Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help to get rid of 'searchinterneat-a.akamaihd.net' and 'Outrageous Deal''


  • This topic is locked This topic is locked
12 replies to this topic

#1 PabloMello

PabloMello

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 25 February 2016 - 06:53 PM

Hi, everybody.

 

I've tried so much, for days, to get rid of this browser hijacker 'searchinterneat-a.akamaihd.net' by myself, serching for solutions through Google (actually, it's hard to use Google while infected by this malware). I just couldn't get to make it. I can't use Hitman Pro, cause my 30 days free trial license is already over, and the price for buying the software is in dollars, thus, too much expensive for a brazilian, nowadays.

 

I'd be very glad if someone there could help me.

 

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 25 February 2016 - 07:14 PM

Hello PabloMello and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
 Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 PabloMello

PabloMello
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 26 February 2016 - 10:14 AM

Hi, Yılmaz. Thanks very much for the hand.

 

Here is the text of the FRST.txt (my windows language is portuguese, so some parts of the file are not in english):

 

---

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:24-02-2016

Executado por Pablo (administrador) em NOTEBOOK-PABLO (26-02-2016 12:04:42)
Executando a partir de C:\Users\Pablo\Desktop
Perfis Carregados: Pablo (Perfis Disponíveis: Pablo & DefaultAppPool)
Platform: Windows 10 Home Single Language Versão 1511 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.16941.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registro (Whitelisted) ===========================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-04] (Autodesk Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-21] (AVAST Software)
HKLM-x32\...\Run: [GoPro Studio Importer] => C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe [3218184 2015-10-02] (GoPro)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\RunOnce: [Uninstall C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Policies\Explorer: [] 
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64\FileSyncShell64.dll [2016-02-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-21] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2014-04-14] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Pablo\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll [2016-02-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2015-02-05]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Tcpip\Parameters: [DhcpNameServer] 189.7.8.34 189.7.8.39 189.7.8.36
Tcpip\..\Interfaces\{0dda78ca-8034-4b79-b257-c3265e48a0ca}: [DhcpNameServer] 10.1.1.1 192.168.1.1
Tcpip\..\Interfaces\{1ea88d21-440d-45a6-b1e5-92d84c4cc286}: [DhcpNameServer] 189.7.8.34 189.7.8.39 189.7.8.36
Tcpip\..\Interfaces\{245163cb-b109-421a-bc93-5db736ee0fb2}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-30] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-21] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-21] (AVAST Software)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Pablo\AppData\Roaming\Mozilla\Firefox\Profiles\n9rmm0kt.default-1456269566277
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-20] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Nenhum Arquivo]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-20] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3361239562-2013860233-1157577440-1002: gastecnologia.com.br/sf/abn -> C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-19] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3361239562-2013860233-1157577440-1002: gastecnologia.com.br/sf/abn64 -> C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll [2015-05-31] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3361239562-2013860233-1157577440-1002: gastecnologia.com.br/sf/cef -> C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3361239562-2013860233-1157577440-1002: gastecnologia.com.br/sf/cef64 -> C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-21]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => não encontrado (a)
FF HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-05-26] [não assinado]
FF HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: GBBD Banco Santander (Brasil) S.A. - C:\Users\Pablo\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-05-27] [não assinado]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Readium) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-02-03]
CHR Extension: (Documentos Google off-line) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-21]
CHR Extension: (feedly) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-01-20]
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2015-03-02]
CHR Extension: (Pocket Website) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap [2015-01-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-05]
CHR Extension: (Pocket) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-16]
CHR Extension: (Save to Pocket) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-02-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-02]
CHR Extension: (Deezer) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2015-01-19]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-05-26]
CHR Extension: (Evernote Web Clipper) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-09-23]
CHR Extension: (Gmail) - C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-21]
 
==================== Serviços (Whitelisted) ========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-04] (Autodesk Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [Arquivo não assinado]
S3 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-02-21] (AVAST Software)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [31632 2013-01-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [33168 2013-01-18] (Intel Corporation)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-08-13] (GAS Tecnologia)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-25] (SurfRight B.V.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-29] (Atheros) [Arquivo não assinado]
 
