Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think that my computer have a spy, is too slow...


  • This topic is locked This topic is locked
5 replies to this topic

#1 leonardobr2d

leonardobr2d

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 02 September 2015 - 01:50 PM

Hello, my computer is infected with a browser virus in chrome, and the system is too slow, can someone help me please? I will be glad.

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by juju (administrator) on JUJU-PC (02-09-2015 15:46:14)
Running from C:\Users\juju\Downloads
Loaded Profiles: juju (Available Profiles: juju)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13530184 2013-04-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [GSMEjector] => C:\Program Files (x86)\Oi\Oi3G\GSMCliEjector.exe [441856 2011-05-20] (Lightcomm)
HKLM-x32\...\RunOnce: [{D156C36A-ED03-4B67-ACC1-BE457C0E2A79}] => cmd.exe /C start /D "C:\Users\juju\AppData\Local\Temp" /B {D156C36A-ED03-4B67-ACC1-BE457C0E2A79}.exe -accepteula -accepteulaksn -activeimages -postboot
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [258104 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9-x64 19 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [231480 2013-09-12] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{5D077469-5229-4372-A086-ECADF03F1383}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{E78E213A-23CA-42FA-8A14-E79015BB8DF4}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.br/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> {E1A111CA-5B15-4AC4-AFC3-71B04E1A16EE} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-01] (Google Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-01] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-01] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-04-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {EECBB8D2-B448-4B01-A402-969E4D5847E5} -  No File
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {7A5F72D2-9BBF-443F-9D35-26FC7E858E77} -  No File
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {8A4E0899-45E0-4A85-95B1-441CF397BC6E} -  No File
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-04-01] (Google Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\juju\AppData\Roaming\Mozilla\Firefox\Profiles\2e9ccuqw.default
FF NewTab: about:home
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: v9
FF SelectedSearchEngine: v9
FF Keyword.URL: hxxp://home.allgameshome.com/results.php?category=web&s=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll [2014-02-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll [2014-02-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll [No File]
FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll [2013-07-03] (VideoDownloadConverter)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll [2010-08-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-1501602981-709121202-1980901039-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\juju\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2012-10-11] (Skype Limited)
FF Plugin HKU\S-1-5-21-1501602981-709121202-1980901039-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\juju\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2011-01-25] (Google)
FF Plugin HKU\S-1-5-21-1501602981-709121202-1980901039-1000: @talk.google.com/O3DPlugin -> C:\Users\juju\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-25] ()
FF Plugin HKU\S-1-5-21-1501602981-709121202-1980901039-1000: @tools.google.com/Google Update;version=3 -> C:\Users\juju\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1501602981-709121202-1980901039-1000: @tools.google.com/Google Update;version=9 -> C:\Users\juju\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll [2013-07-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1501602981-709121202-1980901039-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\juju\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-08-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\juju\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2011-01-25] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\juju\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2011-01-25] ()
FF SearchPlugin: C:\Users\juju\AppData\Roaming\Mozilla\Firefox\Profiles\2e9ccuqw.default\searchplugins\allgameshome.xml [2011-11-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2014-06-06]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-06-06]
FF Extension: YouTube Flash to HTML5 - C:\Users\juju\AppData\Roaming\Mozilla\Firefox\Profiles\2e9ccuqw.default\Extensions\garg_sms@yahoo.in.xpi [2014-02-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-08-03]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-28]
FF HKU\.DEFAULT\...\Firefox\Extensions: [buscape@buscape.com.br] - C:\Program Files (x86)\Buscapé\Buscapé na Hora\Firefox
FF Extension: No Name - C:\Program Files (x86)\Buscapé\Buscapé na Hora\Firefox [2013-01-24]
 
