Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how to remove Explorer.exe "kb-ribaki.org" (zodiac-game.info)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Grax

Grax

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 12 August 2016 - 03:54 PM

Parece que eu tenho um seqüestrador de navegador com o nome kb-ribaki.org que abre uma página da Web cada vez que eu começar o meu pc. O navegador (Chrome) é redirecionado para zodiac-game.info

Abaixo os resultados do meu exame. Por favor, ajudem, eu tentei mbam, adwcleaner, superantyspyware, nada funciona.

 

Eu sou do Brasil esperando que você pode me ajudar

 

FRST para completar:

 

Resultado do Exame da Farbar Recovery Tool Scan (FRST) (x64) Versão: 2016/11/08 01
Executado POR Edison (administrador) em EDISON-PC (2016/12/08 16:57:41)
Executando A Partir de C: \ Users \ Edison \ Desktop
Perfis Carregados: Edison (Perfis Disponíveis: Edison)
Plataforma: Windows 7 Enterprise Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador Padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Ferramenta de Recuperação de digitalização: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processos (lista branca) =================
 
(Se Uma entrada para incluida na Fixlist, O Processo Sera Fechado. O Arquivo Não Será Movido).
 
(Enigma Software Group EUA, LLC.) C: \ Program Files (x86) \ Enigma Software Group \ SpyHunter \ SH4Service.exe
(AMD) C: \ Windows \ System32 \ atiesrxx.exe
(AVAST Software) C: \ Program Files \ AVAST Software \ Avast \ AvastSvc.exe
(AMD) C: \ Windows \ System32 \ atieclxx.exe
(AVAST Software) C: \ Program Files \ AVAST Software \ Avast \ afwServ.exe
(Realtek Semiconductor) C: \ Program Files \ Realtek \ Audio \ HDA \ RAVCpl64.exe
(Vimicro) C: \ Windows \ vmsnap3.exe
() C: \ Windows \ Domino.exe
(Piriform Ltd) C: \ Program Files \ CCleaner \ CCleaner64.exe
(Valve Corporation) F: Steam \ \ Steam.exe
(Valve Corporation) F: \ Steam \ bin \ steamwebhelper.exe
(Valve Corporation) C: \ Program Files (x86) \ Arquivos comuns \ Steam \ SteamService.exe
(AVAST Software) C: \ Program Files \ AVAST Software \ Avast \ avastui.exe
(Advanced Micro Devices Inc.) C: \ Program Files (x86) \ ATI Technologies \ ATI.ACE \ Core-Static \ MOM.exe
(Disco macio Ltd) C: \ Program Files \ DAEMON Tools Lite \ DiscSoftBusService.exe
(ATI Technologies Inc.) C: \ Program Files (x86) \ ATI Technologies \ ATI.ACE \ Core-Static \ CCC.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
(Google Inc.) C: \ Arquivos de Programas (x86) \ Google \ Chrome \ Application \ chrome.exe
 
 
==================== Registro (lista branca) ========================== =
 
(Se Uma entrada para incluida na Fixlist, o item não Registro Será, restaurado PARA O Padrão OU removido. O Arquivo Não Será Movido).
 
HKLM \ ... \ Run: [RtHDVCpl] => C: \ Program Files \ Realtek \ Audio \ HDA \ RAVCpl64.exe [6936096 2008-11-25] (Realtek Semiconductor)
HKLM \ ... \ Run: [Skytel] => C: \ Program Files \ Realtek \ Audio \ HDA \ Skytel.exe [1833504 2008-11-25] (Realtek Semiconductor Corp.)
HKLM \ ... \ Run: [VMSnap3] => C: \ Windows \ VMSnap3.exe [49152 2006-07-18] (Vimicro)
HKLM \ ... \ Run: [Domino] => C: \ Windows \ Domino.exe [49152 2006-07-04] ()
HKLM-x32 \ ... \ Run: [StartCCC] => C: \ Program Files (x86) \ ATI Technologies \ ATI.ACE \ Core-Static \ amd64 \ CLIStart.exe [766.208 2013/12/06] (Advanced micro Devices, Inc.)
HKLM-x32 \ ... \ Run: [AvastUI.exe] => C: \ Program Files \ AVAST Software \ Avast \ AvastUI.exe [8.900.328 2016/08/08] (AVAST Software)
HKU \ S-1-5-21-413029655-360017218-3852767562-1000 \ ... \ Run: [CCleaner Monitoring] => C: \ Program Files \ CCleaner \ CCleaner64.exe [8.686.296 2016/03/11] ( piriforme Ltd)
HKU \ S-1-5-21-413029655-360017218-3852767562-1000 \ ... \ Run: [DAEMON Tools Lite Automount] => C: \ Arquivos de Programas \ DAEMON Tools Lite \ DTAgent.exe [4.289.728 2016-04 -04] (Disco macio Ltd)
HKU \ S-1-5-21-413029655-360017218-3852767562-1000 \ ... \ Run: [vapor] => F: \ Steam \ steam.exe [2.852.128 2016/08/02] (Valve Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C: \ Program Files \ AVAST Software \ Avast \ ashShA64.dll [2016/06/30] (AVAST Software)
 
==================== Internet (lista branca) ====================
 
(Se hum artigo para incluido na Fixlist, Sendo hum ítem do Registro, Sera removido OU restaurado PARA O Padrão.)
 
