Jump to content

Aya_Tachibana

Honorary Members
  • Posts

    110
  • Joined

  • Last visited

Everything posted by Aya_Tachibana

  1. Well, since the system is performing normally, then I suppose it's safe. I will take a look later into the Event logs to check if everything is all right. Thank you for the help. Aya.
  2. Thank you for the reply. But I will tell you that I installed Windows 10 here few weeks ago, so I installed the Fall Creators Update version. So, the device didn't received a big update like the Anniversary one. Is the device still fine? Thank you. Aya
  3. Here is the logs. All programs were run as an administrator. What should I do next? EDIT: I ran FRST before the scans, I uploaded the new ones now. MBAM.txt AdwCleaner[C00].txt AdwCleaner[S00].txt Addition.txt FRST.txt
  4. Hello Everyone. I scan with MBAM free everyday, just to check if everything is allright. Today, I scanned my computer and it found something. Also, it found a user (defaultuser1) that was created aprox. 2 hours ago, which is strange. I will post the attachments needed, and I will also scan my files for anything suspicious. Just some information that may be useful: - The time of when the user was created was about the time when I logged into my computer, but clicked in the wrong button "I don't remember my PIN" when I was in the lock screen. - Strangely, after restoring the file to scan with Virus Total, MBAM now doesn't find it malicious anymore. I wonder why? - Apparently, it only detects if the system is connected to the internet - Virus Total Link: https://www.virustotal.com/#/file/a6c4dcfa62059f2a2058ac6676cb0dd423ec087d03f0ec39ff67819e3d5cc44f/detection - I scanned my computer with MBAM full scan, Windows Defender full scan and ESET Online Scanner. No malware was detected. PC information: - CPU: Intel Atom Z3775 - 1.46GHz - RAM: 2GB - OS: WIndows 10 Home 1709 (16299.402) 32 bits - Security software: MBAM, Windows Defender and ESET Online Scanner (for on-demand scanning) MBAM.txt Addition.txt FRST.txt
  5. Hello everyone. I recently got for me an Android Phone (version 5.1.1) I also got the Avast Anti-virus for protection. Strangely, Avast is downloading it's updates normally, but Malwarebytes still got no updates since 3 days ago (it says database version 2016.10.07.01). Is this a normal behaviour of the app? I never used an android before, and I'm used to the WIndows version. Some info about my phone: Phone: Lenovo Vibe K5 Android 5.1.1 The phone is not rooted
  6. No, I think all problems were fixed here. Except the sounds, I'm still taking a look at it. Thank you kevinf80 for your help.
  7. - I'm still looking for the sound problem. - I fixed the Chrome bug - Avast! sandbox probably didn't allowed Chrome to change some files, so I just started it without sandbox and it fixed) - I will take a look into firefox, do you know if it works well with sandbox and the MBAE? - Since my logs are clean, I will just do some scans to feel more safe. - I will ignore the thing of the Adobe website. Since it's their official website, I don't think it will cause any problem.
  8. Well, the issues: - The sound problem (will probably take a deeper look now) - FRST bugs (maybe it's really from FRST, not from my PC) - I don't know which is better: Chrome or Firefox. Do you know which is better for security (I don't care much about 60fps youtube videos)? - The fear of being infected, but I really don't know if I'm really am. - Also, the file from the adobe website. Is that something that happenned just here?
  9. Double post. Also, did Google Chrome updated it "New tab" with a new look? When I open Chrome, it have the same look, but when I open a new tab, it has the new look. I attached the images of the new and old look (in this order). EDIT: I didn't knew that there is an edit button, yeah! EDIT2: Yeah, the sound problem returned, I'm looking here for the problem.
  10. Hello, and here is the logs: Results of screen317's Security Check version 0.99.96 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 64-bit 8 Update 31 Google Chrome (40.0.2214.111) Google Chrome (40.0.2214.94) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Exploit mbae-svc.exe Malwarebytes Anti-Exploit mbae64.exe Malwarebytes Anti-Exploit mbae.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  11. About the Adobe website, when I entered in the website, it downloaded automatically something. Luckly, I'm running Chrome in a sandbox and it didn't run. Is downloading a file there normal? About the sounds, looks like it have been returned to normal. Also, Avast says that my Flash Player Activex version is updated (you know, Software updater), and also Chrome is updated.
  12. Sorry for the double post. I know that it has nothing to do with FRST. But, right now, my PC have 2 strange things. 1 - The videos from Youtube stopped working (just closing it and reopening fixed the issue) 2 - Windows sounds stopped working.