Chrome: 
=======
CHR Profile: C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-03-08]
CHR Extension: (Norton Identity Protection) - C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-03-08]
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - \User Data\Default\Extensions\novo_price_comparison.crx [2013-01-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-10-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-12] (Avira Operations GmbH & Co. KG) [File not signed]
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-12] (Avira Operations GmbH & Co. KG) [File not signed]
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-12] (Avira Operations GmbH & Co. KG) [File not signed]
S3 BITS; C:\Windows\SysWOW64\qmgr.dll [77760 2000-05-03] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 NTServiceSystem; C:\Windows\SysWOW64\NTServer\service.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-01-24] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-12] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-12] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-09-12] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-01-24] (Emsisoft GmbH)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S3 Olicard160net; C:\Windows\System32\DRIVERS\Olicard160Usbnet.sys [138752 2009-12-11] (TCT International Mobile Ltd)
S3 Olicard160ser; C:\Windows\System32\DRIVERS\Olicard160ser.sys [119680 2010-04-07] (Olivetti)
S3 OLICARD160USB; C:\Windows\System32\Drivers\Olicard160Usb.sys [25088 2010-06-10] (Windows ® Codename Longhorn DDK provider)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 X6va005; \??\C:\Users\juju\AppData\Local\Temp\005231.tmp [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-02 15:46 - 2015-09-02 15:46 - 00017206 _____ C:\Users\juju\Downloads\FRST.txt
2015-09-02 15:45 - 2015-09-02 15:46 - 00000000 ____D C:\FRST
2015-09-02 15:45 - 2015-09-02 15:45 - 02188800 _____ (Farbar) C:\Users\juju\Downloads\FRST64.exe
2015-09-02 15:44 - 2015-09-02 15:44 - 00022319 _____ C:\ComboFix.txt
2015-09-02 14:55 - 2015-09-02 14:55 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\juju\Downloads\tdsskiller.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-02 15:44 - 2014-02-07 17:57 - 00000000 ____D C:\Qoobox
2015-09-02 15:42 - 2013-09-06 21:29 - 00000000 ____D C:\Windows\erdnt
2015-09-02 15:42 - 2009-07-13 23:34 - 00000215 _____ C:\Windows\system.ini
2015-09-02 15:20 - 2010-12-19 19:33 - 00000000 ____D C:\Program Files (x86)\Messenger
2015-09-02 14:56 - 2010-10-28 16:17 - 00670638 _____ C:\Windows\system32\prfh0416.dat
2015-09-02 14:56 - 2010-10-28 16:17 - 00131516 _____ C:\Windows\system32\prfc0416.dat
2015-09-02 14:56 - 2009-07-14 02:13 - 01538086 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-02 14:43 - 2014-02-07 18:42 - 01476781 _____ C:\Windows\WindowsUpdate.log
2015-08-20 23:44 - 2014-02-24 15:49 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 23:25 - 2014-02-24 15:49 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
 
==================== Files in the root of some directories =======
 
2012-02-19 11:59 - 2012-02-19 11:59 - 0033134 _____ () C:\Users\juju\AppData\Roaming\UserTile.png
2015-06-14 19:52 - 2015-06-28 09:54 - 0003584 _____ () C:\Users\juju\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-19 23:31 - 2010-03-02 19:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2011-02-26 09:36 - 2011-02-26 09:36 - 0000059 _____ () C:\ProgramData\user.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-08-07 21:14
 

 

==================== End of FRST.txt ============================
 
 
 
