Páginas da internet estão desconfiguradas

Boa  noite !

Editando :


A  web  ao  navegar as páginas  estão  desconfiguradas .   Principalmente serviços de e-mail .


É ; segundo a  MP ;  parece  infecção nova  mesmo . Segue <<<<   R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:24:59, on 30/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\EDSON\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\fce9a71d-6b0c-45ee-9660-1d03808a63c0.exe /check
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5965 bytes




Abraços

   Olá TEXTECH.

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

*Execute-o e clique no botão Main Menu.

* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].

*Um relatório será apresentado.

*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).

Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.

Ficamos no aguardo de sua resposta.

Boa noite !



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:24:59, on 30/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\EDSON\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\fce9a71d-6b0c-45ee-9660-1d03808a63c0.exe /check
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5965 bytes


Abraços

Olá TEXTECH


Power Max deve estar no trampo. Darei uma cobertura até seu retorno.


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Smeenk) e salve-o no Desktop

*Clique com o botão direito do mouse no zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Copie e cole as linhas em marrom no espaço do zoek

autoclean;
emptyalltemp;

*Feche o seu navegador e clique [Run Script]

*Durante o scan as mensagens abaixo serão apresentadas. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

*Cole ou anexe o relatório C:\zoek-results.txt

Boa  noite !    Wings


A janela padrão do  programa abriu; mas pode se dizer incompleta .   Após minutos está na mesma :


[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]



Abraços

Boa  noite !



Eu  reiniciei o sistema .    Repeti  os  proçedimentos; com a opção <<<  baixar o zoek com arquivo zip .    E deu  certo; abriu por  completo :


Ao  término  do scan;  editarei  este  post !


Editando :



Zoek.exe v5.0.0.0 Updated 29-January-2014
Tool run by EDSON on 30/01/2014 at 20:33:27,32.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\EDSON\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

30/01/2014 20:44:46 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29/01/2014 15:30]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\EDSON\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[07/12/2013 15:27]

EDSON\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
EDSON\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Page"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Users\EDSON\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully
C:\Users\EDSON\AppData\Local\Google\Chrome\User Data\Profile 5\Cache emptied successfully
C:\Users\EDSON\AppData\Local\COMODO\Dragon\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\EDSON\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\EDSON\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/01/2014 at 21:07:30,53 ======================


Abraços

Informe como está o PC.

Bom fim de noite !



Está tudo bem agora .



Obrigado

Delete o zoek, o relatório C:\zoek-results.txt e a pasta C:\zoek_backup


Um abraço...

TÓPICO REABERTO

O tópico reaberto a pedido do(a) autor(a).

Boa  noite !   Wings



Bem dizer depois de 24 h; meu pc voltou a ter problemas :  


1 - Ora restaura o sistema ora não restaura ( este já era antigo ) :  

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

  

2 - O avast - mesmo com ele sendo iniciado junto com o windows; é desligado sozinha a tua proteção ativa; ao reiniciar o sistema . Nunca acontecia isto ; com ele aqui já faz uns 6 meses .    

3 - E como sempre meu caro colega wings; navegação péssima .      



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:25:59, on 31/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\EDSON\Downloads\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5755 bytes



Obrigado

Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Aceite o contrato, clique [Scan] e ao término clique [OK] > [OK]

*Cole ou anexe os relatórios FRST.txt e Addition.txt criados no Desktop


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Farbar) e salve-o no Desktop (Área de Trabalho)

*Execute-o, selecione todas as opções e clique [Scan]

*Anexe o relatório FSS.txt localizado no Desktop

Boa  noite !  Wings



Farbar Service Scanner Version: 08-01-2014
Ran by EDSON (administrator) on 31-01-2014 at 19:40:11
Running from "C:\Users\EDSON\Downloads"
Microsoft Windows 7 Home Basic  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-16 20:07] - [2013-09-13 22:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-16 20:07] - [2013-09-08 00:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 11:01] - [2013-07-09 02:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[] - [] - 0000000 ____A (Microsoft Corporation)

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Já  o outro  constou  :



[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]



A versão do arquivo do programa não é compatível com o meu windows .

Ops...


Desculpe, enviei o link da versão errada...