Tcpip \ Parameters: [DhcpNameServer] 200.175.89.139 200.175.5.139 192.168.25.1
Tcpip \ .. \ Interfaces \ {F30E7810-DCAA-4096-B1CB-6C1708125E0F}: [DhcpNameServer] 200.175.89.139 200.175.5.139 192.168.25.1
 
Internet Explorer:
==================
HKU \ S-1-5-21-413029655-360017218-3852767562-1000 \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer: Restrição <======= ATENÇÃO
HKU \ .DEFAULT \ Software \ Microsoft \ Internet Explorer \ Main, Pesquisa Página = hxxp:? //www.microsoft.com/isapi/redir.dll Prd = ie & ar = iesearch
HKU \ .DEFAULT \ Software \ Microsoft \ Internet Explorer \ Main, página inicial = hxxp:? //www.microsoft.com/isapi/redir.dll Prd = ie & ar = msnhome
HKU \ S-1-5-21-413029655-360017218-3852767562-1000 \ Software \ Microsoft \ Internet Explorer \ Main, Pesquisa Página = hxxp:? //www.microsoft.com/isapi/redir.dll Prd = ie & ar = iesearch
HKU \ S-1-5-21-413029655-360017218-3852767562-1000 \ Software \ Microsoft \ Internet Explorer \ Main, página inicial = hxxp: //google.com.br/
BHO: avast! Segurança Online -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C: \ Program Files \ AVAST Software \ Avast \ aswWebRepIE64.dll [2016/06/30] (AVAST Software)
BHO-x32: avast! Segurança Online -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C: \ Program Files \ AVAST Software \ Avast \ aswWebRepIE.dll [2016/06/30] (AVAST Software)
 
Raposa de fogo:
========
FF ProfilePath: C: \ Users \ Edison \ AppData \ Roaming \ Mozilla \ Firefox \ Profiles \ yjd2ugbt.default-1470878374648
FF Plugin: @ adobe.com / FlashPlayer -> C: \ Windows \ system32 \ Macromed \ Flash \ NPSWF64_22_0_0_209.dll [2016/07/13] ()
FF Plugin: @ microsoft.com / genuine -> desativada [Nenhum Arquivo]
FF Plugin-x32: @ adobe.com / FlashPlayer -> C: \ Windows \ SysWOW64 \ Macromed \ Flash \ NPSWF32_22_0_0_209.dll [2016/07/13] ()
FF Plugin-x32: @ microsoft.com / genuine -> desativada [Nenhum Arquivo]
FF Plugin-x32: @ tools.google.com / Google Update; version = 3 -> C: \ Arquivos de Programas (x86) \ Google \ Update \ 1.3.31.5 \ npGoogleUpdate3.dll [2016/08/10] (Google Inc .)
FF Plugin-x32: @ tools.google.com / Google Update; version = 9 -> C: \ Arquivos de Programas (x86) \ Google \ Update \ 1.3.31.5 \ npGoogleUpdate3.dll [2016/08/10] (Google Inc .)
FF Plugin-x32: Adobe Reader -> C: \ Arquivos de Programas (x86) \ Adobe \ Acrobat Reader DC \ Leitor \ AIR \ nppdf32.dll [2016/06/30] (Adobe Systems Inc.)
FF HKLM \ ... \ Firefox \ Extensões: [wrc@avast.com] - C: \ Program Files \ AVAST Software \ Avast \ WebRep \ FF
FF Extensão: Avast Segurança Online - C: \ Program Files \ AVAST Software \ Avast \ WebRep \ FF [2016/06/30]
FF HKLM \ ... \ Firefox \ Extensões: [sp@avast.com] - C: \ Arquivos de Programas \ AVAST Software \ Avast \ SafePrice \ FF
FF Extensão: Avast SafePrice - C: \ Arquivos de Programas \ AVAST Software \ Avast \ SafePrice \ FF [2016/06/30]
FF HKLM-x32 \ ... \ Firefox \ Extensões: [wrc@avast.com] - C: \ Program Files \ AVAST Software \ Avast \ WebRep \ FF
FF HKLM-x32 \ ... \ Firefox \ Extensões: [sp@avast.com] - C: \ Arquivos de Programas \ AVAST Software \ Avast \ SafePrice \ FF
 
Cromada: 
=======
CHR StartupUrls: Default -> "hxxps: //www.google.com.br/"
CHR DefaultSearchURL: Padrão -> hxxps:? //inline.go.mail.ru/search Inline_comp = dse & q = {} searchTerms & fr = chxtn12.0.8
CHR DefaultSearchKeyword: Padrão -> mail.ru
CHR DefaultSuggestURL: Padrão -> hxxp:? //suggests.go.mail.ru/chrome Q = {} searchTerms
CHR Perfil: C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default
CHR Extensão: (Google Docs) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ aohghmighlieiainnegkcijnfilokake [2016/08/10]
CHR Extensão: (Google Drive) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ apdfllckaahabafndbhieahigkjlhalf [2016/08/10]
CHR Extensão: (YouTube) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ blpcfgokakmgnkcojhhkbfbldkacnbeo [2016/08/10]
CHR Extensão: (Avast SafePrice) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ eofcbnmajmjmplflapaojjnihcjkigck [2016/08/10]
CHR Extensão: (Documentos Google off-line) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016/08/10]
CHR Extensão: (Avast Segurança Online) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ gomekmidlodglbbmalcneegieacbdmki [2016/08/10]
CHR Extensão: (Pagamentos da Chrome Web Store) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ nmmhkkegccagdldgiimedpiccmgmieda [2016/08/10]
CHR Extensão: (Gmail) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ pjkljhegncpnkpknbcohdijeoejaedia [2016/08/10]
CHR Extensão: (Chrome mídia Router) - C: \ Users \ Edison \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Extensions \ pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016/08/10]
CHR HKLM-x32 \ ... \ Chrome \ Extensão: [ahnphcmhmhcjjcjhmnnjjlbmaeljecga] - hxxps: //clients2.google.com/service/update2/crx
CHR HKLM-x32 \ ... \ Chrome \ Extensão: [eofcbnmajmjmplflapaojjnihcjkigck] - C: \ Program Files \ AVAST Software \ Avast \ WebRep \ Chrome \ aswWebRepChromeSp.crx [2016/05/10]
CHR HKLM-x32 \ ... \ Chrome \ Extensão: [gomekmidlodglbbmalcneegieacbdmki] - C: \ Program Files \ AVAST Software \ Avast \ WebRep \ Chrome \ aswWebRepChrome.crx [2016/05/10]
 
==================== Serviços (lista branca) ========================
 
(Se Uma entrada para incluida na Fixlist, Sera removida do Registro. O Arquivo Não Será Movido, um Menos Que seja colocado separadamente.)
 
