Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

istatic.eshopcomp being blocked by malwarebits


  • This topic is locked This topic is locked
6 replies to this topic

#1 felipemazza

felipemazza

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 09 May 2017 - 04:31 PM

Good afternoon. 

 

I've been trying to remove malware from a computer but malwarebits, adwcleaner and hitmanpro haven't fully removed everything. Malwarebits blocks this particular instance "istatic.eshopcomp" with every tab opened in Chrome. 

Here is the log, hope you guys can help me out.

 

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:30:53, on 09/05/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
 
FIREFOX: 53.0.2 (x86 pt-BR)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\scpbrad\scpbradguard.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
D:\User\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [background_fault] "C:\Users\User\AppData\Local\background_fault\aswRD.exe" "C:\Users\User\AppData\Local\background_fault\bf.dll",background_fault_collector
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{86002EB7-5620-426D-85DB-F1EB4AB62DBF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{86002EB7-5620-426D-85DB-F1EB4AB62DBF}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{86002EB7-5620-426D-85DB-F1EB4AB62DBF}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Componente de Segurança Bradesco (scpbradserv) - Scopus Soluções em TI Ltda - C:\Program Files\scpbrad\scpbradserv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
 
--
End of file - 7016 bytes
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 AM

Posted 10 May 2017 - 09:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


HijackThis is no longer supported and not ready for your Operating system.
I suggest your remove via the Control panel > Programs > Programs and Features.
Use the Farbar tool from now on to report problems.
<<<>>>


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs for my review.

Wait for further instructions.

#3 felipemazza

felipemazza
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 15 May 2017 - 09:03 AM

Just got back from a quick work trip, will run the scan and post the logs today.

#4 felipemazza

felipemazza
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 15 May 2017 - 03:43 PM

Here are the logs. If any more info is needed, please let me know.

 

 

------

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 14-05-2017
Executado por User (administrador) em USER-PC (15-05-2017 17:34:59)
Executando a partir de D:\User\Downloads
Perfis Carregados: User (Perfis Disponíveis: User)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão não detectado!)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradserv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Scopus Soluções em TI Ltda) C:\Program Files\scpbrad\scpbradguard.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) D:\User\Downloads\FRST (1).exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registro (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-3343212515-3259344471-223190083-1000\...\Run: [background_fault] => "C:\Users\User\AppData\Local\background_fault\aswRD.exe" "C:\Users\User\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATENÇÃO
HKU\S-1-5-21-3343212515-3259344471-223190083-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7456984 2017-04-10] (Piriform Ltd)
IFEO\taskmgr.exe: [Debugger] 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-05-09] (AVAST Software)
GroupPolicy: Restrição ? <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\..\Interfaces\{86002EB7-5620-426D-85DB-F1EB4AB62DBF}: [NameServer] 8.8.8.8,8.8.4.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3343212515-3259344471-223190083-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3343212515-3259344471-223190083-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-19] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: fjttmqxp.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fjttmqxp.default [2017-05-15]
FF Extension: (Avast SafePrice) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fjttmqxp.default\Extensions\sp@avast.com.xpi [2017-05-09]
FF Extension: (Avast Online Security) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fjttmqxp.default\Extensions\wrc@avast.com.xpi [2017-05-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2008-10-05] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-19] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-05-15]
CHR Extension: (Google Apresentações) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-20]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-20]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-07]
CHR Extension: (Planilhas do Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-20]
CHR Extension: (Área de trabalho remota do Google Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-04-03]
CHR Extension: (Documentos Google off-line) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-28]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-20]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <não encontrado (a)>
StartMenuInternet: Google Chrome - Chrome.exe
 
