Como remover getusaaall.info

Non-English Boards Português
1

Ola tudo bem!?

Há algum tempo estou recebendo o aviso de ameaça abaixo mas apesar do Avast conseguir detectar ele nao consegue localizar nem remove-lo. Ja tentei várias soluções para remove-lo mas nenhum deu resultado.
Alguém poderia me dar uma luz e dizer como remove-lo?

Abaixo segue o log do adwCleaner

hxxp://getusaaall.info/?e=svon&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&unp=Azm9CdOLv7DVDyxECyF

AdwCleaner v3.215 - Relatório criado 09/07/2014 às 10:22:56

Atualizado 09/07/2014 por Xplode

Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)

Usuário : Fabiano - FABIANO-PC

Executando de : C:\Users\Fabiano\Downloads\adwcleaner_3.215.exe

Opção : Examinar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrada : HKLM\Software\omiga-plusSoftware
Chave Encontrada : [x64] HKLM\SOFTWARE\omiga-plusSoftware

***** [ Navegadores ] *****

-\ Internet Explorer v11.0.9600.17126

-\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrada [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M8703D479-233D-4ABC-8786-D5C752E68683&SearchSource=55&CUI=&UM=5&UP=SPEE798207-BC03-40AE-89EA-653BF9C2997D&SSPV=

AdwCleaner[R0].txt - [2948 octets] - [06/07/2014 19:13:28]
AdwCleaner[R1].txt - [1235 octets] - [09/07/2014 10:00:30]
AdwCleaner[R2].txt - [1355 octets] - [09/07/2014 10:08:58]
AdwCleaner[R3].txt - [1151 octets] - [09/07/2014 10:22:56]
AdwCleaner[S0].txt - [3204 octets] - [06/07/2014 19:14:59]
AdwCleaner[S1].txt - [1598 octets] - [09/07/2014 10:06:48]
AdwCleaner[S2].txt - [1510 octets] - [09/07/2014 10:13:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1391 octets] ##########

2

Por favor download Farbar Recovery Scan Tool e salve-o em seu Desktop.

Nota: Você precisa executar a versão compatível com seu sistema. Se você não tem certeza de qual versão se aplica ao seu sistema de baixar os dois e tentar executá-los. Apenas um deles será executado no seu sistema, que será a versão correta.

[*]• Botão direito do mouse para executar como administrador (usuários do Windows XP clique em Executar após o recebimento do Aviso de Segurança do Windows - Abrir arquivo). Quando a ferramenta abre clique em yes para aviso de isenção.
[*]Selecionar additions na parte inferior
[*]Pressione botão Scan .

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]Ela irá produzir um registro chamado FRST.txt no mesmo diretório que a ferramenta é executado a partir.
[*]Por favor, anexar os dois logs gerados.

3

Ola Jefferson
Obrigado pela sua ajuda. Se nao conseguisse um help eu ia formatar a máquina rs

seguem os txt’s…

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Fabiano at 2014-07-12 11:25:00
Running from C:\Users\Fabiano\Downloads
Boot Mode: Normal

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Acronis True Image Home (HKLM-x32.…{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis)
Adobe Flash Player 14 Plugin (HKLM-x32.…\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Português (HKLM-x32.…{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atheros WiFi Driver Installation (HKLM-x32.…{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)
avast! Free Antivirus (HKLM-x32.…\Avast) (Version: 9.0.2021 - AVAST Software)
Google Chrome (HKLM-x32.…\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32.…{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32.…{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 60 (HKLM-x32.…{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM-x32.…\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM.…{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM.…{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32.…{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM.…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM.…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM.…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM.…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM.…{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32.…{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32.…\InstallShield{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32.…{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32.…{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
VLC media player 2.1.1 (HKLM-x32.…\VLC media player) (Version: 2.1.1 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM.…{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2100 - Broadcom Corporation)
Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM.…\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Realtek (RTL8167) Net (01/21/2011 7.039.0121.2011) (HKLM.…\2EFA11FC7F71FBE11EFA0D668B2F6E305D4E815B) (Version: 01/21/2011 7.039.0121.2011 - Realtek)
Windows Driver Package - Ricoh Company MS Host Controller (12/24/2010 6.13.10.25) (HKLM.…\95010B497C1DFEC62132F796273E6920E538715F) (Version: 12/24/2010 6.13.10.25 - Ricoh Company)
WinRAR 5.01 (64-bit) (HKLM.…\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points =========================