R2 avast! antivírus; C: \ Arquivos de Programas \ AVAST Software \ Avast \ AvastSvc.exe [197128 2016/06/30] (AVAST Software)
R2 avast! firewall; C: \ Arquivos de Programas \ AVAST Software \ Avast \ afwServ.exe [223600 2016/06/30] (AVAST Software)
S3 BEService; C: \ Program Files (x86) \ Common Files \ BattlEye \ BEService.exe [1.345.056 2016/02/20] ()
Service Bus Lite R3 Disco macio; C: \ Arquivos de Programas \ DAEMON Tools Lite \ DiscSoftBusService.exe [1443520 2016/04/04] (Disco macio Ltd)
S3 EasyAntiCheat; C: \ Windows \ SysWOW64 \ EasyAntiCheat.exe [249.104 2016/06/08] (EasyAntiCheat Ltd)
S3 IDriverT; C: \ Arquivos de Programas (x86) \ Arquivos comuns \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Arquivo NÃO assinado]
R2 SpyHunter 4 Serviço; C: \ Program Files (x86) \ Enigma Software Group \ SpyHunter \ SH4Service.exe [770.432 2014/01/09] (. Enigma Software Group EUA, LLC)
R2 WinDefend; C: \ Arquivos de Programas \ Windows Defender \ mpsvc.dll [1011712 2013/05/27] (Microsoft Corporation)
 
===================== Drivers (lista branca) ========================= =
 
(Se Uma entrada para incluida na Fixlist, Sera removida do Registro. O Arquivo Não Será Movido, um Menos Que seja colocado separadamente.)
 
R2 aswHwid; C: \ Windows \ system32 \ drivers \ aswHwid.sys [37.656 2016/06/30] (AVAST Software)
R1 aswKbd; C: \ Windows \ system32 \ drivers \ aswKbd.sys [37144 2016/06/30] (AVAST Software)
R2 aswMonFlt; C: \ Windows \ system32 \ drivers \ aswMonFlt.sys [108304 2016/06/30] (AVAST Software)
R3 aswNetNd6; C: \ Windows \ System32 \ Drivers \ aswNetNd6.sys [28312 2016/05/10] (AVAST Software)
R1 aswNetSec; C: \ Windows \ system32 \ drivers \ aswNetSec.sys [572120 2016/06/30] (AVAST Software)
R1 aswRdr; C: \ Windows \ system32 \ drivers \ aswRdr2.sys [103064 2016/06/30] (AVAST Software)
R0 aswRvrt; C: \ Windows \ System32 \ Drivers \ aswRvrt.sys [74544 2016/06/30] (AVAST Software)
R1 aswSnx; C: \ Windows \ system32 \ drivers \ aswSnx.sys [1.070.904 2016/06/30] (AVAST Software)
R1 aswSP; C: \ Windows \ system32 \ drivers \ aswSP.sys [473592 2016/07/13] (AVAST Software)
R2 aswStm; C: \ Windows \ system32 \ drivers \ aswStm.sys [162904 2016/06/30] (AVAST Software)
R0 aswVmm; C: \ Windows \ System32 \ Drivers \ aswVmm.sys [292.704 2016/08/05] (AVAST Software)
R3 dtlitescsibus; C: \ Windows \ System32 \ Drivers \ dtlitescsibus.sys [30264 2016/03/28] (Disco macio Ltd)
R3 dtliteusbbus; C: \ Windows \ System32 \ Drivers \ dtliteusbbus.sys [47672 2016/03/28] (Disco macio Ltd)
S3 ebdrv; C: \ Windows \ system32 \ drivers \ evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C: \ Program Files (x86) \ Enigma Software Group \ SpyHunter \ esgiguard.sys [14872 2014/01/07] ()
S3 EsgScanner; C: \ Windows \ System32 \ Drivers \ EsgScanner.sys [22704 2016/06/25] ()
S3 EsgScanner; C: \ Windows \ SysWOW64 \ Drivers \ EsgScanner.sys [19984 2012-06-22] ()
R3 MTsensor; C: \ Windows \ System32 \ Drivers \ ASACPI.sys [8192 2005-03-29] ()
R3 vvftav303; C: \ Windows \ System32 \ drivers \ vvftav303.sys [308096 2007-06-23] (Vimicro Corporation)
R3 ZSMC0303; C: \ Windows \ System32 \ Drivers \ usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
S3 CatchMe; \ ?? \ C: \ ComboFix \ catchme.sys [X]
S3 MSICDSetup; \ ?? \ E: \ CDriver64.sys [X]
S3 VGPU; System32 \ drivers \ rdvgkmd.sys [X]
S3 WayProtect; \ ?? \ F: \ MuAwaY \ WayProtect64.sys [X]
S3 xhunter1; \ ?? \ C: \ Windows \ xhunter1.sys [X]
S3 xspirit; \ ?? \ C: \ Windows \ xspirit.sys [X]
 
==================== Netsvcs (lista branca) ===================
 
(Se Uma entrada para incluida na Fixlist, Sera removida do Registro. O Arquivo Não Será Movido, um Menos Que seja colocado separadamente.)
 
 
==================== Um Mês Criados Arquivos e pastas ========
 
(Se Uma entrada para incluida na Fixlist, o Arquivo / pasta Movido Sera.)
 