===================== Drivers (Whitelisted) ==========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-21] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-02-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-21] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-26] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2015-03-18] (ASUS Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107920 2013-01-18] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [43408 2013-01-18] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [65424 2013-01-18] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229776 2013-01-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363920 2013-01-18] (Intel Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2014-11-03] (GAS Tecnologia LTDA)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2016-02-26 12:04 - 2016-02-26 12:05 - 00031582 _____ C:\Users\Pablo\Desktop\FRST.txt
2016-02-26 12:04 - 2016-02-26 12:04 - 00000000 ____D C:\FRST
2016-02-26 12:02 - 2016-02-26 12:02 - 02371072 _____ (Farbar) C:\Users\Pablo\Desktop\FRST64.exe
2016-02-25 20:31 - 2016-02-25 20:31 - 00000000 ____D C:\WINDOWS\LastGood
2016-02-25 20:31 - 2016-01-12 01:40 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-02-25 20:31 - 2015-12-18 03:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-02-23 21:08 - 2016-02-23 21:08 - 00000000 ___HD C:\OneDriveTemp
2016-02-23 20:46 - 2016-02-23 20:46 - 00001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-23 20:46 - 2016-02-23 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-23 20:46 - 2016-02-23 20:46 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-23 20:41 - 2016-02-23 20:42 - 11443792 _____ (SurfRight B.V.) C:\Users\Pablo\Downloads\HitmanPro_x64.exe
2016-02-23 20:34 - 2016-02-23 20:34 - 00605267 _____ C:\Users\Pablo\Downloads\Crack.exe__15047_i1878001751_il62933.7z
2016-02-23 20:19 - 2016-02-23 20:19 - 00000000 ____D C:\Users\Pablo\Desktop\Dados anteriores do Firefox
2016-02-23 18:29 - 2016-02-23 18:29 - 00001246 _____ C:\Users\Pablo\Desktop\JRT.txt
2016-02-23 18:08 - 2016-02-23 18:08 - 01609216 _____ (Malwarebytes) C:\Users\Pablo\Downloads\JRT.exe
2016-02-23 17:53 - 2016-02-23 17:53 - 01511936 _____ C:\Users\Pablo\Downloads\adwcleaner_5.036.exe
2016-02-23 17:32 - 2016-02-23 17:32 - 00000000 ____D C:\Users\Pablo\AppData\LocalLow\Temp
2016-02-22 18:49 - 2016-02-23 18:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-22 17:41 - 2016-02-22 17:41 - 00001266 _____ C:\Users\Pablo\Desktop\virus.txt
2016-02-22 16:49 - 2016-02-23 19:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-22 16:48 - 2016-02-22 16:48 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-22 16:48 - 2016-02-22 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-22 16:48 - 2016-02-22 16:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-22 16:48 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-22 16:48 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-22 16:48 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-22 16:43 - 2016-02-22 16:44 - 22908888 _____ (Malwarebytes ) C:\Users\Pablo\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-22 16:26 - 2016-02-22 16:26 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Modelos
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Meus Documentos
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Menu Iniciar
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Minhas Músicas
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Minhas Imagens
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Meus Vídeos
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Dados de Aplicativos
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Configurações Locais
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Histórico
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Dados de Aplicativos
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Ambiente de Rede
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 _SHDL C:\Users\DefaultAppPool\Ambiente de Impressão
2016-02-22 16:26 - 2016-02-22 16:26 - 00000000 ____D C:\Users\DefaultAppPool
2016-02-22 16:26 - 2015-12-04 03:39 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-02-22 16:26 - 2015-12-04 03:39 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Google
2016-02-21 22:10 - 2016-02-23 21:06 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2016-02-21 22:10 - 2016-02-23 21:06 - 00000000 ____D C:\ProgramData\GbPlugin
2016-02-21 15:11 - 2016-02-22 20:55 - 00000533 _____ C:\Users\Pablo\Desktop\To do.txt
2016-02-21 13:34 - 2016-02-23 17:59 - 00000000 ____D C:\WINDOWS\system32\log
2016-02-21 13:33 - 2016-02-21 13:33 - 00916008 _____ C:\Users\Pablo\Downloads\yet_another_cleaner_sfto.exe
2016-02-21 10:52 - 2016-02-21 10:52 - 00003182 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1456062762
2016-02-21 10:52 - 2016-02-21 10:52 - 00001084 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-21 10:52 - 2016-02-21 10:52 - 00001084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-21 10:49 - 2016-02-23 16:56 - 00552880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswnetsec.sys
2016-02-21 10:49 - 2016-02-21 10:49 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-02-21 10:49 - 2016-02-21 10:49 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-02-21 10:49 - 2016-02-21 10:49 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-02-21 10:49 - 2016-02-21 10:49 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2016-02-20 19:09 - 2016-02-20 19:09 - 00263203 _____ C:\Users\Pablo\Desktop\Consular Electronic Application Center - Print Application - Natália Mello.pdf
2016-02-20 19:09 - 2016-02-20 19:09 - 00185459 _____ C:\Users\Pablo\Desktop\Nonimmigrant Visa - Confirmation Page - Natália Mello.pdf
2016-02-20 18:43 - 2016-02-20 18:43 - 00277121 _____ C:\Users\Pablo\Desktop\Consular Electronic Application Center - Print Application - Pablo Mello.pdf
2016-02-20 18:42 - 2016-02-20 18:42 - 00185580 _____ C:\Users\Pablo\Desktop\Nonimmigrant Visa - Confirmation Page - Pablo Mello.pdf
2016-02-20 18:26 - 2016-02-20 18:26 - 00008154 _____ C:\Users\Pablo\Downloads\Contracheque.pdf
2016-02-20 15:24 - 2016-02-20 15:24 - 20364727 _____ C:\Users\Pablo\Desktop\Test.mp4
2016-02-20 11:35 - 2016-01-29 03:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-20 11:35 - 2016-01-29 03:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-20 11:35 - 2016-01-27 03:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-20 11:35 - 2016-01-27 03:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-20 11:35 - 2016-01-27 03:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-20 11:35 - 2016-01-27 03:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-20 11:35 - 2016-01-27 03:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-20 11:35 - 2016-01-27 02:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-20 11:35 - 2016-01-27 02:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-20 11:35 - 2016-01-27 02:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-20 11:35 - 2016-01-27 02:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-20 11:35 - 2016-01-27 02:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-20 11:35 - 2016-01-27 02:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-20 11:35 - 2016-01-27 02:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-20 11:35 - 2016-01-27 02:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-20 11:35 - 2016-01-27 02:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-20 11:35 - 2016-01-27 02:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-20 11:35 - 2016-01-27 02:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-20 11:35 - 2016-01-27 02:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-20 11:35 - 2016-01-27 02:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-20 11:35 - 2016-01-27 02:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-20 11:35 - 2016-01-27 02:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-20 11:35 - 2016-01-27 02:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-20 11:35 - 2016-01-27 02:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-20 11:35 - 2016-01-27 02:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-20 11:35 - 2016-01-27 02:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-20 11:35 - 2016-01-27 02:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-20 11:35 - 2016-01-27 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-20 11:35 - 2016-01-27 02:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-20 11:35 - 2016-01-27 02:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-20 11:35 - 2016-01-27 02:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-20 11:35 - 2016-01-27 02:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-20 11:35 - 2016-01-27 02:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-20 11:35 - 2016-01-27 02:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-20 11:35 - 2016-01-27 02:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-20 11:35 - 2016-01-27 02:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-20 11:35 - 2016-01-27 02:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-20 11:35 - 2016-01-27 02:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-20 11:35 - 2016-01-27 02:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-20 11:35 - 2016-01-27 02:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-20 11:35 - 2016-01-27 02:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-20 11:35 - 2016-01-27 02:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-20 11:35 - 2016-01-27 02:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-20 11:35 - 2016-01-27 01:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-20 11:35 - 2016-01-27 01:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-20 11:35 - 2016-01-27 01:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-20 11:35 - 2016-01-27 01:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-20 11:35 - 2016-01-27 01:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-20 11:35 - 2016-01-27 01:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-20 11:35 - 2016-01-27 01:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-20 11:35 - 2016-01-27 01:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-20 11:35 - 2016-01-27 01:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-20 11:35 - 2016-01-27 01:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-20 11:35 - 2016-01-27 01:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-20 11:35 - 2016-01-27 01:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-20 11:35 - 2016-01-27 01:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-20 11:35 - 2016-01-27 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-20 11:35 - 2016-01-27 01:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-20 11:35 - 2016-01-27 01:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-20 11:35 - 2016-01-27 01:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-20 11:35 - 2016-01-27 01:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-20 11:35 - 2016-01-27 01:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-20 11:35 - 2016-01-27 01:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-20 11:35 - 2016-01-27 01:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-20 11:35 - 2016-01-27 01:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-11 09:09 - 2016-02-11 09:09 - 78842588 _____ C:\Users\Pablo\Desktop\Meu Filme.mp4
2016-02-04 20:02 - 2016-02-04 20:02 - 00030666 _____ C:\Users\Pablo\Downloads\Boleto_04022016192437.pdf
2016-02-04 19:34 - 2016-02-04 19:34 - 00221201 _____ C:\Users\Pablo\Downloads\boleto.pdf
2016-02-04 12:01 - 2016-02-04 12:01 - 00075845 _____ C:\Users\Pablo\Desktop\Liberação Visa Pablo.pdf
2016-02-04 12:00 - 2016-02-04 12:00 - 00075846 _____ C:\Users\Pablo\Desktop\Liberação Visa Naty.pdf
2016-02-04 11:58 - 2016-02-04 11:58 - 00076019 _____ C:\Users\Pablo\Desktop\Liberação Master Naty.pdf
2016-02-04 11:57 - 2016-02-04 11:57 - 00076019 _____ C:\Users\Pablo\Desktop\Liberação Master Pablo.pdf
2016-02-04 11:49 - 2016-02-04 11:49 - 00119978 _____ C:\Users\Pablo\Desktop\Certificado Seguro - Ricardo Brandao.pdf
2016-02-04 11:43 - 2016-02-04 11:43 - 00119750 _____ C:\Users\Pablo\Desktop\Certificado Seguro - Natalia Mello.pdf
2016-02-04 11:36 - 2016-02-04 11:36 - 00610846 _____ C:\Users\Pablo\Desktop\Guia Seguro de Viagem.pdf
2016-02-04 11:35 - 2016-02-04 11:35 - 00119765 _____ C:\Users\Pablo\Desktop\Certificado Seguro - Pablo Mello.pdf
2016-02-04 11:30 - 2016-02-04 11:30 - 00085570 _____ C:\Users\Pablo\Downloads\GerarPDF_422016123026.pdf
2016-02-04 11:05 - 2016-02-04 11:05 - 00115017 _____ C:\Users\Pablo\Desktop\Hospedagem - Bayahibe.pdf
2016-02-04 11:04 - 2016-02-04 11:04 - 00118266 _____ C:\Users\Pablo\Desktop\Hospedagem - Samaná.pdf
2016-02-04 11:03 - 2016-02-04 11:03 - 00128241 _____ C:\Users\Pablo\Desktop\Hospedagem - Santo Domingo.pdf
2016-02-04 11:02 - 2016-02-04 11:02 - 00128846 _____ C:\Users\Pablo\Desktop\Hospedagem - Punta Cana.pdf
2016-02-04 10:59 - 2016-02-04 10:59 - 00236470 _____ C:\Users\Pablo\Desktop\Voucher RentalCars Punta Cana.pdf
2016-02-03 20:33 - 2016-02-03 20:35 - 00000000 ____D C:\Users\Pablo\Documents\Trabalhos - Fotografia
2016-02-02 18:27 - 2016-02-02 22:20 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\FreeFileSync
2016-02-02 18:27 - 2016-02-02 18:27 - 00000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk
2016-02-02 18:27 - 2016-02-02 18:27 - 00000977 _____ C:\Users\Public\Desktop\FreeFileSync.lnk
2016-02-02 18:27 - 2016-02-02 18:27 - 00000969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk
2016-02-02 18:27 - 2016-02-02 18:27 - 00000000 ____D C:\Program Files\FreeFileSync
2016-01-28 14:42 - 2016-01-16 03:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:42 - 2016-01-16 03:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 14:42 - 2016-01-16 02:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 14:42 - 2016-01-16 02:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 14:41 - 2016-01-16 03:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 14:41 - 2016-01-16 03:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 14:41 - 2016-01-16 03:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 14:41 - 2016-01-16 03:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 14:41 - 2016-01-16 03:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 14:41 - 2016-01-16 03:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 14:41 - 2016-01-16 03:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 14:41 - 2016-01-16 03:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 14:41 - 2016-01-16 03:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 14:41 - 2016-01-16 03:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 14:41 - 2016-01-16 03:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 14:41 - 2016-01-16 03:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 14:41 - 2016-01-16 03:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 14:41 - 2016-01-16 03:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 14:41 - 2016-01-16 03:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 14:41 - 2016-01-16 03:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 14:41 - 2016-01-16 03:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 14:41 - 2016-01-16 03:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 14:41 - 2016-01-16 03:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 14:41 - 2016-01-16 03:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 14:41 - 2016-01-16 02:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 14:41 - 2016-01-16 02:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 14:41 - 2016-01-16 02:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 14:41 - 2016-01-16 02:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 14:41 - 2016-01-16 02:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 14:41 - 2016-01-16 02:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 14:41 - 2016-01-16 02:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 14:41 - 2016-01-16 02:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 14:41 - 2016-01-16 02:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 14:41 - 2016-01-16 02:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 14:41 - 2016-01-16 02:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 14:41 - 2016-01-16 02:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 14:41 - 2016-01-16 02:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 14:41 - 2016-01-16 02:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 14:41 - 2016-01-16 02:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 14:41 - 2016-01-16 02:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 14:41 - 2016-01-16 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 14:41 - 2016-01-16 02:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 14:41 - 2016-01-16 02:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 14:41 - 2016-01-16 02:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 14:41 - 2016-01-16 02:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 14:41 - 2016-01-16 02:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 14:41 - 2016-01-16 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 14:41 - 2016-01-16 02:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 14:41 - 2016-01-16 02:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 14:41 - 2016-01-16 02:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 14:41 - 2016-01-16 02:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 14:41 - 2016-01-16 02:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 14:41 - 2016-01-16 02:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 14:41 - 2016-01-16 02:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 14:41 - 2016-01-16 02:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 14:41 - 2016-01-16 02:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 14:41 - 2016-01-16 02:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 14:41 - 2016-01-16 02:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 14:41 - 2016-01-16 02:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 14:41 - 2016-01-16 02:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 14:41 - 2016-01-16 02:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 14:41 - 2016-01-16 02:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 14:41 - 2016-01-16 02:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 14:41 - 2016-01-16 02:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 14:41 - 2016-01-16 02:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 14:41 - 2016-01-16 02:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 14:41 - 2016-01-16 02:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 14:41 - 2016-01-16 02:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 14:41 - 2016-01-16 02:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 14:41 - 2016-01-16 02:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 14:41 - 