Delete o FRST64


Baixe esta versão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Segue :


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by EDSON (administrator) on EDSON-PC on 31-01-2014 19:49:48
Running from C:\Users\EDSON\Downloads
Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link for 64-Bit Version: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Processes (Whitelisted) ===================

(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Gadwin Systems, Inc) C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-29] (AVAST Software)
Winlogon\Notify\ GbPluginBb: C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
HKCU\...\Winlogon: [Shell] Explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\EDSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x72D722BFAF4CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - URL [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - SuggestionsURL_JSON [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - TopResultURLFallback [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - URL [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - SuggestionsURL_JSON [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - TopResultURLFallback [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1652584 2012-12-26] (Caixa Economica Federal)
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1487912 2013-10-07] (Banco do Brasil)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-02]
CHR HKCU\...\Chrome\Extension: [pgacfjdigcddmmncljpflgcfpfahebkh] - C:\Users\EDSON\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [2013-06-19]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-29] (AVAST Software)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-01-28] ()
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [452136 2013-10-08] (GAS Tecnologia)

==================== Drivers (Whitelisted) ====================

R1 360FileOem; C:\Windows\system32\drivers\360FileOem.sys [152880 2013-01-17] (360.cn)
R0 360HookOem; C:\Windows\System32\drivers\360HookOEM.sys [61488 2013-01-17] (360安全中心)
R1 360RegOem; C:\Windows\system32\drivers\360RegOem.sys [29744 2013-01-17] (360安全中心)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-02] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-29] ()
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-20] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2013-04-15] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [581912 2013-04-15] (COMODO)
S3 cxbu0wdm; C:\Windows\System32\DRIVERS\cxbu0wdm.sys [119040 2011-09-06] (HID Global Corporation)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 Ndisrd; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-01-31] (GbPlugin NDIS Device Driver)
R3 NdisrdMP; C:\Windows\System32\DRIVERS\gbpndisrd.sys [31088 2014-01-31] (GbPlugin NDIS Device Driver)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\EDSON\AppData\Local\Temp\catchme.sys [x]
S0 tvelms; No ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\360FileOem.sys 31E96818831A9BDFEA233CF078A7DCB3
C:\Windows\System32\drivers\360HookOEM.sys C5CE40B86C1C58A96F59DF554CFBD912
C:\Windows\system32\drivers\360RegOem.sys D538CEAE6E9BBC0AA364CFF2380D24EE
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswMonFlt.sys 61953E5E1FFAEAF246A610BEE2554879
C:\Windows\system32\drivers\aswRdr2.sys 2206985EF126AB90F3D7F1A020589DC9
C:\Windows\system32\Drivers\aswRvrt.sys F385467DF95D0A73775CB3B076B8B969
C:\Windows\system32\drivers\aswSnx.sys 8CD8710457FCC1CDE88CBFA3AA119B92
C:\Windows\system32\drivers\aswSP.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\drivers\aswStm.sys BFE2A154BC197656ACA0FF917564406D
C:\Windows\system32\Drivers\aswVmm.sys 1B0662514A68C3A42E60D240C5ABEF28
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys 11EEFA7EB58D2C33FDE5930E2FC490DC
C:\Windows\System32\DRIVERS\cmdguard.sys 395EB1D5A2BEB44EACC5B13854D11D5E
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cxbu0wdm.sys B93F0125B1F47A8393938F3919A6565F
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gbpkm.sys 8F866DF9A974BFFDCB2001D303BC0695
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 24406D75B40F0F6B3C1AC7031D734565
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\gbpndisrd.sys B7CC2AF3D5604EFDC5F82AF7A5B21FB1
C:\Windows\System32\DRIVERS\gbpndisrd.sys B7CC2AF3D5604EFDC5F82AF7A5B21FB1
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys C58DB40E4C95BE8EE727BE872BE6383F
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 3983CEA05BB855351D75F5482B6C42CE
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\system32\drivers\TsUsbGD.sys 57C527AF84748B5C2F5178C499C0B81F
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-31 19:49 - 2014-01-31 19:50 - 00024450 _____ C:\Users\EDSON\Downloads\FRST.txt
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D C:\FRST
2014-01-31 19:48 - 2014-01-31 19:48 - 01137152 _____ (Farbar) C:\Users\EDSON\Downloads\FRST.exe
2014-01-30 20:15 - 2014-01-30 20:15 - 00594960 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D C:\Users\EDSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D C:\Program Files\Gadwin Systems
2014-01-30 09:43 - 2014-01-30 20:14 - 00002270 _____ C:\Windows\PFRO.log
2014-01-29 21:19 - 2014-01-31 18:47 - 00000168 _____ C:\Windows\setupact.log
2014-01-29 21:19 - 2014-01-29 21:19 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 15:53 - 2014-01-29 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-29 15:52 - 2014-01-29 15:52 - 00000029 _____ C:\Windows\system32\config.ini
2014-01-29 15:50 - 2014-01-29 15:50 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2014-01-27 18:00 - 2014-01-27 18:00 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2014-01-26 17:31 - 2014-01-26 17:31 - 00001229 _____ C:\INSTALL.LOG
2014-01-16 11:01 - 2014-01-16 11:01 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 11:01 - 2014-01-16 11:01 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 11:01 - 2014-01-16 11:01 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 11:01 - 2014-01-16 11:01 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:39 - 2014-01-16 10:41 - 02393640 _____ (Banco do Brasil SA) C:\Users\EDSON\Downloads\DiagnosticoBB (10).exe
2014-01-16 09:58 - 2014-01-16 10:00 - 02393640 _____ (Banco do Brasil SA) C:\Users\EDSON\Downloads\DiagnosticoBB (9).exe
2014-01-15 10:25 - 2013-11-26 09:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 10:25 - 2013-11-26 08:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 10:24 - 2013-11-26 23:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 10:24 - 2013-11-26 23:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 10:24 - 2013-11-26 23:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 10:24 - 2013-11-26 23:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 10:24 - 2013-11-26 23:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 10:24 - 2013-11-26 23:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 10:24 - 2013-11-26 23:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-09 10:12 - 2014-01-09 10:12 - 00000000 ____D C:\first_launch
