Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Black Screen, cursos only, probably malware, can't have acess to explore.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 PandaBR

PandaBR

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 25 September 2016 - 02:38 PM

Hi everyone, I am struggling with this right now.

 

Its a black screen issue, i can acess and execute some stuff through "task", but I can't get explorer.exe to work because it will tell me I don't Admin rights. I created a new account, made it admin, same problem. 

 

Here is the FRST... it's a problem that it's on portuguese?

Thanks a lot in advance.

 

---
 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2016
Executado por user (administrador) em USER-PC (25-09-2016 16:34:18)
Executando a partir de C:\Users\user\Desktop
Perfis Carregados: user (Perfis Disponíveis: user & FIXER)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\checkt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registro (Whitelisted) ===========================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [53760 2009-07-13] ()
HKLM\...\Winlogon: [Shell] explorer.exe [2895872 2009-07-13] ()
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-08] (BitTorrent Inc.)
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\...\Run: [] => 0
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\...\MountPoints2: {15ac4a1e-4c47-11e6-95c6-40167e298b76} - V:\autorun.EXE
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\...\MountPoints2: {3a8f83e2-1f5a-11e6-a12d-40167e298b76} - V:\Setup.exe
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\...\MountPoints2: {89663147-2435-11e4-a432-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [SOS_Agent] => "C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe" -agent
HKU\S-1-5-18\...\Run: [SOS Browser Monitor] => "C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe"
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Nenhum Arquivo
BootExecute: autocheck autochk /r \??\H:autocheck autochk * 
GroupPolicy: Restrição ? <======= ATENÇÃO
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo 
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{527B6FB1-5580-40FD-8C37-B2C12E83DE68}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-887544498-2195953458-4273552931-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-887544498-2195953458-4273552931-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-07-28] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-07-28] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-07-28] (Adobe Systems Incorporated)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-07-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-07-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-07-28] (Adobe Systems Incorporated)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\syswow64\urlmon.dll [2009-07-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\25n710bz.default-1464471335986
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-03] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-15] (Oracle Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-03] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-15] (Oracle Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-10-07] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-887544498-2195953458-4273552931-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-04-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-887544498-2195953458-4273552931-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Extension: (Firefox Hotfix) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\25n710bz.default-1464471335986\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-24]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-09-08]
 
Chrome: 
=======
CHR Session Restore: Default -> está habilitado.
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-09-25]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Save as PDF) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2015-09-28]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (TabCloud) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2016-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.ILGNXQAKTTYZYAYA7MXYMIBROU - C:\Users\user\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
 
