Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yeabests.cc


  • Please log in to reply
29 replies to this topic

#1 TiagoJ

TiagoJ

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 17 May 2016 - 03:29 PM

Hi. Thanks in advance your availability. I'm from Portugal so I apologize if my english isn't the best. I have a desktop with Windows 7 Professional SP1 64 bits.
 
Browsing the internet looking for a program that join multiple pdfs in only 1 (PDF Binder i think), my father caught virus on the computer. I wasn't there when this happened, but my father told me that the homepage of the browsers (IE and Google Chrome) has changed to "yeabests.cc". Then the screen went all black and started a rain of ads. My father immediately took the computer to a friend that "understands" of computers, to try to fix him.
I think that friend did worse, cause the computer came to me and turns on normally, i see the desktop, i can surf the internet, BUT it is too slow and i cannot open almost any programs, neither "msconfig" nor "regedit", not even open the command prompt as administrator.
Whenever appears the "shield of administrator", i cannot open it. Appears the error message: "The specified service does not exist as an installed service". Sometimes appears the message "Shellexecuteex failed code 1060" too.
I cannot even open Power Options in Control Panel for example. I can only open the "msconfig", "regedit" and other programs in Safety Mode. I cannot even install programs (for example antivirus), i have to install in Safety Mode and then i can run them in Normal Mode.
I don't know everything that my father's friend made, i know that he ran COMBOFIX, RefreshPC, Tweaking.com, Malwarebytes, Microsoft Security Essentials (MSE), CCleaner and Adwcleaner.
When i picked up the computer, i uninstalled all these programs, except MSE, then I deleted some viruses in MSE (severe Trojans, Hijacks, BrowsersModifiers (i think one of them was "Sasquor").
I did "sfc/scannow" on command prompt (Safety Mode), i ran Spybot, Kaspersky Rescue Disk, ESET, NETGATE Registry Cleaner and finally i ran Ad-Aware (that incredibly still found 5 virus, even after for example Kaspersky Rescue Disk no longer find anything).
2 of these 5 viruses were Trojans and one of them was located in "C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy" with the name "(...)pdf-5-in-1(...)" which makes sense. I deleted them.
Also cannot uninstall programs through Control Panel - Programs and Features. When i try to uninstall appears the following message: "An error occurred while trying to uninstall (nameofprogram). It may already be uninstalled. Want to remove (nameofprogram) from Programs and Features list?".
If i click "Yes" nothing happens and program remains installed and remains in the list too... This problem also occurs in Safety Mode, i can only uninstall the programs of my father's friend through the folder where they are installed, and then click "Uninstall". As Ad-Aware doesn't have "Uninstall", i just cannot uninstall it.
Finally i ran HijackThis and here is the logfile so you can help me. PS: "PRIMAVERA" is an importante program that my father uses for work and this happens to be one of the few programs that gives to open, such as OpenOffice for example.
 
Thank you in advance for your help. Greetings.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:22:00, on 17-05-2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\PRIMAVERA\WindowsService100\bin\Primavera.Hesiod.TaskbarNotification.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\user\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKLM\..\RunOnce: [{A0859800-B818-4F72-9642-9E7E51D8968E}] C:\Users\user\AppData\Local\Temp\{1EED3DCB-A9EB-4AB6-A274-AD0116B77359}\{A0859800-B818-4F72-9642-9E7E51D8968E}.cmd
O4 - HKLM\..\RunOnce: [{0ADCC552-0336-4488-926C-E76AFC708FF6}] C:\Users\user\AppData\Local\Temp\{B2FC926E-4833-4A86-A840-2A55B30C47D1}\{0ADCC552-0336-4488-926C-E76AFC708FF6}.cmd
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [NETGATERegistryCleaner] C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - Startup: Monitorar alertas de tinta - HP Officejet 2620 series.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PRIMAVERA CloudServices Activator v8.00  (PRIMAVERACloudServicesActivator800) - PRIMAVERA BSS - C:\Program Files (x86)\PRIMAVERA\CloudServices800\CloudConnector\Primavera.CloudConnector.Activator.exe
O23 - Service: PRIMAVERA Windows Services (PRIMAVERAWindowsService) - PRIMAVERA Business Software Solutions, S.A. - C:\Program Files (x86)\PRIMAVERA\WindowsService100\Bin\Primavera.Hesiod.WindowsService.exe
O23 - Service: PRIMAVERA Windows Scheduler Services 8.00 (PrimaveraWS800) - PRIMAVERA Software Business Solutions - C:\Program Files (x86)\PRIMAVERA\SG800\WinServices\Primavera.WindowsServices.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 9648 bytes
 
 


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 17 May 2016 - 06:08 PM

Hello TiagoJ and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

I understand my friend. There is virüs your on the PC . I see it.so no need to worry.

======================

Please uninstall: NETGATERegistryCleaner

============================================
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 TiagoJ

TiagoJ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 18 May 2016 - 02:57 PM

Hello and thank you for the answer.
 
I had already uninstalled NETGATERegistryCleaner before i run HijackThis.
 
Here is the content of "FRST.txt" and attached "Addition.txt".
 
