Jump to content

A Few Doubts about infection and stuff


Recommended Posts

Hello

 

I have 'two' doubts to solve toward possible (or not) malware infection

 

First one I've posted at a previous post and there it is

 

Found out while I was attempting to do a MBAR scan (that I really needed to since it was a long time that I didn't), the now famous 'AppInit_Dlls' warning. Pressed no, the scan went well and no malware found

 

Before that, when I went to the Registry Editor to see the origins of it, there was that one of the associated keys related to the KeyCryptSDK folder that comes with the installation of Zemana AntiKeylogger (right now cannot make the proper pic to show, but will do it if you request).

 

Is that something suspicious and that might open doors for malware or i should not make myself worry too much about it?

 

Second one is a bout a possible array of 'apphangxprocb1' problems while opening and working with some software (right now I do not have but later some instances of that might happen. It's too hard to explain but want to check with you guys if something tricky happened with my computer (MSE and MBAM did not caught anything in it) or not

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello Victor2K! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate new fresh FRST log files and post them here.

Link to post
Share on other sites

FRST and addition done but since FRST got too long for posting, attached instead of posting here, but addition I can post

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-08-2015 02
Ran by Usuario (2015-08-27 12:52:19)
Running from C:\Users\Usuario\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-419499787-849242958-3298517021-500 - Administrator - Disabled)
Convidado (S-1-5-21-419499787-849242958-3298517021-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-419499787-849242958-3298517021-1002 - Limited - Enabled)
Usuario (S-1-5-21-419499787-849242958-3298517021-1000 - Administrator - Enabled) => C:\Users\Usuario
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.4.1.351 - Adobe Systems Incorporated)
Adobe Fireworks CS3 (HKLM-x32\...\Adobe_bbef028176efa5abf0233d3e1747be8) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Fireworks CS6 (HKLM-x32\...\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}) (Version: 12.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arquivo do WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Ashampoo Burning Studio FREE v.1.14.5 (HKLM-x32\...\{91B33C97-91F8-FFB3-581B-BC952C901685}_is1) (Version: 1.14.5 - Ashampoo GmbH & Co. KG)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version:  - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version:  - Microsoft)
BitTorrent (HKU\S-1-5-21-419499787-849242958-3298517021-1000\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.22 - Comodo)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CryptoPrevent v4.3.0 (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CVE-2014-6352 (HKLM\...\{19b2ec23-d405-490d-be4b-385387efd0a1}.sdb) (Version:  - )
CVE-2014-6352 (HKLM\...\{3a9498f9-243d-424b-893a-8da0b0cfad53}.sdb) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Digsby (HKLM-x32\...\Digsby) (Version:  - dotSyntax, LLC)
DiskCheckup v3.2 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Elifoot 2002 - Revision 2 (HKLM-x32\...\Elifoot 2002_is1) (Version:  - )
FastStone Photo Resizer 3.2 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.2 - FastStone Soft.)
FIFA 09 (HKLM-x32\...\{2315B23D-3E21-4920-837D-AE6460934ECB}) (Version: 1.0.1.1 - Electronic Arts)
FIFA Manager 14 (HKLM-x32\...\{5FC27E1E-08C0-4346-A321-ED2D31FAE936}) (Version: 1.0.0.0 - Electronic Arts)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Glary Utilities 5.32 (HKLM-x32\...\Glary Utilities 5) (Version: 5.32.0.52 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
K-Lite Mega Codec Pack 10.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.0 - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.137 - PandoraTV)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaInfo 0.7.75 (HKLM\...\MediaInfo) (Version: 0.7.75 - MediaArea.net)
Megacubo 11 (HKLM-x32\...\Megacubo_is1) (Version: 11.0.0 - www.megacubo.net)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Módulo de Proteção Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.7.1.1 - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movier 1.1.7 (HKLM-x32\...\Movier) (Version: 1.1.7 - )
Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5714 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Nero 7 Ultra Edition (HKLM-x32\...\{CF097717-F174-4144-954A-FBC4BF301046}) (Version: 7.02.9753 - Nero AG)
NetWorx 5.4.1 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
Origin (HKLM-x32\...\Origin) (Version: 9.3.2.2730 - Electronic Arts, Inc.)
Patch Bolivia 22 Equipes (HKU\S-1-5-21-419499787-849242958-3298517021-1000\...\Patch Bolivia 22 Equipes) (Version:  - )
Patch Japão - 42 Equipes (HKU\S-1-5-21-419499787-849242958-3298517021-1000\...\Patch Japão - 42 Equipes) (Version:  - )
PcLiga 2000 v1.2 (HKLM-x32\...\PcLiga 2000 v1.2) (Version:  - )
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ThumbsPlus (HKLM-x32\...\ThumbsPlus) (Version:  - Cerious Software Inc.)
ThumbsPlus (x32 Version: 9.2.0.3946 - Cerious Software Inc.) Hidden
ThumbsPlus 10 (HKLM-x32\...\ThumbsPlus 10) (Version:  - Cerious Software)
ThumbsPlus 10 (x32 Version: 10.0.0.4002 - Cerious Software Inc.) Hidden
ThumbsPlus version 7.0 (HKLM-x32\...\ThumbsPlus7) (Version:  - )
TreeSize Free V3.3.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.1 - JAM Software)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.61 - NCH Software)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{AB07121D-24AB-44D2-A43A-7D3A627E7B48}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{90A00B78-EAA6-4DF4-9509-468E5A29F7F4}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
CustomCLSID: HKU\S-1-5-21-419499787-849242958-3298517021-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Usuario\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll No File
 