2016/08/12 16:57 - 2016/08/12 16:58 - 00.012.877 _____ C: \ Users \ Edison \ Desktop \ FRST.txt
2016/08/12 16:55 - 2016/08/12 16:57 - 00000000 ____D C: \ FRST
2016/08/12 16:54 - 2016-08-12 16:54 - 02.393.600 _____ (Farbar) C: \ Users \ Edison \ Desktop \ FRST64.exe
2016/08/12 16:26 - 2016/08/12 16:26 - 00.016.343 _____ C: \ ComboFix.txt
2016/08/12 00:57 - 2011-06-26 03:45 - 00.256.000 _____ C: \ Windows \ PEV.exe
2016/08/12 00:57 - 2010-11-07 14:20 - 00.208.896 _____ C: \ Windows \ MBR.exe
2016/08/12 00:57 - 2009-04-20 01:56 - 00.060.416 _____ (NirSoft) C: \ Windows \ nircmd.exe
2016/08/12 00:57 - 2000-08-30 21:00 - 00.518.144 _____ (SteelWerX) C: \ Windows \ SWREG.exe
2016/08/12 00:57 - 2000-08-30 21:00 - 00.406.528 _____ (SteelWerX) C: \ Windows \ SWSC.exe
2016/08/12 00:57 - 2000-08-30 21:00 - 00.098.816 _____ C: \ Windows \ sed.exe
2016/08/12 00:57 - 2000-08-30 21:00 - 00.080.412 _____ C: \ Windows \ grep.exe
2016/08/12 00:57 - 2000-08-30 21:00 - 00.068.096 _____ C: \ Windows \ zip.exe
2016/08/12 00:56 - 2016/08/12 16:26 - 00000000 ____D C: \ Qoobox
2016/08/12 00:55 - 2016/08/12 16:22 - 00000000 ____D C: \ Windows \ erdnt
2016/08/12 00:54 - 2016-08-12 12:55 - 05.658.919 ____R (Swearware) C: \ Users \ Edison \ Desktop \ ComboFix.exe
2016/08/12 11:42 - 2016/08/12 16:36 - 00000000 ____D C: \ AdwCleaner
2016/08/12 11:41 - 2016/08/12 11:42 - 03.712.064 _____ C: \ Users \ Edison \ Desktop \ adwcleaner_5.201.exe
2016/08/12 11:02 - 2016/08/12 00:45 - 00.241.400 _____ C: \ Windows \ ntbtlog.txt
2016/08/11 20:41 - 2016/08/11 22:34 - 00000000 ____D C: \ Users \ Edison \ Downloads \ memu Baixar
2016/08/10 22:51 - 2016/08/10 22:51 - 00.002.265 _____ C: \ ProgramData \ Microsoft \ Windows \ Menu Iniciar \ Programas \ Google Chrome.lnk
2016/08/10 22:50 - 2016-08-12 16:46 - 00001066 _____ C: \ Windows \ Tasks \ GoogleUpdateTaskMachineCore.job
2016/08/10 22:50 - 2016-08-12 16:01 - 00001070 _____ C: \ Windows \ Tasks \ GoogleUpdateTaskMachineUA.job
2016/08/10 22:50 - 2016/08/11 20:28 - 00000000 ____D C: \ Users \ Edison \ AppData \ Local \ Google
2016/08/10 22:50 - 2016/08/10 22:56 - 00004066 _____ C: \ Windows \ System32 \ Tasks \ GoogleUpdateTaskMachineUA
2016/08/10 22:50 - 2016/08/10 22:56 - 00003814 _____ C: \ Windows \ System32 \ Tasks \ GoogleUpdateTaskMachineCore
2016/08/10 22:50 - 2016/08/10 22:51 - 00000000 ____D C: \ Arquivos de Programas (x86) \ Google
2016/08/10 22:49 - 2016/08/10 22:50 - 00.987.728 _____ (Google Inc.) C: \ Users \ Edison \ Downloads \ ChromeSetup.exe
2016/08/10 21:14 - 2016/08/10 21:14 - 00.002.286 _____ C: \ Users \ Edison \ Desktop \ SpyHunter.lnk
2016/08/10 21:14 - 2016/08/10 21:14 - 00000000 ____D C: \ Users \ Menu de Edison \ AppData \ Roaming \ Microsoft \ Windows \ Start \ Programs \ SpyHunter
2016/08/10 21:14 - 2016/08/10 21:14 - 00000000 ____D C: \ Program Files (x86) \ Enigma Software Group
2016/08/10 20:07 - 2016/07/08 00:37 - 00.154.856 _____ (Microsoft Corporation) C: \ Windows \ System32 \ Drivers \ ksecpkg.sys
2016/08/10 20:07 - 2016/07/08 00:37 - 00.095.464 _____ (Microsoft Corporation) C: \ Windows \ System32 \ Drivers \ Ksecdd.sys
2016/08/10 20:07 - 2016/07/08 00:32 - 01.464.320 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Lsasrv.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 01.212.928 _____ (Microsoft Corporation) C: \ Windows \ system32 \ rpcrt4.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.730.624 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Kerberos.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.690.688 _____ (Microsoft Corporation) C: \ Windows \ system32 \ adtschema.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.463.872 _____ (Microsoft Corporation) C: \ Windows \ system32 \ certcli.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.343.552 _____ (Microsoft Corporation) C: \ Windows \ system32 \ schannel.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.316.416 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msv1_0.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.312.320 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ncrypt.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.210.432 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wdigest.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.190.464 _____ (Microsoft Corporation) C: \ Windows \ system32 \ rpchttp.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.146.432 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msaudite.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.135.680 _____ (Microsoft Corporation) C: \ Windows \ system32 \ sspicli.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.086.528 _____ (Microsoft Corporation) C: \ Windows \ system32 \ TSpkg.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.060.416 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msobjs.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.043.520 _____ (Microsoft Corporation) C: \ Windows \ system32 \ cryptbase.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.028.672 _____ (Microsoft Corporation) C: \ Windows \ system32 \ sspisrv.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.028.160 _____ (Microsoft Corporation) C: \ Windows \ system32 \ secur32.dll