04-06-2014 19:39:22 Windows Update
04-06-2014 21:42:14 Installed RAMDisk
04-06-2014 21:57:30 Removed RAMDisk
11-06-2014 00:01:06 Windows Update
12-06-2014 17:22:51 Windows Update
18-06-2014 00:34:28 Windows Update
24-06-2014 23:45:49 Windows Update
05-07-2014 16:11:15 Windows Modules Installer
05-07-2014 16:19:18 Windows Update
06-07-2014 15:15:13 avast! antivirus system restore point
09-07-2014 12:56:47 Windows Update
09-07-2014 15:20:15 Windows Update

==================== Hosts content: ==========================

2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {52442004-F624-4927-A23D-66E1EB128CFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {9F247E7B-D7B4-43AA-94BE-142DD05218C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {AFA31715-A731-4F69-AE73-9EABEAFED9A7} - System32\Tasks{DC77BF7D-4140-464D-8963-3DE82F3640F4} => Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/pt/abandoninstall?source=lightinstaller&page=tsBing
Task: {DC809534-9434-42B3-9E70-0C5D51792BDE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-06] (AVAST Software)
Task: {E208AF3F-8368-4EB4-8D84-2A8DA58C99A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-02 18:59 - 2014-05-19 22:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-06 12:16 - 2014-07-06 12:16 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-09 09:52 - 2014-07-09 09:52 - 02789888 _____ () C:\Program Files\AVAST Software\Avast\defs\14070900\algo.dll
2014-07-06 12:16 - 2014-07-06 12:16 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-06 12:23 - 2014-07-06 12:23 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-07-06 12:23 - 2014-07-06 12:23 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-06-12 20:12 - 2014-06-05 10:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 20:12 - 2014-06-05 10:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-06 12:23 - 2014-07-06 12:23 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-06-04 12:28 - 2014-06-04 12:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3e27ac2000641918e7215d97c63e957d\IsdiInterop.ni.dll
2014-06-02 23:50 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-06-12 20:12 - 2014-06-05 10:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 20:12 - 2014-06-05 10:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 20:12 - 2014-06-05 10:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76834294.sys => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76834294.sys => “”=“Driver”

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:

Error: (07/12/2014 11:17:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 11:17:31 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/09/2014 10:14:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 10:14:24 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/09/2014 10:07:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 10:07:29 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/09/2014 09:55:13 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (07/09/2014 09:53:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2014 08:45:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2014 08:44:53 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

System errors:

Error: (07/12/2014 11:16:29 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2014 11:16:05 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/09/2014 10:14:12 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/09/2014 10:07:18 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/09/2014 09:51:14 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/06/2014 08:44:35 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/06/2014 08:12:10 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/06/2014 07:15:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/06/2014 07:09:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/06/2014 07:07:45 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Microsoft Office Sessions:

Error: (07/12/2014 11:17:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2014 11:17:31 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/09/2014 10:14:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 10:14:24 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/09/2014 10:07:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/09/2014 10:07:29 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/09/2014 09:55:13 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (07/09/2014 09:53:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2014 08:45:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/06/2014 08:44:53 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8173.22 MB
Available physical RAM: 5937.48 MB
Total Pagefile: 8171.4 MB
Available Pagefile: 5428.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.19 GB) (Free:190.6 GB) NTFS
Drive f: (Utilitarios) (Fixed) (Total:12.6 GB) (Free:11.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: D3FB0EDE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================

4

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Fabiano (administrator) on FABIANO-PC on 12-07-2014 11:24:35
Running from C:\Users\Fabiano\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Portuguese (Brazil)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM.…\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM.…\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1225920 2014-04-30] (NVIDIA Corporation)
HKLM.…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-03-30] (Realtek Semiconductor)
HKLM.…\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-03-30] (Realtek Semiconductor)
HKLM.…\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [357384 2009-09-12] (Acronis)
HKLM-x32.…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32.…\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32.…\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32.…\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5048488 2009-09-12] (Acronis)
HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-06] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk → C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: 00avast → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDC7432D0A97ECF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32.…\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-03]