2016-01-16 02:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 14:41 - 2016-01-16 02:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 14:41 - 2016-01-16 02:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 14:41 - 2016-01-16 02:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 14:41 - 2016-01-16 02:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 14:41 - 2016-01-16 02:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 14:41 - 2016-01-16 02:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 14:41 - 2016-01-16 02:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 14:41 - 2016-01-16 02:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 14:41 - 2016-01-16 02:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 14:41 - 2016-01-16 02:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 14:41 - 2016-01-16 02:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 14:41 - 2016-01-16 02:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 14:41 - 2016-01-16 02:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 14:41 - 2016-01-16 02:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 14:41 - 2016-01-16 02:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 14:41 - 2016-01-16 02:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 14:41 - 2016-01-16 02:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 14:41 - 2016-01-16 02:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 14:41 - 2016-01-16 02:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 14:41 - 2016-01-16 02:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 14:41 - 2016-01-16 02:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 14:41 - 2016-01-16 02:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 14:41 - 2016-01-16 02:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 14:41 - 2016-01-16 02:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 14:41 - 2016-01-16 02:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 14:41 - 2016-01-16 02:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 14:41 - 2016-01-16 02:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 14:41 - 2016-01-16 02:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 14:41 - 2016-01-16 02:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 14:41 - 2016-01-16 02:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 14:41 - 2016-01-16 02:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 14:41 - 2016-01-16 02:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 14:41 - 2016-01-16 02:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 14:41 - 2016-01-16 02:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 14:41 - 2016-01-16 02:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 14:41 - 2016-01-16 02:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 14:41 - 2016-01-16 02:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2016-02-26 12:00 - 2015-05-15 12:23 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-02-26 12:00 - 2015-05-15 12:23 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-02-26 11:52 - 2015-01-19 21:26 - 00004182 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4159886E-1609-4969-BE26-DD0156B7DBEB}
2016-02-26 11:45 - 2015-03-22 17:12 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-26 11:18 - 2015-01-20 07:48 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-25 20:32 - 2015-12-04 03:23 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2016-02-25 20:32 - 2015-12-04 03:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-25 20:32 - 2015-01-20 09:17 - 00000000 ____D C:\Users\Pablo\AppData\Local\NVIDIA
2016-02-25 20:31 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-25 17:31 - 2015-01-24 07:40 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro
2016-02-25 17:31 - 2015-01-24 07:40 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-25 17:30 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-25 17:22 - 2015-01-20 07:48 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-25 17:21 - 2015-10-29 16:00 - 00000000 ___RD C:\Users\Pablo\Google Drive
2016-02-25 17:21 - 2015-08-19 07:03 - 00000000 ____D C:\Users\Todos os Usuários\ASUS Smart Gesture
2016-02-25 17:21 - 2015-08-19 07:03 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-02-25 17:21 - 2015-08-18 17:31 - 00000000 __SHD C:\Users\Pablo\IntelGraphicsProfiles
2016-02-25 17:21 - 2015-01-20 05:21 - 00000062 _____ C:\Users\Pablo\AppData\Roaming\sp_data.sys
2016-02-25 17:21 - 2015-01-19 21:22 - 00000000 ___RD C:\Users\Pablo\OneDrive
2016-02-23 21:06 - 2015-12-04 03:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-23 21:06 - 2015-10-30 03:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-23 21:06 - 2015-05-26 16:27 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-23 19:25 - 2015-10-30 16:12 - 00892636 _____ C:\WINDOWS\system32\prfh0416.dat
2016-02-23 19:25 - 2015-10-30 16:12 - 00194992 _____ C:\WINDOWS\system32\prfc0416.dat
2016-02-23 19:25 - 2015-08-18 17:24 - 02089448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-23 19:20 - 2015-08-19 08:45 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-02-23 19:20 - 2015-08-19 08:45 - 00000286 __RSH C:\ProgramData\ntuser.pol
2016-02-23 19:16 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-23 18:03 - 2015-08-20 11:31 - 00004282 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-23 18:01 - 2015-05-26 18:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-23 17:58 - 2015-01-24 06:46 - 00000000 ____D C:\AdwCleaner
2016-02-23 17:05 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-23 16:56 - 2015-08-20 11:31 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-02-22 17:39 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-22 16:47 - 2015-10-30 03:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-21 15:50 - 2015-12-04 03:28 - 00000000 ____D C:\Users\Pablo
2016-02-21 15:49 - 2015-01-21 15:14 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2016-02-21 15:49 - 2015-01-21 15:14 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-02-21 14:03 - 2014-01-24 08:21 - 00002248 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2016-02-21 14:01 - 2014-01-24 08:24 - 00002426 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2016-02-21 13:59 - 2015-01-19 21:59 - 00002788 _____ C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2016-02-21 13:59 - 2014-01-24 08:21 - 00002332 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2016-02-21 13:57 - 2015-06-23 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\proDAD
2016-02-21 13:57 - 2015-06-23 14:27 - 00000000 ____D C:\Program Files\proDAD
2016-02-21 11:00 - 2015-01-20 05:20 - 00000000 ____D C:\Users\Pablo\AppData\Local\Packages
2016-02-21 10:49 - 2015-08-20 11:31 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-02-21 10:49 - 2015-08-20 11:31 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-02-21 10:49 - 2015-08-20 11:31 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-02-21 10:49 - 2015-08-20 11:31 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-02-21 10:49 - 2015-08-20 11:31 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-02-21 10:49 - 2015-08-20 11:31 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-02-21 10:49 - 2015-08-20 11:31 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-02-21 10:49 - 2015-08-20 11:30 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-02-21 10:49 - 2015-08-20 11:30 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-21 10:49 - 2015-08-20 11:30 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-20 19:18 - 2015-01-20 09:42 - 00000000 ____D C:\Users\Pablo\AppData\Local\Spotify
2016-02-20 18:25 - 2015-01-20 09:39 - 00000000 ____D C:\Users\Pablo\AppData\Roaming\Spotify
2016-02-20 14:22 - 2015-01-20 05:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-20 14:13 - 2015-10-30 16:15 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-20 13:44 - 2015-01-27 14:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-20 13:41 - 2015-01-27 14:03 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-02-20 13:37 - 2012-07-26 02:26 - 00000199 _____ C:\WINDOWS\win.ini
2016-02-20 13:32 - 2015-01-20 06:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-20 13:11 - 2015-01-20 06:17 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-20 11:20 - 2015-01-20 07:52 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 11:13 - 2015-01-20 07:48 - 00004164 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-20 11:13 - 2015-01-20 07:48 - 00003932 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-11 09:07 - 2015-08-18 17:39 - 00002421 _____ C:\Users\Pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-04 11:31 - 2015-01-21 15:45 - 00000000 ____D C:\Users\Pablo\Documents\Finanças
2016-02-04 09:38 - 2015-03-18 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-03 20:06 - 2015-01-24 10:15 - 00000000 ____D C:\Users\Pablo\Documents\eBooks
2016-02-03 16:01 - 2015-10-30 04:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 16:01 - 2015-10-30 04:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-30 02:31 - 2015-10-30 04:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-30 02:31 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-30 02:31 - 2015-10-30 04:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-30 02:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-30 02:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-30 02:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-30 02:31 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\bcastdvr
 
