Jump to content

Recommended Posts

Hello , a friend give is laptop to do some cleaning, when i run malwarebytes it show 12580 infected files. move it to quarantine, have run it again this time in windows security mode and detect new 40 files. it take so many time to delete the files or better move it to quarantine.

i just want to  to be sure that laptop is clean. 

Thank you for help and this forum to help people!

 

Link to post
Share on other sites

Hi rstudio :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Are you able to provide me the log with all these detections, so I can review it?

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by tobias (13-06-2017 19:09:58)
Running from C:\Users\tobias\Downloads
Windows 8.1 (Update) (X64) (2015-10-31 19:37:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-2142078832-1358092348-3586350375-500 - Administrator - Disabled)
Convidado (S-1-5-21-2142078832-1358092348-3586350375-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2142078832-1358092348-3586350375-1003 - Limited - Enabled)
tobias (S-1-5-21-2142078832-1358092348-3586350375-1001 - Administrator - Enabled) => C:\Users\tobias

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.4316 - CyberLink Corp.)
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes versão 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
ROBLOX Player for tobias (HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for tobias (HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
simpliclean (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 2.4.6.195 - simplitec GmbH)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.35 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.35.103 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.0.0 - Symbaloo Launcher by Toshiba Europe GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.20C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.53.4 - Compal) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
Visualizador do Microsoft PowerPoint (HKLM-x32\...\{95140000-00AF-0416-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.9 - WildTangent) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18BA11FC-5596-4EBE-AC4C-3CBD29ECEBC9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {2006819F-62F9-4214-8506-7E9BBAE4F65A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {3A21FAFA-873A-43BB-A92B-F8C04A0C9119} - System32\Tasks\simplitec Power Suite (Tray) => C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe [2016-08-31] (simplitec GmbH)
Task: {54F5FB6D-0CAA-47E5-8539-F633F06F5442} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {6B81506C-0B51-4A0E-80B4-C80334C196CF} - System32\Tasks\simplitec Power Suite => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe [2016-08-31] (simplitec GmbH)
Task: {9680362B-328D-4BE4-ABDB-B0704C96711D} - System32\Tasks\{E90BE315-60C2-4D59-ADFC-24A59419DA1E} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.13.0.101/en/abandoninstall?page=tsProgressBar
Task: {99447AD1-E609-4F01-A4E8-CC3BCE021C27} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-20] (Synaptics Incorporated)
Task: {A285E147-ED5D-4B85-9AA9-D0A55630168B} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-08-05] (Toshiba Europe GmbH)
Task: {D1CF65F1-7166-4128-B449-9F91CF0296A8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\simplitec Power Suite (Tray).job => C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
Task: C:\Windows\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-03 14:30 - 2014-03-03 14:30 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-06-12 13:49 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-11-03 12:01 - 2015-11-03 12:01 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-05-18 13:13 - 2017-05-09 02:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-18 13:13 - 2017-05-09 02:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-06-03 15:34 - 2017-06-03 15:34 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\c74ffcf5ee954c671bf318784db7fb65\Windows.UI.ni.dll
2017-06-03 15:34 - 2017-06-03 15:34 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\50bd58f6e859ef187e32584ed3398f8b\Windows.Data.ni.dll
2017-06-03 15:34 - 2017-06-03 15:34 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b657e7595764326d434371d3058552b3\Windows.Foundation.ni.dll
2017-01-18 11:34 - 2017-01-17 21:18 - 00443904 _____ () c:\programdata\microsoft\phone tools\corecon\12.0\3082\nonsdkaddonlangver.dll
2016-09-12 06:58 - 2016-08-31 16:07 - 00110768 _____ () C:\Program Files (x86)\simplitec\simpliclean\modules\common\asp_ipc32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-06-12 13:54 - 00002024 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Toshiba\standard.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ED523261-472E-40BA-9106-98F706798130}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Play.exe
FirewallRules: [{575042BE-2686-493D-8D98-389BFC94DF60}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{F32F24CF-6592-4075-8EA5-C56559D48DEE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{122C102C-549A-4AF6-931C-3759DE7EB73E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{D0851E83-556C-440D-B272-CF29A31C343E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1FAC37F9-D3AD-4221-BEF4-C4B0B31E5D83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{0895FFAF-CDF5-462D-9000-52A9A01B58BF}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{C96630E6-F5F2-4892-9CA0-19D95864B778}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{F4C94E6A-3C95-438A-9C01-322441F311B5}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{1C1291A3-0104-4B83-8B71-A6482E6C4A82}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [TCP Query User{92E6B860-827D-40E4-9C4D-D555FAAFEE26}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E2FD884D-4F7E-43D1-AA5D-58E156E673D1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B7E81AA0-7461-4494-988A-E62838005C0F}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{14137C5E-EA8A-4343-AFB8-6DC5F77E5D14}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{475BEE80-5CFC-46D0-8D25-6A3C117B67E0}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
FirewallRules: [{D95FB0E3-3979-425F-BA90-0969881E13FB}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\PowerSuite.exe
FirewallRules: [{0674FBFF-4D6D-40ED-AD1F-97FAD9E3D291}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{A030A8EB-90FD-45F2-A6DD-EEA9CB5E6B0C}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{AD330B85-F9DB-4EFE-9C5B-FA7844DC4E7D}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [{25BDA6DE-FA41-406A-97B1-4FD0E45F7BD9}] => (Allow) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
FirewallRules: [TCP Query User{A5DC6638-A081-4EF0-8EC4-F0A323051ECC}C:\program files (x86)\simplitec\simpliclean\serviceprovider.exe] => (Block) C:\program files (x86)\simplitec\simpliclean\serviceprovider.exe
FirewallRules: [UDP Query User{51C5497D-C5A6-4356-8406-7E3571DADE4A}C:\program files (x86)\simplitec\simpliclean\serviceprovider.exe] => (Block) C:\program files (x86)\simplitec\simpliclean\serviceprovider.exe
FirewallRules: [TCP Query User{D1B5392E-1CDF-45F1-9D25-E0B0A663BBC9}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe
FirewallRules: [UDP Query User{762C3B86-27FF-4679-AE10-E34621BFE759}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe
FirewallRules: [{B826C0E3-00FE-4F56-A026-9B6C590720C5}] => (Allow) C:\Program Files (x86)\Shutness\Application\chrome.exe
FirewallRules: [{3DE6D733-86BB-453E-B154-4715F273B4D0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-04-2017 08:40:13 Windows Update
21-05-2017 10:59:06 Windows Update
28-05-2017 16:44:06 Windows Update
04-06-2017 11:24:04 Instalado Visualizador do Microsoft PowerPoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2017 12:07:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CLARA)
Description: A ativação da aplicação microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 falhou com o erro: -2144927141. Consulte o registo Microsoft-Windows-TWinUI/Operacional para obter informações adicionais.