  13. Hello, looks like it hasn't been fixed, and yes, it was already updated. Here is the logs: FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by SERN (administrator) on IBM-5100 on 08-02-2015 23:39:03Running from C:\Users\SERN-ADM\DownloadsLoaded Profiles: SERN & SERN-ADM (Available profiles: SERN & SERN-ADM)Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exeFailed to access process -> csrss.exeFailed to access process -> services.exe(AMD) C:\Windows\System32\atiesrxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe() C:\Windows\System32\PnkBstrA.exeFailed to access process -> csrss.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe\onenoteim.exe(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exeFailed to access process -> sppsvc.exeFailed to access process -> svchost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software)HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-09-24] (Microsoft Corporation)HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe /checkHKLM-x32\...\RunOnce: [{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}] => cmd.exe /C start /D "C:\Users\SERN\AppData\Local\Temp" /B {080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exe -accepteula -accepteulaksn -activeimages -postbootShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabTcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1 FireFox:========FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-22] Chrome: =======CHR Profile: C:\Users\SERN\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Apresentações) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]CHR Extension: (Google Docs) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]CHR Extension: (Google Drive) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]CHR Extension: (YouTube) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]CHR Extension: (Pesquisa do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]CHR Extension: (Planilhas do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]CHR Extension: (Google Wallet) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]CHR Extension: (Gmail) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-22] (AVAST Software)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-22] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-22] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-22] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-22] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-22] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-22] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-22] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 01:25 - 2015-02-08 01:45 - 00026427 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt2015-02-08 01:24 - 2015-02-08 23:39 - 00009988 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt2015-02-08 01:23 - 2015-02-08 01:23 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion2015-02-03 18:02 - 2015-02-03 18:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028.exe2015-02-03 18:02 - 2015-02-03 18:02 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001.exe2015-02-02 19:59 - 2015-02-02 19:59 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\Users\Todos os Usuários\ATI2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\ProgramData\ATI2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-01-22 18:44 - 2015-02-08 13:02 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-22 18:44 - 2015-01-22 18:44 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-22 18:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk2015-01-22 18:36 - 2015-01-22 18:30 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2015-01-22 18:33 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\AVAST Software2015-01-22 18:31 - 2015-01-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-22 18:31 - 2015-01-22 18:31 - 00000000 ____D () C:\AVAST Software2015-01-22 18:30 - 2015-02-08 01:26 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-01-22 18:30 - 2015-01-22 18:31 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2015-01-22 18:30 - 2015-01-22 18:30 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-22 18:23 - 2015-01-22 18:27 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-20 19:09 - 2014-04-15 21:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll2015-01-20 19:09 - 2014-04-15 21:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll2015-01-20 00:06 - 2015-02-08 23:37 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit2015-01-20 00:06 - 2015-02-08 23:37 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2015-01-19 16:25 - 2015-01-19 16:25 - 00000000 __SHD () C:\Users\SERN-ADM\AppData\Local\EmieBrowserModeList2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN\Desktop\RKreport_SCN_01172015_031215.log2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-10 12:19 - 2015-02-08 12:57 - 00000000 ____D () C:\Users\SERN\AppData\Local\CrashDumps2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 23:39 - 2014-12-18 02:29 - 00000000 ____D () C:\FRST2015-02-08 23:36 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-08 19:55 - 2014-10-24 02:18 - 01181752 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-08 19:52 - 2013-08-22 12:46 - 00302203 _____ () C:\WINDOWS\setupact.log2015-02-08 19:52 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-08 19:43 - 2014-11-04 01:02 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CBD818-4DC2-46F3-9F3F-9A3E033F9062}2015-02-08 19:41 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-08 10:38 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype2015-02-08 01:40 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-08 01:40 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-08 01:23 - 2014-12-18 02:14 - 02132992 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe2015-02-07 17:34 - 2014-10-24 03:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-10052015-02-05 17:29 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-05 17:11 - 2014-10-24 02:49 - 00004066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-05 17:11 - 2014-10-24 02:49 - 00003830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-05 