==================== Arquivos na raiz de alguns diretórios =======
 
2015-09-15 13:25 - 2015-09-15 13:28 - 0000132 _____ () C:\Users\Pablo\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-01-20 05:21 - 2016-02-25 17:21 - 0000062 _____ () C:\Users\Pablo\AppData\Roaming\sp_data.sys
2015-01-21 15:14 - 2015-04-22 12:02 - 0049536 _____ () C:\Users\Pablo\AppData\Roaming\unins000.dat
2015-04-22 12:02 - 2015-04-22 12:02 - 0811218 _____ () C:\Users\Pablo\AppData\Roaming\unins000.exe
2015-04-22 11:38 - 2015-05-26 18:53 - 0017780 _____ () C:\Users\Pablo\AppData\Roaming\unins001.dat
2015-04-22 11:38 - 2015-05-26 18:53 - 0730322 _____ () C:\Users\Pablo\AppData\Roaming\unins001.exe
2015-12-04 03:24 - 2015-12-04 03:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-26 23:48 - 2015-02-26 23:48 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Alguns arquivos em TEMP:
====================
C:\Users\Pablo\AppData\Local\Temp\Crack.exe__15047_i1878001751_il62933.exe
C:\Users\Pablo\AppData\Local\Temp\sqlite3.dll
C:\Users\Pablo\AppData\Local\Temp\uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
 
LastRegBack: 2016-02-26 10:26
 
==================== Fim de FRST.txt ============================

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 26 February 2016 - 08:25 PM

Hi PabloMello,

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time
  • McAfee
  • C:\Program Files (x86)\McAfee

=======================================================================================

 

Step 1:
FRST Script:
Please download this attached  Attached File  Fixlist.txt   11.06KB   5 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 PabloMello

PabloMello
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 27 February 2016 - 08:51 AM

Hi, Yılmaz,

 

I didn't find McAfee through the 'AppWiz' command, neither on the 'Program Files (x86)' folder. Attached here two screenshots to show you it really wasn't there.

 

Attached also the report (2016.02.27-10.34.34-i0-t92-d1.txt) generated by Zemana AntiMalware Free, as you requested me to do.

 

Here is the content of 'Fixlog.txt':

 

---

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:24-02-2016
Executado por Pablo (2016-02-27 10:08:49) Run:1
Executando a partir de C:\Users\Pablo\Desktop
Perfis Carregados: Pablo (Perfis Disponíveis: Pablo & DefaultAppPool)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************

start
Task: {04C52976-BE83-4D4C-B450-9C8462C6285D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {464243FF-D12D-4C38-A73F-67065B72B5ED} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {4F79C060-3B8F-4EF3-B170-E5FEBD0C516F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {795C6B57-9CE6-46D5-950B-88A4598E4A12} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {7EB536CD-3C19-457A-B983-EE848DB8AE33} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {91455354-8E30-4CAF-B6E6-AB43A473C475} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {A6C04494-A982-4105-A1B7-A92E3A59508B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO
Task: {A938437E-7D93-4D0E-AF66-C9A1A6794154} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
Task: {AB05CD87-7581-4E0A-AB22-53DE994ED85A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {AE312ABE-50C6-4AEA-A655-5A40127076BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {D1A8017F-DF06-4651-BB43-FF205A0BA0A9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {FC7F861F-4908-4EBA-BB4B-093E45DD6BEB} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATENÇÃO
2016-02-25 17:21 - 2016-02-25 17:21 - 00098816 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32api.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00110080 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pywintypes27.dll
2016-02-25 17:21 - 2016-02-25 17:21 - 00364544 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pythoncom27.dll
2016-02-25 17:21 - 2016-02-25 17:21 - 00320512 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32com.shell.shell.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00776704 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_hashlib.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 01176576 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._core_.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00806400 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._gdi_.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00816128 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._windows_.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 01067008 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._controls_.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00733184 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._misc_.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00682496 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pysqlite2._sqlite.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00088064 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_ctypes.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00119808 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32file.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00108544 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32security.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00007168 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\hashobjs_ext.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00017920 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\thumbnails_ext.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00088064 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\usb_ext.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00167936 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32gui.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00018432 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32event.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00046080 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_socket.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 01208320 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_ssl.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00128512 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_elementtree.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00127488 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pyexpat.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00013824 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\common.time34.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00036864 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_psutil_windows.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00038912 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32inet.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00525240 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\windows._lib_cacheinvalidation.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00011264 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32crypt.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00077312 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._html2.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00027136 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_multiprocessing.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00020480 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_yappi.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00035840 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32process.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00686080 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\unicodedata.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00078848 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._animate.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00123392 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._wizard.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00024064 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32pipe.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00010240 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\select.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00025600 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32pdh.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00017408 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32profile.pyd
2016-02-25 17:21 - 2016-02-25 17:21 - 00022528 _____ () C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32ts.pyd
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:054203E4
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
FirewallRules: [{FF3FE25D-08BC-49CC-BDA5-461EE086551D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9B4CFCCE-F5A0-4ED1-B906-9DB89332914A}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E043B11F-E545-419E-A1E1-754334EDCBCC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A8FFECAD-ECFC-469B-8E88-287887F0A338}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CBF1B2F9-263D-4865-84CE-09E5694B72A5}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{26D85A78-C6C8-4702-B005-9E8DA9653FA1}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{69730051-E566-4E1C-A7F5-57B7EDEA2F00}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D5DF2BBD-411E-48B3-8A38-BE44C0260F71}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{DA468F2F-D03E-448F-9D1B-38CA194DF50E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{3E395258-3955-49AD-84F4-9C694A6219DB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8E64C43B-EC2A-4B32-BDB6-8C439888D69C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{06B5FDED-9A12-4277-BF2C-EAA6D908992F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C89E6292-EA38-42B3-BBF5-37D10CC37167}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CA2BEBD5-09BF-4051-924F-AB3D2D11BEDA}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Policies\Explorer: []
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
FF ProfilePath: C:\Users\Pablo\AppData\Roaming\Mozilla\Firefox\Profiles\n9rmm0kt.default-1456269566277
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Nenhum Arquivo]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Nenhum Arquivo]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => não encontrado (a)
CHR HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
C:\Users\Pablo\Downloads\Crack.exe__15047_i1878001751_il62933.7z
C:\Users\Pablo\Downloads\yet_another_cleaner_sfto.exe
C:\Users\Pablo\AppData\Roaming\FreeFileSync
C:\Users\Pablo\AppData\Roaming\sp_data.sys
2015-09-15 13:25 - 2015-09-15 13:28 - 0000132 _____ () C:\Users\Pablo\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-01-20 05:21 - 2016-02-25 17:21 - 0000062 _____ () C:\Users\Pablo\AppData\Roaming\sp_data.sys
2015-01-21 15:14 - 2015-04-22 12:02 - 0049536 _____ () C:\Users\Pablo\AppData\Roaming\unins000.dat
2015-04-22 12:02 - 2015-04-22 12:02 - 0811218 _____ () C:\Users\Pablo\AppData\Roaming\unins000.exe
2015-04-22 11:38 - 2015-05-26 18:53 - 0017780 _____ () C:\Users\Pablo\AppData\Roaming\unins001.dat
2015-04-22 11:38 - 2015-05-26 18:53 - 0730322 _____ () C:\Users\Pablo\AppData\Roaming\unins001.exe
2015-12-04 03:24 - 2015-12-04 03:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-25 19:39 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-25 19:39 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-25 19:39 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
C:\Users\Pablo\AppData\Local\Temp\Crack.exe__15047_i1878001751_il62933.exe
C:\Users\Pablo\AppData\Local\Temp\sqlite3.dll
C:\Users\Pablo\AppData\Local\Temp\uninstall.exe
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Emptytemp:
end