Thanks for your help. Greetings.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-05-2016
Ran by user (administrator) on USER-PC (18-05-2016 20:42:47)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Parsisplan)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1107672 2016-04-22] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKLM-x32\...\RunOnce: [{A0859800-B818-4F72-9642-9E7E51D8968E}] => C:\Users\user\AppData\Local\Temp\{1EED3DCB-A9EB-4AB6-A274-AD0116B77359}\{A0859800-B818-4F72-9642-9E7E51D8968E}.cmd <===== ATTENTION
HKLM-x32\...\RunOnce: [{0ADCC552-0336-4488-926C-E76AFC708FF6}] => C:\Users\user\AppData\Local\Temp\{B2FC926E-4833-4A86-A840-2A55B30C47D1}\{0ADCC552-0336-4488-926C-E76AFC708FF6}.cmd <===== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoSMMyDocs] 0
HKLM\...\Policies\Explorer: [NoSMMyPictures] 0
HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [NETGATERegistryCleaner] => C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [CCleaner Monitoring] => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [CCleaner] => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-06-26] (Apple Inc.)
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoVisualStyleChoice] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoColorChoice] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoSizeChoice] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoStartMenuMyGames] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSimpleStartMenu] 0
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  No File
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Officejet 2620 series.lnk [2016-05-18]
ShortcutTarget: Monitorar alertas de tinta - HP Officejet 2620 series.lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{85A090DD-086F-4608-AF82-86EE73AB4270}: [DhcpNameServer] 192.168.1.1 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-pt/?pc=UE09&ocid=UE09DHP
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2405137443-3143064101-1887122390-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2405137443-3143064101-1887122390-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\6bd508b5-8edf-4661-89eb-5b5186fa62d1@gmail.com [not found]
FF Extension: jid0XWJxt5VvCXkKzQK99PhZqAn7Xbgjetpack - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack [2014-10-27] [not signed]
FF Extension: badgedarktrojannet - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\Extensions\badge@darktrojan.net [2014-11-07] [not signed]
FF Extension: badgedarktrojannet - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\badge@darktrojan.net [2016-04-19] [not signed]
FF Extension: jid0XWJxt5VvCXkKzQK99PhZqAn7Xbgjetpack - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack [2016-04-19] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2014-10-14] [not signed]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.pt/
CHR StartupUrls: Default -> "hxxp://google.pt/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-23]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Autenticação.gov.pt) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggbmgkoifonjhoanniganldpekigdiga [2016-01-15]
CHR Extension: (Documentos do Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S2 MSSQL$PRILS810; c:\Program Files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S2 PRIMAVERACloudServicesActivator800; C:\Program Files (x86)\PRIMAVERA\CloudServices800\CloudConnector\Primavera.CloudConnector.Activator.exe [10752 2013-03-08] (PRIMAVERA BSS) [File not signed]
S2 PRIMAVERAWindowsService; C:\Program Files (x86)\PRIMAVERA\WindowsService100\Bin\Primavera.Hesiod.WindowsService.exe [187120 2016-03-30] (PRIMAVERA Business Software Solutions, S.A.)
S2 PrimaveraWS800; C:\Program Files (x86)\PRIMAVERA\SG800\WinServices\Primavera.WindowsServices.exe [25776 2014-08-07] (PRIMAVERA Software Business Solutions)
S3 SQLAgent$PRILS810; c:\Program Files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
R0 BE85AC61; C:\Windows\System32\drivers\BE85AC61.sys [478392 2016-04-28] (Kaspersky Lab ZAO)
R0 BE85AC616; C:\Windows\System32\drivers\BE85AC616.sys [478392 2016-04-28] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [343080 2014-04-21] (Broadcom Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
S3 AndNetDiag2; system32\DRIVERS\lgandnetdiag264.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-18 20:42 - 2016-05-18 20:43 - 00018235 _____ C:\Users\user\Desktop\FRST.txt
2016-05-18 20:42 - 2016-05-18 20:42 - 00000000 ____D C:\FRST
2016-05-18 20:37 - 2016-05-18 20:37 - 02382336 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-05-18 20:08 - 2016-05-18 01:14 - 00000214 _____ C:\Users\user\Desktop\forum 2.txt
2016-05-17 18:07 - 2016-05-17 18:10 - 00090547 _____ C:\Users\user\Desktop\pendentes.pdf
2016-05-13 17:25 - 2016-05-13 17:25 - 00000558 _____ C:\Windows\Tasks\Adobe Acrobat Update Task.job
2016-05-13 17:21 - 2016-05-13 17:21 - 00404620 _____ C:\Users\user\Downloads\SCAN_20160513_143819195.pdf
2016-05-11 13:20 - 2016-04-23 18:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 13:20 - 2016-04-23 17:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 13:20 - 2016-04-23 06:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 13:20 - 2016-04-23 06:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 13:20 - 2016-04-23 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 13:20 - 2016-04-23 06:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 13:20 - 2016-04-23 06:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 13:20 - 2016-04-23 06:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 13:20 - 2016-04-23 06:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 13:20 - 2016-04-23 06:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 13:20 - 2016-04-23 06:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 13:20 - 2016-04-23 05:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 13:20 - 2016-04-23 05:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 13:20 - 2016-04-23 05:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 13:20 - 2016-04-23 05:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 13:20 - 2016-04-23 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 13:20 - 2016-04-23 05:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 13:20 - 2016-04-23 05:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 13:20 - 2016-04-23 05:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 13:20 - 2016-04-23 05:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 13:20 - 2016-04-23 05:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 13:20 - 2016-04-23 05:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 13:20 - 2016-04-23 05:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 13:20 - 2016-04-23 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 13:20 - 2016-04-23 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 13:20 - 2016-04-23 05:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 13:20 - 2016-04-23 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 13:20 - 2016-04-23 05:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 13:20 - 2016-04-23 05:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 13:20 - 2016-04-23 05:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 13:20 - 2016-04-23 05:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 13:20 - 2016-04-23 05:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 13:20 - 2016-04-23 05:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 13:20 - 2016-04-23 05:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 13:20 - 2016-04-23 05:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 13:20 - 2016-04-23 05:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 13:20 - 2016-04-23 05:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 13:20 - 2016-04-23 05:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 13:20 - 2016-04-23 05:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 13:20 - 2016-04-23 05:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 13:20 - 2016-04-23 05:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 13:20 - 2016-04-23 05:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 13:20 - 2016-04-23 05:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 13:20 - 2016-04-23 04:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 13:20 - 2016-04-23 04:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 13:20 - 2016-04-23 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 13:20 - 2016-04-23 04:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 13:20 - 2016-04-23 04:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 13:20 - 2016-04-23 04:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 13:20 - 2016-04-23 04:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 13:20 - 2016-04-23 04:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 13:20 - 2016-04-23 04:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 13:20 - 2016-04-23 04:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 13:20 - 2016-04-23 04:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 13:20 - 2016-04-23 04:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 13:20 - 2016-04-23 04:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 13:20 - 2016-04-23 04:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 13:20 - 2016-04-23 04:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 13:20 - 2016-04-23 04:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 13:20 - 2016-04-23 04:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 13:20 - 2016-04-23 04:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 13:20 - 2016-04-23 04:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 13:20 - 2016-04-23 04:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 13:20 - 2016-04-23 04:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 13:20 - 2016-04-23 04:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 13:20 - 2016-04-23 04:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 13:20 - 2016-04-14 14:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 13:20 - 2016-04-14 14:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 13:20 - 2016-04-09 08:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 13:20 - 2016-04-09 08:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 13:20 - 2016-04-09 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 13:20 - 2016-04-09 07:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 13:20 - 2016-04-09 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 13:20 - 2016-04-09 07:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 13:20 - 2016-04-09 07:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 13:20 - 2016-04-09 06:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 13:20 - 2016-04-06 16:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 13:19 - 2016-04-09 08:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 13:19 - 2016-04-09 08:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 13:19 - 2016-04-09 08:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 13:19 - 2016-04-09 08:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 13:19 - 2016-04-09 08:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 13:19 - 2016-04-09 07:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 13:19 - 2016-04-09 07:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 13:19 - 2016-04-09 07:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 13:19 - 2016-04-09 07:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 06:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 13:19 - 2016-04-09 06:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 13:19 - 2016-04-09 06:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 13:19 - 2016-04-09 06:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 13:19 - 2016-04-09 06:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 13:19 - 2016-04-09 06:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 13:19 - 2016-04-09 06:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 13:19 - 2016-04-09 06:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 13:19 - 2016-04-09 06:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 13:19 - 2016-04-09 06:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 13:19 - 2016-04-09 06:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 13:19 - 2016-04-09 06:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 13:19 - 2016-04-09 06:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 13:19 - 2016-04-09 06:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 13:19 - 2016-04-09 06:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 13:19 - 2016-04-09 06:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 13:19 - 2016-04-09 06:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 13:19 - 2016-04-09 06:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 06:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 06:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 06:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 13:19 - 2016-04-09 05:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 13:19 - 2016-04-09 04:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 12:10 - 2016-05-11 12:10 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d1ab75ae0ff6cc.job
2016-05-11 12:09 - 2016-05-11 12:12 - 00000000 ____D C:\Program Files (x86)\GUM79FF.tmp
2016-05-09 19:50 - 2016-05-09 19:50 - 03838324 _____ C:\Users\user\Downloads\Catálogo Comercial Renault Kangoo Express.pdf
2016-05-09 19:49 - 2016-05-09 19:49 - 01317330 _____ C:\Users\user\Downloads\Catálogo Multiauto - Évora Viaturas Transformadas.pdf
2016-05-09 11:04 - 2016-05-09 11:49 - 00000000 ____D C:\Users\TEMP\AppData\Local\Google
2016-05-09 11:04 - 2016-05-09 11:04 - 00001409 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-09 11:04 - 2016-05-09 11:04 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Adobe
2016-05-09 11:03 - 2016-05-09 11:04 - 00000000 ____D C:\Users\TEMP
2016-05-09 11:03 - 2016-05-09 11:03 - 00068688 _____ C:\Users\TEMP\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-09 11:03 - 2016-05-09 11:03 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\Os meus documentos
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\Modelos
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\Menu Iniciar
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\Documents\Os meus vídeos
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\Documents\As minhas imagens
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\Documents\A minha música
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\Definições locais
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Histórico
2016-05-09 11:03 - 2016-05-09 11:03 - 00000000 ____D C:\Users\TEMP\AppData\Local\VirtualStore
2016-05-09 11:03 - 2014-10-16 18:41 - 00000000 ____D C:\Users\TEMP\Documents\Visual Studio 2008
2016-05-09 11:03 - 2014-10-16 17:50 - 00000000 ____D C:\Users\TEMP\Documents\Visual Studio 2005
2016-05-09 11:03 - 2014-10-16 17:50 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2016-05-09 11:03 - 2011-04-12 14:06 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-05-08 22:43 - 2016-05-08 22:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Lavasoft
2016-05-08 20:19 - 2016-05-08 20:19 - 00000000 ____D C:\Users\user\AppData\Roaming\LavasoftStatistics
2016-05-08 20:18 - 2016-05-08 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-05-08 20:18 - 2016-05-08 20:18 - 00000000 ____D C:\Program Files\Lavasoft
2016-05-08 20:14 - 2016-05-08 20:14 - 00000000 ____D C:\ProgramData\Lavasoft
2016-05-08 20:14 - 2016-05-08 20:14 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-05-08 20:07 - 2016-05-08 20:07 - 02085168 _____ C:\Users\user\Downloads\Adaware_Installer.exe
2016-05-08 14:15 - 2016-05-08 14:15 - 00140222 _____ C:\Users\user\Downloads\PROGRAMA IV CTO. INTEREMPRESAS.pdf
2016-05-08 14:14 - 2016-05-08 14:14 - 00042282 _____ C:\Users\user\Downloads\Relatório de Viagens.pdf
2016-05-06 17:11 - 2016-05-06 17:11 - 00440143 _____ C:\Users\user\Downloads\1368.pdf
2016-05-03 23:24 - 2016-05-03 23:24 - 01555814 _____ C:\Users\user\Downloads\Resultados tirada solotiro.pdf
2016-05-03 15:53 - 2016-05-03 15:53 - 00212901 _____ C:\Users\user\Downloads\email_51126710696 (1).PDF
2016-05-02 16:50 - 2016-05-02 16:50 - 00212901 _____ C:\Users\user\Downloads\email_51126710696.PDF
2016-05-02 12:11 - 2016-05-02 12:11 - 00021504 _____ C:\Users\user\Downloads\Rodamoz,_Lda[28042016.ods
2016-05-02 10:27 - 2016-05-02 10:28 - 01763328 _____ C:\Users\user\Downloads\PDFBinder-v1.2.msi
2016-05-02 10:27 - 2016-05-02 10:27 - 00519013 _____ C:\Users\user\Downloads\PDFBinder.pdf
2016-05-02 10:27 - 2016-05-02 10:27 - 00519013 _____ C:\Users\user\Downloads\PDFBinder (2).pdf
2016-05-02 10:27 - 2016-05-02 10:27 - 00519013 _____ C:\Users\user\Downloads\PDFBinder (1).pdf
2016-04-29 16:02 - 2016-04-29 16:02 - 00450588 _____ C:\Users\user\Desktop\Scan0029.pdf
2016-04-28 02:27 - 2016-04-28 02:36 - 00000000 ____D C:\Windows\system32\config\RC Backup
2016-04-28 01:40 - 2016-04-28 01:40 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\BE85AC616.sys
2016-04-28 01:34 - 2016-04-28 01:34 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\BE85AC61.sys
2016-04-28 01:34 - 2016-04-28 01:34 - 00000000 ____D C:\KVRT_Data
2016-04-28 01:27 - 2016-04-28 01:28 - 00191574 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_01.27.57_log.txt
2016-04-28 01:22 - 2016-04-28 01:22 - 00000085 _____ C:\Windows\wininit.ini
2016-04-27 22:08 - 2016-04-28 02:23 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-26 09:51 - 2016-04-26 09:51 - 00038337 _____ C:\Users\user\Desktop\mapa iva março 2016 rodamoz.pdf
2016-04-25 20:26 - 2016-05-18 20:39 - 03583280 _____ C:\Windows\ntbtlog.txt
2016-04-25 20:23 - 2016-04-25 20:23 - 00006686 _____ C:\Users\user\Documents\cc_20160425_202341.reg