Addition:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by juju (2015-09-02 15:46:53)
Running from C:\Users\juju\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1501602981-709121202-1980901039-500 - Administrator - Disabled)
Convidado (S-1-5-21-1501602981-709121202-1980901039-501 - Limited - Disabled)
juju (S-1-5-21-1501602981-709121202-1980901039-1000 - Administrator - Enabled) => C:\Users\juju
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Out of date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Microsoft Security Essentials (Enabled - Out of date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.0 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0412.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.05 - Piriform)
Controle ActiveX do Windows Live Mesh para Conexões Remotas (HKLM-x32\...\{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DiscadorOi.exe (HKLM-x32\...\oigsm_is1) (Version: 1.4.1.0 - LightComm Tecnologia)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{005F78AF-110D-398A-8430-BE98950A1E22}) (Version: 1.9.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office com Clique para Executar 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{A0FE116E-9A8A-466F-AEE0-625CB7C207E3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052B-02A4-4627-81F2-1818DA5D550D}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 pt-BR)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
Olicard160 (HKLM-x32\...\{49B40A1F-2AB0-4EE1-A6B0-56E7A85BEBFB}) (Version: 1.000.00001 - Olivetti)
Online Games Manager v1.21 (HKLM-x32\...\Online Games Manager) (Version: 1.21.2 - Real Networks, Inc.)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6890 - Realtek Semiconductor Corp.)
Shadowgrounds (HKLM-x32\...\Shadowgrounds1.05) (Version: 1.05 - Frozenbyte)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.3.11079 - Skype Technologies S.A.)
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
Star Defender 4 (HKLM-x32\...\BFG-Star Defender 4) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-1501602981-709121202-1980901039-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visualizador do Microsoft PowerPoint (HKLM-x32\...\{95140000-00AF-0416-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{2DF215E0-BD3C-4C98-8616-AFEF09747285}) (Version: 14.0.8117.416 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2015-09-02 15:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {149121E1-A1B0-49D2-8007-E33DA58D0C68} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1501602981-709121202-1980901039-1000
Task: {14E8C1F1-9D39-4F6B-9812-D7EF10907FCF} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {294E777D-B053-413E-9ABB-FCDD28612C5B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {40181332-654D-4A27-A37A-80053007A954} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {664FB827-41B9-4B86-846D-6BCCC5008151} - \Funmoods -> No File <==== ATTENTION
Task: {767DF607-4FF8-48C2-B40D-721A229A27C1} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {9CFE7E5B-04AD-40FA-9AB8-A69DC860722B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {B3BD96FA-91ED-4BEC-9923-50F86304E4F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {B97C123B-5B67-41DA-A6FF-F062A9D9CFC4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:B0456F0C
AlternateDataStreams: C:\ProgramData\Temp:C7F08EA3
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D431AA5F
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\ProgramData\Temp:ED66F190
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:0B9176C0
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:1A60DE96
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:4D066AD2
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5D7E5A8F
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:798A3728
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:93EB7685
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:B0456F0C
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:C7F08EA3
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:CDFF58FE
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:D431AA5F
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E1F04E8D
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E36F5B57
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E3C56885
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:ED66F190
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1501602981-709121202-1980901039-1000\...\com.br -> hxxp://*.bancodobrasil.com.br
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\juju\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.25.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MWLService => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: NTIBackupSvc => 3
MSCONFIG\Services: NTISchedulerSvc => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DD752B39-D6CC-45D2-A6D6-AFEB5D31F067}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{2E818F59-FFED-4C53-9681-39EB289B537C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4A2AFDB9-05BE-486A-9714-206AED375548}] => (Allow) svchost.exe
FirewallRules: [{32910693-BD77-4757-819A-1A7D94E53C96}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{26568860-212F-4680-9D78-21133646EADC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{61543DC5-784F-4D81-B26A-08C22B866D89}] => (Allow) LPort=2869
FirewallRules: [{AA9867C3-818F-4245-9886-510C40B762E7}] => (Allow) LPort=1900
FirewallRules: [{93FE82DA-3588-448A-8F74-3238E064C0EB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4FF3CFAB-3C1E-4018-A03C-44C9BF931A83}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6AEE63F3-3D61-43E3-B244-16D96DB17C38}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{CA23F29D-C47C-4F02-A5A3-599855972A21}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{42ED4518-D7A8-4B1B-9095-0FA7001DDEB2}] => (Allow) C:\Users\juju\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{86243A31-CC1E-4B8A-9FA8-EFCDFB54D42D}] => (Allow) C:\Users\juju\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{11E68BAB-E4D0-486F-A60E-A95FF7064ADD}] => (Allow) C:\Users\juju\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9FB81FBB-B6B8-4C71-A4A4-0E731F393837}] => (Allow) C:\Program Files (x86)\Game Center\eSoftMgr.exe
FirewallRules: [{2145589B-FE9D-4C4F-A85B-06ABF7DCA89F}] => (Allow) C:\Program Files (x86)\Game Center\eSoftMgr.exe
FirewallRules: [{5790D4D0-51C6-4EE5-B8C9-D060FBB9670B}] => (Allow) C:\Program Files (x86)\Game Center\eFlashPlayer.exe
FirewallRules: [{68627104-E4C0-4868-B45A-6D575E0FD2E8}] => (Allow) C:\Program Files (x86)\Game Center\eFlashPlayer.exe
FirewallRules: [{659FE583-3062-48E8-81DA-98781260CFEC}] => (Allow) C:\Program Files (x86)\Game Center\bugReport.exe
FirewallRules: [{D11CAA0B-B01C-423B-A72B-674D49B9C511}] => (Allow) C:\Program Files (x86)\Game Center\bugReport.exe
FirewallRules: [{F6CDE2F6-32AA-44FC-BD0B-6414A5F90393}] => (Allow) C:\Program Files (x86)\Game Center\QQDownload\Tencentdl.exe
FirewallRules: [{74EEE738-D2A5-41A2-946B-249041EF9EF5}] => (Allow) C:\Program Files (x86)\Game Center\QQDownload\Tencentdl.exe
FirewallRules: [{E090392C-0D8E-4F83-A53F-81F09A5632DA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2015 03:46:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance.  hr = 0x8007043c, Não é possível compartilhar este serviço no modo de segurança
.
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 03:46:54 PM) (Source: VSS) (EventID: 18) (User: )
Description: Erro no Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com a CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e o nome IVssCoordinatorEx2 durante o Modo de Segurança.
O Serviço de Cópias de Sombra de Volume não pode ser iniciado no modo de segurança. [0x8007043c, Não é possível compartilhar este serviço no modo de segurança
]
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 03:05:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = C:\Windows\system32\wbem\wmiprvse.exe; Descrição = ComboFix created restore point; Erro = 0x8007043c).
 