2014-01-04 00:17 - 2014-01-04 00:17 - 00000000 ____D C:\Users\EDSON\AppData\Roaming\Malwarebytes
2014-01-04 00:16 - 2014-01-04 00:16 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 00:16 - 2014-01-04 00:16 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2014-01-04 00:16 - 2014-01-04 00:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-03 22:23 - 2014-01-27 10:51 - 00000000 ____D C:\Users\EDSON\AppData\Local\Adobe
2014-01-02 13:38 - 2014-01-04 00:01 - 00000000 ____D C:\Users\EDSON\AppData\Local\Comodo
2014-01-01 19:25 - 2014-01-04 00:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-01 19:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-01-31 19:50 - 2014-01-31 19:49 - 00024450 _____ C:\Users\EDSON\Downloads\FRST.txt
2014-01-31 19:49 - 2014-01-31 19:49 - 00000000 ____D C:\FRST
2014-01-31 19:48 - 2014-01-31 19:48 - 01137152 _____ (Farbar) C:\Users\EDSON\Downloads\FRST.exe
2014-01-31 19:46 - 2012-06-17 18:03 - 00000000 ____D C:\Users\EDSON\Documents\PrintScreen Files
2014-01-31 19:31 - 2012-07-28 16:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 19:19 - 2012-09-22 19:29 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 18:52 - 2012-06-17 15:23 - 02071055 _____ C:\Windows\WindowsUpdate.log
2014-01-31 18:52 - 2009-07-14 02:34 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 18:52 - 2009-07-14 02:34 - 00026944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 18:47 - 2014-01-29 21:19 - 00000168 _____ C:\Windows\setupact.log
2014-01-31 18:47 - 2013-07-12 09:36 - 00031088 _____ (GbPlugin NDIS Device Driver) C:\Windows\system32\Drivers\GbpNdisrd.sys
2014-01-31 18:47 - 2012-07-28 16:44 - 00001050 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 18:47 - 2012-06-17 15:35 - 00000000 ____D C:\Users\EDSON
2014-01-31 18:47 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-31 18:46 - 2013-06-19 19:30 - 00000000 ____D C:\Users\EDSON\AppData\Local\GAS Tecnologia
2014-01-31 18:46 - 2012-07-16 13:56 - 00000000 ____D C:\Program Files\GbPlugin
2014-01-31 18:46 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\wfp
2014-01-31 18:46 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\registration
2014-01-31 18:46 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\AppCompat
2014-01-30 20:15 - 2014-01-30 20:15 - 00594960 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-30 20:14 - 2014-01-30 09:43 - 00002270 _____ C:\Windows\PFRO.log
2014-01-30 20:13 - 2012-10-22 13:28 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D C:\Users\EDSON\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2014-01-30 19:49 - 2014-01-30 19:49 - 00000000 ____D C:\Program Files\Gadwin Systems
2014-01-30 09:46 - 2012-10-21 16:49 - 00048392 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2014-01-30 09:46 - 2012-10-21 16:49 - 00000000 ____D C:\Program Files\Comodo
2014-01-29 21:19 - 2014-01-29 21:19 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 17:53 - 2012-06-17 15:19 - 00000000 ____D C:\Windows\Panther
2014-01-29 17:53 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\IME
2014-01-29 15:53 - 2014-01-29 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-29 15:52 - 2014-01-29 15:52 - 00000029 _____ C:\Windows\system32\config.ini
2014-01-29 15:50 - 2014-01-29 15:50 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2014-01-29 15:31 - 2013-12-20 11:45 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-29 15:31 - 2013-11-08 10:43 - 00410784 _____ C:\Windows\system32\Drivers\aswsp.sys
2014-01-29 15:31 - 2013-11-02 21:21 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-29 15:31 - 2013-11-02 21:21 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-29 15:31 - 2013-11-02 21:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-29 15:31 - 2013-04-28 16:33 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-27 22:15 - 2012-11-12 11:59 - 00000000 ____D C:\Users\EDSON\AppData\Roaming\Skype
2014-01-27 18:33 - 2013-04-16 17:29 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2014-01-27 18:33 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-27 18:33 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-27 18:00 - 2014-01-27 18:00 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2014-01-27 17:57 - 2012-10-29 22:43 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2014-01-27 17:57 - 2012-10-29 22:43 - 00000000 ____D C:\ProgramData\GbPlugin
2014-01-27 17:57 - 2012-06-17 15:15 - 00000000 ____D C:\Windows.old
2014-01-27 17:57 - 2012-06-17 13:35 - 00000000 ____D C:\inetpub
2014-01-27 10:51 - 2014-01-03 22:23 - 00000000 ____D C:\Users\EDSON\AppData\Local\Adobe
2014-01-27 10:48 - 2012-09-22 19:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 10:48 - 2012-09-22 19:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 10:30 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF
2014-01-26 17:31 - 2014-01-26 17:31 - 00001229 _____ C:\INSTALL.LOG
2014-01-16 11:01 - 2014-01-16 11:01 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 11:01 - 2014-01-16 11:01 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 11:01 - 2014-01-16 11:01 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 11:01 - 2014-01-16 11:01 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:46 - 2013-06-19 19:30 - 00096409 _____ C:\Users\EDSON\AppData\Roaming\unins000.dat
2014-01-16 10:41 - 2014-01-16 10:39 - 02393640 _____ (Banco do Brasil SA) C:\Users\EDSON\Downloads\DiagnosticoBB (10).exe
2014-01-16 10:00 - 2014-01-16 09:58 - 02393640 _____ (Banco do Brasil SA) C:\Users\EDSON\Downloads\DiagnosticoBB (9).exe
2014-01-15 23:17 - 2013-07-15 17:50 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 23:17 - 2013-04-16 17:28 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2014-01-15 23:17 - 2013-04-16 17:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-15 23:15 - 2012-06-17 16:23 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 12:03 - 2011-04-12 02:47 - 00708582 _____ C:\Windows\system32\prfh0416.dat
2014-01-09 12:03 - 2011-04-12 02:47 - 00148362 _____ C:\Windows\system32\prfc0416.dat
2014-01-09 12:03 - 2010-11-20 19:01 - 01643178 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 10:12 - 2014-01-09 10:12 - 00000000 ____D C:\first_launch
2014-01-04 00:17 - 2014-01-04 00:17 - 00000000 ____D C:\Users\EDSON\AppData\Roaming\Malwarebytes
2014-01-04 00:16 - 2014-01-04 00:16 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-04 00:16 - 2014-01-04 00:16 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2014-01-04 00:16 - 2014-01-04 00:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-04 00:16 - 2014-01-01 19:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-04 00:01 - 2014-01-02 13:38 - 00000000 ____D C:\Users\EDSON\AppData\Local\Comodo
2014-01-04 00:01 - 2013-04-23 10:58 - 00000000 ____D C:\Windows\ERUNT
2014-01-02 13:38 - 2013-12-31 02:45 - 00001139 _____ C:\Users\EDSON\Desktop\Comodo Dragon.lnk