17:11 - 2014-10-24 02:49 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-05 17:11 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 16:51 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps2015-02-03 17:31 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-02-03 17:31 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-23 08:46 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2015-01-23 07:49 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr2015-01-22 19:00 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\Google2015-01-22 18:56 - 2014-09-24 00:30 - 00833766 _____ () C:\WINDOWS\PFRO.log2015-01-21 09:57 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\ProgramData\RogueKiller2015-01-20 16:01 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-01-20 16:01 - 2014-10-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-20 16:01 - 2014-09-24 06:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed2015-01-20 16:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep2015-01-20 15:56 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\registration2015-01-19 01:51 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat Files to move or delete:====================C:\ProgramData\LaunchURL.batC:\Users\Todos os Usuários\LaunchURL.bat Some content of TEMP:====================C:\Users\SERN\AppData\Local\Temp\dllnt_dump.dllC:\Users\SERN\AppData\Local\Temp\raptrpatch.exeC:\Users\SERN\AppData\Local\Temp\raptr_stub.exeC:\Users\SERN\AppData\Local\Temp\{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exeC:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-02 07:40 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015Ran by SERN at 2015-02-08 23:39:45Running from C:\Users\SERN-ADM\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Call of Duty (HKLM-x32\...\Steam App 2620) (Version: - Infinity Ward)Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGuncraft (HKLM-x32\...\Steam App 241720) (Version: - Exato Games Studio)If My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version: - Moenovel)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Raptr (HKLM-x32\...\Raptr) (Version: - )Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games)The Way of Life (HKLM-x32\...\Steam App 310370) (Version: - Fabio Ferrara) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-01-2015 13:25:08 Windows Update05-02-2015 17:28:56 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B54D8B7-D3F3-4FA3-8029-07DF4167F499} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)Task: {76FE62CE-2517-4080-B3F6-8C84B58FF389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {A3B75793-9A21-4609-87DA-DEA35A5D8F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {D761FDD7-50FB-4F61-AB43-2B6E1FEDB482} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-22] (AVAST Software)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe2015-02-08 19:42 - 2015-02-08 19:42 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020801\algo.dll2015-01-22 18:30 - 2015-01-22 18:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22792473.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22792473.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpgHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERNSERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/08/2015 00:55:24 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: mbam.exe, versão: 1.0.1.711, carimbo de data/hora: 0x542b53ecNome do módulo com falha: ntdll.dll, versão: 6.3.9600.17278, carimbo de data/hora: 0x53eeb4a3Código de exceção: 0xc00000fdDeslocamento da falha: 0x0003f394ID do processo com falha: 0x17ecHora de início do aplicativo com falha: 0xmbam.exe0Caminho do aplicativo com falha: mbam.exe1Caminho do módulo com falha: mbam.exe2ID do Relatório: mbam.exe3Nome completo do pacote com falha: mbam.exe4ID do aplicativo relativo ao pacote com falha: mbam.exe5 Error: (02/08/2015 00:11:25 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/08/2015 00:10:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/08/2015 00:02:21 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors:=============Error: (02/08/2015 07:53:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/08/2015 07:52:16 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/08/2015 07:28:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/08/2015 06:51:52 PM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/08/2015 06:50:32 PM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/08/2015 06:50:14 PM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/08/2015 06:50:03 PM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/08/2015 06:50:00 PM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/08/2015 06:49:46 PM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/08/2015 06:49:46 PM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Microsoft Office Sessions:=========================Error: (02/08/2015 00:55:24 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.1.711542b53ecntdll.dll6.3.9600.1727853eeb4a3c00000fd0003f39417ec01d043a8ae68ed0aC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\WINDOWS\SYSTEM32\ntdll.dll824da0f8-afa2-11e4-befb-1c6f65ae635e Error: (02/08/2015 00:11:25 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/08/2015 00:10:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/08/2015 00:02:21 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe CodeIntegrity Errors:=================================== Date: 2015-01-22 18:33:43.515 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom II X6 1090T ProcessorPercentage of memory in use: 13%Total physical RAM: 8189.55 MBAvailable physical RAM: 7091.19 MBTotal Pagefile: 9469.55 MBAvailable Pagefile: 8245.53 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:850.66 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7068220E)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  14. Before doing that, should I do the scan with admin mode? Or without it?
  15. Double post Also, sometimes, when I try to scan with MBAM, it crashes after ~45 minutes. Don't know if it's malware related, but it's kinda strange. That never happened to me.