Error: (09/02/2015 03:05:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance.  hr = 0x8007043c, Não é possível compartilhar este serviço no modo de segurança
.
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 03:05:12 PM) (Source: VSS) (EventID: 18) (User: )
Description: Erro no Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com a CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} e o nome IVssCoordinatorEx2 durante o Modo de Segurança.
O Serviço de Cópias de Sombra de Volume não pode ser iniciado no modo de segurança. [0x8007043c, Não é possível compartilhar este serviço no modo de segurança
]
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 02:57:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Falha dos Serviços de Criptografia ao inicializar o objeto de backup VSS "Gravador do Sistema".
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
O sistema está sendo desligado.
.
 
Error: (07/11/2015 05:40:44 PM) (Source: Avira Antivirus) (EventID: 4117) (User: AUTORIDADE NT)
Description: O arquivo chave não contém uma licença válida. O serviço será interrompido!
 
Error: (07/11/2015 05:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa wmplayer.exe versão 12.0.7601.17514 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 6b0
 
Hora de Início: 01d0bc18d84d9c75
 
Hora de Término: 60000
 
Caminho do Aplicativo: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
Id do Relatório: 9adf27bf-280c-11e5-b61f-00a0c6000000
 
Error: (06/28/2015 03:22:27 PM) (Source: Avira Antivirus) (EventID: 4117) (User: AUTORIDADE NT)
Description: O arquivo chave não contém uma licença válida. O serviço será interrompido!
 
Error: (06/28/2015 09:44:03 AM) (Source: Avira Antivirus) (EventID: 4117) (User: AUTORIDADE NT)
Description: O arquivo chave não contém uma licença válida. O serviço será interrompido!
 