==================== Restore Points =========================
 
13-08-2015 02:19:56 Windows Update
16-08-2015 09:54:04 Windows Update
20-08-2015 02:11:18 Windows Update
20-08-2015 17:18:59 WD SmartWare Installer
20-08-2015 17:25:14 WD SmartWare Installer
24-08-2015 11:48:04 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2014-12-26 21:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {050D1618-60D7-4051-83C5-A52BC05C27D2} - System32\Tasks\Opera scheduled Autoupdate 1392394023 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-17] (Opera Software)
Task: {4212941C-5CC9-46BB-94B4-409714EDA12A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {65A5AA16-B940-4712-858A-448033777EBD} - System32\Tasks\{9AAE773A-DF4B-434F-8BA1-CA1982D881DE} => pcalua.exe -a C:\Users\Usuario\Downloads\brasfoot2014.exe -d C:\Users\Usuario\Downloads
Task: {7C7B2AD6-A590-4DA0-89D7-58C9FF0A9197} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-03] (Dropbox, Inc.)
Task: {954A05CC-FB4A-4BF3-97EB-73E510ABB6B8} - System32\Tasks\{7DFD1472-4CD5-4C1B-86AC-0A8FEBAD926E} => C:\cm2\CM2E16.EXE [2010-10-31] ()
Task: {97F98860-7285-48D3-9E7C-C44162CF6810} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13] (Google Inc.)
Task: {9CE95318-8AF4-411E-88F7-66DD18C51B5C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-03] (Dropbox, Inc.)
Task: {A28B7B53-61AB-497F-BE01-55A22E628EB7} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-08-17] (Glarysoft Ltd)
Task: {CB41796F-954B-47BB-B0C5-A7CCA828932A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D421CAA2-799A-4354-8D53-D5BBF68F44B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {EA443AE1-73C0-4011-8111-98CC5CB28FAD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {EF140198-6DFC-490E-9F40-2E62875A07FC} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {FC52AC8E-4E81-477C-B606-DE7F860F2D3E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-08-17] (Glarysoft Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-11 02:21 - 2014-02-11 02:21 - 00644464 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-03-24 14:35 - 2015-08-06 18:33 - 00791552 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00059904 _____ () C:\Program Files (x86)\Trillian\zlib1.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00187392 _____ () C:\Program Files (x86)\Trillian\libpng15.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\trillian.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00065536 _____ () C:\Program Files (x86)\Trillian\libungif.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00003584 _____ () c:\program files (x86)\trillian\languages\en\toolkit.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00006656 _____ () c:\program files (x86)\trillian\languages\en\events.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00010752 _____ () c:\program files (x86)\trillian\languages\en\buddy.dll
2015-05-27 00:00 - 2015-05-27 00:00 - 00007168 _____ () c:\program files (x86)\trillian\languages\en\talk.dll
2015-08-17 03:34 - 2015-08-17 03:34 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-08-20 19:11 - 2015-08-18 02:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-20 19:11 - 2015-08-18 02:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34
AlternateDataStreams: C:\Users\Usuario\Downloads\Alagoas.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Atualização Alemanha (Abril) - Brasfoot 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Atualização Alemanha (Abril) - Brasfoot 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Atualização Brasil (Março) - Brasfoot 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Atualização Brasil (Março) - Brasfoot 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Belize bf15.sfx.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Belize bf15.sfx.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Brasfoot 2015 - Angola.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Brasfoot 2015 - Angola.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Brasfoot 2015 - Austria.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Brasfoot 2015 - Austria.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Brasfoot 2015 - Venezuela.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Brasfoot 2015 - Venezuela.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Brasfoot 2015 - Zimbabwe.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Camisas Camp. Mineiro A 2015.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Camisas Paises Europa - Brasfoot 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Camisas Paises Europa - Brasfoot 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\chromeinstall-8u45.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\chromeinstall-8u45.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Distrito Federal 4 times.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\DivXInstaller (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\DivXInstaller (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\EP0435.pdf:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\ErotUniv.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Escudos - Australia.