2016-04-24 00:09 - 2016-05-09 01:51 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-24 00:09 - 2016-04-24 00:09 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-23 18:18 - 2016-05-09 01:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-23 18:18 - 2016-05-09 01:52 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-23 17:45 - 2016-04-04 19:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-23 17:45 - 2016-04-04 19:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-23 17:45 - 2016-04-02 14:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-23 17:45 - 2016-03-23 15:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-23 17:45 - 2016-03-17 19:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-23 17:45 - 2016-03-17 19:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-23 17:45 - 2016-03-17 19:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-23 17:45 - 2016-03-17 19:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-23 17:45 - 2016-03-16 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-23 17:45 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-23 17:45 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-23 17:45 - 2016-02-03 15:07 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-04-23 17:45 - 2016-01-22 07:28 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-23 17:45 - 2016-01-22 07:28 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-04-23 17:45 - 2016-01-22 07:27 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-04-23 17:45 - 2016-01-22 07:08 - 12882432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-23 17:45 - 2016-01-22 07:07 - 02973696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-04-23 17:45 - 2016-01-22 07:07 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-04-23 17:45 - 2015-07-23 01:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-04-23 17:45 - 2015-07-23 00:57 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-04-23 17:45 - 2015-07-22 23:04 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-04-23 17:45 - 2015-07-22 17:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-04-23 17:44 - 2015-11-19 15:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-04-23 17:44 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-04-23 17:44 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-04-23 17:44 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-04-23 17:44 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-04-23 17:44 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-04-23 17:44 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-04-23 17:44 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-04-23 17:44 - 2015-08-05 19:03 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-04-23 17:44 - 2015-08-05 18:15 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-04-23 17:44 - 2015-05-25 19:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-04-23 17:44 - 2015-05-25 19:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-04-23 17:44 - 2015-05-25 19:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-04-23 17:44 - 2015-05-25 19:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-04-23 17:44 - 2015-05-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-04-23 17:44 - 2015-05-25 19:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-04-23 17:44 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-04-23 17:44 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-04-23 17:44 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2016-04-23 17:44 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2016-04-23 17:44 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2016-04-23 17:44 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2016-04-23 17:43 - 2016-03-09 20:00 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-04-23 17:43 - 2016-03-09 20:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-04-23 17:43 - 2016-03-09 19:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-23 17:43 - 2016-03-09 19:40 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-04-23 17:43 - 2016-03-09 19:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-04-23 17:43 - 2016-03-09 19:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-23 17:43 - 2016-02-06 00:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-23 17:43 - 2016-02-06 00:05 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-23 17:43 - 2016-02-05 22:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-23 17:43 - 2016-01-30 20:16 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-23 17:43 - 2016-01-30 20:08 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-23 17:43 - 2016-01-30 20:06 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-23 17:43 - 2016-01-30 20:06 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-23 17:43 - 2016-01-30 20:06 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-23 17:43 - 2016-01-30 20:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-23 17:43 - 2016-01-30 20:02 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-23 17:43 - 2016-01-30 19:44 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-23 17:43 - 2016-01-30 19:44 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-23 17:43 - 2016-01-30 19:44 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-23 17:43 - 2016-01-30 19:40 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-23 17:43 - 2016-01-21 01:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-23 17:43 - 2016-01-08 20:20 - 01683904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-04-23 17:43 - 2015-12-30 15:08 - 00434040 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-23 17:43 - 2015-12-16 19:55 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-04-23 17:43 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-04-23 17:43 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-04-23 17:43 - 2015-12-16 19:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-04-23 17:43 - 2015-12-16 19:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-04-23 17:43 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-04-23 17:43 - 2015-12-16 19:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-04-23 17:43 - 2015-12-16 19:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-04-23 17:43 - 2015-12-16 15:35 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-04-23 17:43 - 2015-12-16 15:35 - 00419640 _____ C:\Windows\system32\locale.nls
2016-04-23 17:43 - 2015-08-27 19:18 - 02003968 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-04-23 17:43 - 2015-08-27 19:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-04-23 17:43 - 2015-08-27 18:51 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-04-23 17:43 - 2015-08-27 18:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-04-23 17:43 - 2015-07-09 18:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-04-23 17:43 - 2015-07-09 18:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-04-23 17:43 - 2015-07-09 18:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-04-23 17:43 - 2015-07-09 18:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-04-23 17:43 - 2015-04-27 20:17 - 01480704 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-04-23 17:43 - 2015-04-27 20:17 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-04-23 17:43 - 2015-04-27 20:17 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-04-23 17:43 - 2015-04-27 20:17 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-04-23 17:43 - 2015-04-27 19:56 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-04-23 17:43 - 2015-04-27 19:55 - 01175040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-04-23 17:43 - 2015-04-27 19:55 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-04-23 17:43 - 2015-04-27 19:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-04-23 17:43 - 2015-04-11 04:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-04-23 17:43 - 2015-01-29 04:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-04-23 17:43 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-04-23 17:43 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-04-23 17:43 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-04-23 17:43 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-04-23 17:43 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2016-04-23 17:43 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2016-04-23 17:43 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2016-04-23 17:43 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-04-23 17:43 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-04-23 17:43 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-04-23 17:43 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-04-23 17:43 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-04-23 17:43 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-04-23 17:43 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-04-23 17:43 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-04-23 17:43 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-04-23 17:43 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-04-23 01:31 - 2016-04-23 01:31 - 00000000 ____D C:\Users\Parsisplan\AppData\Roaming\Adobe
2016-04-23 01:29 - 2016-04-23 01:29 - 00068688 _____ C:\Users\Parsisplan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-23 01:28 - 2016-04-23 01:28 - 00000020 ___SH C:\Users\Parsisplan\ntuser.ini
2016-04-21 22:31 - 2016-04-21 22:31 - 00010820 _____ C:\Users\user\Documents\cc_20160421_223133.reg
2016-04-21 21:38 - 2016-04-21 21:38 - 00006592 ____N C:\bootsqm.dat
2016-04-21 19:51 - 2016-05-18 19:58 - 00000000 ____D C:\Windows\pss
2016-04-21 12:29 - 2016-04-21 12:29 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Os meus documentos
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Modelos
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Menu Iniciar
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\Os meus vídeos
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\As minhas imagens
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\A minha música
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\Definições locais
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 _SHDL C:\Users\DefaultAppPool\AppData\Local\Histórico
2016-04-21 12:29 - 2016-04-21 12:29 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-21 12:29 - 2014-10-16 18:41 - 00000000 ____D C:\Users\DefaultAppPool\Documents\Visual Studio 2008
2016-04-21 12:29 - 2014-10-16 17:50 - 00000000 ____D C:\Users\DefaultAppPool\Documents\Visual Studio 2005
2016-04-21 12:29 - 2014-10-16 17:50 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2016-04-21 12:29 - 2011-04-12 14:06 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-04-21 12:27 - 2016-04-21 12:27 - 00636643 _____ C:\Users\user\Downloads\RNA[1] (1).rar
2016-04-21 12:26 - 2016-04-21 12:26 - 00636643 _____ C:\Users\user\Downloads\RNA[1].rar
2016-04-21 12:26 - 2016-04-21 12:26 - 00077694 _____ C:\Users\user\Downloads\RNA_Faturas[1].rar
2016-04-21 10:35 - 2016-04-21 10:35 - 00429786 _____ C:\Users\user\Desktop\SAFT_RODAMOZ_01032016_31032016.xml
2016-04-21 10:35 - 2016-04-21 10:35 - 00000000 ____D C:\Users\user\Desktop\08.1007.1034
2016-04-21 10:32 - 2016-04-21 10:32 - 00059672 _____ C:\Users\user\Desktop\documentos emitidos março 2016.pdf
2016-04-21 03:18 - 2016-04-21 03:18 - 00000000 __SHD C:\found.000
2016-04-21 01:34 - 2016-04-27 02:17 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2016-04-20 23:23 - 2016-04-20 23:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-04-20 21:30 - 2016-04-20 22:56 - 00000000 ____D C:\Backup Luis
2016-04-20 21:07 - 2016-04-20 21:29 - 00000000 ____D C:\Documentos Ambiente de trabalho
2016-04-20 20:25 - 2016-04-23 01:43 - 00000000 ____D C:\Users\user\Desktop\Documentos Ambiente de trabalho
2016-04-20 17:27 - 2016-04-23 01:31 - 00000000 ____D C:\Users\Parsisplan
2016-04-20 16:37 - 2016-04-20 16:37 - 00000000 __SHD C:\$360Section
2016-04-19 20:44 - 2016-04-17 13:54 - 00307243 _____ ( ) C:\Windows\systwin.exe
2016-04-19 20:43 - 2016-04-19 20:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-19 20:43 - 2016-04-19 20:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-19 20:43 - 2016-04-19 20:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-19 20:43 - 2016-04-19 20:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-04-19 20:43 - 2016-04-19 20:43 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-19 19:24 - 2016-04-28 00:48 - 00001409 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-19 18:07 - 2016-04-19 20:47 - 00000000 ____D C:\ProgramData\Windows Update
2016-04-19 18:03 - 2016-04-19 20:25 - 00000000 ____D C:\Users\user\AppData\Local\app
2016-04-19 18:02 - 2016-04-19 18:02 - 00000000 ____D C:\Users\Public\Thunder Network
2016-04-19 18:01 - 2016-04-19 18:49 - 00000326 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_user.job
2016-04-19 18:01 - 2016-04-19 18:04 - 00000596 _____ C:\Windows\Tasks\PPTAssistantUpdateTask_user.job
2016-04-19 18:01 - 2016-04-19 18:04 - 00000000 ____D C:\ProgramData\kingsoft
2016-04-19 18:01 - 2016-04-19 18:01 - 00003578 _____ C:\Windows\System32\Tasks\PPTAssistantUpdateTask_user
2016-04-19 18:01 - 2016-04-19 18:01 - 00003308 _____ C:\Windows\System32\Tasks\PPTAssistantNotifyTask_user
2016-04-19 17:58 - 2016-04-19 17:56 - 00000209 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-19 10:49 - 2016-04-19 11:20 - 00000000 ____D C:\Users\user\Documents\interpartner excel
2016-04-18 10:48 - 2016-04-18 10:48 - 00000000 ____D C:\ProgramData\Sony Mobile
2016-04-18 10:48 - 2016-04-18 10:48 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2016-04-18 10:45 - 2016-04-20 20:14 - 00002096 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2016-04-18 10:45 - 2016-04-18 10:45 - 00000000 ____D C:\ProgramData\Sony
2016-04-18 10:45 - 2016-04-18 10:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-04-18 10:45 - 2016-04-18 10:45 - 00000000 ____D C:\Program Files (x86)\Sony
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-18 20:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-05-18 20:35 - 2009-07-14 05:45 - 00028672 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-18 20:35 - 2009-07-14 05:45 - 00028672 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-18 20:32 - 2011-04-12 13:55 - 00834206 _____ C:\Windows\system32\prfh0816.dat
2016-05-18 20:32 - 2011-04-12 13:55 - 00191012 _____ C:\Windows\system32\prfc0816.dat
2016-05-18 20:32 - 2009-07-14 06:13 - 01963056 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-18 20:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-05-18 20:27 - 2016-01-05 17:32 - 00000000 ___RD C:\Users\user\iCloudDrive
2016-05-17 19:08 - 2015-04-17 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-17 19:08 - 2014-10-14 17:30 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-17 19:06 - 2016-03-31 15:04 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2016-05-17 19:06 - 2015-04-17 09:18 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-13 17:25 - 2015-11-09 10:20 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 01:11 - 2014-10-15 12:31 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 01:11 - 2014-10-15 12:31 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 09:37 - 2009-07-14 05:45 - 00306216 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 09:34 - 2011-04-12 14:06 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 12:59 - 2014-10-14 15:04 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2016-05-11 12:10 - 2014-10-15 12:30 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-10 11:18 - 2014-10-10 09:20 - 00000000 ____D C:\Users\user\Documents\RODAMOZ
2016-05-09 11:04 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-26 09:17 - 2015-04-01 12:58 - 00000000 ____D C:\Users\user\AppData\Local\Deployment
2016-04-26 02:03 - 2015-07-30 17:14 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-04-25 21:22 - 2014-10-20 10:01 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-25 18:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-04-24 00:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing
2016-04-24 00:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-04-24 00:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2016-04-23 18:22 - 2014-10-14 15:34 - 01894980 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-21 20:10 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-21 15:05 - 2010-11-21 04:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 08:49 - 2014-10-03 11:19 - 00068688 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-21 08:48 - 2011-04-12 14:06 - 00000000 ____D C:\Windows\CSC
2016-04-21 00:23 - 2009-07-14 03:34 - 00000439 _____ C:\Windows\win.ini
2016-04-20 23:49 - 2009-07-14 03:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_943
2016-04-20 20:14 - 2016-04-07 17:30 - 00002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Excel Viewer.lnk
2016-04-20 20:14 - 2016-01-04 10:57 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-20 20:14 - 2016-01-04 10:47 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-20 20:14 - 2015-05-08 09:36 - 00002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-04-20 20:14 - 2015-04-28 12:25 - 00000831 _____ C:\Users\user\Desktop\LGMobile Support Tool.lnk
2016-04-20 20:14 - 2014-10-15 09:51 - 00000900 _____ C:\Users\user\Desktop\Professional ERP.lnk
2016-04-20 20:14 - 2014-10-03 11:19 - 00002105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-20 20:14 - 2014-09-19 13:30 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-20 20:14 - 2014-09-19 13:29 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-20 20:14 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-20 20:14 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-04-20 20:14 - 2009-07-14 05:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-20 20:14 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-20 20:14 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-20 20:14 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-20 19:22 - 2009-07-14 03:34 - 00000748 _____ C:\Windows\system32\Drivers\etc\hosts_bak_859
2016-04-20 18:27 - 2009-07-14 06:08 - 00000006 _____ C:\Windows\Tasks\SA.DAT
2016-04-20 17:32 - 2014-10-03 11:18 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-19 20:47 - 2015-04-01 12:58 - 00000000 ____D C:\Users\user\AppData\Local\Apps\2.0
2016-04-19 20:15 - 2009-07-14 06:08 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-19 18:07 - 2014-09-19 13:34 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2016-04-19 17:36 - 2014-10-15 12:30 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-18 10:45 - 2014-10-14 15:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-18 10:40 - 2016-04-13 11:31 - 00000000 ____D C:\Users\user\AppData\Roaming\Google
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\jre-8u91-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-18 10:03
 