 
System errors:
=============
Error: (09/02/2015 03:43:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
Error: (09/02/2015 03:43:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Pesquisador de Computadores depende do serviço Server, mas não foi possível iniciá-lo devido ao seguinte erro: 
%%1068
 
 
Microsoft Office:
=========================
Error: (09/02/2015 03:46:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Não é possível compartilhar este serviço no modo de segurança
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 03:46:54 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Não é possível compartilhar este serviço no modo de segurança
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 03:05:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (09/02/2015 03:05:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, Não é possível compartilhar este serviço no modo de segurança
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 03:05:12 PM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, Não é possível compartilhar este serviço no modo de segurança
 
 
Operação:
   Instanciando servidor VSS
 
Error: (09/02/2015 02:57:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Details:
Could not query the status of the EventSystem service.
 
System Error:
O sistema está sendo desligado.
 
Error: (07/11/2015 05:40:44 PM) (Source: Avira Antivirus) (EventID: 4117) (User: AUTORIDADE NT)
Description: 0x0
 
Error: (07/11/2015 05:38:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wmplayer.exe12.0.7601.175146b001d0bc18d84d9c7560000C:\Program Files (x86)\Windows Media Player\wmplayer.exe9adf27bf-280c-11e5-b61f-00a0c6000000
 
Error: (06/28/2015 03:22:27 PM) (Source: Avira Antivirus) (EventID: 4117) (User: AUTORIDADE NT)
Description: 0x0
 
Error: (06/28/2015 09:44:03 AM) (Source: Avira Antivirus) (EventID: 4117) (User: AUTORIDADE NT)
Description: 0x0
 
 
CodeIntegrity:
===================================
  Date: 2015-09-02 15:20:01.865
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-02 15:20:01.724
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-07 14:11:02.414
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-07 14:11:02.274
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-07 14:11:02.134
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-07 14:11:01.993
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-07 13:06:44.683
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-07 13:06:44.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-09 21:25:37.332
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-09 21:25:37.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 40%
Total physical RAM: 2806.71 MB
Available physical RAM: 1660.74 MB
Total Virtual: 5611.61 MB
Available Virtual: 4876.76 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:285.99 GB) (Free:205.61 GB) NTFS
Drive e: (16GB) (Removable) (Total:14.42 GB) (Free:11.42 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8021EBD4)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 000ADB3C)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 03 September 2015 - 07:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\RunOnce: [{D156C36A-ED03-4B67-ACC1-BE457C0E2A79}] => cmd.exe /C start /D "C:\Users\juju\AppData\Local\Temp" /B {D156C36A-ED03-4B67-ACC1-BE457C0E2A79}.exe -accepteula -accepteulaksn -activeimages -postboot
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {EECBB8D2-B448-4B01-A402-969E4D5847E5} -  No File
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {7A5F72D2-9BBF-443F-9D35-26FC7E858E77} -  No File
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {8A4E0899-45E0-4A85-95B1-441CF397BC6E} -  No File
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: v9
FF SelectedSearchEngine: v9
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll [No File]
FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll [2013-07-03] (VideoDownloadConverter)
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - \User Data\Default\Extensions\novo_price_comparison.crx [2013-01-06]
S2 NTServiceSystem; C:\Windows\SysWOW64\NTServer\service.exe [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 X6va005; \??\C:\Users\juju\AppData\Local\Temp\005231.tmp [X]
Task: {664FB827-41B9-4B86-846D-6BCCC5008151} - \Funmoods -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:B0456F0C
AlternateDataStreams: C:\ProgramData\Temp:C7F08EA3
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D431AA5F
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\ProgramData\Temp:ED66F190
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:0B9176C0
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:1A60DE96
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:4D066AD2
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5D7E5A8F
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:798A3728
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:93EB7685
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:B0456F0C
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:C7F08EA3
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:CDFF58FE
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:D431AA5F
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E1F04E8D
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E36F5B57
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E3C56885
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:ED66F190.