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Escudos - Australia.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\FC Marau.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\FL Strikers.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Gaúcho-RS.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\gbpluginabnsetup (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\gbpluginabnsetup (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\gbpluginabnsetup (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\gbpluginabnsetup (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\gbpluginabnsetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\gbpluginabnsetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Glary_Utilities_v5.22.0.41.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Glary_Utilities_v5.22.0.41.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Glary_Utilities_v5.23.0.42.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Glary_Utilities_v5.23.0.42.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\GN.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\jre-8u45-windows-x64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\jre-8u45-windows-x64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\KMPlayer_3.9.1.135.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\KMPlayer_3.9.1.135.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\mbae-setup-1.06.1.1018.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\mbae-setup-1.06.1.1018.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Mi-da-ra_02_BaixarHentai.net.mp4:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Mi-da-ra_03_BaixarHentai.net.mp4:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Michel Guillou - Aryanne T01 [ fr] (1).zip:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\miramar_pb.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Motherwell.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Mystery of the Bat Women.jpg:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Opera_NI_stable (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Opera_NI_stable (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\OriginThinSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\OriginThinSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\pao de queijo.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Paraíba 5 times.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch - Escócia.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch - Escócia.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Albânia - Brasfoot 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Albânia - Brasfoot 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Bulgária - BF15 (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Bulgária - BF15 (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Bulgária - BF15.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Bulgária - BF15.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Croácia - BF15.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Egito - BF15.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Egito - BF15.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Estadual Cearense 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Estadual Cearense 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Gauchão 2015.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Haiti - Brasfoot 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Haiti - Brasfoot 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Holanda - BF15.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Holanda - BF15.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Nova Zelândia - Brasfoot 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Nova Zelândia - Brasfoot 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Piauiense - Brasfoot 2015.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Sergipe - Brasfoot 2015.zip:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Suécia - BF15.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Suécia - BF15.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Uruguai - Brasfoot 2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\Patch Uruguai - Brasfoot 2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\peru.zip:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\portugal2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\portugal2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\santamarina.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Sari1.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\St Ann´s Rangers.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\turquia2015.exe:$CmdTcID
AlternateDataStreams: C:\Users\Usuario\Downloads\turquia2015.exe:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Downloads\Vel1-45.rar:$CmdZnID
AlternateDataStreams: C:\Users\Usuario\Documents\boletocontrole.pdf:$CmdZnID
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-419499787-849242958-3298517021-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 12715 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-419499787-849242958-3298517021-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.189.80.136 - 200.189.80.131