Error: (06/12/2017 11:46:17 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (06/07/2017 12:16:38 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (06/07/2017 11:49:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa ByteFence.exe versão 3.9.0.0 deixou de interagir com o Windows e foi fechado. Para verificar se existem mais informações disponíveis sobre o problema, consulte o histórico de problemas no painel de controlo do Centro de Ação.

ID do Processo: 12f0

Hora de Início: 01d2dd71072bac26

Hora de Cessação: 109

Caminho da Aplicação: C:\Program Files\ByteFence\ByteFence.exe

ID do Relatório: f03eecf1-4bb1-11e7-829a-f0761c86ca48

Nome completo do pacote com falha: 

ID da aplicação relativa ao pacote com falha:

Error: (06/04/2017 01:19:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: McSvHost.exe, versão: 6.0.2044.0, carimbo de data/hora: 0x57fd438b
Nome do módulo com falha: McPrtMgrPlugin.dll, versão: 15.0.2063.0, carimbo de data/hora: 0x582f37fd
Código de exceção: 0xc0000005
Desvio de falha: 0x0000000000112a50
ID do processo com falha: 0x9a8
Hora de início da aplicação com falha: 0x01d2dd6dfc904ed9
Caminho da aplicação com falha: C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
Caminho do módulo com falha: C:\Program Files\McAfee\MSC\McPrtMgrPlugin.dll
ID do Relatório: 0f5cf6fb-4963-11e7-8299-f0761c86ca48
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:

Error: (06/04/2017 01:07:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: O procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll" falhou. Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da secção Data contêm o código de erro.

Error: (06/04/2017 11:30:21 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Um problema impediu que os dados do Programa Para o Melhoramento da Experiência do Cliente fossem enviados para a Microsoft. (Erro 80070005).

Error: (06/02/2017 06:05:57 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Um problema impediu que os dados do Programa Para o Melhoramento da Experiência do Cliente fossem enviados para a Microsoft. (Erro 80070005).

Error: (05/31/2017 06:00:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: Um problema impediu que os dados do Programa Para o Melhoramento da Experiência do Cliente fossem enviados para a Microsoft. (Erro 80070005).

Error: (05/30/2017 05:51:47 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database


System errors:
=============
Error: (06/13/2017 06:57:14 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1084" ao tentar iniciar o serviço ShellHWDetection com os argumentos "Indisponível" de forma a executar o servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/13/2017 06:56:57 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1084" ao tentar iniciar o serviço ShellHWDetection com os argumentos "Indisponível" de forma a executar o servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/13/2017 06:56:57 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1084" ao tentar iniciar o serviço WSearch com os argumentos "Indisponível" de forma a executar o servidor:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (06/13/2017 06:56:56 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1084" ao tentar iniciar o serviço WSearch com os argumentos "Indisponível" de forma a executar o servidor:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (06/13/2017 06:56:53 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1084" ao tentar iniciar o serviço WSearch com os argumentos "Indisponível" de forma a executar o servidor:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (06/13/2017 06:56:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de identificação automática do proxy Web WinHTTP depende do serviço Cliente DHCP o qual falhou o arranque devido ao seguinte erro: 
O serviço ou grupo de dependência não conseguiu ser iniciado.

Error: (06/13/2017 06:56:53 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1084" ao tentar iniciar o serviço WSearch com os argumentos "Indisponível" de forma a executar o servidor:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (06/13/2017 06:56:52 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1084" ao tentar iniciar o serviço ShellHWDetection com os argumentos "Indisponível" de forma a executar o servidor:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/13/2017 06:56:50 PM) (Source: DCOM) (EventID: 10005) (User: CLARA)
Description: O DCOM obteve o erro "1068" ao tentar iniciar o serviço netprofm com os argumentos "Indisponível" de forma a executar o servidor:
{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/13/2017 06:56:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Serviço de Lista de Redes depende do serviço Identificação da localização na rede o qual falhou o arranque devido ao seguinte erro: 
O serviço ou grupo de dependência não conseguiu ser iniciado.


CodeIntegrity:
===================================
  Date: 2017-06-12 13:40:02.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-12 13:40:02.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-12 13:40:02.764
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-11 06:09:45.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-11 06:09:42.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-11 06:09:39.995
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-11 06:09:39.941
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-07 12:57:30.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-07 12:57:28.943
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-06-07 12:57:28.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 50%
Total physical RAM: 3982.88 MB
Available physical RAM: 1967.66 MB
Total Virtual: 4942.88 MB
Available Virtual: 2893.55 MB

==================== Drives ================================

Drive c: (TI31378500A) (Fixed) (Total:919.61 GB) (Free:868.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2017
Ran by tobias (administrator) on CLARA (13-06-2017 19:07:27)
Running from C:\Users\tobias\Downloads
Loaded Profiles: tobias (Available Profiles: tobias)
Platform: Windows 8.1 (Update) (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(simplitec GmbH) C:\Program Files (x86)\simplitec\simpliclean\ServiceProvider.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\tobias\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576 2014-12-17] (Spotify Ltd)
HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\...\Run: [BingSvc] => C:\Users\tobias\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-14] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8417D887-307E-4C2A-8662-8F112CF94B5E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FC315FED-601F-44EC-B622-0A43E80327E7}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TEJB
SearchScopes: HKLM -> DefaultScope {E817F635-CF13-4E5D-A079-0C771B57DA90} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E817F635-CF13-4E5D-A079-0C771B57DA90} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2142078832-1358092348-3586350375-1001 -> OldSearch URL = 
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-18] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2016-07-22] ()