2016/08/10 20:07 - 2016/07/08 00:32 - 00.022.016 _____ (Microsoft Corporation) C: \ Windows \ system32 \ credssp.dll
2016/08/10 20:07 - 2016/07/08 00:17 - 00.666.112 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ rpcrt4.dll
2016/08/10 20:07 - 2016/07/08 00:17 - 00.096.768 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ sspicli.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.690.688 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ adtschema.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.553.472 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Kerberos.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.342.528 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ certcli.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.260.608 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msv1_0.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.251.392 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ schannel.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.223.232 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ncrypt.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.172.032 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ wdigest.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.146.432 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msaudite.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.141.312 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ rpchttp.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.065.536 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ TSpkg.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.060.416 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msobjs.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.022.016 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ secur32.dll
2016/08/10 20:07 - 2016/07/08 00:16 - 00.017.408 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ credssp.dll
2016/08/10 20:07 - 2016/07/08 00:03 - 00.064.000 _____ (Microsoft Corporation) C: \ Windows \ system32 \ auditpol.exe
2016/08/10 20:07 - 2016/07/08 11:57 - 00.159.744 _____ (Microsoft Corporation) C: \ Windows \ System32 \ Drivers \ mrxsmb.sys
2016/08/10 20:07 - 2016/07/08 11:56 - 00.291.328 _____ (Microsoft Corporation) C: \ Windows \ System32 \ Drivers \ Mrxsmb10.sys
2016/08/10 20:07 - 2016/07/08 11:56 - 00.129.536 _____ (Microsoft Corporation) C: \ Windows \ System32 \ Drivers \ Mrxsmb20.sys
2016/08/10 20:07 - 2016/07/08 11:55 - 00.050.176 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ auditpol.exe
2016/08/10 20:07 - 2016/07/08 11:55 - 00.030.720 _____ (Microsoft Corporation) C: \ Windows \ system32 \ lsass.exe
2016/08/10 20:07 - 2016/07/08 11:50 - 00.036.352 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ cryptbase.dll
2016/08/10 20:06 - 2016/08/02 11:54 - 00.394.440 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Iedkcs32.dll
2016/08/10 20:06 - 2016/08/02 11:08 - 00.346.312 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Iedkcs32.dll
2016/08/10 20:06 - 2016/08/02 03:54 - 25.808.384 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtml.dll
2016/08/10 20:06 - 2016/08/02 03:47 - 02.724.864 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Mshtml.tlb
2016/08/10 20:06 - 2016/08/02 03:47 - 00.004.096 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieetwcollectorres.dll
2016/08/10 20:06 - 2016/08/02 03:32 - 02.894.336 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iertutil.dll
2016/08/10 20:06 - 2016/08/02 03:32 - 00.066.560 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iesetup.dll
2016/08/10 20:06 - 2016/08/02 03:31 - 00.572.416 _____ (Microsoft Corporation) C: \ Windows \ system32 \ vbscript.dll
2016/08/10 20:06 - 2016/08/02 03:31 - 00.417.792 _____ (Microsoft Corporation) C: \ Windows \ system32 \ html.iec
2016/08/10 20:06 - 2016/08/02 03:31 - 00.088.064 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MshtmlDac.dll
2016/08/10 20:06 - 2016/08/02 03:31 - 00.048.640 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieetwproxystub.dll
2016/08/10 20:06 - 2016/08/02 03:24 - 00.054.784 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Jsproxy.dll
2016/08/10 20:06 - 2016/08/02 03:23 - 00.034.304 _____ (Microsoft Corporation) C: \ Windows \ system32 \ iernonce.dll
2016/08/10 20:06 - 2016/08/02 03:20 - 00.615.936 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieui.dll
2016/08/10 20:06 - 2016/08/02 03:19 - 00.144.384 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieUnatt.exe
2016/08/10 20:06 - 2016/08/02 03:19 - 00.114.688 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieetwcollector.exe
2016/08/10 20:06 - 2016/08/02 03:18 - 06.047.744 _____ (Microsoft Corporation) C: \ Windows \ system32 \ jscript9.dll
2016/08/10 20:06 - 2016/08/02 03:18 - 00.817.664 _____ (Microsoft Corporation) C: \ Windows \ system32 \ jscript.dll
2016/08/10 20:06 - 2016/08/02 03:18 - 00.814.080 _____ (Microsoft Corporation) C: \ Windows \ system32 \ jscript9diag.dll
2016/08/10 20:06 - 2016/08/02 03:11 - 00.969.216 _____ (Microsoft Corporation) C: \ Windows \ system32 \ MsSpellCheckingFacility.exe
2016/08/10 20:06 - 2016/08/02 03:08 - 00.489.984 _____ (Microsoft Corporation) C: \ Windows \ system32 \ dxtmsft.dll