==================== End of FRST.txt ============================

 

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 19 May 2016 - 06:22 PM

Hi again,

Please uninstall:

Kaspersky
BitDefender
Lavasoft Ad-Aware Antivirus
Lavasoft AntimalwareEngine
webssearches
NETGATE\Registry Cleaner

And PC restart now.

============================================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

===========================================================================

How is your PC running now and are there still septoms ?

Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 TiagoJ

TiagoJ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 20 May 2016 - 05:51 PM

Hello again. Thanks for the answer.
 
Kaspersky, BitDefender and Lavasoft AntimalwareEngine are included in Lavasoft Ad-Aware Antivirus, and I cannot uninstall Lavasoft Ad-Aware Antivirus for the reasons that i wrote in my first post:
 

"Also cannot uninstall programs through Control Panel - Programs and Features. When i try to uninstall appears the following message: "An error occurred while trying to uninstall (nameofprogram). It may already be uninstalled. Want to remove (nameofprogram) from Programs and Features list?".

If i click "Yes" nothing happens and program remains installed and remains in the list too... This problem also occurs in Safety Mode, i can only uninstall the programs of my father's friend through the folder where they are installed, and then click "Uninstall". As Ad-Aware doesn't have "Uninstall", i just cannot uninstall it."

 

"I had already uninstalled NETGATERegistryCleaner before i run HijackThis."
 
I search "NETGATE" and "webssearches" in C: and don't find results.
 
I cannot install Zemana AntiMalware Free because in Normal Mode appears the error message that i explained in my first post "Shellexecuteex failed code 1060. The specified service does not exist as an installed service". In Safe Mode appears the message "Currently does not work in Safe Mode".
 
Thank you in advance. Greetings.