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.sapo.pt/
CHR StartupUrls: Default -> "hxxp://www.sapo.pt/"
CHR Profile: C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default [2017-06-13]
CHR Extension: (Google Docs) - C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-12]
CHR Extension: (Google Drive) - C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-13]
CHR Extension: (YouTube) - C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-12]
CHR Extension: (Documentos do Google offline) - C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-12]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-13]
CHR Extension: (Gmail) - C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.) <==== ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] ()
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-07-22] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSLN; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\3082\NonSDKAddonLangVer.dll [443904 2017-01-17] () [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-08-05] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-12] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-13] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-13] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-06-13] (Malwarebytes)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-20] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows (R) Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S1 egyzifgx; \??\C:\Windows\system32\drivers\egyzifgx.sys [X]
S1 ffqlodsh; \??\C:\Windows\system32\drivers\ffqlodsh.sys [X]
S1 MpKsle28196b9; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDD409EC-592D-48FF-BC70-6C363693E61F}\MpKsle28196b9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 19:07 - 2017-06-13 19:08 - 00013172 _____ C:\Users\tobias\Downloads\FRST.txt
2017-06-13 19:06 - 2017-06-13 19:07 - 00000000 ____D C:\FRST
2017-06-13 19:04 - 2017-06-13 19:04 - 02438656 _____ (Farbar) C:\Users\tobias\Downloads\FRST64.exe
2017-06-13 07:59 - 2017-06-13 07:59 - 00000000 ____D C:\Windows\pss
2017-06-12 13:49 - 2017-06-13 18:58 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-12 13:49 - 2017-06-13 18:58 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-12 13:49 - 2017-06-13 18:58 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-12 13:49 - 2017-06-13 18:58 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-12 13:49 - 2017-06-13 08:02 - 00002051 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-12 13:49 - 2017-06-12 13:49 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-12 13:49 - 2017-06-12 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-12 13:49 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-12 13:48 - 2017-06-12 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-12 13:48 - 2017-06-12 13:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-12 13:47 - 2017-06-12 13:48 - 64232976 _____ (Malwarebytes ) C:\Users\tobias\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-07 12:58 - 2017-06-12 19:21 - 00002149 _____ C:\Users\tobias\Desktop\Google Chrome.lnk
2017-06-04 13:41 - 2017-05-30 13:45 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-06-04 13:29 - 2017-06-04 13:29 - 00000026 _____ C:\Users\tobias\Desktop\meu email.txt
2017-06-04 11:35 - 2017-06-04 11:35 - 00000000 ____D C:\Users\tobias\Desktop\Trabalhos da escola
2017-06-04 11:25 - 2017-06-04 11:25 - 00002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visualizador do Microsoft PowerPoint .lnk
2017-06-04 11:23 - 2017-06-04 11:23 - 00000000 ____D C:\Program Files (x86)\MSECache
2017-05-28 17:02 - 2017-04-28 15:44 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-28 17:02 - 2017-04-28 15:44 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-21 13:58 - 2017-02-23 07:50 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-05-21 13:58 - 2017-02-22 07:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-05-21 13:58 - 2017-02-22 07:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-05-21 13:58 - 2017-02-22 07:35 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-05-21 13:58 - 2017-02-22 07:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-05-21 13:58 - 2017-02-22 07:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-05-21 13:58 - 2017-02-22 07:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-05-21 13:58 - 2017-02-22 07:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-05-21 13:58 - 2017-02-22 07:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-05-21 11:04 - 2017-03-30 06:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-21 11:04 - 2017-03-30 06:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-21 11:04 - 2017-03-30 06:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-21 11:04 - 2017-03-30 06:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-19 12:05 - 2017-04-16 02:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-19 12:05 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-19 12:05 - 2017-04-16 01:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-19 12:05 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-19 12:05 - 2017-04-16 00:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-19 12:05 - 2017-04-16 00:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-19 12:05 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-19 12:05 - 2017-04-16 00:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-19 12:05 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-19 12:05 - 2017-04-16 00:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-19 12:05 - 2017-04-16 00:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-19 12:05 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-19 12:05 - 2017-04-15 23:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-19 12:05 - 2017-04-15 23:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-19 12:05 - 2017-03-11 11:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-19 12:05 - 2017-03-11 10:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-19 12:04 - 2017-04-28 14:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-19 12:04 - 2017-04-26 07:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-19 12:04 - 2017-04-16 03:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-19 12:04 - 2017-04-16 03:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-19 12:04 - 2017-04-16 03:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-19 12:04 - 2017-04-16 02:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-19 12:04 - 2017-04-16 02:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-19 12:04 - 2017-04-16 01:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-19 12:04 - 2017-04-16 01:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-19 12:04 - 2017-04-16 01:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-19 12:04 - 2017-04-16 01:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-19 12:04 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-19 12:04 - 2017-04-16 00:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-19 12:04 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-19 12:04 - 2017-04-16 00:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-19 12:04 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-19 12:04 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-19 12:04 - 2017-04-16 00:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-19 12:04 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-19 12:04 - 2017-04-16 00:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-19 12:04 - 2017-04-16 00:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-19 12:04 - 2017-04-16 00:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-19 12:04 - 2017-04-16 00:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-19 12:04 - 2017-04-15 23:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-19 12:04 - 2017-04-15 23:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-19 12:04 - 2017-04-15 23:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-19 12:04 - 2017-04-15 23:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-19 12:04 - 2017-04-09 15:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-19 12:04 - 2017-04-09 15:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-19 12:04 - 2017-04-07 16:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-19 12:04 - 2017-04-07 06:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-19 12:04 - 2017-03-14 07:26 - 03714560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-05-19 12:04 - 2017-03-11 10:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-19 12:04 - 2017-03-07 19:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-19 12:04 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-05-19 12:04 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-05-19 12:04 - 2017-02-04 13:30 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-19 12:04 - 2017-02-04 13:30 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-05-19 12:04 - 2017-02-04 13:30 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-19 12:04 - 2017-02-04 13:30 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-05-19 12:04 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-05-19 12:04 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-19 12:04 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-05-19 12:04 - 2017-01-05 11:09 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-05-19 12:04 - 2017-01-05 10:29 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-05-19 12:04 - 2017-01-05 10:13 - 07796224 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-05-19 12:04 - 2017-01-05 09:57 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-05-19 12:03 - 2017-04-16 03:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-19 12:03 - 2017-04-16 03:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-19 12:03 - 2017-04-16 02:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-19 12:03 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-19 12:03 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-19 12:03 - 2017-04-16 01:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-19 12:03 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-19 12:03 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-19 12:03 - 2017-04-16 01:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-19 12:03 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-19 12:03 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-19 12:03 - 2017-04-16 00:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-19 12:03 - 2017-04-16 00:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-19 12:03 - 2017-04-02 09:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-19 12:03 - 2017-04-02 09:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-19 12:03 - 2017-03-31 16:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-19 12:03 - 2017-03-31 14:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-19 12:03 - 2017-03-14 12:06 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-05-19 12:03 - 2017-03-14 07:09 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-05-19 12:03 - 2017-03-14 07:08 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-05-19 12:03 - 