2016/08/10 20:06 - 2016/08/02 03:03 - 02.724.864 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Mshtml.tlb
2016/08/10 20:06 - 2016/08/02 03:00 - 00.077.824 _____ (Microsoft Corporation) C: \ Windows \ system32 \ JavaScriptCollectionAgent.dll
2016/08/10 20:06 - 2016/08/02 02:59 - 00.107.520 _____ (Microsoft Corporation) C: \ Windows \ system32 \ inseng.dll
2016/08/10 20:06 - 2016/08/02 02:56 - 00.199.680 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msrating.dll
2016/08/10 20:06 - 2016/08/02 02:55 - 00.092.160 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Mshtmled.dll
2016/08/10 20:06 - 2016/08/02 02:54 - 20.343.808 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ mshtml.dll
2016/08/10 20:06 - 2016/08/02 02:53 - 00.315.392 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Dxtrans.dll
2016/08/10 20:06 - 2016/08/02 02:51 - 00.497.664 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ vbscript.dll
2016/08/10 20:06 - 2016/08/02 02:51 - 00.341.504 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ html.iec
2016/08/10 20:06 - 2016/08/02 02:51 - 00.152.064 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Occache.dll
2016/08/10 20:06 - 2016/08/02 02:51 - 00.062.464 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ iesetup.dll
2016/08/10 20:06 - 2016/08/02 02:51 - 00.047.616 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieetwproxystub.dll
2016/08/10 20:06 - 2016/08/02 02:50 - 00.064.000 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ MshtmlDac.dll
2016/08/10 20:06 - 2016/08/02 02:47 - 02.286.592 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ iertutil.dll
2016/08/10 20:06 - 2016/08/02 02:45 - 00.047.104 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Jsproxy.dll
2016/08/10 20:06 - 2016/08/02 02:44 - 00.030.720 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ iernonce.dll
2016/08/10 20:06 - 2016/08/02 02:42 - 00.476.160 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieui.dll
2016/08/10 20:06 - 2016/08/02 02:41 - 00.663.552 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ jscript.dll
2016/08/10 20:06 - 2016/08/02 02:41 - 00.620.032 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ jscript9diag.dll
2016/08/10 20:06 - 2016/08/02 02:41 - 00.115.712 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieUnatt.exe
2016/08/10 20:06 - 2016/08/02 02:40 - 00.262.144 _____ (Microsoft Corporation) C: \ Windows \ system32 \ webcheck.dll
2016/08/10 20:06 - 2016/08/02 02:38 - 00.806.400 _____ (Microsoft Corporation) C: \ Windows \ system32 \ msfeeds.dll
2016/08/10 20:06 - 2016/08/02 02:38 - 00.724.992 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ie4uinit.exe
2016/08/10 20:06 - 2016/08/02 02:37 - 01.359.360 _____ (Microsoft Corporation) C: \ Windows \ system32 \ mshtmlmedia.dll
2016/08/10 20:06 - 2016/08/02 02:36 - 02.131.456 _____ (Microsoft Corporation) C: \ Windows \ system32 \ inetcpl.cpl
2016/08/10 20:06 - 2016/08/02 02:33 - 00.416.256 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ dxtmsft.dll
2016/08/10 20:06 - 2016/08/02 02:29 - 00.060.416 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ JavaScriptCollectionAgent.dll
2016/08/10 20:06 - 2016/08/02 02:28 - 15.412.224 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieframe.dll
2016/08/10 20:06 - 2016/08/02 02:28 - 00.091.136 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ inseng.dll
2016/08/10 20:06 - 2016/08/02 02:26 - 00.168.960 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msrating.dll
2016/08/10 20:06 - 2016/08/02 02:25 - 00.076.288 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Mshtmled.dll
2016/08/10 20:06 - 2016/08/02 02:24 - 00.279.040 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Dxtrans.dll
2016/08/10 20:06 - 2016/08/02 02:23 - 02.868.224 _____ (Microsoft Corporation) C: \ Windows \ system32 \ wininet.dll
2016/08/10 20:06 - 2016/08/02 02:22 - 00.130.048 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Occache.dll
2016/08/10 20:06 - 2016/08/02 02:21 - 04.608.000 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ jscript9.dll
2016/08/10 20:06 - 2016/08/02 02:16 - 00.230.400 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ webcheck.dll
2016/08/10 20:06 - 2016/08/02 02:15 - 00.692.736 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ msfeeds.dll
2016/08/10 20:06 - 2016/08/02 02:14 - 02.055.680 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ inetcpl.cpl
2016/08/10 20:06 - 2016/08/02 02:14 - 01.155.072 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ mshtmlmedia.dll
2016/08/10 20:06 - 2016/08/02 02:11 - 13.808.128 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieframe.dll
2016/08/10 20:06 - 2016/08/02 02:10 - 01.550.848 _____ (Microsoft Corporation) C: \ Windows \ system32 \ urlmon.dll
2016/08/10 20:06 - 2016/08/02 01:59 - 00.800.768 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ieapfltr.dll
2016/08/10 20:06 - 2016/08/02 01:56 - 02.393.088 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ wininet.dll
2016/08/10 20:06 - 2016/08/02 01:53 - 01.316.352 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ urlmon.dll