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Digsby.lnk => C:\Windows\pss\Digsby.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{50508B32-B4A8-43EE-B69E-304B7C0899D3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3B5F3EE5-6F3F-4354-A962-88209352F984}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{96AE56D4-4E45-424B-926C-B76B8B773AFE}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{3E2D11A2-2C54-4D14-A4B4-ECDC34CB92E0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{A15A21F0-794D-4691-8FCC-30A4DB48F1C5}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{5FEB9195-5899-4F3A-BEE9-3692929F4933}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{451BA0D2-A4F9-4FEC-B026-BB9CDB669FB4}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{921F37F6-542D-443F-8767-C7C8D7B37595}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{9299CEFF-9FA2-4444-903B-8544AA371236}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [TCP Query User{11E4671D-36C8-4978-8EF5-9DB2FBD544F9}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [uDP Query User{06D147C1-4826-46A2-B40E-CAA5EEBD0969}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{DE822B13-8F5A-495F-99FF-D730792E99AE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7B787F22-3806-4FEC-8FA5-1DCD92CCCDEB}] => (Allow) LPort=2869
FirewallRules: [{8A095AD0-BD49-4B5A-81A2-98659A09B51F}] => (Allow) LPort=1900
FirewallRules: [{348363A5-91B8-4628-81FE-11A49B810E3B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{2BEAF844-2E4B-4F76-A709-271A9D386EF4}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [uDP Query User{F75F32E4-263A-4491-8B5C-094E065BD55C}C:\program files (x86)\microsoft office\office12\groove.exe] => (Block) C:\program files (x86)\microsoft office\office12\groove.exe
FirewallRules: [{882B3C74-38FB-4103-9219-1C948F465728}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{51E5CAF7-4D3C-4F97-A4AF-D8A9F6B6F580}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [uDP Query User{B204C385-C48B-49EB-8740-18F7876702BB}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [{D5CD180E-DF25-4F2E-8290-4C110B30C743}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{C4E59D69-CD1B-4DD1-9FDE-185B32B29F5A}] => (Allow) C:\Program Files (x86)\Origin Games\FIFA Manager 14\Manager14.exe
FirewallRules: [{59003E58-B107-42FA-BA1D-CA1A2C582F8C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{31422BF3-020A-481C-9CC6-F8C5883DE242}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C62E0EC5-A97B-4ED4-9DE0-13148FF0A581}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{34FA05CA-B2BE-4A1D-AB4F-AD9D703AC37D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{07BA1DA1-97EC-4B61-98E7-93F6BD3C6511}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{F6F6DCD6-6033-4A94-A919-5ABFE204707E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{51B6B27D-11B8-4DE7-863E-476EF24F2680}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D309EBFA-80A1-413D-91BB-C20586417C0A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{DA29BEA3-4CD3-423F-9897-13C336C52DE4}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{4E040C27-E01A-434E-9745-E77E3CFAA698}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{65782468-C224-4FC9-B0C7-6CCCF7D592D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{889C2CDB-3EE6-4CCF-A7D1-5CC75A90EB7B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{EFC2091F-006F-4D1D-ABD3-803BA44D2398}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3DDE91CB-643E-4AB1-987A-C757C70690E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8405595E-191F-47EE-8AA2-8F0D10F2F379}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{281A7732-F598-4F17-9917-B5EB634A603B}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{E1882682-1680-4941-9DDC-806DF86B4747}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{153C1B7F-D393-45FC-A914-5FED506F00F2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{27788753-9CB1-4137-AEDA-A36A0F557968}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{27E3BDF6-2386-4F8B-8539-ED66CEF18F46}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7D7B1CAF-7B24-439D-8257-539CD851CCA2}] => (Allow) C:\Users\Usuario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E9ED18DB-68A5-45D6-823B-0D6CBE033088}] => (Allow) C:\Users\Usuario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{70DFEDC9-D0FB-4FE6-9625-8C7469EBCDA6}] => (Allow) C:\Users\Usuario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{45DB9580-B67D-48F8-8DD1-74A5FE601A6A}] => (Allow) C:\Users\Usuario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8228CBF2-04AC-4A30-8211-F8334E35A8AF}] => (Allow) C:\Users\Usuario\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5C013048-9E7E-44BB-8C06-0A3AC4D7D899}] => (Allow) C:\Users\Usuario\AppData\Roaming\BitTorrent\BitTorrent.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2015 12:38:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2015 02:22:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa Austria82 bf15.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 1184
 