==================== Serviços (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [Arquivo não assinado]
R2 scpbradserv; C:\Program Files\scpbrad\scpbradserv.exe [1995208 2017-03-29] (Scopus Soluções em TI Ltda)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2013-06-27] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2013-06-27] (Advanced Micro Devices)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-05-15] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [38984 2015-10-20] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-05-09] (AVAST Software)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59904 2017-03-22] ()
S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [161216 2017-05-08] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [96704 2017-05-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-05-15] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [220088 2017-05-15] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64288 2017-05-15] (Malwarebytes)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-05-15 17:31 - 2017-05-15 17:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Google
2017-05-11 15:40 - 2017-05-11 15:40 - 00000000 ____D C:\Users\Todos os Usuários\SWCUTemp
2017-05-11 15:40 - 2017-05-11 15:40 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-05-11 08:59 - 2017-05-11 08:59 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-05-09 18:17 - 2017-05-09 18:17 - 00000958 _____ C:\Windows\system32\.crusader
2017-05-09 18:06 - 2017-05-09 18:17 - 00000000 ____D C:\Users\Todos os Usuários\HitmanPro
2017-05-09 18:06 - 2017-05-09 18:17 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-09 14:01 - 2017-05-09 14:01 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-05-09 08:16 - 2017-05-09 08:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-05-08 21:51 - 2017-05-08 21:51 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-05-08 21:51 - 2017-05-08 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-05-08 21:51 - 2017-05-08 21:51 - 00000000 ____D C:\Program Files\CCleaner
2017-05-08 21:47 - 2017-05-08 22:33 - 00000000 ____D C:\Program Files\Hard Disk Sentinel
2017-05-08 21:47 - 2017-05-08 21:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Hard Disk Sentinel
2017-05-08 21:47 - 2017-05-08 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2017-05-08 21:27 - 2017-05-15 15:56 - 00064288 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-08 21:27 - 2017-05-15 10:40 - 00220088 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-08 21:27 - 2017-05-15 10:40 - 00096704 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-08 21:27 - 2017-05-15 10:40 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-08 21:27 - 2017-05-08 21:28 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-08 21:27 - 2017-05-08 21:27 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-08 21:27 - 2017-05-08 21:27 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-05-08 21:27 - 2017-05-08 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-08 21:27 - 2017-05-08 21:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-08 21:27 - 2017-05-08 21:27 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-08 21:27 - 2017-03-22 11:02 - 00059904 _____ C:\Windows\system32\Drivers\mbae.sys
2017-05-05 08:08 - 2017-05-08 18:14 - 00000000 ____D C:\Users\Todos os Usuários\BIT
2017-05-05 08:08 - 2017-05-08 18:14 - 00000000 ____D C:\ProgramData\BIT
2017-05-04 09:46 - 2017-05-11 14:17 - 00000000 ____D C:\Users\User\AppData\Local\background_fault
2017-05-04 07:46 - 2017-05-04 07:46 - 00000000 ___HD C:\$AV_ASW
2017-05-03 11:51 - 2017-05-03 11:51 - 00000000 ____D C:\Windows\psgo
2017-05-03 11:51 - 2017-05-03 11:51 - 00000000 _____ C:\Windows\system32\3333333
2017-05-03 11:51 - 2017-05-03 11:51 - 00000000 _____ C:\Windows\system32\2222222
2017-05-03 11:51 - 2017-05-03 11:51 - 00000000 _____ C:\Windows\system32\1111111
2017-05-03 11:49 - 2017-05-08 08:46 - 00000000 ____D C:\Program Files\MK
2017-05-02 13:18 - 2017-05-02 13:19 - 00074024 _____ C:\Users\User\Domingues Ferreira Embargos de Declação.pdf
2017-05-02 13:13 - 2017-05-02 13:13 - 00081771 _____ C:\Users\User\DOMING1.P7S
2017-04-27 10:46 - 2017-04-27 10:46 - 00070413 _____ C:\Users\User\EDERSON LUIZ GOLCHINSKI requerimento.pdf.p7s
2017-04-27 10:44 - 2017-05-03 11:08 - 00063077 _____ C:\Users\User\João Ricardo Alves da Silva alegações finais 2a vara criminal.pdf
2017-04-27 10:44 - 2017-04-27 10:44 - 00062674 ____N C:\Users\User\EDERSON LUIZ GOLCHINSKI requerimento.pdf
2017-04-27 08:17 - 2017-04-27 08:17 - 00000007 _____ C:\Windows\system32\9DD8.tmp
2017-04-27 08:17 - 2017-04-27 08:17 - 00000000 ____D C:\Users\Todos os Usuários\Apple
2017-04-27 08:17 - 2017-04-27 08:17 - 00000000 ____D C:\ProgramData\Apple
2017-04-26 18:08 - 2017-04-26 18:08 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2017-04-26 18:06 - 2017-04-26 18:06 - 00109952 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-26 17:39 - 2017-04-26 17:39 - 00000000 ____D C:\Windows\pss