Some content of TEMP:
====================
C:\Users\EDSON\AppData\Local\Temp\7za.exe
C:\Users\EDSON\AppData\Local\Temp\hijackthis.exe
C:\Users\EDSON\AppData\Local\Temp\NirCmd.exe
C:\Users\EDSON\AppData\Local\Temp\PEVZ.EXE
C:\Users\EDSON\AppData\Local\Temp\Quarantine.exe
C:\Users\EDSON\AppData\Local\Temp\remove.exe
C:\Users\EDSON\AppData\Local\Temp\sed.exe
C:\Users\EDSON\AppData\Local\Temp\shortcut.exe
C:\Users\EDSON\AppData\Local\Temp\swreg.exe
C:\Users\EDSON\AppData\Local\Temp\swxcacls.exe
C:\Users\EDSON\AppData\Local\Temp\wget.exe
C:\Users\EDSON\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Gerenciador de Inicializa‡Æo do Windows
--------------------
identificador           {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  pt-BR
inherit                 {globalsettings}
default                 {current}
resumeobject            {ed4c5300-6c84-11e1-92c1-a8396148d95e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Carregador de Inicializa‡Æo do Windows
-------------------
identificador           {ed4c52fa-6c84-11e1-92c1-a8396148d95e}
device                  ramdisk=[C:]\Recovery\ed4c52fa-6c84-11e1-92c1-a8396148d95e\Winre.wim,{ed4c52fb-6c84-11e1-92c1-a8396148d95e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ed4c52fa-6c84-11e1-92c1-a8396148d95e\Winre.wim,{ed4c52fb-6c84-11e1-92c1-a8396148d95e}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Carregador de Inicializa‡Æo do Windows
-------------------
identificador           {ed4c52fe-6c84-11e1-92c1-a8396148d95e}
device                  ramdisk=[C:]\Recovery\ed4c52fe-6c84-11e1-92c1-a8396148d95e\Winre.wim,{ed4c52ff-6c84-11e1-92c1-a8396148d95e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ed4c52fe-6c84-11e1-92c1-a8396148d95e\Winre.wim,{ed4c52ff-6c84-11e1-92c1-a8396148d95e}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Carregador de Inicializa‡Æo do Windows
-------------------
identificador           {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  pt-BR
inherit                 {bootloadersettings}
recoverysequence        {ed4c5302-6c84-11e1-92c1-a8396148d95e}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ed4c5300-6c84-11e1-92c1-a8396148d95e}
nx                      OptIn
numproc                 2
usefirmwarepcisettings  No