==================== Serviços (Whitelisted) ========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-15] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-09-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-09-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-09-13] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1454720 2016-09-13] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [346928 2016-08-24] (Avira Operations GmbH & Co. KG)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-10-07] (Nitro PDF Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3621784 2015-12-15] (INCA Internet Co., Ltd.)
S2 Online Shield Starter Service; C:\Program Files (x86)\Steganos Online Shield\OnlineShieldService.exe [345136 2015-09-23] (Steganos Software GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [171752 2016-07-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145984 2016-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-06-19] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-06-02] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-05] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-09-25] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2016-09-25] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-22] (GAS Tecnologia)
R3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [82048 2014-10-16] (VSO Software) [Arquivo não assinado]
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [Arquivo não assinado]
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-22] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-09-25] (GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2016-09-25 16:26 - 2016-09-25 16:26 - 00000020 ___SH C:\Users\FIXER\ntuser.ini
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Modelos
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Meus documentos
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Menu Iniciar
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Documents\Minhas músicas
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Documents\Minhas imagens
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Documents\Meus vídeos
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Dados de aplicativos
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Configurações locais
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\AppData\Local\Histórico
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\AppData\Local\Dados de aplicativos
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Ambiente de rede
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 _SHDL C:\Users\FIXER\Ambiente de impressão
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 ____D C:\Users\FIXER\AppData\Roaming\WTablet
2016-09-25 16:26 - 2016-09-25 16:26 - 00000000 ____D C:\Users\FIXER
2016-09-25 16:26 - 2009-07-14 15:11 - 00000000 ____D C:\Users\FIXER\AppData\Roaming\Media Center Programs
2016-09-25 16:18 - 2016-09-25 16:19 - 00001852 _____ C:\Users\user\Desktop\Rkill.txt
2016-09-25 16:15 - 2016-09-25 16:16 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\user\Desktop\rkill.com
2016-09-25 16:13 - 2016-09-25 16:26 - 00000740 _____ C:\Users\user\Desktop\Search.txt
2016-09-25 15:49 - 2016-09-25 15:49 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2016-09-25 13:19 - 2016-09-25 13:19 - 00000207 _____ C:\Windows\tweaking.com-regbackup-USER-PC-Windows-7-Ultimate-(64-bit).dat
2016-09-25 13:19 - 2016-09-25 13:19 - 00000000 ____D C:\RegBackup
2016-09-25 13:13 - 2016-09-25 13:13 - 00000000 ___DL C:\Users\user\Documents\My Videos
2016-09-25 13:13 - 2016-09-25 13:13 - 00000000 ___DL C:\Users\user\Documents\My Pictures
2016-09-25 13:13 - 2016-09-25 13:13 - 00000000 ___DL C:\Users\user\Documents\My Music
2016-09-25 13:00 - 2016-09-25 13:00 - 00000000 ____D C:\Users\user\Desktop\tweaking.com_windows_repair_aio
2016-09-25 12:35 - 2016-09-25 12:37 - 27466906 _____ C:\Users\user\Desktop\tweaking.com_windows_repair_aio.zip
2016-09-25 12:18 - 2016-09-25 12:21 - 00000000 ____D C:\Users\user\Desktop\BACKUP
2016-09-25 11:09 - 2016-09-25 11:09 - 00049504 _____ (Prevx) C:\Users\user\Desktop\fixshell.exe
2016-09-25 02:27 - 2016-09-25 02:32 - 00083052 _____ C:\Users\user\Desktop\Addition.txt
2016-09-25 02:26 - 2016-09-25 16:34 - 00022240 _____ C:\Users\user\Desktop\FRST.txt
2016-09-25 02:26 - 2016-09-25 16:34 - 00000000 ____D C:\FRST
2016-09-25 02:24 - 2016-09-25 15:49 - 02403328 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2016-09-24 12:13 - 2016-09-24 12:14 - 04454574 _____ C:\Users\user\Desktop\RexRepo_v2.7z