Hora de Início: 01d0e08831de9b32
 
Hora de Término: 10
 
Caminho do Aplicativo: C:\Users\Usuario\Downloads\Austria82 bf15.exe
 
Id do Relatório: 9b1c5f98-4c7b-11e5-a464-94de80d93a3a
 
Error: (08/27/2015 02:05:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (08/27/2015 01:53:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa msseces.exe versão 4.8.204.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: b88
 
Hora de Início: 01d0e015ace1b6e6
 
Hora de Término: 132
 
Caminho do Aplicativo: C:\Program Files\Microsoft Security Client\msseces.exe
 
Id do Relatório: 6e919960-4c77-11e5-a19c-94de80d93a3a
 
Error: (08/27/2015 01:46:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa FRST64 (2).exe versão 26.8.2015.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 21bc
 
Hora de Início: 01d0e08345a81ea3
 
Hora de Término: 0
 
Caminho do Aplicativo: C:\Users\Usuario\Desktop\FRST64 (2).exe
 
Id do Relatório: 90f75469-4c76-11e5-a19c-94de80d93a3a
 
Error: (08/27/2015 01:17:41 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa Austria82 bf15.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 1408
 
Hora de Início: 01d0e07f19693786
 
Hora de Término: 0
 
Caminho do Aplicativo: C:\Users\Usuario\Downloads\Austria82 bf15.exe
 
Id do Relatório: 8bad08f8-4c72-11e5-a19c-94de80d93a3a
 
Error: (08/27/2015 01:15:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa Austria82 bf15.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 1274
 
Hora de Início: 01d0e07ef32d1cf8
 
Hora de Término: 0
 
Caminho do Aplicativo: C:\Users\Usuario\Downloads\Austria82 bf15.exe
 
Id do Relatório: 490c097e-4c72-11e5-a19c-94de80d93a3a
 
Error: (08/27/2015 01:11:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa Austria82 bf15.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
 
ID de Processo: 143c
 
Hora de Início: 01d0e07e533e6c92
 
Hora de Término: 3
 
Caminho do Aplicativo: C:\Users\Usuario\Downloads\Austria82 bf15.exe
 
Id do Relatório: bcd2b344-4c71-11e5-a19c-94de80d93a3a
 
Error: (08/26/2015 12:45:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: WDBackupEngine.exe, versão: 2.0.0.15, carimbo de hora: 0x55ad9806
Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18933, carimbo de hora: 0x55a69e20
Código de exceção: 0xc00000fd
Deslocamento com falha: 0x0002deee
Identificação do processo com falha: 0x1114
Hora de início do aplicativo com falha: 0xWDBackupEngine.exe0
Caminho do aplicativo com falha: WDBackupEngine.exe1
FCaminho do módulo de falhas: WDBackupEngine.exe2
Identificação do Relatório: WDBackupEngine.exe3
 
Error: (08/26/2015 12:42:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (08/27/2015 12:47:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para FailureCommand com o seguinte erro: 
%%5
 
Error: (08/27/2015 12:46:52 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: 
%%5
 
Error: (08/27/2015 12:42:44 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Windows Update suspenso ao iniciar.
 
Error: (08/27/2015 02:27:39 AM) (Source: SbieDrv) (EventID: 1412) (User: )
Description: SBIE1412 Neste texto: [DefaultBox] \??\%SystemDrive%\Sandbox\%USER%\%SANDBOX%
 
Error: (08/27/2015 02:27:39 AM) (Source: SbieDrv) (EventID: 1406) (User: )
Description: SBIE1406 A expansão de SystemDrive está faltando ou é inválida: [C0000189]
 
Error: (08/27/2015 02:15:32 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para FailureCommand com o seguinte erro: 
%%5
 
Error: (08/27/2015 02:14:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: 
%%5
 
Error: (08/27/2015 02:06:23 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: 
%%5
 
Error: (08/27/2015 02:06:24 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.
 