2016/08/10 20:06 - 2016/08/02 01:51 - 00.710.144 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ieapfltr.dll
2016/08/10 20:04 - 2016/07/08 00:01 - 03.218.944 _____ (Microsoft Corporation) C: \ Windows \ system32 \ win32k.sys
2016/08/10 16:08 - 2016/08/10 16:09 - 00000000 ____D C: \ Users \ Edison \ AppData \ Local \ Deployment
2016/08/10 16:08 - 2016/08/10 16:08 - 00000000 ____D C: \ Users \ Edison \ AppData \ Local \ Apps \ 2.0
2016/08/08 18:42 - 2016/08/08 18:42 - 00000000 ____D C: \ Users \ Edison \ AppData \ Local \ Level Up!
2016/08/08 18:41 - 2016/08/08 20:13 - 00.001.632 _____ C: \ Users \ Edison \ Desktop \ Warface.lnk
2016/08/08 18:41 - 2016/08/08 18:41 - 00000000 ____D C: \ Users \ Menu de Edison \ AppData \ Roaming \ Microsoft \ Windows \ Start \ Programs \ Level Up
2016/08/08 18:26 - 2016/08/08 18:26 - 00000000 ____D C: \ Level Up
2016/08/03 11:19 - 2016/08/03 00:20 - 00000000 ____D C: \ Arquivos de Programas (x86) \ Mozilla Firefox
2016/08/01 20:00 - 2015/09/16 03:07 - 00.127.432 _____ (BigNox Corporation) C: \ Windows \ System32 \ Drivers \ VBoxUSBMon.sys
2016/08/01 19:59 - 2015/09/16 00:29 - 00.253.384 _____ (BigNox Corporation) C: \ Windows \ System32 \ Drivers \ XQHDrv.sys
2016/07/31 22:43 - 2016/08/11 23:23 - 00000000 ____D C: \ Users \ Edison \ .android
2016/07/31 22:40 - 2016/08/01 20:23 - 00000000 ____D C: \ Users \ Edison \ vmlogs
2016/07/31 22:40 - 2016/07/31 22:40 - 00000000 ____D C: \ Users \ Edison \ Nox_share
2016/07/31 22:39 - 2016/07/31 22:39 - 00000000 ____D C: \ Program Files \ DIFX
2016/07/31 22:37 - 2016/08/01 20:47 - 00000000 ____D C: \ Users \ Edison \ AppData \ Roaming \ Nox
2016/07/31 18:38 - 2016/07/31 18:38 - 00000000 ____D C: \ Users \ Edison \ AppData \ LocalLow \ U-Jogue online
2016/07/31 18:34 - 2016/07/31 18:34 - 00000000 ____D C: \ Users \ Edison \ Documents \ U-Jogue online
2016/07/31 18:29 - 2016/07/31 18:29 - 00.001.314 _____ C: \ Users \ Menu de Edison \ AppData \ Roaming \ Microsoft \ Windows \ Start \ Programs \ Infinity.lnk
2016/07/31 18:29 - 2016/07/31 18:29 - 00.001.188 _____ C: \ Users \ Edison \ Desktop \ Infinity.lnk
2016/07/31 18:29 - 2016/07/31 18:29 - 00000000 ____D C: \ Users \ Edison \ AppData \ Local \ Package Cache
2016/07/31 18:27 - 2016/07/31 18:27 - 00.001.176 _____ C: \ Users \ Edison \ Desktop \ YoutubersLife.lnk
2016/07/26 21:29 - 2016/07/26 21:29 - 00000000 ____D C: \ Users \ Public \ Documents \ DAEMON Tools Imagens
2016/07/24 15:29 - 2016/08/12 16:10 - 00000000 ____D C: \ Users \ Edison \ AppData \ LocalLow \ uTorrent
2016/07/24 14:09 - 2016/07/24 14:09 - 00000000 ____D C: \ Users \ Edison \ AppData \ Roaming \ SmartSteamEmu
2016/07/24 14:08 - 2016/07/24 14:08 - 00003496 _____ C: \ Windows \ System32 \ Tasks \ Edison
2016/07/17 20:25 - 2016/07/17 20:25 - 00.001.002 _____ C: \ Users \ Edison \ Desktop \ TheForest.lnk
2016/07/15 13:33 - 2016/07/15 13:33 - 00000000 ____D C: \ Users \ Edison \ AppData \ LocalLow \ SKS
2016/07/14 19:02 - 2016/07/14 19:03 - 00000000 ____D C: \ Users \ Edison \ AppData \ Roaming \ vlc
2016/07/13 22:27 - 2016/06/25 21:27 - 00.970.240 _____ (Microsoft Corporation) C: \ Windows \ system32 \ localspl.dll
2016/07/13 22:27 - 2016/06/25 21:27 - 00.756.736 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Win32spl.dll
2016/07/13 22:27 - 2016/06/25 21:27 - 00.344.576 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ntprint.dll
2016/07/13 22:27 - 2016/06/25 21:27 - 00.166.400 _____ (Microsoft Corporation) C: \ Windows \ system32 \ inetpp.dll
2016/07/13 22:27 - 2016/06/25 21:27 - 00.022.528 _____ (Microsoft Corporation) C: \ Windows \ system32 \ inetppui.dll
2016/07/13 22:27 - 2016/06/25 16:54 - 00.497.152 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ Win32spl.dll
2016/07/13 22:27 - 2016/06/25 16:53 - 00.297.472 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ntprint.dll
2016/07/13 22:27 - 2016/06/25 16:53 - 00.061.952 _____ (Microsoft Corporation) C: \ Windows \ system32 \ ntprint.exe
2016/07/13 22:27 - 2016/06/25 16:53 - 00.048.640 _____ (Microsoft Corporation) C: \ Windows \ system32 \ Wpnpinst.exe
2016/07/13 22:27 - 2016/06/25 16:41 - 00.061.952 _____ (Microsoft Corporation) C: \ Windows \ SysWOW64 \ ntprint.exe
2016/07/13 22:26 - 2016/06/25 21:35 - 00.041.704 _____ (Microsoft Corporation) C: \ Windows \ system32 \ CompatTelRunner.exe
2016/07/13 22:26 - 2016/06/25 21:27 - 01.208.320 _____ (Microsoft Corporation) C: \ Windows \ system32 \ aeinv.dll
2016/07/13 22:26 - 2016/06/22 10:06 - 00.268.800 _____ (Microsoft Corporation) C: \ Windows \ system32 \ centel.dll
2016/07/13 22:26 - 2016/06/17 15:24 - 01.490.432 _____ (Microsoft Corporation) C: \ Windows \ system32 \ appraiser.dll
2016/07/13 22:26 - 2016/06/17 15:24 - 00.571.904 _____ (Microsoft Corporation) C: \ Windows \ system32 \ generaltel.dll
2016/07/13 22:26 - 2016/06/17 15:24 - 00.544.256 _____ (Microsoft Corporation) C: \ Windows \ system32 \ devinv.dll
2016/07/13 22:26 - 2016/06/17 15:24 - 00.294.912 _____ (Microsoft Corporation) C: \ Windows \ system32 \ invagent.dll
2016/07/13 22:26 - 2016/06/17 15:24 - 00.219.136 _____ (Microsoft Corporation) C: \ Windows \ system32 \ aepic.dll
2016/07/13 22:26 - 2016/06/17 15:24 - 00.076.800 _____ (Microsoft Corporation) C: \ Windows \ system32 \ acmigration.dll
 