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04C52976-BE83-4D4C-B450-9C8462C6285D}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04C52976-BE83-4D4C-B450-9C8462C6285D}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{464243FF-D12D-4C38-A73F-67065B72B5ED}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{464243FF-D12D-4C38-A73F-67065B72B5ED}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F79C060-3B8F-4EF3-B170-E5FEBD0C516F}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F79C060-3B8F-4EF3-B170-E5FEBD0C516F}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{795C6B57-9CE6-46D5-950B-88A4598E4A12}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{795C6B57-9CE6-46D5-950B-88A4598E4A12}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EB536CD-3C19-457A-B983-EE848DB8AE33}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EB536CD-3C19-457A-B983-EE848DB8AE33}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91455354-8E30-4CAF-B6E6-AB43A473C475}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91455354-8E30-4CAF-B6E6-AB43A473C475}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6C04494-A982-4105-A1B7-A92E3A59508B}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6C04494-A982-4105-A1B7-A92E3A59508B}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A938437E-7D93-4D0E-AF66-C9A1A6794154}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A938437E-7D93-4D0E-AF66-C9A1A6794154}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB05CD87-7581-4E0A-AB22-53DE994ED85A}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB05CD87-7581-4E0A-AB22-53DE994ED85A}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE312ABE-50C6-4AEA-A655-5A40127076BA}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE312ABE-50C6-4AEA-A655-5A40127076BA}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1A8017F-DF06-4651-BB43-FF205A0BA0A9}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1A8017F-DF06-4651-BB43-FF205A0BA0A9}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC7F861F-4908-4EBA-BB4B-093E45DD6BEB}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7F861F-4908-4EBA-BB4B-093E45DD6BEB}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => chave removido (a) com sucesso.
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32api.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pywintypes27.dll" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pythoncom27.dll" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32com.shell.shell.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_hashlib.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._core_.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._gdi_.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._windows_.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._controls_.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._misc_.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pysqlite2._sqlite.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_ctypes.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32file.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32security.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\hashobjs_ext.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\thumbnails_ext.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\usb_ext.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32gui.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32event.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_socket.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_ssl.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_elementtree.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\pyexpat.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\common.time34.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_psutil_windows.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32inet.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\windows._lib_cacheinvalidation.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32crypt.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._html2.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_multiprocessing.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\_yappi.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32process.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\unicodedata.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._animate.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\wx._wizard.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32pipe.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\select.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32pdh.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32profile.pyd" => não encontrado (a).
"C:\Users\Pablo\AppData\Local\Temp\_MEI22562\win32ts.pyd" => não encontrado (a).
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removido (a) com sucesso..
C:\ProgramData\Temp => ":054203E4" ADS removido (a) com sucesso..
"C:\Users\Todos os Usuários\Reprise" => ":wupeogjxldtlfudivq`qsp`26hfm" ADS não encontrado (a).
"C:\Users\Todos os Usuários\Temp" => ":054203E4" ADS não encontrado (a).

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.


========= Fim de Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

A opera‡Æo foi conclu¡da com ˆxito.