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

How is the computer running now?

#3 leonardobr2d

leonardobr2d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 04 September 2015 - 04:01 PM

Hello, my computer is better now, but i do not have the mbam scan because i have been scanning my computer before, but i scanned and no threads, but my Adwcleaner and fixlog.txt are here:

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by juju (2015-09-04 17:43:00) Run:1
Running from C:\Users\juju\Downloads
Loaded Profiles: juju (Available Profiles: juju)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\RunOnce: [{D156C36A-ED03-4B67-ACC1-BE457C0E2A79}] => cmd.exe /C start /D "C:\Users\juju\AppData\Local\Temp" /B {D156C36A-ED03-4B67-ACC1-BE457C0E2A79}.exe -accepteula -accepteulaksn -activeimages -postboot
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {EECBB8D2-B448-4B01-A402-969E4D5847E5} -  No File
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {7A5F72D2-9BBF-443F-9D35-26FC7E858E77} -  No File
Toolbar: HKU\S-1-5-21-1501602981-709121202-1980901039-1000 -> No Name - {8A4E0899-45E0-4A85-95B1-441CF397BC6E} -  No File
FF DefaultSearchEngine: v9
FF SearchEngineOrder.1: v9
FF SelectedSearchEngine: v9
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @ei.MyFunCards_5m.com/Plugin -> C:\Program Files (x86)\MyFunCards_5mEI\Installr\1.bin\NP5mEISB.dll [No File]
FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin -> C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll [2013-07-03] (VideoDownloadConverter)
CHR HKLM-x32\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - \User Data\Default\Extensions\novo_price_comparison.crx [2013-01-06]
S2 NTServiceSystem; C:\Windows\SysWOW64\NTServer\service.exe [X]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 X6va005; \??\C:\Users\juju\AppData\Local\Temp\005231.tmp [X]
Task: {664FB827-41B9-4B86-846D-6BCCC5008151} - \Funmoods -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:B0456F0C
AlternateDataStreams: C:\ProgramData\Temp:C7F08EA3
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D431AA5F
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
AlternateDataStreams: C:\ProgramData\Temp:ED66F190
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:0B9176C0
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:1A60DE96
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:4D066AD2
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:5D7E5A8F
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:798A3728
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:93EB7685
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:B0456F0C
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:C7F08EA3
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:CDFF58FE
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:D1B5B4F1
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:D431AA5F
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E1F04E8D
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E36F5B57
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:E3C56885
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:ED66F190.
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{D156C36A-ED03-4B67-ACC1-BE457C0E2A79} => value not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1501602981-709121202-1980901039-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EECBB8D2-B448-4B01-A402-969E4D5847E5} => value not found.
HKCR\CLSID\{EECBB8D2-B448-4B01-A402-969E4D5847E5} => key not found. 
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7A5F72D2-9BBF-443F-9D35-26FC7E858E77} => value not found.
HKCR\CLSID\{7A5F72D2-9BBF-443F-9D35-26FC7E858E77} => key not found. 
HKU\S-1-5-21-1501602981-709121202-1980901039-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8A4E0899-45E0-4A85-95B1-441CF397BC6E} => value not found.
HKCR\CLSID\{8A4E0899-45E0-4A85-95B1-441CF397BC6E} => key not found. 
Firefox DefaultSearchEngine removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@ei.MyFunCards_5m.com/Plugin => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@ei.VideoDownloadConverter_4z.com/Plugin => key not found. 
C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd" => key removed successfully
NTServiceSystem => service not found.
catchme => service removed successfully
RSUSBSTOR => service removed successfully
X6va005 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{664FB827-41B9-4B86-846D-6BCCC5008151} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => key not found. 
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":1A60DE96" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\Temp => ":798A3728" ADS removed successfully.
C:\ProgramData\Temp => ":93EB7685" ADS removed successfully.
C:\ProgramData\Temp => ":B0456F0C" ADS removed successfully.
C:\ProgramData\Temp => ":C7F08EA3" ADS removed successfully.
C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
C:\ProgramData\Temp => ":D431AA5F" ADS removed successfully.
C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.
C:\ProgramData\Temp => ":E3C56885" ADS removed successfully.
C:\ProgramData\Temp => ":ED66F190" ADS removed successfully.
"C:\Users\Todos os Usuários\Temp" => ":0B9176C0" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":1A60DE96" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":4D066AD2" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":5D7E5A8F" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":798A3728" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":93EB7685" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":B0456F0C" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":C7F08EA3" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":CDFF58FE" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":D1B5B4F1" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":D431AA5F" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":E1F04E8D" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":E36F5B57" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":E3C56885" ADS not found.
"C:\Users\Todos os Usuários\Temp" => ":ED66F190." ADS not found.
EmptyTemp: => 151.7 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 17:43:34 ====
 