  16. Hello everyone, just a quick question. I usually use FRST to find any suspicious activity in my PC. Luckly, I never find anything. But today, something new happened. Some processes were marked with "Failed to access process", even if I'm in admin mode, I also found like 3 dllhost.exe running. Is that some kind of malware not letting me access Windows process (and also infecting them)? I will post both my .txt files (plus, I used Avast, MBAM and ESET Online scans - nothing infected). Thank you guys for helping me, and sorry for any problems caused. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by SERN (administrator) on IBM-5100 on 08-02-2015 01:44:16Running from C:\Users\SERN-ADM\DownloadsLoaded Profiles: SERN & SERN-ADM (Available profiles: SERN & SERN-ADM)Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exeFailed to access process -> csrss.exeFailed to access process -> csrss.exeFailed to access process -> services.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe() C:\Windows\System32\PnkBstrA.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe\onenoteim.exe(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software)HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-09-24] (Microsoft Corporation)HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe /checkHKLM-x32\...\RunOnce: [{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}] => cmd.exe /C start /D "C:\Users\SERN\AppData\Local\Temp" /B {080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exe -accepteula -accepteulaksn -activeimages -postbootShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabTcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1 FireFox:========FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-22] Chrome: =======CHR Profile: C:\Users\SERN\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Apresentações) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]CHR Extension: (Google Docs) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]CHR Extension: (Google Drive) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]CHR Extension: (YouTube) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]CHR Extension: (Pesquisa do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]CHR Extension: (Planilhas do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]CHR Extension: (Google Wallet) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]CHR Extension: (Gmail) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-22] (AVAST Software)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-22] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-22] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-22] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-22] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-22] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-22] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-22] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 01:25 - 2015-02-08 01:43 - 00024616 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt2015-02-08 01:24 - 2015-02-08 01:44 - 00009908 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt2015-02-08 01:23 - 2015-02-08 01:23 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion2015-02-03 18:02 - 2015-02-03 18:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028.exe2015-02-03 18:02 - 2015-02-03 18:02 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001.exe2015-02-02 19:59 - 2015-02-02 19:59 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\Users\Todos os Usuários\ATI2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\ProgramData\ATI2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-01-22 18:44 - 2015-02-07 16:52 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-22 18:44 - 2015-01-22 18:44 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-22 18:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk2015-01-22 18:36 - 2015-01-22 18:30 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2015-01-22 18:33 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\AVAST Software2015-01-22 18:31 - 2015-01-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-22 18:31 - 2015-01-22 18:31 - 00000000 ____D () C:\AVAST Software2015-01-22 18:30 - 2015-02-08 01:26 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-01-22 18:30 - 2015-01-22 18:31 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2015-01-22 18:30 - 2015-01-22 18:30 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-22 18:23 - 2015-01-22 18:27 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-20 19:09 - 2014-04-15 21:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll2015-01-20 19:09 - 2014-04-15 21:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll2015-01-20 00:06 - 2015-02-07 16:48 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit2015-01-20 00:06 - 2015-02-07 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2015-01-19 16:25 - 2015-01-19 16:25 - 00000000 __SHD () C:\Users\SERN-ADM\AppData\Local\EmieBrowserModeList2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN\Desktop\RKreport_SCN_01172015_031215.log2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-10 12:19 - 2015-02-03 14:05 - 00000000 ____D () C:\Users\SERN\AppData\Local\CrashDumps2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 01:44 - 2014-12-18 02:29 - 00000000 ____D () C:\FRST2015-02-08 01:41 - 2013-08-22 12:46 - 00301818 _____ () C:\WINDOWS\setupact.log2015-02-08 01:41 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-08 01:40 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-08 01:40 - 2014-10-24 02:18 - 02089439 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-08 01:40 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-08 01:25 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-08 01:23 - 2014-12-18 02:14 - 02132992 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe2015-02-08 01:22 - 2014-11-04 01:02 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CBD818-4DC2-46F3-9F3F-9A3E033F9062}2015-02-08 01:21 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-07 17:34 - 2014-10-24 03:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-10052015-02-05 17:29 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-05 17:11 - 2014-10-24 02:49 - 00004066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-05 17:11 - 2014-10-24 02:49 - 00003830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-05 17:11 - 2014-10-24 02:49 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-05 17:11 