==================== Um Mês Modificados Arquivos e pastas ========
 
(Se Uma entrada para incluida na Fixlist, o Arquivo / pasta Movido Sera.)
 
2016/08/12 16:57 - 2016/04/26 18:54 - 00000000 ____D C: \ Users \ Edison \ Desktop \ Nova pasta
2016/08/12 16:54 - 2009-07-14 01:45 - 00.030.512 ____H C: \ Windows \ system32 \ 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016/08/12 16:54 - 2009-07-14 01:45 - 00.030.512 ____H C: \ Windows \ system32 \ 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016/08/12 16:46 - 2009-07-14 02:08 - 00000006 ____H C: \ Windows \ Tasks \ sa.dat
2016/08/12 16:42 - 2016/05/10 22:27 - 00.004.180 _____ C: \ Windows \ System32 \ Tasks \ avast! Atualização de emergência
2016/08/12 16:23 - 2016/03/27 20:40 - 00.000.902 _____ C: \ Windows \ Tasks \ Adobe Flash Player Updater.job
2016/08/12 16:22 - 2009-07-13 23:34 - 00.000.215 _____ C: \ Windows \ system.ini
2016/08/11 23:22 - 2016/03/27 16:44 - 00000000 ____D C: \ Users \ Edison
2016/08/11 20:50 - 2009-07-14 00:20 - 00000000 ____D C: \ Windows \ inf
2016/08/10 20:43 - 2009-07-14 00:20 - 00000000 ___HD C: \ Windows \ system32 \ GroupPolicy
2016/08/10 20:20 - 2009-07-14 01:45 - 00.269.640 _____ C: \ Windows \ system32 \ FNTCACHE.DAT
2016/08/10 20:16 - 2016/03/29 21:28 - 00000000 ____D C: \ Windows \ system32 \ MRT
2016/08/10 20:10 - 2016/03/29 21:27 - 147.640.136 ____C (Microsoft Corporation) C: \ Windows \ system32 \ Mrt.exe
2016/08/08 18:21 - 2016/04/16 18:52 - 00000000 ____D C: \ Users \ Edison \ documentos \ Euro Truck Simulator 2
2016/08/08 09:30 - 2016/03/28 21:48 - 00000000 ____D C: \ Users \ Edison \ AppData \ Roaming \ Kodi
2016/08/07 23:35 - 2016/04/07 15:31 - 00000000 ____D C: \ Windows \ Minidump
2016/08/06 20:25 - 2016/04/06 19:31 - 00000000 ____D C: \ Users \ Edison \ AppData \ Roaming \ Audacity
2016/08/06 18:14 - 2016/04/01 13:12 - 00000000 ____D C: \ Users \ Edison \ Documents \ Arquivos de GTA San Andreas Usuário
2016/08/05 16:51 - 2016/05/10 22:27 - 00.292.704 _____ (AVAST Software) C: \ Windows \ System32 \ Drivers \ aswvmm.sys
2016/08/04 21:38 - 2016/07/01 11:07 - 00.002.441 _____ C: \ ProgramData \ menu Microsoft \ Windows \ Start \ Programs \ Acrobat Reader DC.lnk
2016/08/03 00:20 - 2016/04/22 15:18 - 00000000 ____D C: \ Arquivos de Programas (x86) \ Mozilla Manutenção de serviço
2016/07/31 23:05 - 2016/03/28 20:44 - 00000000 ____D C: \ Users \ Edison \ AppData \ Roaming \ DAEMON Tools Lite
2016/07/29 22:34 - 2009-07-14 00:20 - 00000000 __RHD C: \ Users \ Public \ Bibliotecas
2016/07/29 17:39 - 2016/04/01 13:12 - 00000000 ____D C: \ Users \ menu Edison \ AppData \ Roaming \ Microsoft \ Windows \ Iniciar \ Programas \ Games
2016/07/29 17:35 - 2016/03/27 16:51 - 00000000 ___HD C: \ Arquivos de Programas (x86) \ InstallShield Informações de Instalação
2016/07/26 14:24 - 2011-01-15 23:09 - 00.504.488 ____N (Microsoft Corporation) C: \ Windows \ system32 \ MpSigStub.exe
2016/07/15 23:12 - 2009-07-14 00:20 - 00000000 ____D C: \ Windows \ rescache
2016/07/15 20:36 - 2016/03/27 16:57 - 00000000 ____D C: \ Users \ de Todos os Usuários \ Package Cache
2016/07/15 20:36 - 2016/03/27 16:57 - 00000000 ____D C: \ ProgramData \ Package Cache
2016/07/13 23:13 - 2016/03/29 22:20 - 00000000 ____D C: \ Windows \ system32 \ avaliador
2016/07/13 23:13 - 2009-07-14 10:06 - 00000000 ____D C: \ Arquivos de Programas \ Windows Journal
2016/07/13 21:34 - 2016/04/26 11:55 - 00004476 _____ C: \ Windows \ System32 \ Tasks \ Adobe Acrobat Tarefa de atualização
2016/07/13 15:24 - 2016/03/27 20:40 - 00.796.352 _____ (Adobe Systems Incorporated) C: \ Windows \ SysWOW64 \ FlashPlayerApp.exe
2016/07/13 15:24 - 2016/03/27 20:40 - 00.142.528 _____ (Adobe Systems Incorporated) C: \ Windows \ SysWOW64 \ FlashPlayerCPLApp.cpl
2016/07/13 15:24 - 2016/03/27 20:40 - 00003840 _____ C: \ Windows \ System32 \ Tasks \ Adobe Flash Player Updater
2016/07/13 15:24 - 2016/03/27 20:40 - 00000000 ____D C: \ Windows \ system32 \ Macromed
2016/07/13 15:23 - 2016/03/27 20:40 - 00000000 ____D C: \ Windows \ SysWOW64 \ Macromed
2016/07/13 15:15 - 2016/05/10 22:27 - 00.473.592 _____ (AVAST Software) C: \ Windows \ System32 \ Drivers \ aswsp.sys
 
==================== Arquivos na raiz de Alguns diretórios =======
 
2016/04/08 23:28 - 2016-06-20 17:58 - 0.000.132 _____ () C: \ Users \ Edison \ AppData \ Roaming \ preferencias fazer Formato PNG do Adobe CS6
2016/04/16 22:12 - 2016-06-23 20:37 - 0.000.009 _____ () C: \ Users \ Edison \ AppData \ Roaming \ update.dat
2016/04/16 22:13 - 2016-04-17 19:29 - 0.000.004 _____ () C: \ Users \ Edison \ AppData \ Roaming \ Microsoft \ notaut.txt
2016/04/22 16:59 - 2016-04-22 16:59 - 0000000 ___SH () C: \ Users \ Edison \ AppData \ Local \ LumaEmu
2016/06/30 11:27 - 2016/06/30 11:27 - 0.000.113 _____ () C: \ ProgramData \ Microsoft.SqlServer.Compact.400.64.bc
 
==================== Bamital & VolSnap =================
 
(Não há Rectificação automática parágrafo Arquivos that NÃO passaram na verificação.)
 
C: \ Windows \ system32 \ winlogon.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ wininit.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ SysWOW64 \ wininit.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ explorer.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ SysWOW64 \ explorer.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ svchost.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ SysWOW64 \ svchost.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ services.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ user32.dll => O Arquivo de e assinado digitalmente
C: \ Windows \ SysWOW64 \ user32.dll => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ userinit.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ SysWOW64 \ userinit.exe => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ RPCSS.dll => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ Dnsapi.dll => O Arquivo de e assinado digitalmente
C: \ Windows \ SysWOW64 \ Dnsapi.dll => O Arquivo de e assinado digitalmente
C: \ Windows \ system32 \ Drivers \ Volsnap.sys => O Arquivo de e assinado digitalmente
 
 
LastRegBack: 2016/08/07 14:40
 
==================== Fim de FRST.txt ========================= ===


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 AM

Posted 13 August 2016 - 12:57 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I have solved many such infection.

I need to see the Addition.txt file that was created by the Farbar tool.


Please paste it in your next reply.

I will provide a fix for you.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:45 AM

Posted 19 August 2016 - 09:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users