2017-03-14 07:06 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-05-19 12:03 - 2017-03-13 09:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-19 12:03 - 2017-03-13 09:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-19 12:03 - 2017-03-13 09:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-19 12:03 - 2017-03-13 09:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-19 12:03 - 2017-03-13 09:08 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2017-05-19 12:03 - 2017-03-13 09:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-19 12:03 - 2017-03-12 08:04 - 00033792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-05-19 12:03 - 2017-03-11 12:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-19 12:03 - 2017-03-11 12:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-19 12:03 - 2017-03-11 12:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-19 12:03 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-05-19 12:03 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-05-19 12:03 - 2017-03-10 20:44 - 00373080 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-05-19 12:03 - 2017-03-10 20:41 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-05-19 12:03 - 2017-03-10 16:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-19 12:03 - 2017-03-10 16:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-19 12:03 - 2017-03-09 13:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-19 12:03 - 2017-03-09 12:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-19 12:03 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-05-19 12:03 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-05-19 12:03 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-05-19 12:03 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-05-19 12:03 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-05-19 12:03 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-05-19 12:03 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-05-19 12:03 - 2017-02-11 10:00 - 00865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-05-19 12:03 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-05-19 12:03 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-05-19 12:03 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2017-05-19 12:03 - 2017-02-09 08:28 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-05-19 12:03 - 2017-02-09 08:19 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-05-19 12:03 - 2017-02-09 08:16 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-05-19 12:03 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-05-19 12:03 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-05-19 12:03 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-05-19 12:03 - 2017-02-04 11:14 - 01001472 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-05-19 12:03 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-05-19 12:03 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-05-19 12:03 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-05-19 12:03 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-05-19 12:03 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-05-19 12:03 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-05-19 12:03 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-05-19 12:03 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-05-19 12:03 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-05-19 12:03 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-19 12:03 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-19 12:03 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-19 12:03 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-19 12:03 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-05-19 12:03 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-05-19 12:03 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-05-19 12:03 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-05-19 12:03 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-05-19 12:03 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-05-19 12:03 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2017-05-19 12:03 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2017-05-19 12:03 - 2017-01-11 23:12 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-05-19 12:03 - 2017-01-11 12:37 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-05-19 12:03 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-05-19 12:03 - 2017-01-11 10:28 - 00422744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-05-19 12:03 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-05-19 12:03 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-05-19 12:03 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-05-19 12:03 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-05-19 12:03 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-05-19 12:03 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-05-19 12:03 - 2017-01-10 12:08 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-05-19 12:03 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-05-19 12:03 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-05-19 12:03 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys
2017-05-19 12:03 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-05-19 12:03 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-05-19 12:03 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-05-19 12:03 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-05-19 12:03 - 2016-12-09 01:08 - 00379736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-05-19 12:02 - 2017-03-13 09:13 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-05-19 12:02 - 2017-03-13 09:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-05-19 12:02 - 2017-03-13 09:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-05-19 12:02 - 2017-03-13 09:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-19 12:02 - 2017-03-13 08:59 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-05-19 12:02 - 2017-03-13 08:59 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-05-19 12:02 - 2017-03-13 08:56 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-05-19 12:02 - 2017-03-09 14:08 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-05-19 12:02 - 2017-03-09 12:29 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-05-17 10:33 - 2017-05-17 10:33 - 07649280 _____ C:\Program Files (x86)\GUTFD1A.tmp
2017-05-17 10:33 - 2017-05-17 10:33 - 00000000 ____D C:\Program Files (x86)\GUMFD09.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-13 19:09 - 2015-10-31 13:19 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8BDBFEE2-BE87-447E-9191-CDD6AED422D8}
2017-06-13 18:59 - 2016-09-12 06:59 - 00000448 _____ C:\Windows\Tasks\simplitec Power Suite (Tray).job
2017-06-13 18:59 - 2015-11-01 10:08 - 00000000 ___RD C:\Users\tobias\OneDrive
2017-06-13 18:58 - 2016-09-28 07:36 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-06-13 18:57 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 18:57 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-06-12 23:36 - 2016-09-28 07:35 - 00000000 ____D C:\Users\tobias\AppData\Roaming\Elex-tech
2017-06-12 19:22 - 2015-10-31 12:43 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2142078832-1358092348-3586350375-1001
2017-06-12 17:16 - 2016-09-28 07:38 - 00000000 ____D C:\Program Files (x86)\Hotjob
2017-06-07 12:58 - 2015-10-31 12:37 - 00001065 _____ C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-04 13:24 - 2014-12-17 10:44 - 00000000 ____D C:\ProgramData\McAfee
2017-06-04 13:24 - 2014-12-17 10:44 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-06-04 13:20 - 2013-08-22 08:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-06-04 13:20 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-06-04 13:11 - 2013-08-22 06:36 - 00000000 ____D C:\Windows\Inf
2017-06-04 13:07 - 2015-11-03 12:37 - 00000000 ____D C:\Windows\system32\MRT
2017-06-04 13:05 - 2013-08-22 07:44 - 00338104 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-04 13:00 - 2015-10-31 13:21 - 00000000 ____D C:\Users\tobias\AppData\Roaming\Skype
2017-06-04 12:48 - 2014-05-06 08:20 - 00788756 _____ C:\Windows\system32\prfh0816.dat
2017-06-04 12:48 - 2014-05-06 08:20 - 00163828 _____ C:\Windows\system32\prfc0816.dat
2017-06-04 12:48 - 2014-03-18 02:53 - 01816356 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-04 11:36 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2017-06-04 11:25 - 2014-09-08 11:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-03 12:01 - 2017-03-05 11:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-03 12:01 - 2014-09-08 11:07 - 00000000 ____D C:\ProgramData\Skype
2017-06-02 19:06 - 2016-07-22 13:20 - 00001416 _____ C:\Users\tobias\Desktop\ROBLOX Player.lnk
2017-06-02 19:06 - 2016-07-22 13:18 - 00000000 ____D C:\Users\tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-05-31 19:18 - 2015-10-31 12:37 - 00000000 ____D C:\Users\tobias
2017-05-28 16:52 - 2015-11-03 12:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-05-28 16:52 - 2015-11-03 12:41 - 00000000 ____D C:\Windows\system32\appraiser
2017-05-28 16:52 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2017-05-28 16:51 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-28 16:51 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-05-28 16:51 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-28 16:47 - 2015-11-03 12:37 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-28 16:47 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-21 12:55 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-21 12:55 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2017-05-18 13:14 - 2016-09-12 06:41 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-18 13:13 - 2016-09-12 06:41 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-18 12:48 - 2014-09-08 11:07 - 00003440 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-18 12:48 - 2014-09-08 11:06 - 00003312 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-05-17 10:33 - 2017-05-17 10:33 - 7649280 _____ () C:\Program Files (x86)\GUTFD1A.tmp
2017-02-08 12:53 - 2017-02-08 12:53 - 0000000 _____ () C:\Program Files (x86)\metadata
2017-02-08 12:53 - 2017-03-05 02:42 - 0000040 _____ () C:\Program Files (x86)\settings.dat
2016-07-22 14:19 - 2016-09-14 02:19 - 0000129 _____ () C:\Users\tobias\AppData\Roaming\WB.CFG
2014-12-17 10:18 - 2014-12-17 10:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2015-11-14 13:49 - 2015-11-14 13:49 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\tobias\AppData\Local\Temp\BingSvc.exe
2015-11-08 13:09 - 2015-11-14 13:49 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\tobias\AppData\Local\Temp\BSvcProcessor.exe
2015-11-08 13:09 - 2015-11-14 13:49 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\tobias\AppData\Local\Temp\BSvcUpdater.exe
2016-09-12 06:53 - 2016-09-12 06:54 - 22972624 _____ (simplitec GmbH                                              ) C:\Users\tobias\AppData\Local\Temp\simpliclean_2.4.6.195.exe
2016-01-11 13:08 - 2017-01-01 05:04 - 18818048 _____ () C:\Users\tobias\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-12 19:23