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 18:34 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype2015-02-04 16:51 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps2015-02-03 17:31 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-02-03 17:31 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-23 08:46 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2015-01-23 07:49 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr2015-01-22 19:00 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\Google2015-01-22 18:56 - 2014-09-24 00:30 - 00833766 _____ () C:\WINDOWS\PFRO.log2015-01-21 09:57 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\ProgramData\RogueKiller2015-01-20 16:01 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-01-20 16:01 - 2014-10-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-20 16:01 - 2014-09-24 06:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed2015-01-20 16:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep2015-01-20 15:56 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\registration2015-01-19 01:51 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat Files to move or delete:====================C:\ProgramData\LaunchURL.batC:\Users\Todos os Usuários\LaunchURL.bat Some content of TEMP:====================C:\Users\SERN\AppData\Local\Temp\dllnt_dump.dllC:\Users\SERN\AppData\Local\Temp\raptrpatch.exeC:\Users\SERN\AppData\Local\Temp\raptr_stub.exeC:\Users\SERN\AppData\Local\Temp\{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exeC:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-02 07:40 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015Ran by SERN at 2015-02-08 01:44:44Running from C:\Users\SERN-ADM\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Call of Duty (HKLM-x32\...\Steam App 2620) (Version: - Infinity Ward)Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGuncraft (HKLM-x32\...\Steam App 241720) (Version: - Exato Games Studio)If My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version: - Moenovel)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Raptr (HKLM-x32\...\Raptr) (Version: - )Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games)The Way of Life (HKLM-x32\...\Steam App 310370) (Version: - Fabio Ferrara) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-01-2015 13:25:08 Windows Update05-02-2015 17:28:56 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B54D8B7-D3F3-4FA3-8029-07DF4167F499} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)Task: {76FE62CE-2517-4080-B3F6-8C84B58FF389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {A3B75793-9A21-4609-87DA-DEA35A5D8F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {D761FDD7-50FB-4F61-AB43-2B6E1FEDB482} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-22] (AVAST Software)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe2015-02-07 16:48 - 2015-02-07 16:48 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020701\algo.dll2015-01-22 18:30 - 2015-01-22 18:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22792473.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22792473.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpgHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERNSERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 05:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details:AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error:Acesso negado.. Error: (02/05/2015 04:35:33 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 04:22:51 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 04:22:46 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors:=============Error: (02/08/2015 01:41:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/08/2015 01:40:34 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/08/2015 01:21:30 AM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/07/2015 07:41:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/07/2015 04:46:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 09:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 07:40:52 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/06/2015 06:48:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 04:50:08 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/06/2015 07:05:57 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Microsoft Office Sessions:=========================Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 05:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Details:AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error:Acesso negado. Error: (02/05/2015 04:35:33 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/05/2015 04:22:51 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 04:22:46 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe CodeIntegrity Errors:=================================== Date: 2015-01-22 18:33:43.515 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom II X6 1090T ProcessorPercentage of memory in use: 12%Total physical RAM: 8189.55 MBAvailable physical RAM: 7133.35 MBTotal Pagefile: 9469.55 MBAvailable Pagefile: 8373.91 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:851.38 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7068220E)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  17. Hello Adam. Since the logs were all good, I do believe that my PC looks ok now. I think that now the problem is over, thanks to you . Thank you a lot Adam.
  18. Hello Adam. Before posting the logs, I would like to say few things: 1 - The MBAM and ESET scans were made offline (I obviously updated both prograns and virus database before disconnecting from the net) 2 - I forgot to get the ESET logs, but I could find all the logs in the ESET folder. The one I posted is from the scan I did. 3 - Just after doing all those logs, someone at home start using their cellphone with the wi-fi (Android). Just to know, it's possible to get an infection from an Android device? And here is the logs (May I know why attach only the TDSS killer log?): MBAM logs Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 23/01/2015Scan Time: 07:52:32Logfile: Administrator: No Version: 2.00.4.1028Malware Database: v2015.01.23.03Rootkit Database: v2015.01.14.