Carregador de Inicializa‡Æo do Windows
-------------------
identificador           {ed4c5302-6c84-11e1-92c1-a8396148d95e}
device                  ramdisk=[C:]\Recovery\ed4c5302-6c84-11e1-92c1-a8396148d95e\Winre.wim,{ed4c5303-6c84-11e1-92c1-a8396148d95e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\ed4c5302-6c84-11e1-92c1-a8396148d95e\Winre.wim,{ed4c5303-6c84-11e1-92c1-a8396148d95e}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Continuar da Hiberna‡Æo
---------------------
identificador           {ed4c5300-6c84-11e1-92c1-a8396148d95e}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  pt-BR
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     No
debugoptionenabled      No

Testador de Mem¢ria do Windows
---------------------
identificador           {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Diagn¢stico de Mem¢ria do Windows
locale                  pt-BR
inherit                 {globalsettings}
badmemoryaccess         Yes

Configura‡äes de EMS
------------
identificador           {emssettings}
bootems                 Yes

Configura‡äes do Depurador
-----------------
identificador           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Defeitos de RAM
-----------
identificador           {badmemory}

Configura‡äes Globais
---------------
identificador           {globalsettings}
inherit                 {dbgsettings}
                       {emssettings}
                       {badmemory}

Configura‡äes do Carregador de Inicializa‡Æo
--------------------
identificador           {bootloadersettings}
inherit                 {globalsettings}
                       {hypervisorsettings}

Configura‡äes do Hypervisor
-------------------
identificador           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
Configura‡äes do Carregador de Retorno
----------------------
identificador           {resumeloadersettings}
inherit                 {globalsettings}