==================== End of FRST.txt ============================

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Detalhes de Relatório-
Data da Verificação: 13/06/17
Hora da Verificação: 19:59
Ficheiro de Registo: 
Administrador: Sim

-Informação de Software-
Versão: 3.1.2.1733
Versão dos Componentes: 1.0.141
Versão do Pacote de Atualização: 1.0.0
Licença: Versão de Avaliação Gratuita

-Informação do Sistema-
SO: Windows 8.1
CPU: x64
Sistema de Ficheiros: NTFS
Utilizador: CLARA\tobias

-Resumo da Verificação-
Tipo de Verificação: Verificação de Ameaças
Resultado: Concluída
Objetos Verificados: 365177
Ameaças Detetadas: 44
Ameaças Movidas para Quarentena: 0
(Nenhum item malicioso detetado)
Tempo Decorrido: 13 min, 34 s

-Opções de Verificação-
Memória: Ativado
Arranque: Ativado
Sistema de Ficheiros: Ativado
Arquivos: Ativado
Rootkits: Desativado
Heurística: Ativado
PPI: Ativado
MPI: Ativado

-Detalhes da Verificação-
Processo: 0
(Nenhum item malicioso detetado)

Módulo: 0
(Nenhum item malicioso detetado)

Chave de Registo: 0
(Nenhum item malicioso detetado)

Valor de Registo: 0
(Nenhum item malicioso detetado)

Dados de Registo: 0
(Nenhum item malicioso detetado)

Fluxo de Dados: 0
(Nenhum item malicioso detetado)

Pasta: 24
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application\PepperFlash, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
PUP.Optional.Ghokswa, C:\PROGRAM FILES (X86)\Hotjob, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\PROGRAM FILES (X86)\Shutness, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\SwReporter\10.66.3, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\SwReporter, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\USERS\TOBIAS\APPDATA\LOCAL\Hotjob, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\_metadata, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.107.0, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\USERS\TOBIAS\APPDATA\LOCAL\Shutness, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
FraudTool.YAC, C:\PROGRAM FILES (X86)\ELEX-TECH\YAC, Nenhuma Ação pelo Utilizador, [7134], [175180],1.0.0