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: SERN-ADM Scan Type: Threat ScanResult: CompletedObjects Scanned: 253502Time Elapsed: 6 min, 4 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) ESET log ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=e1101851165cdd49acc9f6270f5d3665# engine=22109# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2015-01-23 10:38:49# local_time=2015-01-23 08:38:49 (-0300, Horário brasileiro de verão)# country="Brazil"# lang=1033# osver=6.2.9200 NT # compatibility_mode_1=''# compatibility_mode=5893 16776574 100 94 2828595 12231048 0 0# scanned=188984# found=0# cleaned=0# scan_time=2135 Rogue Killer logs RogueKiller V10.2.0.0 (x64) [Jan 19 2015] por Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comSite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Sistema Operacional : Windows 8.1 (6.3.9200 ) 64 bits versionIniciou : Modo normalUsuário : SERN [Administrador]Modo : Escanear -- Data : 01/23/2015 08:51:57 ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 10 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | LaunchWebURL : C:\ProgramData\LaunchURL.bat -> Encontrado[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | {080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E} : cmd.exe /C start /D "C:\Users\SERN\AppData\Local\Temp" /B {080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exe -accepteula -accepteulaksn -activeimages -postboot -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 [bRAZIL (BR)][bRAZIL (BR)] -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 [bRAZIL (BR)][bRAZIL (BR)] -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA244F03-A93F-406B-B71C-1A8DF76B00C7} | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 [bRAZIL (BR)][bRAZIL (BR)] -> Encontrado[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AA244F03-A93F-406B-B71C-1A8DF76B00C7} | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1 [bRAZIL (BR)][bRAZIL (BR)] -> Encontrado[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Encontrado[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Encontrado ¤¤¤ Tarefas : 0 ¤¤¤ ¤¤¤ Arquivos : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 1 (Driver: Carregado) ¤¤¤[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\Drivers\Wof.sys) ¤¤¤ Navegadores : 0 ¤¤¤ ¤¤¤ Verificação da MBR : ¤¤¤+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++--- User ---[MBR] 26bef715d3d1d47510abde64a7f48fc6[bSP] 00b1a9551d633cc633207c8abbbc5b28 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]User = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_01172015_031215.log - RKreport_SCN_11032014_154710.log - RKreport_SCN_11032014_173049.log FRST log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015Ran by SERN (administrator) on IBM-5100 on 23-01-2015 08:54:24Running from C:\Users\SERN-ADM\DownloadsLoaded Profiles: SERN & SERN-ADM (Available profiles: SERN & SERN-ADM)Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe() C:\Windows\System32\PnkBstrA.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-22] (AVAST Software)HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-09-24] (Microsoft Corporation)HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe /checkHKLM-x32\...\RunOnce: [{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}] => cmd.exe /C start /D "C:\Users\SERN\AppData\Local\Temp" /B {080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exe -accepteula -accepteulaksn -activeimages -postbootShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabTcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1 FireFox:========FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-22] Chrome: =======CHR Profile: C:\Users\SERN\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Apresentações) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]CHR Extension: (Google Docs) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]CHR Extension: (Google Drive) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]CHR Extension: (YouTube) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]CHR Extension: (Pesquisa do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]CHR Extension: (Planilhas do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]CHR Extension: (Google Wallet) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]CHR Extension: (Gmail) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-22] (AVAST Software)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-22] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-22] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-22] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-22] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-22] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-22] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-22] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 08:52 - 2015-01-23 08:52 - 00003496 _____ () C:\Users\SERN-ADM\Desktop\RKreport_SCN_01232015_085153.log2015-01-23 08:00 - 2015-01-23 08:00 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe2015-01-23 07:58 - 2015-01-23 07:59 - 00001033 _____ () C:\Users\SERN-ADM\Desktop\mbam.txt2015-01-23 07:45 - 2015-01-23 07:45 - 18570328 _____ () C:\Users\SERN-ADM\Desktop\RogueKillerX64 (1).exe2015-01-23 07:44 - 2015-01-23 07:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\SERN-ADM\Desktop\tdsskiller.exe2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-01-22 18:44 - 2015-01-22 19:08 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-22 18:44 - 2015-01-22 18:44 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-22 18:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk2015-01-22 18:36 - 2015-01-22 18:30 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2015-01-22 18:33 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\AVAST Software2015-01-22 18:31 - 2015-01-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-22 18:31 - 2015-01-22 18:31 - 00000000 ____D () C:\AVAST Software2015-01-22 18:30 - 2015-01-22 18:36 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-01-22 18:30 - 2015-01-22 18:31 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2015-01-22 18:30 - 2015-01-22 18:30 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-22 18:23 - 2015-01-22 18:27 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-22 16:37 - 2015-01-22 16:37 - 02967032 _____ (Malwarebytes ) C:\Users\SERN-ADM\Downloads\mbae-setup-1.05.1.1016 (1).exe2015-01-22 16:35 - 2015-01-22 16:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (3).exe2015-01-22 16:35 - 2015-01-22 16:35 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (4).exe2015-01-22 16:33 - 2015-01-22 16:33 - 05040384 _____ (AVAST Software) C:\Users\SERN-ADM\Downloads\avastclear (1).exe2015-01-22 16:32 - 2015-01-22 16:34 - 148055856 _____ (AVAST Software) C:\Users\SERN-ADM\Downloads\avast_internet_security_setup.exe2015-01-22 16:32 - 2015-01-22 16:32 - 04978536 _____ (AVAST Software) C:\Users\SERN-ADM\Downloads\avast_internet_security_setup_online (1).exe2015-01-20 19:09 - 2014-04-15 21:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll2015-01-20 19:09 - 2014-04-15 21:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll2015-01-20 00:14 - 2015-01-20 00:15 - 00000083 _____ () C:\Users\SERN-ADM\Desktop\Novo Documento de Texto.txt2015-01-20 00:06 - 2015-01-22 18:47 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit2015-01-20 00:06 - 2015-01-22 18:47 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2015-01-19 19:44 - 2015-01-19 19:44 - 02967032 _____ (Malwarebytes ) C:\Users\SERN-ADM\Downloads\mbae-setup-1.05.1.1016.exe2015-01-19 16:25 - 2015-01-19 16:25 - 00000000 __SHD () C:\Users\SERN-ADM\AppData\Local\EmieBrowserModeList2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN-ADM\Downloads\RKreport_SCN_01172015_031215.log2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN\Desktop\RKreport_SCN_01172015_031215.log2015-01-17 03:06 - 2015-01-17 03:07 - 18467928 _____ () C:\Users\SERN-ADM\Downloads\RogueKillerX64.exe2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-13 03:58 - 2015-01-20 16:01 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion2015-01-12 00:43 - 2015-01-12 00:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (2).exe2015-01-12 00:42 - 2015-01-12 00:42 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (3).exe2015-01-10 14:00 - 2015-01-10 14:01 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe2015-01-10 12:19 - 2015-01-10 16:19 - 00000000 ____D () C:\Users\SERN\AppData\Local\CrashDumps2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity2015-01-04 12:23 - 2015-01-04 12:23 - 00001549 _____ () C:\Users\SERN-ADM\Downloads\transcript (1).txt2015-01-03 17:54 - 2015-01-03 17:54 - 00001021 _____ () C:\Users\SERN-ADM\Downloads\transcript.txt2014-12-29 12:40 - 2014-12-29 12:40 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\RenPy2014-12-28 15:45 - 2014-12-28 15:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (1).exe2014-12-28 15:44 - 2014-12-28 15:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (2).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 08:54 - 2014-12-18 02:29 - 00010475 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt2015-01-23 08:54 - 2014-12-18 02:29 - 00000000 ____D () C:\FRST2015-01-23 08:53 - 2014-10-24 02:18 - 01907200 _____ () C:\WINDOWS\WindowsUpdate.log2015-01-23 08:46 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2015-01-23 08:40 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-01-23 08:39 - 2013-08-22 12:46 - 00299739 _____ () C:\WINDOWS\setupact.log2015-01-23 08:39 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-01-23 08:00 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-01-23 07:49 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr2015-01-23 07:46 - 2014-11-04 01:02 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CBD818-4DC2-46F3-9F3F-9A3E033F9062}2015-01-22 19:09 - 2014-10-24 03:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-10052015-01-22 19:00 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\Google2015-01-22 18:56 - 2014-09-24 00:30 - 00833766 _____ () C:\WINDOWS\PFRO.log2015-01-22 16:41 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-01-22 16:40 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-01-22 16:32 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-01-21 09:57 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM2015-01-20 17:33 - 2014-12-18 02:30 - 00024041 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\ProgramData\RogueKiller2015-01-20 16:01 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-01-20 16:01 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam2015-01-20 16:01 - 2014-10-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-20 16:01 - 2014-09-24 06:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed2015-01-20 16:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep2015-01-20 15:56 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\registration2015-01-20 00:08 - 2014-12-18 02:14 - 02126848 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe2015-01-19 23:45 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps2015-01-19 19:32 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-01-19 19:32 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-19 01:51 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-13 21:51 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype2014-12-28 15:49 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\SERN ==================== Files in the root of some directories =======2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat Files to move or delete:====================C:\ProgramData\LaunchURL.batC:\Users\Todos os Usuários\LaunchURL.bat Some content of TEMP:====================C:\Users\SERN\AppData\Local\Temp\dllnt_dump.dllC:\Users\SERN\AppData\Local\Temp\raptrpatch.exeC:\Users\SERN\AppData\Local\Temp\raptr_stub.exeC:\Users\SERN\AppData\Local\Temp\{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exeC:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-22 17:54 ==================== End Of Log ============================ Addition logs Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015Ran by SERN at 2015-01-23 08:54:51Running from C:\Users\SERN-ADM\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Call of Duty (HKLM-x32\...\Steam App 2620) (Version: - Infinity Ward)Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenIf My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version: - Moenovel)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version: - Gravity, Inc.)Raptr (HKLM-x32\...\Raptr) (Version: - )Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)Sunrider Academy Demo (HKLM-x32\...\Steam App 340740) (Version: - Love in Space)Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games)The Way of Life (HKLM-x32\...