2017-04-25 10:20 - 2017-05-04 09:46 - 00000000 ____D C:\Program Files\AlphaGo
2017-04-25 10:20 - 2017-05-03 11:51 - 00000000 _____ C:\Windows\system32\22
2017-04-25 08:27 - 2017-05-03 11:51 - 00000000 _____ C:\Windows\system32\11
2017-04-25 08:27 - 2017-05-02 11:43 - 00000000 _____ C:\Windows\system32\33
2017-04-25 08:27 - 2017-04-25 08:27 - 00000000 ____D C:\Users\User\AppData\LocalLow\Google
2017-04-24 08:00 - 2017-04-24 08:00 - 00070869 _____ C:\Users\User\JOORIC1.P7S
2017-04-19 09:19 - 2017-04-19 09:19 - 00092997 _____ C:\Users\User\recurso em sentido estrito de Marcelo Rodrigues Inocêncio dos Reis II.pdf.p7s
2017-04-19 09:18 - 2017-04-19 09:17 - 00085185 ____N C:\Users\User\recurso em sentido estrito de Marcelo Rodrigues Inocêncio dos Reis II.pdf
2017-04-17 13:29 - 2017-04-17 13:29 - 00000000 ____D C:\Program Files\temp
2017-04-17 13:22 - 2017-04-17 13:22 - 00000000 ____D C:\Users\Todos os Usuários\Software
2017-04-17 13:22 - 2017-04-17 13:22 - 00000000 ____D C:\ProgramData\Software
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2017-05-15 17:34 - 2015-10-20 10:14 - 00000000 ____D C:\FRST
2017-05-15 16:44 - 2011-02-04 14:30 - 01641362 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 16:44 - 2009-07-14 05:31 - 00707974 _____ C:\Windows\system32\prfh0416.dat
2017-05-15 16:44 - 2009-07-14 05:31 - 00147754 _____ C:\Windows\system32\prfc0416.dat
2017-05-15 16:44 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2017-05-15 16:43 - 2016-11-18 12:06 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-05-15 15:51 - 2016-06-23 17:19 - 00000316 _____ C:\Windows\Tasks\HPCeeScheduleForUser.job
2017-05-15 10:46 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-15 10:46 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-15 10:39 - 2017-01-03 07:12 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-05-15 10:38 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-15 08:12 - 2015-10-20 10:31 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2017-05-11 08:59 - 2017-03-16 08:16 - 00000000 ___RD C:\Program Files\Skype
2017-05-11 08:59 - 2015-10-20 01:34 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-05-11 08:59 - 2015-10-20 01:34 - 00000000 ____D C:\ProgramData\Skype
2017-05-09 18:06 - 2015-10-20 10:14 - 00000000 ____D C:\AdwCleaner
2017-05-09 14:01 - 2017-04-05 08:17 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-05-09 14:01 - 2017-04-05 08:17 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-05-09 14:01 - 2017-04-05 08:17 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-05-09 14:01 - 2017-04-05 08:17 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-05-09 14:01 - 2016-05-19 14:52 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-05-09 14:01 - 2015-10-20 12:12 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-05-09 14:01 - 2015-10-20 10:31 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-05-09 14:01 - 2015-10-20 10:31 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-05-09 14:01 - 2015-10-20 10:31 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-05-09 14:01 - 2015-10-20 10:31 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-05-09 14:01 - 2015-10-20 10:31 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-05-09 14:01 - 2015-10-20 10:31 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-05-09 13:57 - 2015-10-19 19:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-05-09 11:08 - 2015-10-21 09:30 - 00000000 ____D C:\Users\User\AppData\Local\CutePDF Writer
2017-05-08 21:52 - 2015-12-17 07:36 - 00000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2017-05-08 21:52 - 2011-02-04 14:58 - 00000000 ____D C:\Windows\Panther
2017-05-08 21:44 - 2017-01-19 13:25 - 00000000 ____D C:\Program Files\ScreenShot
2017-05-08 21:42 - 2015-10-19 23:14 - 00002250 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-08 21:42 - 2015-10-19 19:35 - 00001946 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-08 21:42 - 2015-10-19 17:07 - 00001389 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-08 12:47 - 2016-05-12 08:30 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-05-08 08:47 - 2015-10-19 19:35 - 00001958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-04 17:30 - 2015-10-21 07:57 - 00000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2017-05-04 16:34 - 2017-03-07 15:25 - 00577283 _____ C:\Users\User\Leandro Renato Hanauer procuração.pdf
2017-05-04 13:18 - 2015-10-20 00:36 - 00000000 ____D C:\Program Files\TeamViewer
2017-05-02 10:24 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2017-04-27 08:17 - 2015-10-19 23:14 - 00002221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-26 17:40 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\tracing
2017-04-24 13:14 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Arquivos na raiz de alguns diretórios =======
 