Ficheiro: 20
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application\PepperFlash\pepflashplayer.dll, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application\d3dcompiler_47.dll, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\chrome.exe, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\chrome_elf.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\chrome_watcher.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\d3dcompiler_47.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\libegl.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\libglesv2.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\SwReporter\10.66.3\software_reporter_tool.exe, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdm.dll, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.107.0\software_reporter_tool.exe, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\_metadata\verified_contents.json, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\manifest.fingerprint, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\manifest.json, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\software_reporter_tool.exe, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdm.dll, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\msvcp110.dll, Nenhuma Ação pelo Utilizador, [7134], [175180],1.0.0
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\msvcr110.dll, Nenhuma Ação pelo Utilizador, [7134], [175180],1.0.0

Setor Físico: 0
(Nenhum item malicioso detetado)


(end)

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Detalhes de Relatório-
Data da Verificação: 13/06/17
Hora da Verificação: 19:59
Ficheiro de Registo: 
Administrador: Sim

-Informação de Software-
Versão: 3.1.2.1733
Versão dos Componentes: 1.0.141
Versão do Pacote de Atualização: 1.0.0
Licença: Versão de Avaliação Gratuita

-Informação do Sistema-
SO: Windows 8.1
CPU: x64
Sistema de Ficheiros: NTFS
Utilizador: CLARA\tobias

-Resumo da Verificação-
Tipo de Verificação: Verificação de Ameaças
Resultado: Concluída
Objetos Verificados: 365177
Ameaças Detetadas: 44
Ameaças Movidas para Quarentena: 0
(Nenhum item malicioso detetado)
Tempo Decorrido: 13 min, 34 s

-Opções de Verificação-
Memória: Ativado
Arranque: Ativado
Sistema de Ficheiros: Ativado
Arquivos: Ativado
Rootkits: Desativado
Heurística: Ativado
PPI: Ativado
MPI: Ativado

-Detalhes da Verificação-
Processo: 0
(Nenhum item malicioso detetado)

Módulo: 0
(Nenhum item malicioso detetado)

Chave de Registo: 0
(Nenhum item malicioso detetado)

Valor de Registo: 0
(Nenhum item malicioso detetado)

Dados de Registo: 0
(Nenhum item malicioso detetado)

Fluxo de Dados: 0
(Nenhum item malicioso detetado)

Pasta: 24
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application\PepperFlash, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
PUP.Optional.Ghokswa, C:\PROGRAM FILES (X86)\Hotjob, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\PROGRAM FILES (X86)\Shutness, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\SwReporter\10.66.3, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\SwReporter, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\USERS\TOBIAS\APPDATA\LOCAL\Hotjob, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\_metadata, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.107.0, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\USERS\TOBIAS\APPDATA\LOCAL\Shutness, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
FraudTool.YAC, C:\PROGRAM FILES (X86)\ELEX-TECH\YAC, Nenhuma Ação pelo Utilizador, [7134], [175180],1.0.0

Ficheiro: 20
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application\PepperFlash\pepflashplayer.dll, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
PUP.Optional.Ghokswa, C:\Program Files (x86)\Hotjob\Application\d3dcompiler_47.dll, Nenhuma Ação pelo Utilizador, [13], [329892],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\chrome.exe, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\chrome_elf.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\chrome_watcher.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\d3dcompiler_47.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\libegl.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
Adware.Ghokswa, C:\Program Files (x86)\Shutness\Application\libglesv2.dll, Nenhuma Ação pelo Utilizador, [329], [365170],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\SwReporter\10.66.3\software_reporter_tool.exe, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdm.dll, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
PUP.Optional.Ghokswa, C:\Users\tobias\AppData\Local\Hotjob\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll, Nenhuma Ação pelo Utilizador, [13], [329894],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.107.0\software_reporter_tool.exe, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\_metadata\verified_contents.json, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\manifest.fingerprint, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\manifest.json, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\SwReporter\19.108.1\software_reporter_tool.exe, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdm.dll, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
Adware.Ghokswa, C:\Users\tobias\AppData\Local\Shutness\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x64\widevinecdmadapter.dll, Nenhuma Ação pelo Utilizador, [329], [365177],1.0.0
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\msvcp110.dll, Nenhuma Ação pelo Utilizador, [7134], [175180],1.0.0
FraudTool.YAC, C:\Program Files (x86)\Elex-tech\YAC\msvcr110.dll, Nenhuma Ação pelo Utilizador, [7134], [175180],1.0.0

Setor Físico: 0
(Nenhum item malicioso detetado)


(end)

Link to post
Share on other sites

This is the last Log (today).

Strange in report tab i have some scan log, but no one with that massive 12000 infected files..I'm very very sure i clean that 12000 infected files yesterday to quarantine. 

right now to clean the 44 files that malwares detected , one hour after it still in 0 of 44 move to quarentine

 

 

Thank you for help , and sorry my english

Link to post
Share on other sites

It's alright :) Let's get busy then.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • simpliclean


If you have an issue when uninstalling a program, please let me know.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-06-2017
Ran by tobias (14-06-2017 07:40:45) Run:1
Running from C:\Users\tobias\Downloads
Loaded Profiles: tobias (Available Profiles: tobias)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [] => [X]

HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Shutness\Application\chrome.exe (Google Inc.) <==== ATTENTION

S1 egyzifgx; \??\C:\Windows\system32\drivers\egyzifgx.sys [X]
S1 ffqlodsh; \??\C:\Windows\system32\drivers\ffqlodsh.sys [X]
S1 MpKsle28196b9; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DDD409EC-592D-48FF-BC70-6C363693E61F}\MpKsle28196b9.sys [X]

FirewallRules: [TCP Query User{D1B5392E-1CDF-45F1-9D25-E0B0A663BBC9}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe
FirewallRules: [UDP Query User{762C3B86-27FF-4679-AE10-E34621BFE759}C:\program files (x86)\hotjob\application\chrome.exe] => (Block) C:\program files (x86)\hotjob\application\chrome.exe
FirewallRules: [{B826C0E3-00FE-4F56-A026-9B6C590720C5}] => (Allow) C:\Program Files (x86)\Shutness\Application\chrome.exe

C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\Hotjob
C:\Program Files (x86)\Shutness
C:\Program Files (x86)\GUMFD09.tmp
C:\Program Files (x86)\GUTFD1A.tmp
C:\Users\tobias\AppData\Local\Hotjob
C:\Users\tobias\AppData\Local\Shutness
C:\Users\tobias\AppData\Roaming\Elex-tech