Edited by TiagoJ, 20 May 2016 - 05:52 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 22 May 2016 - 05:43 PM

Greetings my friend,

 

Kaspersky Uninstall: https://support.kaspersky.com/common/service.aspx?el=1464
BitDefender Uninstall:http://www.bitdefender.com/uninstall/
Lavasoft AntimalwareEngine Uninstall: http://www.lavasoft.com/mylavasoft/support/supportcenter/technicalproblems/faq/?keywords=uninstallation&product=653&category=
Lavasoft Ad-Aware Antivirus Uninstall: http://www.lavasoft.com/mylavasoft/support/supportcenter/technicalproblems/faq/?keywords=uninstallation&product=653&category=

 

And PC restart .

 

Let me know when you get that done please.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 TiagoJ

TiagoJ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 22 May 2016 - 09:10 PM

Hi olgun52.

Lavasoft Ad-Aware Antivirus and Lavasoft AntimalwareEngine: In the link that you gave me, only explain how to uninstall through "Control Panel - Programs and Features" and i cannot uninstall programs by that way.

BitDefender: I don't know which version i have installed, but probably isn't none of those because BitDefender it's included in Lavasoft Ad-Aware Antivirus.

Kaspersky: Following the instructions of your link, it was supposed to appear the phrase "Following products were detected:", but instead appears "The product was not detected. Select the product in the list to force removal:".
Attached i send screenshots.

 

PS: I did now a "Quick Scan" on Microsoft Security Essentials and the result was:

SoftwareBundler: Win32/DartsMound, Alert level: high
SoftwareBundler: Win32/DartsMound, Alert level: high
with the error 0x80508023

I deleted both.

Thank you in advance. Regards

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 23 May 2016 - 09:28 AM

Thank you,

Please do.

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 TiagoJ

TiagoJ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 23 May 2016 - 04:25 PM

Hello olgun52.

 

Note: As i said in my first post, i had already run AdwCleaner and Malwarebytes Anti-Malware.

 

# AdwCleaner v5.117 - Logfile created 23/05/2016 at 20:00:49
# Updated 15/05/2016 by Xplode
# Database : 2016-05-23.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_5.117.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Windows\systwin.exe

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : {FDF07F31-1610-4C9F-8DD2-9DFC13C1E032}

***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Yeaplayer]
[-] Key Deleted : HKLM\SOFTWARE\Clients\Media\yeaplayer
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1119 bytes] - [23/05/2016 20:00:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [1249 bytes] - [23/05/2016 19:59:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1265 bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by user (Limited) on 23-05-2016 at 20:12:17,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 20

Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\staged (Folder)
Successfully deleted: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\staged (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A8N4N85 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5SFBNF2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI861W5T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS5UV7HE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2A8N4N85 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H5SFBNF2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YI861W5T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YS5UV7HE (Temporary Internet Files Folder)



Registry: 2

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\Service Mgr CashKitten (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\Update Mgr CashKitten (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23-05-2016 at 20:13:51,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da Verificação: 23-05-2016
Hora da Verificação: 20:30
Ficheiro de Relatório:
Administrador: Sim

Versão: 2.2.1.1043
Base de Dados de Malware: v2016.05.23.05
Base de dados de Rootkits: v2016.05.20.01
Licença: Grátis
Proteção contra Malware: Desativado
Proteção contra Websites Maliciosos: Desativado
Autoproteção: Desativado

SO: Windows 7 Service Pack 1
CPU: x64
Sistema de Ficheiros: NTFS
Utilizador: user

Tipo de Verificação: Verificação de Ameaças
Resultado: Concluída
Objetos Verificados: 444928
Tempo Decorrido: 19 min, 36 s

Memória: Ativado
Arranque: Ativado
Sistema de Ficheiros: Ativado
Arquivos: Ativado
Rootkits: Ativado
Heurísticos: Ativado
PPI: Ativado
MPI: Ativado

Processos: 0
(Nenhum item malicioso detetado)

Módulos: 0
(Nenhum item malicioso detetado)

Chaves de Registo: 4
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32, Movido para Quarentena, [351c9e3bc1d82e082cbb8a52b152c838],
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS, Movido para Quarentena, [4e03b425fb9e2d095f88924a0102659b],
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASAPI32, Movido para Quarentena, [252c7069afea32045454f7e51de66799],
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\TRACING\otutnetwork_RASMANCS, Movido para Quarentena, [51007b5efa9f2313713706d6897ae020],

Valores de Registo: 0
(Nenhum item malicioso detetado)

Dados de Registo: 0
(Nenhum item malicioso detetado)

Pastas: 0
(Nenhum item malicioso detetado)

Ficheiros: 0
(Nenhum item malicioso detetado)

Sectores Físicos: 0
(Nenhum item malicioso detetado)


(end)

 

 

PS: May i delete the 4 items that went to the "quarantine" of Malwarebytes Anti-Malware?

 

Thank you.



#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 23 May 2016 - 06:04 PM

Hi again,

PS: May i delete the 4 items that went to the "quarantine" of Malwarebytes Anti-Malware?

They you that does not hurt anymore. but you can delete,if you want.

 

Step 1:
 FRST Script:
 Please download this attached    Attached File  Fixlist.txt   10.23KB   7 downloads and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:


Edited by olgun52, 23 May 2016 - 06:05 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 TiagoJ

TiagoJ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 24 May 2016 - 04:36 PM

Hello and thanks for your help.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by user (2016-05-24 19:49:05) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Parsisplan)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {2B7599E2-535F-4BC8-854D-476BA0782876} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2405137443-3143064101-1887122390-1000
Task: {69963A6A-1735-478E-B6A7-E9DA0DDBE5EA} - no filepath
Task: {9EB93DFA-C7B3-49B5-BA17-4126B20171C3} - System32\Tasks\{F8569466-8955-45FC-8CF2-3C89C365DBD2} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {B3769E16-8386-4521-BEA8-EA8489AB2FE5} - no filepath
Task: {CCDAAC86-568F-4491-9679-810F66702D5F} - System32\Tasks\{FDF07F31-1610-4C9F-8DD2-9DFC13C1E032} => pcalua.exe -a C:\Users\user\AppData\Roaming\webssearches\UninstallManager.exe -c  -ptid=slbnew <==== ATTENTION
Task: C:\Windows\Tasks\PPTAssistantNotifyTask_user.job => C:\Users\user\AppData\Local\PPTAssist\notify.exe
Task: C:\Windows\Tasks\PPTAssistantUpdateTask_user.job => C:\Users\user\AppData\Local\PPTAssist\assistupdate.exe
Task: {80D61E2D-DE0B-4E2D-8B95-A2777C5C5731} - System32\Tasks\PPTAssistantNotifyTask_user => C:\Users\user\AppData\Local\PPTAssist\notify.exe
Task: {9386F72F-0F01-45FE-850F-08AE2C48D027} - System32\Tasks\PPTAssistantUpdateTask_user => C:\Users\user\AppData\Local\PPTAssist\assistupdate.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\31864262.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\89317638.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\31864262.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\89317638.sys => ""="Driver"
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [{A0859800-B818-4F72-9642-9E7E51D8968E}] => C:\Users\user\AppData\Local\Temp\{1EED3DCB-A9EB-4AB6-A274-AD0116B77359}\{A0859800-B818-4F72-9642-9E7E51D8968E}.cmd <===== ATTENTION
HKLM-x32\...\RunOnce: [{0ADCC552-0336-4488-926C-E76AFC708FF6}] => C:\Users\user\AppData\Local\Temp\{B2FC926E-4833-4A86-A840-2A55B30C47D1}\{0ADCC552-0336-4488-926C-E76AFC708FF6}.cmd <===== ATTENTION
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoSMMyDocs] 0
HKLM\...\Policies\Explorer: [NoSMMyPictures] 0
HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Run: [NETGATERegistryCleaner] => C:\Program Files\NETGATE\Registry Cleaner\RegistryCleaner.exe
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispCPL] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispScrSavPage] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoVisualStyleChoice] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoColorChoice] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\system: [NoSizeChoice] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoAddPrinter] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoChangeAnimation] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSecurityTab] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoToolbarCustomize] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoStartMenuMyGames] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoCommonGroups] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\...\Policies\Explorer: [NoSimpleStartMenu] 0
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-2405137443-3143064101-1887122390-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\6bd508b5-8edf-4661-89eb-5b5186fa62d1@gmail.com [not found]
FF Extension: jid0XWJxt5VvCXkKzQK99PhZqAn7Xbgjetpack - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack [2014-10-27] [not signed]
FF Extension: badgedarktrojannet - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\Extensions\badge@darktrojan.net [2014-11-07] [not signed]
FF Extension: badgedarktrojannet - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\badge@darktrojan.net [2016-04-19] [not signed]
FF Extension: jid0XWJxt5VvCXkKzQK99PhZqAn7Xbgjetpack - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack [2016-04-19] [not signed]
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R0 BE85AC61; C:\Windows\System32\drivers\BE85AC61.sys [478392 2016-04-28] (Kaspersky Lab ZAO)
R0 BE85AC616; C:\Windows\System32\drivers\BE85AC616.sys [478392 2016-04-28] (Kaspersky Lab ZAO)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
2016-05-11 12:09 - 2016-05-11 12:12 - 00000000 ____D C:\Program Files (x86)\GUM79FF.tmp
C:\Users\TEMP
2016-05-08 22:43 - 2016-05-08 22:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Lavasoft
2016-05-08 20:19 - 2016-05-08 20:19 - 00000000 ____D C:\Users\user\AppData\Roaming\LavasoftStatistics
2016-05-08 20:18 - 2016-05-08 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-05-08 20:18 - 2016-05-08 20:18 - 00000000 ____D C:\Program Files\Lavasoft
2016-05-08 20:14 - 2016-05-08 20:14 - 00000000 ____D C:\ProgramData\Lavasoft
2016-05-08 20:14 - 2016-05-08 20:14 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-05-08 20:07 - 2016-05-08 20:07 - 02085168 _____ C:\Users\user\Downloads\Adaware_Installer.exe
2016-05-02 10:27 - 2016-05-02 10:28 - 01763328 _____ C:\Users\user\Downloads\PDFBinder-v1.2.msi
2016-05-02 10:27 - 2016-05-02 10:27 - 00519013 _____ C:\Users\user\Downloads\PDFBinder.pdf
2016-05-02 10:27 - 2016-05-02 10:27 - 00519013 _____ C:\Users\user\Downloads\PDFBinder (2).pdf
2016-05-02 10:27 - 2016-05-02 10:27 - 00519013 _____ C:\Users\user\Downloads\PDFBinder (1).pdf
2016-04-28 01:40 - 2016-04-28 01:40 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\BE85AC616.sys
2016-04-28 01:34 - 2016-04-28 01:34 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\BE85AC61.sys
2016-04-28 01:34 - 2016-04-28 01:34 - 00000000 ____D C:\KVRT_Data
2016-04-28 01:27 - 2016-04-28 01:28 - 00191574 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_01.27.57_log.txt
2016-04-28 01:22 - 2016-04-28 01:22 - 00000085 _____ C:\Windows\wininit.ini
C:\$360Section
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
C:\Windows\systwin.exe
2016-04-19 18:01 - 2016-04-19 18:49 - 00000326 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_user.job
2016-04-19 18:01 - 2016-04-19 18:04 - 00000596 _____ C:\Windows\Tasks\PPTAssistantUpdateTask_user.job
2016-04-19 18:01 - 2016-04-19 18:01 - 00003578 _____ C:\Windows\System32\Tasks\PPTAssistantUpdateTask_user
2016-04-19 18:01 - 2016-04-19 18:01 - 00003308 _____ C:\Windows\System32\Tasks\PPTAssistantNotifyTask_user
2016-04-19 17:58 - 2016-04-19 17:56 - 00000209 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-20 23:49 - 2009-07-14 03:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_943
2016-04-20 19:22 - 2009-07-14 03:34 - 00000748 _____ C:\Windows\system32\Drivers\etc\hosts_bak_859
CMD: bitsadmin /reset /allusers
RemoveProxy:
Hosts:
Emptytemp:





*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B7599E2-535F-4BC8-854D-476BA0782876}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7599E2-535F-4BC8-854D-476BA0782876}" => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-2405137443-3143064101-1887122390-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\UpdateCheck_S-1-5-21-2405137443-3143064101-1887122390-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69963A6A-1735-478E-B6A7-E9DA0DDBE5EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69963A6A-1735-478E-B6A7-E9DA0DDBE5EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EB93DFA-C7B3-49B5-BA17-4126B20171C3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EB93DFA-C7B3-49B5-BA17-4126B20171C3}" => key removed successfully
C:\Windows\System32\Tasks\{F8569466-8955-45FC-8CF2-3C89C365DBD2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F8569466-8955-45FC-8CF2-3C89C365DBD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3769E16-8386-4521-BEA8-EA8489AB2FE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3769E16-8386-4521-BEA8-EA8489AB2FE5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDAAC86-568F-4491-9679-810F66702D5F} => key not found.
C:\Windows\System32\Tasks\{FDF07F31-1610-4C9F-8DD2-9DFC13C1E032} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FDF07F31-1610-4C9F-8DD2-9DFC13C1E032} => key not found.
C:\Windows\Tasks\PPTAssistantNotifyTask_user.job => moved successfully
C:\Windows\Tasks\PPTAssistantUpdateTask_user.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80D61E2D-DE0B-4E2D-8B95-A2777C5C5731}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80D61E2D-DE0B-4E2D-8B95-A2777C5C5731}" => key removed successfully
C:\Windows\System32\Tasks\PPTAssistantNotifyTask_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPTAssistantNotifyTask_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9386F72F-0F01-45FE-850F-08AE2C48D027}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9386F72F-0F01-45FE-850F-08AE2C48D027}" => key removed successfully
C:\Windows\System32\Tasks\PPTAssistantUpdateTask_user => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PPTAssistantUpdateTask_user" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\31864262.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\89317638.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\31864262.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\89317638.sys" => key removed successfully
"HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Classes\exefile => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GrpConv => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{A0859800-B818-4F72-9642-9E7E51D8968E} => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\{0ADCC552-0336-4488-926C-E76AFC708FF6} => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFavoritesMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRecentDocsMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoNetworkConnections => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyDocs => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSMMyPictures => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuMyMusic => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\MemCheckBoxInRunDlg => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NETGATERegistryCleaner => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispCPL => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispScrSavPage => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoVisualStyleChoice => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoColorChoice => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoSizeChoice => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoAddPrinter => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeAnimation => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoToolbarCustomize => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoBandCustomize => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFileMenu => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoNetHood => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuMyGames => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCommonGroups => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuNetworkPlaces => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoToolbarsOnTaskbar => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSimpleStartMenu => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon" => key removed successfully
HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6} => key not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 => FRST is scripted not to move this directory.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => key removed successfully
C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\6bd508b5-8edf-4661-89eb-5b5186fa62d1@gmail.com => path removed successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack => moved successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack => path removed successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\f4pwl9zv.default\Extensions\badge@darktrojan.net => moved successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\badge@darktrojan.net => moved successfully
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack => moved successfully
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
LavasoftAdAwareService11 => service removed successfully
BE85AC61 => Unable to stop service.
BE85AC61 => service removed successfully
BE85AC616 => Unable to stop service.
BE85AC616 => service removed successfully
Trufos => service removed successfully
C:\Program Files (x86)\GUM79FF.tmp => moved successfully
C:\Users\TEMP => moved successfully
C:\Users\user\AppData\Roaming\Lavasoft => moved successfully
C:\Users\user\AppData\Roaming\LavasoftStatistics => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Program Files\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Program Files\Common Files\Lavasoft => moved successfully
C:\Users\user\Downloads\Adaware_Installer.exe => moved successfully
C:\Users\user\Downloads\PDFBinder-v1.2.msi => moved successfully
C:\Users\user\Downloads\PDFBinder.pdf => moved successfully
C:\Users\user\Downloads\PDFBinder (2).pdf => moved successfully
C:\Users\user\Downloads\PDFBinder (1).pdf => moved successfully
C:\Windows\system32\Drivers\BE85AC616.sys => moved successfully
C:\Windows\system32\Drivers\BE85AC61.sys => moved successfully
C:\KVRT_Data => moved successfully
C:\TDSSKiller.3.1.0.9_28.04.2016_01.27.57_log.txt => moved successfully
"C:\Windows\wininit.ini" => not found.
C:\$360Section => moved successfully
catchme => service removed successfully
MBAMSwissArmy => service removed successfully
"C:\Windows\systwin.exe" => not found.
"C:\Windows\Tasks\PPTAssistantNotifyTask_user.job" => not found.
"C:\Windows\Tasks\PPTAssistantUpdateTask_user.job" => not found.
"C:\Windows\System32\Tasks\PPTAssistantUpdateTask_user" => not found.
"C:\Windows\System32\Tasks\PPTAssistantNotifyTask_user" => not found.
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_943 => moved successfully
C:\Windows\system32\Drivers\etc\hosts_bak_859 => moved successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to connect to BITS - 0x8007042c
O servi�o ou grupo de depend�ncia n�o conseguiu ser iniciado.