2016-09-24 12:13 - 2016-09-24 12:14 - 01146684 _____ C:\Users\user\Desktop\Não confirmado 49103.crdownload
2016-09-24 10:54 - 2016-09-24 10:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Construct2
2016-09-24 10:53 - 2016-09-24 10:53 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\user\Downloads\autodetectutility.exe
2016-09-24 10:48 - 2016-09-24 10:48 - 00000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
2016-09-24 10:48 - 2016-09-24 10:48 - 00000843 _____ C:\Users\Public\Desktop\Construct 2.lnk
2016-09-24 10:48 - 2016-09-24 10:48 - 00000000 ____D C:\Program Files\Construct 2
2016-09-24 10:40 - 2016-09-24 10:40 - 00018098 _____ C:\Users\user\Desktop\1572_Construct_2015_.torrent
2016-09-24 10:40 - 2016-09-24 10:40 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2016-09-21 00:06 - 2016-09-21 00:06 - 00000000 ____D C:\Users\user\Downloads\Welcome to Me (2014) [1080p]
2016-09-20 00:49 - 2016-09-20 00:49 - 10218394 _____ C:\Users\user\Desktop\CVSEDITS_Sprite packs.rar
2016-09-19 23:38 - 2016-09-20 08:00 - 00000000 ____D C:\Users\user\Desktop\ff301x86
2016-09-19 11:16 - 2016-09-19 22:54 - 00000000 ____D C:\Users\user\AppData\Local\GameMaker-Studio
2016-09-19 10:09 - 2016-09-19 10:09 - 00000000 ____D C:\Users\user\AppData\Local\gm_ttt_40565
2016-09-19 09:36 - 2016-09-19 09:36 - 00001324 _____ C:\Users\user\Desktop\Startilla_V3.exe - Atalho.lnk
2016-09-18 22:13 - 2016-09-24 00:43 - 00000000 ____D C:\Users\user\Desktop\GM Example
2016-09-18 20:25 - 2016-09-24 00:44 - 00000000 ____D C:\Users\user\Desktop\Smoky Hearts
2016-09-15 09:07 - 2016-09-15 09:07 - 00000000 ____D C:\Users\Todos os Usuários\gamemaker_studio
2016-09-15 09:07 - 2016-09-15 09:07 - 00000000 ____D C:\Users\Todos os Usuários\E6EC8E78F1D07CC4A687BE4A0C3B8400
2016-09-15 09:07 - 2016-09-15 09:07 - 00000000 ____D C:\ProgramData\gamemaker_studio
2016-09-15 09:07 - 2016-09-15 09:07 - 00000000 ____D C:\ProgramData\E6EC8E78F1D07CC4A687BE4A0C3B8400
2016-09-15 09:04 - 2016-09-15 09:06 - 00000000 ____D C:\Users\user\Desktop\GameMaker Studio Master Collection 1.4.1749 Pre-Activated [SadeemPC]
2016-09-15 09:01 - 2016-09-19 11:33 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker-Studio 1.4
2016-09-15 09:01 - 2016-09-19 11:16 - 00001882 _____ C:\Users\user\Desktop\GameMaker-Studio 1.4.lnk
2016-09-15 07:50 - 2016-09-19 23:16 - 00000000 ____D C:\Users\user\AppData\Roaming\GameMaker-Studio
2016-09-15 00:36 - 2016-09-15 00:36 - 00000000 ____D C:\Users\user\AppData\Local\gm_ttt_21547
2016-09-14 23:56 - 2016-09-15 09:08 - 00000000 ____D C:\Users\user\Documents\GameMaker
2016-09-14 23:14 - 2016-09-14 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameMaker Player
2016-09-12 21:53 - 2016-09-13 00:11 - 00000000 ____D C:\Users\user\Desktop\IFRJ
2016-09-12 20:40 - 2016-09-12 20:46 - 00000000 ____D C:\Users\user\Downloads\Sicario.2015.720p.BluRay.H264.AAC-RARBG
2016-09-12 20:40 - 2016-09-12 20:42 - 00000000 ____D C:\Users\user\Downloads\Green.Room.2015.720p.BluRay.H264.AAC-RARBG
2016-09-12 19:56 - 2016-09-12 20:02 - 00000000 ____D C:\Users\user\Desktop\REC 12-09
2016-09-12 18:37 - 2016-09-12 18:37 - 00000000 ____D C:\Users\user\AppData\Local\YoYo_Games_Ltd
2016-09-12 18:34 - 2016-09-15 07:49 - 00000000 ____D C:\Users\user\GameMaker-Studio 1.4
2016-09-05 12:57 - 2016-09-05 12:58 - 00000000 ____D C:\Users\user\AppData\LocalLow\Adobe
2016-09-05 12:56 - 2016-09-15 22:52 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-05 12:56 - 2016-09-05 12:57 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
2016-09-05 12:56 - 2016-09-05 12:57 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-09-05 12:54 - 2016-09-08 22:56 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-09-05 12:54 - 2016-09-08 22:56 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-09-05 12:54 - 2016-09-05 12:54 - 00002014 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-09-05 12:52 - 2016-09-05 12:58 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-09-05 12:52 - 2016-09-05 12:58 - 00000000 ____D C:\ProgramData\Adobe
2016-09-05 12:52 - 2016-09-05 12:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-05 12:48 - 2016-09-05 12:50 - 00000000 ____D C:\Users\user\Desktop\Adobe Acrobat
2016-09-03 18:45 - 2016-09-03 21:46 - 04811064 _____ C:\Users\user\Desktop\F!T5 (2).mfa
2016-09-03 18:45 - 2016-08-30 16:04 - 00567170 _____ C:\Users\user\Desktop\GAME (2).mfa