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => key removed successfully
HKLM\System\CurrentControlSet\Services\egyzifgx => key removed successfully
egyzifgx => service removed successfully
HKLM\System\CurrentControlSet\Services\ffqlodsh => key removed successfully
ffqlodsh => service removed successfully
HKLM\System\CurrentControlSet\Services\MpKsle28196b9 => key removed successfully
MpKsle28196b9 => service removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D1B5392E-1CDF-45F1-9D25-E0B0A663BBC9}C:\program files (x86)\hotjob\application\chrome.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{762C3B86-27FF-4679-AE10-E34621BFE759}C:\program files (x86)\hotjob\application\chrome.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B826C0E3-00FE-4F56-A026-9B6C590720C5} => value removed successfully
C:\Program Files (x86)\Elex-tech => moved successfully
C:\Program Files (x86)\Hotjob => moved successfully
C:\Program Files (x86)\Shutness => moved successfully
C:\Program Files (x86)\GUMFD09.tmp => moved successfully
C:\Program Files (x86)\GUTFD1A.tmp => moved successfully
C:\Users\tobias\AppData\Local\Hotjob => moved successfully
C:\Users\tobias\AppData\Local\Shutness => moved successfully
C:\Users\tobias\AppData\Roaming\Elex-tech => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31555768 B
Java, Flash, Steam htmlcache => 26205 B
Windows/system/drivers => 47253877 B
Edge => 0 B
Chrome => 385387161 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 14538 B
systemprofile32 => 8175744 B
LocalService => 86884 B
NetworkService => 16410 B
tobias => 2173533237 B

RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:47:55 ====

Link to post
Share on other sites

Now let's do a sweep with JRT and AdwCleaner.

iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;


iT103hr.pngJunkware Removal Tool (JRT)

  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Your next reply(ies) should therefore contain:

  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 x64 
Ran by tobias (Administrator) on 14/06/2017 at 19:12:24,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 2 

Successfully deleted: C:\ProgramData\tencent (Folder) 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut) 

Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/06/2017 at 19:17:33,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Edited by rstudio
Link to post
Share on other sites

# AdwCleaner v6.047 - Logfile created 14/06/2017 at 19:35:06
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-14.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : tobias - CLARA
# Running from : C:\Users\tobias\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: MSLN


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\sozy
[#] Folder deleted on reboot: C:\ProgramData\Application Data\sozy
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
[-] Folder deleted: C:\Program Files (x86)\reports


***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] File deleted: C:\Program Files (x86)\settings.dat
[-] File deleted: C:\Users\Public\Documents\cfg.ini
[-] File deleted: C:\Users\Public\Documents\cc.ini
[-] File deleted: C:\Users\Public\Documents\temp.dat
[-] File deleted: C:\Users\Public\Documents\report.dat


***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Key deleted: HKU\S-1-5-21-2142078832-1358092348-3586350375-1001\Software\PConverter
[#] Key deleted on reboot: HKCU\Software\PConverter
[-] Key deleted: HKLM\SOFTWARE\ByteFence
[-] Key deleted: HKLM\SOFTWARE\Elex-tech
[-] Key deleted: HKLM\SOFTWARE\Corner Sunshine
[-] Key deleted: HKLM\SOFTWARE\WinSaberSvc
[#] Key deleted on reboot: [x64] HKCU\Software\PConverter
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pcpurifier.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.pcpurifier.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akz.imgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\imgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\minecraft.softonic.com.br
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pricepeep.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com.br
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.pricepeep00.pricepeep.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\the-sims-3.softonic.com.br
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\the-sims-4.softonic.com.br
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pcpurifier.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.pcpurifier.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akz.imgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hp.myway.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\imgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\minecraft.softonic.com.br
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pricepeep.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com.br
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.pricepeep00.pricepeep.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\the-sims-3.softonic.com.br
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\the-sims-4.softonic.com.br
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6293 Bytes] - [14/06/2017 19:35:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [6099 Bytes] - [14/06/2017 19:33:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6439 Bytes] ##########
 

 

Thank you Aura, how do you think it is now ?

Link to post
Share on other sites

No problem, you're welcome! Yes, please create a new thread for that computer.

Since there are no signs of infection anymore in your logs, and you just told me that there are no more issues left to address, I guess we're done here. We'll wrap it up by running DelFix to delete the tools and logs that were used in this clean-up.

BWuhenj.pngDelFix
Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options :
    • Activate UAC;
    • Remove disinfection tools;
    • Create registry backup;
    • Purge system restore;
    • Reset system settings;
  • Once all the options mentionned above are checked, click on Run;
  • After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;

Qt25440.pngTips, tricks, advice and recommendations

Now it's time to give you some tips, tricks, advice and recommendations on how to protect your system and prevent you from being infected in the future. This is where I'll explain basic security measures that you should take to protect and harden your system, and also make sure it stays as safe and secure as possible against hackers and malware. You are free to ignore the recommendations listed below, although I obviously do not recommend it. If you have any questions about one of the points covered in the speech below, feel free to ask me your questions here directly so I can answer them and guide you.

Windows Updates

Keeping Windows up to date is one of the first steps in having a safe and secure system. The Security Updates that Windows receives are meant to fix exploits and flaws in it that makes it more secure and not exploitable by hackers. In order to do that, you should always install the Security Updates, known as "Important Updates" on your Windows system. These updates are released on the second Tuesday of every month, but some are also released before if they are emergency/critical Security Updates. Let's make sure that you have all your Important Updates and Recommended Updates installed and that your Windows Updates are set to be installed automatically.

Keeping your programs up-to-date

Like keeping Windows updated, keeping your installed programs up-to-date is another important step in having a safe and secure system. Outdated programs can be exploited by hackers and malware to infect a system and take it over. This is especially true today with the rise of Exploit Kits which is one of the biggest attack vectors to distribute malware. Therefore, you should always keep vulnerable programs like Adobe Flash Player, Adobe Shockwave Player, Java, Silverlight, etc. updated to their most recent version (even better, you don't have to install them if you don't use them). Programs like eLDnJfI.pngSecuniaPSI and dqVs5wj.pngHeimdal Free will scan your system for outdated programs, and help you identify them, as well as update them.