========= End of CMD: =========


========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2405137443-3143064101-1887122390-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 466.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:50:14 ====

 

 

ComboFix 16-05-18.01 - user 24-05-2016  20:10:03.2.4 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.351.2070.18.3996.2789 [GMT 1:00]
Executando de: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Windows Update
c:\windows\certutil.log
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2016-04-24 to 2016-05-24  ))))))))))))))))))))))))))))
.
.
2016-05-24 19:05 . 2016-05-24 19:05    --------    d-----w-    c:\program files\Lavasoft
2016-05-24 19:03 . 2016-05-17 22:56    11898512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6309DA45-62F3-4807-9426-766046720366}\mpengine.dll
2016-05-23 19:22 . 2016-05-24 18:37    192216    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-23 19:22 . 2016-03-10 13:09    64896    ----a-w-    c:\windows\system32\drivers\mwac.sys
2016-05-23 19:22 . 2016-03-10 13:08    140672    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2016-05-23 19:22 . 2016-03-10 13:08    27008    ----a-w-    c:\windows\system32\drivers\mbam.sys
2016-05-23 19:22 . 2016-05-23 19:22    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-23 18:59 . 2016-05-23 19:00    --------    d-----w-    C:\AdwCleaner
2016-05-23 15:24 . 2016-05-17 22:56    11898512    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-22 23:35 . 2016-05-23 00:00    --------    d-----w-    C:\kleaner.tmp
2016-05-22 11:46 . 2016-05-11 13:07    1167568    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB464AD2-8099-42C1-9B0B-9E83E66411A6}\gapaengine.dll
2016-05-20 22:30 . 2016-05-20 22:30    --------    d-----w-    c:\users\user\AppData\Local\Zemana
2016-05-18 19:42 . 2016-05-24 19:04    --------    d-----w-    C:\FRST
2016-05-17 18:07 . 2016-05-17 18:07    --------    d-----w-    c:\program files (x86)\Common Files\Java
2016-05-11 12:19 . 2016-04-09 07:01    5546216    ----a-w-    c:\windows\system32\ntoskrnl.exe
2016-04-27 21:08 . 2016-04-28 01:23    --------    d-----w-    c:\program files\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-17 18:06 . 2015-04-17 08:18    97856    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-05-11 13:07 . 2014-11-12 18:13    1167568    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-25 20:22 . 2014-10-20 09:01    135176864    ----a-w-    c:\windows\system32\MRT.exe
2016-04-21 14:05 . 2010-11-21 03:27    453288    ------w-    c:\windows\system32\MpSigStub.exe
2016-04-19 19:43 . 2016-04-19 19:43    778416    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-19 19:43 . 2016-04-19 19:43    142512    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-09 06:54 . 2016-05-11 12:19    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-23 16:45    38120    ----a-w-    c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-23 16:45    1169408    ----a-w-    c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-23 16:45    1386496    ----a-w-    c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-23 16:45    215040    ----a-w-    c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-13 09:15    2084864    ----a-w-    c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 09:15    1414144    ----a-w-    c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-23 16:45    698368    ----a-w-    c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-23 16:45    499200    ----a-w-    c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-23 16:45    279040    ----a-w-    c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-23 16:45    76800    ----a-w-    c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-23 16:45    156672    ----a-w-    c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-23 16:45    111616    ----a-w-    c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-23 16:45    176128    ----a-w-    c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-13 09:14    760320    ----a-w-    c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-13 09:14    106496    ----a-w-    c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-13 09:14    60416    ----a-w-    c:\windows\SysWow64\samlib.dll
2016-03-09 19:00 . 2016-04-23 16:43    444416    ----a-w-    c:\windows\system32\winhttp.dll
2016-03-09 19:00 . 2016-04-23 16:43    396800    ----a-w-    c:\windows\system32\webio.dll
2016-03-09 18:54 . 2016-04-23 16:43    275456    ----a-w-    c:\windows\system32\InkEd.dll
2016-03-09 18:40 . 2016-04-23 16:43    351744    ----a-w-    c:\windows\SysWow64\winhttp.dll
2016-03-09 18:40 . 2016-04-23 16:43    316416    ----a-w-    c:\windows\SysWow64\webio.dll
2016-03-09 18:34 . 2016-04-23 16:43    216064    ----a-w-    c:\windows\SysWow64\InkEd.dll
2016-03-06 18:53 . 2016-04-13 09:15    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-13 09:15    1885696    ----a-w-    c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-13 09:15    2048    ----a-w-    c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-13 09:15    1240576    ----a-w-    c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2015-09-23 457088]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-11-30 60688]
"iCloudPhotos"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" [2015-11-30 349968]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-11-30 103696]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-11-30 61200]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2015-06-26 1079592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2013-03-07 4407808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2016-04-22 1107672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2016-03-10 55264]
"UnKIS"="wscript.exe" [2013-10-12 141824]
"UnKES"="wscript.exe" [2013-10-12 141824]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitorar alertas de tinta - HP Officejet 2620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 2620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN44G3G1PT0600;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 ftpsvc;Serviço de FTP da Microsoft;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MSSQL$PRILS810;SQL Server (PRILS810);c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\sqlservr.exe [x]
R2 PRIMAVERACloudServicesActivator800;PRIMAVERA CloudServices Activator v8.00 ;c:\program files (x86)\PRIMAVERA\CloudServices800\CloudConnector\Primavera.CloudConnector.Activator.exe;c:\program files (x86)\PRIMAVERA\CloudServices800\CloudConnector\Primavera.CloudConnector.Activator.exe [x]
R2 PRIMAVERAWindowsService;PRIMAVERA Windows Services;c:\program files (x86)\PRIMAVERA\WindowsService100\Bin\Primavera.Hesiod.WindowsService.exe;c:\program files (x86)\PRIMAVERA\WindowsService100\Bin\Primavera.Hesiod.WindowsService.exe [x]
R2 PrimaveraWS800;PRIMAVERA Windows Scheduler Services 8.00;c:\program files (x86)\PRIMAVERA\SG800\WinServices\Primavera.WindowsServices.exe;c:\program files (x86)\PRIMAVERA\SG800\WinServices\Primavera.WindowsServices.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag264.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SQLAgent$PRILS810;SQL Server Agent (PRILS810);c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\SQLAGENT.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
S3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys;c:\windows\SYSNATIVE\DRIVERS\k57amd64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 00:09    1186968    ----a-w-    c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41    287416    ----a-w-    c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2016-05-13 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22 07:56]
.
2016-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-19 19:43]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 11:12]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ab75ae0ff6cc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 11:12]
.
2016-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 11:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 170256]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe" [2016-01-28 9581280]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-CCleaner Monitoring - c:\program files\CCleaner\CCleaner64.exe
Wow6432Node-HKCU-Run-CCleaner - c:\program files\CCleaner\CCleaner64.exe
SafeBoot-BE85AC61.sys
SafeBoot-BE85AC616.sys
SafeBoot-MBAMSwissArmy
Toolbar-Locked - (no file)
AddRemove-UnityWebPlayer - c:\users\user\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
Tempo para conclusão: 2016-05-24  20:23:17
ComboFix-quarantined-files.txt  2016-05-24 19:23
ComboFix2.txt  2015-09-03 14:42
.
Pré-execução: 411.895.304.192 bytes livres
Pós execução: 411.705.495.552 bytes livres
.
- - End Of File - - BC25FAB63FEE31DF5AC2A4C0B11CCAAC
A36C5E4F47E84449FF07ED3517B43A31
 

 

PS: I concluded the Step 1 (FRST Script) normally. Then i rebooted the computer, i entered in Safe Mode and it seemed that Lavasoft Ad-Aware Antivirus had been uninstalled, BUT when i did right click in ComboFix.exe to start the Step 2, appeared a window named "AdAwareInstaller" (Please wait while Windows configures AdAwareInstaller). I waited and Lavasoft Ad-Aware Antivirus was installed again... Then i ran ComboFix and i concluded the Step 2 also normally.

 

Note: Unfortunately persist the same problems.

 

Thank you.
 



#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 24 May 2016 - 05:54 PM

Hi again,

 

Please do the following:

Error: Restore point can only be created in normal mode.

Create a system restore point

http://windows.microsoft.com/en-us/windows-10/create-a-system-restore-point

=======================================================================================

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Folder::
c:\program files\Lavasoft

Driver::
Ad-Aware Service 11

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdAwareTray"=-

DDS::     
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Edited by olgun52, 24 May 2016 - 05:55 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 TiagoJ

TiagoJ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 24 May 2016 - 07:05 PM

Hi olgun52.

I cannot create a restore point in Normal Mode because appears the same error: "C:\Windows\system32\SystemPropertiesProtection.exe; The specified service does not exist as an installed service".

I drag CFScript into ComboFix anyway?

 

Thank you in advance. Regards.



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 25 May 2016 - 06:35 AM

Hi olgun52.

I cannot create a restore point in Normal Mode because appears the same error: "C:\Windows\system32\SystemPropertiesProtection.exe; The specified service does not exist as an installed service".

I drag CFScript into ComboFix anyway?

 

Okay. Yes please. ComboFix run.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 TiagoJ

TiagoJ
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 25 May 2016 - 04:24 PM

Hello olgun52.