========= Fim de Reg: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF3FE25D-08BC-49CC-BDA5-461EE086551D} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B4CFCCE-F5A0-4ED1-B906-9DB89332914A} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E043B11F-E545-419E-A1E1-754334EDCBCC} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8FFECAD-ECFC-469B-8E88-287887F0A338} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBF1B2F9-263D-4865-84CE-09E5694B72A5} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{26D85A78-C6C8-4702-B005-9E8DA9653FA1} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69730051-E566-4E1C-A7F5-57B7EDEA2F00} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5DF2BBD-411E-48B3-8A38-BE44C0260F71} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA468F2F-D03E-448F-9D1B-38CA194DF50E} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3E395258-3955-49AD-84F4-9C694A6219DB} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8E64C43B-EC2A-4B32-BDB6-8C439888D69C} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06B5FDED-9A12-4277-BF2C-EAA6D908992F} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C89E6292-EA38-42B3-BBF5-37D10CC37167} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA2BEBD5-09BF-4051-924F-AB3D2D11BEDA} => valor removido (a) com sucesso.
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => valor removido (a) com sucesso.
HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => valor removido (a) com sucesso.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
FF ProfilePath: C:\Users\Pablo\AppData\Roaming\Mozilla\Firefox\Profiles\n9rmm0kt.default-1456269566277 => A FRST é programada para não mover este diretório.
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => chave removido (a) com sucesso.
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => valor removido (a) com sucesso.
"HKU\S-1-5-21-3361239562-2013860233-1157577440-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => chave removido (a) com sucesso.
HipShieldK => serviço removido (a) com sucesso.
mfencbdc => serviço removido (a) com sucesso.
mfencrk => serviço removido (a) com sucesso.
C:\Users\Pablo\Downloads\Crack.exe__15047_i1878001751_il62933.7z => movido com sucesso
C:\Users\Pablo\Downloads\yet_another_cleaner_sfto.exe => movido com sucesso
C:\Users\Pablo\AppData\Roaming\FreeFileSync => movido com sucesso
C:\Users\Pablo\AppData\Roaming\sp_data.sys => movido com sucesso
C:\Users\Pablo\AppData\Roaming\Adobe PNG Format CS6 Prefs => movido com sucesso
"C:\Users\Pablo\AppData\Roaming\sp_data.sys" => não encontrado (a).
C:\Users\Pablo\AppData\Roaming\unins000.dat => movido com sucesso
C:\Users\Pablo\AppData\Roaming\unins000.exe => movido com sucesso
C:\Users\Pablo\AppData\Roaming\unins001.dat => movido com sucesso
C:\Users\Pablo\AppData\Roaming\unins001.exe => movido com sucesso
C:\ProgramData\DP45977C.lfl => movido com sucesso
C:\ProgramData\SetStretch.cmd => movido com sucesso
C:\ProgramData\SetStretch.exe => movido com sucesso
C:\ProgramData\SetStretch.VBS => movido com sucesso
C:\Users\Pablo\AppData\Local\Temp\Crack.exe__15047_i1878001751_il62933.exe => movido com sucesso
C:\Users\Pablo\AppData\Local\Temp\sqlite3.dll => movido com sucesso
C:\Users\Pablo\AppData\Local\Temp\uninstall.exe => movido com sucesso

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

A opera‡Æo foi conclu¡da com ˆxito.



========= Fim de Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

A opera‡Æo foi conclu¡da com ˆxito.



========= Fim de Reg: =========

EmptyTemp: => 2.1 GB de dados temporários Removidos.


O sistema precisou ser reiniciado.

==== Fim de Fixlog 10:10:51 ====

Attached Files



#6 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 27 February 2016 - 01:54 PM

Good Job. :thumbup2: No problem.

 

Please do the following.

 

Please run:

http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp

MPCR.exe

===================================================================================

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 4:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   103 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Edited by olgun52, 27 February 2016 - 02:05 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 PabloMello

PabloMello
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 28 February 2016 - 09:42 AM

Hi, Yılmaz,

 

Did all you asked.

 

I'll put the contents of the logs created by AdwCleaner, Junkware Removal Tool and ZHPclearer below, in this order, right? The file with the Zoek results is attached to this reply, as you demanded.

 

---

 

- AdwCleaner's log content:

 

# AdwCleaner v5.036 - Relatório criado 27/02/2016 às 16:04:13
# Atualizado 22/02/2016 por Xplode
# Banco de dados : 2016-02-27.1 [Servidor]
# Sistema operacional : Windows 10 Home Single Language  (x64)
# Usuário : Pablo - NOTEBOOK-PABLO
# Executando de : C:\Users\Pablo\Downloads\adwcleaner_5.036(1).exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****


***** [ Arquivos ] *****


***** [ DLLs ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

[-] [C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Excluído : br.ask.com
[-] [C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : lfmhcpmkbdkbgbmkjoiopeeegenkdikp

*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [6748 bytes] - [23/02/2016 17:58:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [1086 bytes] - [27/02/2016 16:04:13]
C:\AdwCleaner\AdwCleaner[R0].txt - [3328 bytes] - [24/01/2015 06:47:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [3118 bytes] - [24/01/2015 06:51:30]
C:\AdwCleaner\AdwCleaner[S1].txt - [6784 bytes] - [23/02/2016 17:54:46]
C:\AdwCleaner\AdwCleaner[S2].txt - [1350 bytes] - [27/02/2016 16:01:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1451 bytes] ##########
 

---

 

- Junkware Removal Tool's log contents:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home Single Language x64
Ran by Pablo (Administrator) on 27/02/2016 at 16:13:33,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/02/2016 at 16:32:23,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

---

 

- ZHPcleaner's log content:

 

~ ZHPCleaner v2016.2.25.35 by Nicolas Coolman (2016/02/25)
~ Run by Pablo (Administrator)  (27/02/2016 16:43:57)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparo
~ Report : C:\Users\Pablo\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Pablo\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 10586)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (25)
MOVIDO pasta: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico
MOVIDO arquivo: C:\Users\Pablo\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>PUP.Optional.DomaIQ
MOVIDO arquivo: C:\WINDOWS\Installer\MSI360D.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI3FF9.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI540A.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI648D.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI6886.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI7DDE.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI809E.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI8264.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI8ADB.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI8D28.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI9143.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI923E.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI92DB.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSI93C6.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIB986.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIBFE0.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIC1C6.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIED0B.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIEED2.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIEF8E.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIF14A.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIF36E.tmp-  =>Empty
MOVIDO arquivo: C:\WINDOWS\Installer\MSIF40B.tmp-  =>Empty


---\\  Registro ( Chaves, Valores, Dados ) (4)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\WinDivert1.1 [C:\Program Files\KMSpico\WinDivert.sys (Not File)]  =>HackTool.KMSpico
SUPRIMIDO valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BoBrowser [0x03000000B89473749734D001]  =>PUP.Optional.BoBrowser
SUPRIMIDO valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\ContentExplorer [0x020000000000000000000000]  =>PUP.Optional.ContentExplorer
SUPRIMIDO valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\SmartWeb.lnk [0x020000000000000000000000]  =>PUP.Optional.SmartWebSearch


---\\  Resumo dos elementos encontrados na sua estação de trabalho (5)
http://www.nicolascoolman.fr/?p=989  =>HackTool.KMSpico
http://www.nicolascoolman.fr/?p=679  =>PUP.Optional.DomaIQ
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.BoBrowser
http://www.nicolascoolman.fr/?p=1335  =>PUP.Optional.ContentExplorer
http://www.nicolascoolman.fr/?p=29  =>PUP.Optional.SmartWebSearch


---\\  Dodatkowe oczyszczenie. (5)
~ Chave de registro Tracing Supprimido (5)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 714
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 29


~ End of clean in 00h00mn16s
===================
ZHPCleaner-[R]-27022016-16_44_13.txt
ZHPCleaner-[S]-27022016-16_43_18.txt
 

---

 

Thanks again for the hand!