2016-09-01 06:55 - 2016-09-01 06:55 - 00000000 ____D C:\Users\user\Downloads\Terminator Genisys (2015)
2016-08-26 15:25 - 2016-08-26 15:29 - 00000000 ____D C:\Users\user\Documents\LoversInADangerousSpacetime
2016-08-26 13:39 - 2016-08-26 13:39 - 00000000 ____D C:\Users\user\AppData\Local\Octodad Dadliest Catch
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2016-09-25 16:26 - 2015-08-24 16:05 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-25 16:19 - 2016-08-06 11:08 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2016-09-25 15:55 - 2009-07-14 01:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-25 15:55 - 2009-07-14 01:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-25 15:45 - 2015-08-24 16:05 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-25 15:38 - 2009-07-14 14:55 - 00686588 _____ C:\Windows\system32\prfh0416.dat
2016-09-25 15:38 - 2009-07-14 14:55 - 00137536 _____ C:\Windows\system32\prfc0416.dat
2016-09-25 15:38 - 2009-07-14 02:13 - 01586956 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-25 15:38 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-25 15:35 - 2015-12-27 10:01 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2016-09-25 15:35 - 2015-12-27 10:01 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2016-09-25 15:35 - 2014-09-24 09:32 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-09-25 15:34 - 2015-12-27 10:03 - 00101080 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2016-09-25 15:34 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-25 15:34 - 2009-07-14 01:45 - 00512984 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-25 15:33 - 2014-08-15 01:55 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-09-25 15:33 - 2009-07-14 15:11 - 00000000 ____D C:\Windows\CSC
2016-09-25 15:25 - 2009-07-13 23:34 - 00000514 _____ C:\Windows\win.ini
2016-09-25 12:59 - 2016-03-10 10:22 - 00000428 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-09-25 12:59 - 2016-03-10 10:22 - 00000428 __RSH C:\ProgramData\ntuser.pol
2016-09-25 02:10 - 2014-10-12 15:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Nitro PDF
2016-09-25 01:03 - 2009-07-14 01:45 - 00021504 _____ C:\Windows\system32\umstartup.etl
2016-09-24 12:14 - 2014-08-16 07:14 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-09-24 10:45 - 2015-10-02 23:35 - 00000000 ____D C:\Users\user\Desktop\Baixados
2016-09-24 10:22 - 2015-06-12 09:41 - 00000000 ____D C:\Users\user\Desktop\=Imprimir
2016-09-19 22:16 - 2014-10-12 15:24 - 00000000 ____D C:\Users\user\AppData\Roaming\Nitro
2016-09-19 10:15 - 2015-04-09 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-19 10:15 - 2014-08-15 01:47 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-09-19 10:15 - 2014-08-15 01:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-18 19:50 - 2015-08-24 16:09 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-18 19:50 - 2015-08-24 16:09 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-16 00:18 - 2015-06-03 10:51 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-15 08:08 - 2015-12-10 07:11 - 00000000 ____D C:\Users\user\Desktop\Camera
2016-09-14 23:15 - 2014-12-05 19:01 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-09-14 23:15 - 2014-12-05 19:01 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-09-13 08:32 - 2016-07-15 17:12 - 00000000 ____D C:\Users\user\Desktop\=MESTRADO
2016-09-12 19:57 - 2015-03-19 23:37 - 00000000 ____D C:\Program Files\Recuva
2016-09-10 08:18 - 2016-02-11 18:29 - 00000000 ___SD C:\Users\user\AppData\LocalLow\Temp
2016-09-09 09:20 - 2016-08-22 14:25 - 00000000 ____D C:\Users\user\Desktop\MMF Examples
2016-09-09 08:27 - 2014-11-03 17:40 - 00000069 _____ C:\Windows\NeroDigital.ini
2016-09-06 06:05 - 2014-10-08 11:55 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-09-05 20:36 - 2015-07-09 17:35 - 00002062 ____H C:\Users\user\Documents\Default.rdp
2016-09-05 13:16 - 2014-08-15 02:08 - 00134296 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-05 12:57 - 2016-03-15 23:03 - 00000000 ____D C:\Users\user\Desktop\Logo
2016-09-05 12:57 - 2014-12-03 09:19 - 00000000 ____D C:\Users\user\Desktop\Game
2016-09-05 12:57 - 2014-10-08 12:03 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2016-09-05 12:17 - 2014-09-21 17:11 - 00000000 ____D C:\Users\user\Documents\My Games
2016-08-30 08:15 - 2016-08-23 20:42 - 00566432 _____ C:\Users\user\Desktop\GAME.mfa
2016-08-27 09:43 - 2016-06-20 11:18 - 00000000 ____D C:\Users\user\Desktop\=mmf5
 