Op‡äes de dispositivo
--------------
identificador           {ed4c52ff-6c84-11e1-92c1-a8396148d95e}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ed4c52fe-6c84-11e1-92c1-a8396148d95e\boot.sdi

Op‡äes de dispositivo
--------------
identificador           {ed4c5303-6c84-11e1-92c1-a8396148d95e}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\ed4c5302-6c84-11e1-92c1-a8396148d95e\boot.sdi



LastRegBack: 2014-01-29 00:18

==================== End Of Log ============================

Baixe o arquivo fixlist.txt e salve-o no mesmo local onde encontra-se o FRST

Spoiler:

*Clique com o botão direito do mouse no FRST e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Fix] e cole ou anexe o relatório Fixlog.txt criado no Desktop

Boa noite !


Eis :


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by EDSON at 2014-01-31 20:31:16 Run:1
Running from C:\Users\EDSON\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] Explorer.exe [2616320 2011-02-25] (Microsoft Corporation)
SearchScopes: HKLM - URL [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - SuggestionsURL_JSON [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKLM - TopResultURLFallback [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - URL [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - SuggestionsURL_JSON [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
SearchScopes: HKCU - TopResultURLFallback [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
C:\Windows\system32\drivers\360FileOem.sys
C:\Windows\System32\drivers\360HookOEM.sys
C:\Windows\system32\drivers\360RegOem.sys
C:\Users\EDSON\AppData\Local\Temp\*.exe
R1 360FileOem;
R0 360HookOem;
R1 360RegOem;
S3 catchme;

*****************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully.
C:\Windows\system32\drivers\360FileOem.sys => Moved successfully.
C:\Windows\System32\drivers\360HookOEM.sys => Moved successfully.
C:\Windows\system32\drivers\360RegOem.sys => Moved successfully.
C:\Users\EDSON\AppData\Local\Temp\*.exe => Moved successfully.
360FileOem => Service deleted successfully.
360HookOem => Service deleted successfully.
360RegOem => Service deleted successfully.
catchme => Service deleted successfully.


The system needs a manual reboot.

==== End of Fixlog ====

Reinicie o PC


Baixe o arquivo fix1.zip

*Extraia o seu conteúdo

*Clique com o botão direito do mouse no fix.reg e selecione Mesclar...

*Aceite a alteração no registro


Baixe o arquivo fix2.zip

*Extraia o seu conteúdo

*Clique com o botão direito do mouse no fix.bat e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]


Execute o FSS, selecione todas as opções e clique [Scan]

*Cole o relatório apresentado

Eis :



Farbar Service Scanner Version: 08-01-2014
Ran by EDSON (administrator) on 31-01-2014 at 20:58:34
Running from "C:\Users\EDSON\Downloads"
Microsoft Windows 7 Home Basic Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2013-10-16 20:07] - [2013-09-13 22:48] - 0338944 ____A (Microsoft Corporation) F81BB7E487EDCEAB630A7EE66CF23913

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-10-16 20:07] - [2013-09-08 00:07] - 1294272 ____A (Microsoft Corporation) CA59F7C570AF70BC174F477CFE2D9EE3

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-08-14 11:01] - [2013-07-09 02:46] - 0140288 ____A (Microsoft Corporation) 7CA1BECEA5DE2643ADDAD32670E7A4C9

C:\Program Files\Windows Defender\MpSvc.dll
[] - [] - 0000000 ____A (Microsoft Corporation)

C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Baixe o arquivo verify.zip

*Extraia o seu conteúdo

*Clique com o botão direito do mouse no verify.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Aguarde o término e anexe o relatório sfcverify.txt criado no Desktop


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no RepairWMI e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Start] e aguarde o término

*Reinicie o PC


Clique com o botão direito do mouse, novamente, no fix.bat e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]


Informe como está o PC

Boa noite !


Este relatório sfcverify.txt; ao abri lo estava todo em branco em bloco de nota .



Tudo normalizado . Mas o que seria isto ? Este scan !


[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]





Abraços

No seu relatório haviam problemas com o WMI.

Como foi resolvido, vamos remover os programas.


Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o, deixe selecionadas as opções Remove disinfection tools e Purge system restore

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Clique [Run] e feche o relatório apresentado


Delete o DelFix e o arquivo C:\DelFix.txt


Delete os anexos que solicitei baixar.


Um abraço...

CASO RESOLVIDO

Caso o(a) autor(a) necessite a sua reabertura, deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] via MP.