 
Adwcleaner:
 
# AdwCleaner v5.005 - Relatório criado 02/09/2015 às 20:05:53
# Atualizado 31/08/2015 por Xplode
# Banco de dados : 2015-08-31.2 [Servidor]
# Sistema operacional : Windows 7 Home Basic Service Pack 1 (x64)
# Usuário : juju - JUJU-PC
# Executando de : E:\kill\AdwCleaner.exe
# Opção : Verificar
 
***** [ Serviços ] *****
 
 
***** [ Pastas ] *****
 
Pasta Encontrado : C:\Users\juju\AppData\Roaming\Uniblue
Pasta Encontrado : C:\Users\Public\Documents\iWin
 
***** [ Arquivos ] *****
 
Arquivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
Arquivo Encontrado : C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
 
***** [ Atalhos ] *****
 
 
***** [ Tarefas agendadas ] *****
 
Tarefa Encontrada : Funmoods
 
***** [ Registro ] *****
 
Chave Encontrada : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Encontrada : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{BB30FEA7-5866-406A-B47D-FB69E1AF8FD7}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{FC39A9F4-77FF-4595-BDEC-8B768C481257}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{63631BB2-E20C-49C6-8781-2FCE85DBD773}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{FC39A9F4-77FF-4595-BDEC-8B768C481257}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{EEE6C35C-6118-11DC-9C72-001320C79847}]
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}
Chave Encontrada : HKU\.DEFAULT\Software\ImInstaller
Chave Encontrada : HKU\.DEFAULT\Software\WNLT
Chave Encontrada : HKCU\Software\usyndication.com
Chave Encontrada : HKCU\Software\USyndication
Chave Encontrada : HKLM\SOFTWARE\hdcode
Chave Encontrada : HKLM\SOFTWARE\Trymedia Systems
Chave Encontrada : HKLM\SOFTWARE\Uniblue
Chave Encontrada : HKLM\SOFTWARE\AnySend
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Chave Encontrada : [x64] HKCU\Software\usyndication.com
Chave Encontrada : [x64] HKCU\Software\USyndication
Chave Encontrada : [x64] HKLM\SOFTWARE\SampleShellExtnesion
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Chave Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
 
***** [ Navegadores ] *****
 
[C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : babylon.com
[C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : Funmoods.com
[C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : mystart.incredibar.com/
[C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : v9.com
[C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : atajitos
[C:\Users\juju\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Encontrado : Ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [13201 bytes] ##########
 

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 05 September 2015 - 07:38 AM


If not already done please run the AdwCleaner tool and clean everything that will be found.

===

Hello, my computer is better now


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 leonardobr2d

leonardobr2d
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 05 September 2015 - 08:14 PM

Hello, thank you for your help with my computer, now its everything cool. Thank you again and until the next time!!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:42 PM

Posted 06 September 2015 - 08:41 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users