Feature: %%886
 
Error Code: 0x80070005
 
Error description: Acesso negado. 
 
Reason: %%892
 
Error: (08/27/2015 02:05:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Malwarebytes Anti-Exploit Service devido ao seguinte erro: 
%%1053
 
 
Microsoft Office:
=========================
Error: (08/16/2015 12:58:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6727.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/23/2015 06:07:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/17/2015 05:55:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/25/2015 09:55:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/21/2015 05:52:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/18/2015 05:01:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/15/2015 05:59:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/14/2015 07:56:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/08/2015 10:03:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/21/2014 08:28:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity:
===================================
  Date: 2014-11-23 00:10:32.293
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-23 00:10:32.233
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-06 01:27:49.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-06 01:25:12.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-06 01:11:15.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-06 01:05:17.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-06 00:59:14.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-06 00:29:47.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-06 00:09:02.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-05 23:59:29.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\hmpalert.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 58%
Total physical RAM: 3983.25 MB
Available physical RAM: 1652.14 MB
Total Virtual: 7964.7 MB
Available Virtual: 4575.88 MB
 
==================== Drives ================================
 
Drive c: (DRIVE_C) (Fixed) (Total:465.66 GB) (Free:355.07 GB) NTFS
Drive e: (V) (Fixed) (Total:298.08 GB) (Free:153.71 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (DRIVE_D) (Fixed) (Total:465.76 GB) (Free:178.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive h: (FM2010) (CDROM) (Total:2.32 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D748C4B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F479F479)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DD5F1464)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

FRST.txt

Link to post
Share on other sites

Step 1

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please update Malwarebytes Anti-Malware and perform a threat scan. Post your log.

In your next reply, post the following log files:

  • FRST log
  • Malwarebytes' Anti-Malware log

fixlist.txt

Link to post
Share on other sites

Fixlog was also too big to be posted so again attaching it

 

And the MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Data da verificação: 02/09/2015
Hora da verificação: 17:16
Arquivo de registro: results02092015.txt
Administrador: Sim
 
Versão: 2.1.8.1057
Banco de dados de malware: v2015.09.02.08
Banco de dados de rootkit: v2015.08.16.01
Licença: Premium
Proteção contra malware: Habilitado
Proteção contra website malicioso: Habilitado
Autoproteção: Desabilitado
 
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Usuario
 
Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 406967
Tempo decorrido: 43 min, 13 seg
 
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
 
Processos: 0
(Nenhum item malicioso detectado)
 
Módulos: 0
(Nenhum item malicioso detectado)
 
Chaves de registro: 0
(Nenhum item malicioso detectado)
 
Valores de registro: 0
(Nenhum item malicioso detectado)
 
Dados de registro: 0
(Nenhum item malicioso detectado)
 
Pastas: 0
(Nenhum item malicioso detectado)
 
Arquivos: 0
(Nenhum item malicioso detectado)
 
Setores físicos: 0
(Nenhum item malicioso detectado)
 
 
(end)

Fixlog.txt

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Here they are

 