\Steam App 310370) (Version: - Fabio Ferrara) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-12-2014 18:58:43 Instalado Microsoft Visual C++ 2005 Redistributable13-01-2015 09:23:58 Ponto de Verificação Agendado20-01-2015 15:52:07 Operação de restauração22-01-2015 18:07:59 step122-01-2015 18:14:24 step222-01-2015 18:17:33 step322-01-2015 18:42:07 step4 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B54D8B7-D3F3-4FA3-8029-07DF4167F499} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)Task: {76FE62CE-2517-4080-B3F6-8C84B58FF389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {A3B75793-9A21-4609-87DA-DEA35A5D8F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {D761FDD7-50FB-4F61-AB43-2B6E1FEDB482} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-22] (AVAST Software)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe2015-01-22 18:30 - 2015-01-22 18:30 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012202\algo.dll2015-01-22 18:30 - 2015-01-22 18:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22792473.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22792473.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERNSERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/23/2015 08:40:30 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:07:26 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:06:24 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:02:51 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:02:48 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:02:00 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:01:56 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:01:18 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:01:14 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (01/23/2015 08:01:12 AM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors:=============Error: (01/23/2015 08:39:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/23/2015 07:49:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/23/2015 07:48:21 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (01/22/2015 06:56:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/22/2015 06:46:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/22/2015 06:37:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (01/22/2015 06:37:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Serviço de Inspeção de Rede do Windows Defender devido ao seguinte erro: %%1069 Error: (01/22/2015 06:37:02 PM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: O serviço WdNisSvc não pôde fazer logon como NT AUTHORITY\LocalService com a senha configurada atualmente devido ao seguinte erro: %%50 Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft. Error: (01/22/2015 06:33:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço Serviço Windows Defender devido ao seguinte erro: %%577 Error: (01/22/2015 06:33:33 PM) (Source: DCOM) (EventID: 10016) (User: IBM-5100)Description: específico do aplicativoLocalIniciar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}IBM-5100SERN-ADMS-1-5-21-465716547-1104618823-2389287588-1005LocalHost (Usando LRPC)Não DisponívelNão Disponível Microsoft Office Sessions:=========================Error: (01/23/2015 08:40:30 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/23/2015 08:07:26 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/23/2015 08:06:24 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (01/23/2015 08:02:51 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe Error: (01/23/2015 08:02:48 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe Error: (01/23/2015 08:02:00 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe Error: (01/23/2015 08:01:56 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe Error: (01/23/2015 08:01:18 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe Error: (01/23/2015 08:01:14 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe Error: (01/23/2015 08:01:12 AM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (2).exe CodeIntegrity Errors:=================================== Date: 2015-01-22 18:33:43.515 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom II X6 1090T ProcessorPercentage of memory in use: 22%Total physical RAM: 8189.55 MBAvailable physical RAM: 6309.46 MBTotal Pagefile: 9469.55 MBAvailable Pagefile: 8036.7 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:829.61 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7068220E)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================TDSSKiller.3.0.0.44_23.01.2015_07.50.19_log.txt
  19. I did all those steps, but before syaing how the PC behaves, I had to do some steps diferently: - When I used the Avast! Unnistall Utility, I had to enter in Windows safe mode, in order to unnistall it completely (the program reccomended me to do it, so I did) - When I was going to install Avast again, the setup I downloaded was corrupted, but, I had the online setup for it (you download the files while installing the program), and I had to restart the PC in order to put my license (and again, I had to restart my PC). The only thing that really bothers me is that every time that Windows 8 shows the lockscreen (when you just turned on the PC), the connection sign is always with a warning sign (with a "!"). Before, it wasn't acting like that, but it started when the bugs started too. Besides that, the PC looks good and running good. I'm only still a little paranoid, about being a malware or someone who got access to this PC in the internet that did all that mess. MBAM, MBAE and Avast! doesn't have those bugs anymore.
  20. Hi Adam. Before doing all those things, let me ask: What do you mean with those reverse clean boot steps? You mean, To reenable everytihing again? If yes, what if the PC starts having those bugs again?
  21. Triple post!? Well I forgot to mention that when those bugs started, MBAM and Avast not just started to act strange, but also, some things (like the favoirite actions on Avast) have beem reseted. Also, MBAM still saying to me to start the free trial (even if I was doing that before). Also, It always says that I never run any type of scan. Another thing is that MBAE is not working anymore.
  22. Double post. Ok, it looks like it's back to normal, except MBAM. Still, I'm really curious to know what exactly happened before.
  23. Hi Adam. Looks like it's ok now. Still, I can't disable Avast, but that's not a real problem. Since the Wrapper Run Once problem is somewhat random, I will keep doing tests to see if it disappeared.
  24. Double post - Reall strange, it's random when the Wrapper Run Once will close alone or will stay. When it stays, there's lots of problems. Maybe doing a system restore may help? Or maybe it's a hardware issue? (I tried to take a look into the HDD conection, but it seems to fine (coudn't clean it, though).
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.