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 28 February 2016 - 09:02 PM

Hi again,

 

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================

How is the machine running now and any issues ? Please let me know.

 

'searchinterneat-a.akamaihd.net' ?????

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 PabloMello

PabloMello
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 29 February 2016 - 05:25 PM

Hi, Yilmaz,

 

Did what you asked again.

 

After all, when i first tried to use Chrome, to check if "searchinterneat-a.akamaihd.net" was still here, i was quite disappointed. Tried to search for something on Google, using Chrome's 'address bar', and was redirected to Yahoo, while "searchinterneat-a.akamaihd.net" appeared on the address bar. I decided, so, to uninstall Chrome, and install it back. Surprisingly, after that, i don't know why, everything seems to be fine! The browser looks clear, and i can make searches on Google again. For now, i don't see anything that looks like an infection on my machine. Do you think it's clean, now?

 

I thank you so much. Below, i'll paste the MBAM's log content, and after that, the ESET's log content.

 

---

 

MBAM's log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data da verificação: 29/02/2016
Hora da verificação: 15:20
Arquivo de registro: 
Administrador: Sim
 
Versão: 2.2.0.1024
Banco de dados de malware: v2016.02.29.04
Banco de dados de rootkit: v2016.02.27.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado
 
Sistema operacional: Windows 10
CPU: x64
Sistema de arquivos: NTFS
Usuário: Pablo
 
Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 460200
Tempo decorrido: 30 min, 39 seg
 
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
 
Processos: 0
(Nenhum item malicioso detectado)
 
Módulos: 0
(Nenhum item malicioso detectado)
 
Chaves de registro: 0
(Nenhum item malicioso detectado)
 
Valores de registro: 0
(Nenhum item malicioso detectado)
 
Dados de registro: 0
(Nenhum item malicioso detectado)
 
Pastas: 0
(Nenhum item malicioso detectado)
 
Arquivos: 0
(Nenhum item malicioso detectado)
 
Setores físicos: 0
(Nenhum item malicioso detectado)
 
 
(end)

 

---

 

ESET's log:

 

C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir a variant of Win64/Toolbar.Perion.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\bugreport.exe.vir a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeBugReport.exe.vir a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafeclc.dll.vir a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafeclcv.dll.vir a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\isafembp.dll.vir a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeRKScanShell64.dll.vir a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\iSafeTHlp64.exe.vir a variant of Win32/ELEX.CC potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\uninstall.exe.vir a variant of Win32/ELEX.DB potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Elex-tech\YAC\data\fst.dat.vir Win32/Toolbar.TNT2.I potentially unwanted application deleted
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Cache\f_000002.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\14.js.vir JS/Toolbar.Crossrider.O potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\180.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\200.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\263.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\267.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\281.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\289.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\47.js.vir JS/Toolbar.Crossrider.M potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\64.js.vir JS/Toolbar.Crossrider.P potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\93.js.vir JS/Toolbar.Crossrider.J potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\extensionData\plugins\97.js.vir JS/Toolbar.Crossrider.N potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\82dc7dc4446ce7191795dcd54715f384.js.vir JS/Toolbar.Crossrider.E potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\main.js.vir JS/Toolbar.Crossrider.R potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\api\17cfec9a91fbf67bb9dfd4747c2f9b74.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\api\6129332779167e26ffb504f4c2994729.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\api\a4cd58af0ee58212a12964c260359cc2.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\api\a7b875912687a6178295a12938cc9e09.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\lib\04963cf5b2204f65f3b6d8e8fa745897.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\lib\3411c845947e8025b4d7bb36939c158e.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\lib\5013be69beb3f1fd11a5ba58c5bb21cd.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\lib\6084f51bf303cfdc08e37b7f48bb0b5e.js.vir JS/Toolbar.Crossrider.H potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\lib\61924c323df868d2d7bdbe8a61c4925d.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\lib\be877e7223e5c0646deecc350c111a5b.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.14_0\js\lib\cf9e78da1e6dea50b071526f3af2a945.js.vir JS/Toolbar.Crossrider.G potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\gfmdmibgfbecppaeocifplgmepgcpcbi\1.3.0.9509_0\scripts\content\montiera.js.vir JS/ClaraLab.A potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Pablo\AppData\Local\BoBrowser\User Data\Default\Extensions\gfmdmibgfbecppaeocifplgmepgcpcbi\1.3.0.9509_0\scripts\content\scriptInjection.js.vir JS/ClaraLab.A potentially unwanted application cleaned by deleting
C:\Program Files\Adobe\Adobe Lightroom\adobe.snr.patch-painter.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application cleaned by deleting
C:\Users\Pablo\AppData\Roaming\ZHP\Quarantine\SECOH-QAD.exe Win64/HackKMS.C potentially unsafe application cleaned by deleting
C:\Windows\SECOH-QAD.dll Win64/HackKMS.D potentially unsafe application cleaned by deleting
 
 
---
 
That's it! Thanks!
 
Waiting for further instructions.


#10 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 29 February 2016 - 05:45 PM

Hi PabloMello,

I deleted it. But it stuck to the browser. It  now completely removed.
=======================================================
Java update:
Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 73
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

=================================================================================
Your Adobe Acrobat Reader DC is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Acrobat Reader DC to your PC's desktop.

  • Uninstall Adobe reader via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg


Edited by olgun52, 28 March 2016 - 02:07 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 PabloMello

PabloMello
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 01 March 2016 - 09:35 AM

Thank you so much, Yilmaz! My PC really seems to be ok, now!

 

I've already updated Java and Adobe Reader.

 

Thanks again!



#12 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 01 March 2016 - 09:46 AM

Thank you so much, Yilmaz! My PC really seems to be ok, now!
 
I've already updated Java and Adobe Reader.
 
Thanks again!


You're welcome :thumbup2:

 

Thank you for your patience.  Please do the following:

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices

How Malware Spreads - How your system gets infected

Best Practices for Safe Computing - Prevention of Malware Infection

 

Some safety suggestions !

Best regards.wave.gif


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,786 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:19 PM

Posted 07 March 2016 - 04:59 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users