Chrome:

CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: “hxxp://www.trovi.com/?gd=&ctid=CT3323878&octid=EB_ORIGINAL_CTID&ISID=M8703D479-233D-4ABC-8786-D5C752E68683&SearchSource=55&CUI=&UM=5&UP=SPEE798207-BC03-40AE-89EA-653BF9C2997D&SSPV=”, “”, “hxxp://www.google.com/”
CHR DefaultSearchKeyword: google.com.br
CHR Extension: (Google Docs) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-03]
CHR Extension: (Google Drive) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-03]
CHR Extension: (YouTube) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-03]
CHR Extension: (Pesquisa do Google) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-03]
CHR Extension: (Learn Japanese Dialogue 8600 with mp3) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbobncnndfifncjhmcdhoeekiifoplio [2014-06-03]
CHR Extension: (Skype Click to Call) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-04]
CHR Extension: (Google Wallet) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-03]
CHR Extension: (Gmail) - C:\Users\Fabiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-03]
CHR HKLM-x32.…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
CHR HKLM-x32.…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2014-06-03] (Acronis)
U4 RAMDiskVE;
S3 VGPU; System32\drivers\rdvgkmd.sys

==================== NetSvcs (Whitelisted) ===================

5

==================== One Month Modified Files and Folders =======

2014-07-12 11:24 - 2014-07-12 11:24 - 00012835 _____ () C:\Users\Fabiano\Downloads\FRST.txt
2014-07-12 11:24 - 2014-07-12 11:23 - 00000000 ____D () C:\FRST
2014-07-12 11:23 - 2014-07-12 11:23 - 02084864 _____ (Farbar) C:\Users\Fabiano\Downloads\FRST64.exe
2014-07-12 11:22 - 2011-01-27 20:11 - 00706008 _____ () C:\Windows\system32\prfh0416.dat
2014-07-12 11:22 - 2011-01-27 20:11 - 00147848 _____ () C:\Windows\system32\prfc0416.dat
2014-07-12 11:22 - 2009-07-14 02:13 - 01635826 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-12 11:21 - 2014-06-02 15:45 - 01717928 _____ () C:\Windows\WindowsUpdate.log
2014-07-12 11:17 - 2014-07-06 19:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-12 11:17 - 2014-06-03 23:59 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-12 11:17 - 2014-06-03 00:47 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-12 11:16 - 2014-06-04 02:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 11:16 - 2014-06-02 18:41 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-07-12 11:16 - 2014-06-02 18:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-12 11:16 - 2010-11-21 04:16 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 11:16 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-12 11:16 - 2009-07-14 01:51 - 00040919 _____ () C:\Windows\setupact.log
2014-07-12 11:16 - 2009-07-14 01:45 - 00276216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 11:16 - 2009-07-14 01:45 - 00017056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-12 11:16 - 2009-07-14 01:45 - 00017056 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-12 11:16 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 11:16 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 12:21 - 2014-06-04 00:28 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 12:21 - 2014-06-04 00:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 12:19 - 2014-07-09 12:19 - 00000000 ____D () C:\Users\Fabiano\Desktop\carros
2014-07-09 11:59 - 2014-06-14 12:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 11:57 - 2014-06-03 00:47 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 10:42 - 2014-07-09 10:41 - 00602112 _____ (OldTimer Tools) C:\Users\Fabiano\Downloads\OTL.exe
2014-07-09 10:23 - 2014-07-06 19:13 - 00000000 ____D () C:\AdwCleaner
2014-07-09 10:14 - 2010-11-21 00:47 - 00024932 _____ () C:\Windows\PFRO.log
2014-07-09 10:00 - 2014-07-09 09:59 - 01348263 _____ () C:\Users\Fabiano\Downloads\adwcleaner_3.215.exe
2014-07-09 09:59 - 2014-06-14 12:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 09:59 - 2014-06-14 12:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 09:59 - 2014-06-14 12:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-06 20:33 - 2014-07-06 20:28 - 09502424 _____ (Malwarebytes Corporation ) C:\Users\Fabiano\Downloads\mbam-setup-1.60.1.1000.exe
2014-07-06 19:26 - 2014-07-06 19:26 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-07-06 19:26 - 2014-07-06 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 19:26 - 2014-07-06 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-06 19:24 - 2014-07-06 19:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Fabiano\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-06 13:25 - 2014-07-06 13:25 - 00000898 _____ () C:\Users\Fabiano\Desktop\avast! - Security Center.url
2014-07-06 12:53 - 2014-07-06 12:53 - 00000000 ____D () C:\Users\Todos os Usuários\Kaspersky Lab
2014-07-06 12:53 - 2014-07-06 12:53 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-06 12:52 - 2014-07-06 12:48 - 141352824 _____ () C:\Users\Fabiano\Downloads\setup_11.0.1.1245.x01_2014_07_06_17_33.exe
2014-07-06 12:28 - 2014-07-06 12:28 - 00266309 _____ () C:\Users\Fabiano\AppData\Local\census.cache
2014-07-06 12:28 - 2014-07-06 12:28 - 00143358 _____ () C:\Users\Fabiano\AppData\Local\ars.cache
2014-07-06 12:24 - 2014-07-06 12:24 - 00000010 _____ () C:\Users\Fabiano\AppData\Local\sponge.last.runtime.cache
2014-07-06 12:23 - 2014-07-06 12:23 - 00000000 _____ () C:\Windows\system32\nvspcap.dll
2014-07-06 12:23 - 2014-07-06 12:23 - 00000000 _____ () C:\Windows\system32\nvd3dum.dll
2014-07-06 12:23 - 2014-07-06 12:23 - 00000000 _____ () C:\Windows\system32\nvapi.dll
2014-07-06 12:20 - 2014-07-06 12:20 - 00000036 _____ () C:\Users\Fabiano\AppData\Local\housecall.guid.cache