 

ComboFix 16-05-18.01 - user 25-05-2016  22:07:42.3.4 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.351.2070.18.3996.2734 [GMT 1:00]
Executando de: c:\users\user\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\user\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Disabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Lavasoft
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareActivation.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiMalwareEngine.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiPhishing.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiRootkitEngine.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAntiSpam.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareApplicationUpdater.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareAvcEngine.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareCommandLine.exe
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareCrashHandler.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdater.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDefinitionsUpdaterScheduler.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDesktop.exe
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareDesktopDefaultSkin.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareEmailProtection.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareFeedback.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareGamingMode.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIgnoreList.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareIncompatibles.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNetworkProtection.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareNotice.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareParentalControl.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePinCode.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwarePromo.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareQuarantine.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealTimeProtection.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareRealtimeProtectionHistory.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareReset.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScanner.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerHistory.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareScannerScheduler.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareSecurityCenter.exe
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceHelper.exe
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareServiceKernel.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareShellExtension.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareStatistics.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareThreatWorkAlliance.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTime.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTrayDefaultSkin.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareUpdaterKernel.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareWebProtection.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\avcbd64.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\avccore.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\bdnc.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\bdnc.ini
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\bdpredir.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_chrono-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_date_time-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_filesystem-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_iostreams-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_locale-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_program_options-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_regex-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_system-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_thread-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\boost_timer-vc120-mt-1_57.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\dbghelp64.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\dbokf.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\DllStorage.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\htmlayout.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\HtmlFramework.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\Localization.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\msvcp120.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\msvcr120.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\RCF.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\SecurityCenter.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\vccorlib120.dll
c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\WindowsSystemSecurity.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_LavasoftAdAwareService11
-------\Service_LavasoftAdAwareService11
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2016-04-25 to 2016-05-25  ))))))))))))))))))))))))))))
.
.
2016-05-25 21:14 . 2016-05-25 21:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-05-25 21:14 . 2016-05-25 21:14 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2016-05-25 21:14 . 2016-05-25 21:14 -------- d-----w- c:\users\Parsisplan\AppData\Local\temp
2016-05-25 21:14 . 2016-05-25 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-05-24 19:31 . 2016-05-24 19:31 -------- d-----w- c:\users\user\AppData\Roaming\Lavasoft
2016-05-24 19:27 . 2016-05-24 19:27 -------- d-----w- c:\programdata\Lavasoft
2016-05-24 19:03 . 2016-05-17 22:56 11898512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6309DA45-62F3-4807-9426-766046720366}\mpengine.dll
2016-05-23 19:22 . 2016-05-25 20:51 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-05-23 19:22 . 2016-03-10 13:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-05-23 19:22 . 2016-03-10 13:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-05-23 19:22 . 2016-03-10 13:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-05-23 19:22 . 2016-05-23 19:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-05-23 18:59 . 2016-05-23 19:00 -------- d-----w- C:\AdwCleaner
2016-05-23 15:24 . 2016-05-17 22:56 11898512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-05-22 23:35 . 2016-05-23 00:00 -------- d-----w- C:\kleaner.tmp
2016-05-22 11:46 . 2016-05-11 13:07 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB464AD2-8099-42C1-9B0B-9E83E66411A6}\gapaengine.dll
2016-05-20 22:30 . 2016-05-20 22:30 -------- d-----w- c:\users\user\AppData\Local\Zemana
2016-05-18 19:42 . 2016-05-24 19:04 -------- d-----w- C:\FRST
2016-05-17 18:07 . 2016-05-17 18:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-05-11 12:19 . 2016-04-09 07:01 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-04-27 21:08 . 2016-04-28 01:23 -------- d-----w- c:\program files\Common Files\AV
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-05-17 18:06 . 2015-04-17 08:18 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-05-11 13:07 . 2014-11-12 18:13 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-04-25 20:22 . 2014-10-20 09:01 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-21 14:05 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-04-19 19:43 . 2016-04-19 19:43 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-19 19:43 . 2016-04-19 19:43 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-09 06:54 . 2016-05-11 12:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-04-04 18:14 . 2016-04-23 16:45 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-04 18:02 . 2016-04-23 16:45 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-02 13:08 . 2016-04-23 16:45 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-03-23 14:02 . 2016-04-23 16:45 215040 ----a-w- c:\windows\system32\aepic.dll
2016-03-17 22:56 . 2016-04-13 09:15 2084864 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:28 . 2016-04-13 09:15 1414144 ----a-w- c:\windows\SysWow64\ole32.dll
2016-03-17 18:04 . 2016-04-23 16:45 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-03-17 18:04 . 2016-04-23 16:45 499200 ----a-w- c:\windows\system32\devinv.dll
2016-03-17 18:04 . 2016-04-23 16:45 279040 ----a-w- c:\windows\system32\invagent.dll
2016-03-17 18:04 . 2016-04-23 16:45 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-03-16 18:50 . 2016-04-23 16:45 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28 . 2016-04-23 16:45 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-03-16 18:28 . 2016-04-23 16:45 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-03-16 00:16 . 2016-04-13 09:14 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-03-16 00:16 . 2016-04-13 09:14 106496 ----a-w- c:\windows\system32\samlib.dll
2016-03-15 23:53 . 2016-04-13 09:14 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-03-09 19:00 . 2016-04-23 16:43 444416 ----a-w- c:\windows\system32\winhttp.dll
2016-03-09 19:00 . 2016-04-23 16:43 396800 ----a-w- c:\windows\system32\webio.dll
2016-03-09 18:54 . 2016-04-23 16:43 275456 ----a-w- c:\windows\system32\InkEd.dll
2016-03-09 18:40 . 2016-04-23 16:43 351744 ----a-w- c:\windows\SysWow64\winhttp.dll
2016-03-09 18:40 . 2016-04-23 16:43 316416 ----a-w- c:\windows\SysWow64\webio.dll
2016-03-09 18:34 . 2016-04-23 16:43 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2016-03-06 18:53 . 2016-04-13 09:15 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-03-06 18:53 . 2016-04-13 09:15 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-03-06 18:38 . 2016-04-13 09:15 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-03-06 18:38 . 2016-04-13 09:15 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2015-09-23 457088]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-11-30 60688]
"iCloudPhotos"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" [2015-11-30 349968]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-11-30 103696]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-11-30 61200]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2015-06-26 1079592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2013-03-07 4407808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2016-04-22 1107672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2016-03-10 55264]
"UnKIS"="wscript.exe" [2013-10-12 141824]
"UnKES"="wscript.exe" [2013-10-12 141824]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitorar alertas de tinta - HP Officejet 2620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 2620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN44G3G1PT0600;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 ftpsvc;Serviço de FTP da Microsoft;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 MSSQL$PRILS810;SQL Server (PRILS810);c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\sqlservr.exe [x]
R2 PRIMAVERACloudServicesActivator800;PRIMAVERA CloudServices Activator v8.00 ;c:\program files (x86)\PRIMAVERA\CloudServices800\CloudConnector\Primavera.CloudConnector.Activator.exe;c:\program files (x86)\PRIMAVERA\CloudServices800\CloudConnector\Primavera.CloudConnector.Activator.exe [x]
R2 PRIMAVERAWindowsService;PRIMAVERA Windows Services;c:\program files (x86)\PRIMAVERA\WindowsService100\Bin\Primavera.Hesiod.WindowsService.exe;c:\program files (x86)\PRIMAVERA\WindowsService100\Bin\Primavera.Hesiod.WindowsService.exe [x]
R2 PrimaveraWS800;PRIMAVERA Windows Scheduler Services 8.00;c:\program files (x86)\PRIMAVERA\SG800\WinServices\Primavera.WindowsServices.exe;c:\program files (x86)\PRIMAVERA\SG800\WinServices\Primavera.WindowsServices.exe [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag264.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 SQLAgent$PRILS810;SQL Server Agent (PRILS810);c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.PRILS810\MSSQL\Binn\SQLAGENT.EXE [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
S3 k57nd;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\DRIVERS\k57amd64.sys;c:\windows\SYSNATIVE\DRIVERS\k57amd64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-13 00:09 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2016-05-13 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22 07:56]
.
2016-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-19 19:43]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 11:12]
.
2016-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ab75ae0ff6cc.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 11:12]
.
2016-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15 11:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-17 170256]
.
------- Scan Suplementar -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
.
.
.
Tempo para conclusão: 2016-05-25  22:20:03 - Máquina reiniciou
ComboFix-quarantined-files.txt  2016-05-25 21:20
ComboFix2.txt  2016-05-24 19:23
ComboFix3.txt  2015-09-03 14:42
.
Pré-execução: 411.882.643.456 bytes livres
Pós execução: 411.387.588.608 bytes livres
.
- - End Of File - - 2DDDB6A07945EFF882770F3E669876D6
A36C5E4F47E84449FF07ED3517B43A31
 
 
Thank you. Regards.
 
EDIT: I concluded normally the "ComboFix run". Then i rebooted the computer, i entered in Safe Mode and it seemed that Lavasoft Ad-Aware Antivirus had been uninstalled, BUT when i did right click in ANY icon of desktop, appeared a window named "AdAwareInstaller" (Please wait while Windows configures AdAwareInstaller). I waited and Lavasoft Ad-Aware Antivirus was installed again...

Edited by TiagoJ, 25 May 2016 - 04:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users