Antivirus, Antimalware, Firewall and Anti-Exploit/Ransomware

Having a decent security setup (led by an Antivirus) is the most crucial step to protect a system. These programs are a layer of defence that will prevent a system from being infected, or if it somehow ends up infected, help mitigate the infection and remediate it. Ideally, you should have on your system one Antivirus (never more than one installed at the time), one Antimalware (you can install multiple of these, assuming they do not conflict with each other and the other security programs installed), one Firewall and if you wish, one Anti-Exploit and/or Anti-Ransomware (since Ransomware are currently the most dangerous threat around and it can hit anywhere). Here are a few programs worth checking out if you don't have one yet.

Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while a lot of other good programs only have a paid version but aren't listed there (such as Kaspersky and ESET Antivirus products).

Antivirus

Antimalware

Firewall
Starting in Windows Vista, the Windows Firewall greatly improved and will satisfy the needs of most users. If you do not have an Internet Suite Antivirus program (which includes a firewall) and you want to use a 3rd party firewall, you can consider the options below.

  • 7p3JzTS.pngGlassWire - Has both a free and paid version (with different packages);
  • MQIMh6k.pngWindows Firewall Control - Gives you more control over your Windows Firewall;
  • 5RXGshU.pngTinyWall - Lightweight firewall implementing the Windows Firewall and giving you more control over it;

Anti-Exploit/Anti-Ransomware

Web Browsers and Web Browsing

Web Browsers could be considered as the closest door between a malware and your system. This is where most malware goes through to infect a system, and therefore it should be the program(s) you want to secure the most. There are two ways of going about it: hardening your web browser via extensions, and having good browsing habits. 

Hardening your web browser means to install extensions that will help it protect itself (and your system on the same occasion) against Exploit Kits, MiTM attacks, etc. but also you at the same time. Here are a few extensions that I recommend you to install.

  • uBlock Origin: Efficient multi-purpose blocker that is lightweight on RAM and CPU usage (Google Chrome and Mozilla Firefox, called uBlock on Opera);
  • HTTPS Everywhere: Extension that converts your HTTP (unencrypted) requests to HTTPS (encrypted) ones (Google Chrome, Mozilla Firefox and Opera);
  • Web of Trust: Website reputation, rating and review extension that will help you quickly identify bad and suspicious sites from good ones (every web browsers);
  • NoScript: NoScript is a script blocker (Java, Flash, JavaScript, etc.) for Mozilla Firefox and Firefox-based browsers (Mozilla Firefox and Firefox-based web browsers);
  • uMatrix: For advanced users, a point and click matrix-like extensions that allow you to control requests done on a webpage (based on source, destination and type) (Google Chrome, Mozilla Firefox and Opera);
  • LastPass: Secure password manager allowing you to create, manage, and use passwords you save in your LastPass account (every web browser);

As for safe browsing habits, you can find tons of guides, tutorials, articles, etc. online that will highlight the basics you need to follow (only visit websites you trust, do not click on ads, do not download files from untrusted sources, use a password manager, always verify the URL of a website and make sure it's correctly typed, etc.), and even what you can do if you want to take it a step further (create a fake email address for spam emails, browse the web in a privacy mode, etc.). Here are a few:


As you can see, there are plenty of resources out there. Simply Googling "good browsing habits" or "safe browsing habits" should allow you to find a lot of them.

Other recommendations

Even if you follow every recommendation that I listed here, in the end, it's also your job to be careful when browsing the web and downloading files if you don't want to get infected. Therefore, if you use your brain (common sense) when browsing the web, downloading programs and files, etc., you have far less chances to get infected by a malware. If for example you're not sure if a website is legitimate or not, or if a file is safe to download and execute, or if a program looks "too good" to be free, I suggest you to avoid going to that website, downloading that file or using that program.

Here are a few guides, tutorials, articles, etc. that you could read in order to learn more about computer protection and security to improve your current computer protection setup but also improve your good web browsing and computer usage practices :


gRvSooB.pngThe End!

And that's it! Now that you know more about how to protect your computer and secure it, you're good to go back to your online activities, but in a safe and secure way! You are also free to stay on the forums and ask for help in different topics if you ever need to. Just make sure that you post your question/issue in the right section to get the best assistance possible. And if you ever get infected again (which I hope you wont!), you can always comeback in this section to get another checkup with one of our trained malware removal member.

Do you have any questions before I close this thread? :)

Link to post
Share on other sites

Thank you so much Aura, this ir really a great help!

i'm glad i come to this forum!

How could i learn, how to read log's , what is your recommendation school/forum ?

 

 

the is the log

# DelFix v1.013 - Logfile created 15/06/2017 at 09:26:02
# Updated 17/04/2016 by Xplode
# Username : tobias - CLARA
# Operating System : Windows 8.1  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\tobias\Desktop\AdwCleaner.exe
Deleted : C:\Users\tobias\Desktop\JRT.exe
Deleted : C:\Users\tobias\Desktop\JRT.txt
Deleted : C:\Users\tobias\Downloads\Addition.txt
Deleted : C:\Users\tobias\Downloads\AdwCleaner.exe
Deleted : C:\Users\tobias\Downloads\Fixlog.txt
Deleted : C:\Users\tobias\Downloads\FRST.txt
Deleted : C:\Users\tobias\Downloads\FRST64.exe
Deleted : C:\Users\tobias\Downloads\JRT.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #44 [Instalado Visualizador do Microsoft PowerPoint | 06/04/2017 18:24:04]
Deleted : RP #46 [Restore Point Created by FRST | 06/14/2017 14:40:57]
Deleted : RP #47 [JRT Pre-Junkware Removal | 06/15/2017 02:12:29]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 

Link to post
Share on other sites

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.