==================== Arquivos na raiz de alguns diretórios =======
 
2015-04-04 13:12 - 2015-04-04 13:14 - 0000389 _____ () C:\Users\user\AppData\Roaming\CascView.ini
2014-10-16 23:14 - 2014-10-16 23:14 - 0007176 _____ () C:\Users\user\AppData\Roaming\pcouffin.cat
2014-10-16 23:14 - 2014-10-16 23:14 - 0001167 _____ () C:\Users\user\AppData\Roaming\pcouffin.inf
2014-10-16 23:14 - 2014-10-16 23:14 - 0000034 _____ () C:\Users\user\AppData\Roaming\pcouffin.log
2015-08-03 23:27 - 2015-08-03 23:27 - 0041472 ___SH () C:\Users\user\AppData\Roaming\Thumbs.db
2015-10-06 20:33 - 2015-10-06 20:33 - 0000092 _____ () C:\Users\user\AppData\Local\fusioncache.dat
2015-12-06 09:32 - 2015-12-06 09:32 - 0000829 _____ () C:\Users\user\AppData\Local\recently-used.xbel
2015-08-04 00:31 - 2015-08-04 00:31 - 0000008 _____ () C:\ProgramData\-
2014-08-15 01:58 - 2014-08-15 01:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Alguns arquivos em TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe
[2009-07-13 20:56] - [2009-07-13 22:39] - 2895872 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\explorer.exe => não Nome Da Empresa <===== ATENÇÃO
 
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 20:19] - [2009-07-13 22:14] - 0048640 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\SysWOW64\svchost.exe => não Nome Da Empresa <===== ATENÇÃO
 
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe
[2009-07-13 20:34] - [2009-07-13 22:14] - 0053760 ____A () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\SysWOW64\userinit.exe => não Nome Da Empresa <===== ATENÇÃO
 
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
 
LastRegBack: 2016-09-15 07:35
 

==================== Fim de FRST.txt ============================ 


Edited by hamluis, 25 September 2016 - 03:01 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 PM

Posted 26 September 2016 - 09:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset catalog

HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Shell] explorer.exe [2895872 2009-07-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Nenhum Arquivo
GroupPolicy: Restrição ? <======= ATENÇÃO
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Nenhum Arquivo
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-887544498-2195953458-4273552931-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-887544498-2195953458-4273552931-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-887544498-2195953458-4273552931-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.ILGNXQAKTTYZYAYA7MXYMIBROU - C:\Users\user\Desktop\GoogleChromePortable\App\Chrome-bin\chrome.exe
S3 NMIndexingService; "C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

I need to see the Addition.txt file that was created by the Farbar tool.
Please post it on your next reply.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:15 PM

Posted 02 October 2016 - 09:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users