C:\FRST\Quarantine\C\Users\Usuario\Downloads\networx_setup (4).exe.xBAD a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Program Files\NetWorx\nfapi.dll a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.61.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted - quarantined
C:\Users\Usuario\AppData\Roaming\BitTorrent\updates\7.8.2_30587.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Usuario\AppData\Roaming\BitTorrent\updates\7.9.2_38914.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined
C:\Users\Usuario\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined
C:\Users\Usuario\Desktop\Meus documentos\F\A Bola\VPN.msi a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
C:\Users\Usuario\Desktop\Meus documentos\F\A Bola\VPN.rar a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
C:\Users\Usuario\Desktop\Meus documentos\F\A Bola\2009\Pic\VPN.msi a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
C:\Users\Usuario\Desktop\Meus documentos\F\A Bola\2009\Pic\VPN.rar a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
C:\Users\Usuario\Downloads\advanced-systemcare-setup.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application deleted - quarantined
C:\Users\Usuario\Downloads\BitTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
C:\Users\Usuario\Downloads\BitTorrent_v7.9.3_Build_40299.exe a variant of Win32/OpenCandy.C potentially unsafe application cleaned by deleting - quarantined
C:\Users\Usuario\Downloads\FFSetup3.5.0.0.exe a variant of Win32/Hao123.A potentially unwanted application deleted - quarantined
C:\Users\Usuario\Downloads\FFSetup3.6.0.0.exe a variant of Win32/Hao123.A potentially unwanted application deleted - quarantined
C:\Users\Usuario\Downloads\FFSetup3.7.0.0.exe a variant of Win32/Toptools.A potentially unwanted application deleted - quarantined
C:\Users\Usuario\Downloads\IObit-Malware-Figher-Setup.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application deleted - quarantined
C:\Users\Usuario\Downloads\MovierSetup.zip a variant of Win32/InstallCore.AAU potentially unwanted application deleted - quarantined
C:\Users\Usuario\Downloads\networx_setup (1).exe a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Users\Usuario\Downloads\networx_setup (2).exe a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Users\Usuario\Downloads\networx_setup (3).exe a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Users\Usuario\Downloads\networx_setup (5).exe a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Users\Usuario\Downloads\networx_setup.exe a variant of Win32/NetFilter.A potentially unsafe application deleted - quarantined
C:\Users\Usuario\Downloads\MovierSetup\MovierSetup.exe a variant of Win32/InstallCore.AAU potentially unwanted application cleaned by deleting - quarantined
C:\Windows\System32\drivers\networx.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
E:\Arquivos de programas\CheckPoint\SecuRemote\bin\xpdrv.exe a variant of Win32/CheckPoint.B potentially unsafe application cleaned by deleting - quarantined
E:\Arquivos de programas\DAEMON Tools Toolbar\uninst.exe a variant of Win32/Adware.Toolbar.Shopper.AE application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\aapt.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashReport.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\CrashRpt.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x64.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\devcon_x86.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x64.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DriverInstall_x86.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lsusb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgadb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mgusb.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\OutlookOperatorC.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting - quarantined
E:\Users\Victor\Desktop\Meus documentos\F\A Bola\VPN.msi a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
E:\Users\Victor\Desktop\Meus documentos\F\A Bola\VPN.rar a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
E:\Users\Victor\Desktop\Meus documentos\F\A Bola\2009\Pic\VPN.msi a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
E:\Users\Victor\Desktop\Meus documentos\F\A Bola\2009\Pic\VPN.rar a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
E:\Users\Victor\Downloads\dfdownloader_C7bkFc_.exe a variant of Win32/DepoDownloader.A potentially unwanted application cleaned by deleting - quarantined
F:\Program Files\CheckPoint\SecuRemote\bin\xpdrv.exe a variant of Win32/CheckPoint.B potentially unsafe application cleaned by deleting - quarantined
F:\Windows\Installer\20f4f.msi a variant of Win32/CheckPoint.B potentially unsafe application deleted - quarantined
F:\Windows.old\Users\a\Downloads\11563_daemon_tools_lite_4303.exe a variant of Win32/Adware.Toolbar.Shopper.AE application cleaned by deleting - quarantined
F:\Windows.old\Users\a\Downloads\java_gamepack5_BY_aBo_3AnKpOoT.rar a variant of J2ME/TrojanSMS.Agent.EL trojan deleted - quarantined
F:\Windows.old\Users\a\java_gamepack5_BY_aBo_3AnKpOoT\java gamepack5\aquajet_176x220.jar a variant of J2ME/TrojanSMS.Agent.EL trojan cleaned by deleting - quarantined
Link to post
Share on other sites

  • 2 weeks later...

Glad to hear that! :)

Step 1

Please download DelFix by Xplode and save it to your desktop. Please launch it and make sure that this one is checked: Remove disinfection tools. Click on Run button. The program will run for a few seconds and display a notepad report. You do not need to attach it.

Step 2

Malware preventions:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.