\Warsaw\
[/B]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

How is the computer running now?

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 19 February 2016 - 09:57 AM

Are you still with me?

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,517 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:41 AM

Posted 25 February 2016 - 09:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users