2015-10-21 09:47 - 2015-10-21 09:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-10-19 17:17 - 2015-10-19 17:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
LastRegBack: 2017-05-15 11:48
 
==================== Fim de FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 AM

Posted 16 May 2017 - 08:18 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3343212515-3259344471-223190083-1000\...\Run: [background_fault] => "C:\Users\User\AppData\Local\background_fault\aswRD.exe" "C:\Users\User\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATENÇÃO
IFEO\taskmgr.exe: [Debugger]
GroupPolicy: Restrição ? <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
SearchScopes: HKU\S-1-5-21-3343212515-3259344471-223190083-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-07]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <não encontrado (a)>
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\User\AppData\Local\background_fault\bf.dll


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 121 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

#6 felipemazza

felipemazza
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 16 May 2017 - 03:58 PM

Hi, Nasdaq. It seems to have stopped. Here is the log you requested.

 

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 14-05-2017
Executado por User (16-05-2017 17:33:35) Run:1
Executando a partir de D:\User\Downloads
Perfis Carregados: User (Perfis Disponíveis: User)
Modo da Inicialização: Normal
 
==============================================
 
fixlist Conteúdo:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3343212515-3259344471-223190083-1000\...\Run: [background_fault] => "C:\Users\User\AppData\Local\background_fault\aswRD.exe" "C:\Users\User\AppData\Local\background_fault\bf.dll",background_fault_collector <===== ATEN��O
IFEO\taskmgr.exe: [Debugger]
GroupPolicy: Restri��o ? <======= ATEN��O
CHR HKLM\SOFTWARE\Policies\Google: Restri��o <======= ATEN��O
SearchScopes: HKU\S-1-5-21-3343212515-3259344471-223190083-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
CHR Extension: (Avast SafePrice) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-04-07]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-15]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <n�o encontrado (a)>
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\User\AppData\Local\background_fault\bf.dll
 
 
End
*****************
 
Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => valor removido (a) com sucesso.
HKU\S-1-5-21-3343212515-3259344471-223190083-1000\Software\Microsoft\Windows\CurrentVersion\Run\\background_fault => valor removido (a) com sucesso.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => chave removido (a) com sucesso.
C:\Windows\system32\GroupPolicy\Machine => movido com sucesso
C:\Windows\system32\GroupPolicy\GPT.ini => movido com sucesso
HKLM\SOFTWARE\Policies\Google => chave removido (a) com sucesso.
HKU\S-1-5-21-3343212515-3259344471-223190083-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => não encontrado (a).
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => não encontrado (a).
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => movido com sucesso
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => movido com sucesso
HKLM\System\CurrentControlSet\Services\VGPU => chave removido (a) com sucesso.
VGPU => serviço removido (a) com sucesso.
"C:\Users\User\AppData\Local\background_fault\bf.dll" => não encontrado (a).
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5539116 B
Java, Flash, Steam htmlcache => 419 B
Windows/system/drivers => 60108375 B
Edge => 0 B
Chrome => 75266608 B
Firefox => 734599113 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 74276 B
Public => 0 B
ProgramData => 0 B
systemprofile => 1904482 B
LocalService => 132244 B
NetworkService => 1332 B
User => 22131909 B
 
RecycleBin => 0 B
EmptyTemp: => 866.1 MB de dados temporários Removidos.
 
================================
 
 
O sistema precisou ser reiniciado.
 
==== Fim de Fixlog 17:39:48 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:27 AM

Posted 17 May 2017 - 07:17 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users