2014-07-06 12:16 - 2014-07-06 12:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-06 12:16 - 2014-06-03 23:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-06 12:16 - 2014-06-03 23:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-06 12:16 - 2014-06-03 23:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-06 12:16 - 2014-06-03 23:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-06 12:16 - 2014-06-03 23:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-06 12:16 - 2014-06-03 23:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-06 12:16 - 2014-06-03 23:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-06 12:16 - 2014-06-03 23:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-06 12:16 - 2014-06-03 23:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-05 13:20 - 2010-11-21 00:24 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-07-05 13:20 - 2010-11-21 00:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-07-05 13:20 - 2010-11-21 00:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2014-07-05 13:20 - 2010-11-21 00:24 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-07-05 13:20 - 2010-11-21 00:23 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-07-05 10:02 - 2014-06-04 11:26 - 00000000 ____D () C:\Users\Fabiano\AppData\Roaming\Skype
2014-06-29 23:09 - 2014-07-09 09:57 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 23:04 - 2014-07-09 09:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-22 22:52 - 2014-06-03 00:47 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 22:52 - 2014-06-03 00:47 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 17:14 - 2014-07-09 10:04 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 16:39 - 2014-07-09 10:04 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 22:39 - 2014-07-09 10:04 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 22:06 - 2014-07-09 10:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 22:06 - 2014-07-09 10:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 21:48 - 2014-07-09 10:04 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 21:42 - 2014-07-09 10:04 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 21:42 - 2014-07-09 10:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 21:41 - 2014-07-09 10:04 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 21:41 - 2014-07-09 10:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 21:32 - 2014-07-09 10:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 21:31 - 2014-07-09 10:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 21:26 - 2014-07-09 10:04 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 21:24 - 2014-07-09 10:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 21:24 - 2014-07-09 10:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 21:23 - 2014-07-09 10:04 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 21:16 - 2014-07-09 10:04 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 21:14 - 2014-07-09 10:04 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 21:09 - 2014-07-09 10:04 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 20:59 - 2014-07-09 10:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 20:56 - 2014-07-09 10:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 20:53 - 2014-07-09 10:04 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 20:51 - 2014-07-09 10:04 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 20:50 - 2014-07-09 10:04 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 20:48 - 2014-07-09 10:04 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 20:39 - 2014-07-09 10:04 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 20:38 - 2014-07-09 10:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 20:37 - 2014-07-09 10:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 20:36 - 2014-07-09 10:04 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 20:35 - 2014-07-09 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 20:33 - 2014-07-09 10:04 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 20:32 - 2014-07-09 10:04 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 20:28 - 2014-07-09 10:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 20:28 - 2014-07-09 10:04 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 20:27 - 2014-07-09 10:04 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 20:27 - 2014-07-09 10:04 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 20:25 - 2014-07-09 10:04 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 20:23 - 2014-07-09 10:04 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 20:22 - 2014-07-09 10:04 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 20:12 - 2014-07-09 10:04 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 20:06 - 2014-07-09 10:04 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 20:01 - 2014-07-09 10:04 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 19:59 - 2014-07-09 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 19:58 - 2014-07-09 10:04 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 19:58 - 2014-07-09 10:04 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 19:52 - 2014-07-09 10:04 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 19:51 - 2014-07-09 10:04 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 19:49 - 2014-07-09 10:04 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 19:46 - 2014-07-09 10:04 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 19:45 - 2014-07-09 10:04 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 19:35 - 2014-07-09 10:04 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 19:34 - 2014-07-09 10:04 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 19:15 - 2014-07-09 10:04 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 19:13 - 2014-07-09 10:04 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 19:09 - 2014-07-09 10:04 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 19:07 - 2014-07-09 10:04 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 23:18 - 2014-07-09 09:57 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 22:51 - 2014-07-09 09:57 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 22:10 - 2014-07-09 09:57 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Fabiano\AppData\Local\Adobe
2014-06-15 17:02 - 2014-06-15 17:02 - 00000000 __SHD () C:\Users\Fabiano\AppData\Local\EmieUserList
2014-06-15 17:02 - 2014-06-15 17:02 - 00000000 __SHD () C:\Users\Fabiano\AppData\Local\EmieSiteList
2014-06-14 12:20 - 2014-06-14 12:20 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-14 12:20 - 2014-06-14 12:20 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-14 12:20 - 2014-06-03 11:03 - 00000030 _____ () C:\AVScanner.ini
2014-06-12 20:11 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:

C:\Users\Fabiano\AppData\Local\Temp\6_Offer_10.exe
C:\Users\Fabiano\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpirvnqh.dll
C:\Users\Fabiano\AppData\Local\Temp\f.exe
C:\Users\Fabiano\AppData\Local\Temp\GLF10E7.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF172D.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF1FB6.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF318F.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF38E1.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF3BEC.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF3D36.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF4D98.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF4E34.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF5862.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF636A.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLF8412.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFA00B.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFA97C.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFC0C4.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFC660.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFCB4.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFDABB.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFEFA0.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFF635.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFFA4C.EXE
C:\Users\Fabiano\AppData\Local\Temp\GLFFF3B.EXE
C:\Users\Fabiano\AppData\Local\Temp\nsc3E90.exe
C:\Users\Fabiano\AppData\Local\Temp\nsc42D5.exe
C:\Users\Fabiano\AppData\Local\Temp\nsh1F98.exe
C:\Users\Fabiano\AppData\Local\Temp\nsqAC8A.exe
C:\Users\Fabiano\AppData\Local\Temp\nsw1B14.exe
C:\Users\Fabiano\AppData\Local\Temp\SearchProtectINT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-06 21:26

==================== End Of Log ============================

6

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

7

sigas as instruções do removedor de malware acima

e anexar os logs

utilize a opção anexos e outras opções na sua próxima resposta.

http://i61.tinypic.com/142eefb.png

8

Desculpe, eu postei antes de ver a sua instrução!

segue o anexo!

9

Uma vez que isto foi concluída poderia você me avise se os alertas cessam

  1. Close any open browsers.

  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy:: c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\system32\user32.dll c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll|c:\windows\SysWOW64\user32.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.