Jump to content

dashx

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dashx
    Hey, I actually found out the cause of the problem. My internet provider modem had been hacked, and the DNS settings changed there. Apparently it was using a default password. I had a tech from my isp come by and change the settings (along with the password), and everyhting seems to be working fine now. I have no idea how someone managed to change my modem's settings, but at least it looks good now. Malwarebytes is not alerting me anymore, protection log is clean. Thanks for your help, though. If you any suggestions on how to prevent this kind of problem, I would be grateful. Other than that, this topic is ready to be closed.
  2. dashx
    Here are the logs. Problem persists. AdwCleaner log # AdwCleaner v4.205 - Relatório criado 25/05/2015 às 16:34:27 # Atualizado 21/05/2015 por Xplode # Base de dados : 2015-05-21.2 [Local] # Sistema operacional : Windows 7 Professional Service Pack 1 (x64) # Usuário : Cleber - CLEBER-HP # Executando de : C:\Users\Cleber\Desktop\AdwCleaner.exe # Opção : Limpar ***** [ Serviços ] ***** ***** [ Arquivos / Pastas ] ***** Arquivo Excluído : C:\Users\Cleber\AppData\Roaming\AdobeWLCMCache.dat ***** [ Tarefas agendadas ] ***** ***** [ Atalhos ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** -\\ Internet Explorer v11.0.9600.17801 -\\ Mozilla Firefox v38.0.1 (x86 en-US) -\\ Google Chrome v -\\ Opera v29.0.1795.47 ************************* AdwCleaner[R0].txt - [3355 bytes] - [20/05/2015 23:19:26] AdwCleaner[R1].txt - [1018 bytes] - [25/05/2015 16:31:58] AdwCleaner[s0].txt - [3014 bytes] - [20/05/2015 23:23:17] AdwCleaner[s1].txt - [936 bytes] - [25/05/2015 16:34:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [994 bytes] ########## Junkware Removal Tool log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.7.9 (05.24.2015:1) OS: Windows 7 Professional x64 Ran by Cleber on 25/05/2015 at 16:22:34,43 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin ~~~ FireFox Successfully deleted: [File] C:\Users\Cleber\AppData\Roaming\mozilla\firefox\profiles\oovu64sn.default\invalidprefs.js Emptied folder: C:\Users\Cleber\AppData\Roaming\mozilla\firefox\profiles\oovu64sn.default\minidumps [2 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25/05/2015 at 16:28:54,89 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. dashx
    Yes, I unninstalled it first.
  4. dashx
    Here is the fixlist log. But after my pc rebooted, as soon as I connected to the internet the DchpNameServer got changed back again. Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01 Ran by Cleber at 2015-05-25 09:30:08 Run:2 Running from C:\Users\Cleber\Desktop Loaded Profiles: Cleber & (Available Profiles: Cleber & Convidado) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1346934619-67578464-4156683422-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Tcpip\Parameters: [DhcpNameServer] 94.102.63.115 8.8.8.8 EmptyTemp: end ***************** Processes closed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully "HKU\S-1-5-21-1346934619-67578464-4156683422-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value Removed successfully EmptyTemp: => Removed 632.2 MB temporary data. The system needed a reboot. ==== End of Fixlog 09:30:58 ====
  5. dashx
    Below is the new FRST log. I really appreciate your help (and your patient) with this. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01 Ran by Cleber (administrator) on CLEBER-HP on 24-05-2015 22:48:34 Running from C:\Users\Cleber\Desktop Loaded Profiles: Cleber (Available Profiles: Cleber & Convidado) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Português (Brasil) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (IVONA Software Sp. z o.o.) C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKU\S-1-5-21-1346934619-67578464-4156683422-1002\...\Run: [iVONA ControlCenter] => C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe [2541392 2014-10-23] (IVONA Software Sp. z o.o.) HKU\S-1-5-21-1346934619-67578464-4156683422-1002\...\Run: [GalaxyClient] => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe [7242808 2015-05-13] (GOG.com) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-04] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1346934619-67578464-4156683422-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1346934619-67578464-4156683422-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://br.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pt.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-21] (Microsoft Corporation) BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-25] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-05-21] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-21] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-25] (Oracle Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-07] (Advanced Micro Devices) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-05-21] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices) Hosts: 127.0.0.1 localhost Tcpip\Parameters: [DhcpNameServer] 94.102.63.115 8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\oovu64sn.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll No File FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-25] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-04-20] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-17] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Cleber\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-12-23] (Raidcall) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-04-20] (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File FF Plugin HKU\S-1-5-21-1346934619-67578464-4156683422-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Cleber\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-19] (Citrix Online) FF Plugin HKU\S-1-5-21-1346934619-67578464-4156683422-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cleber\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1346934619-67578464-4156683422-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File FF Extension: NoScript - C:\Users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\oovu64sn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-05-18] FF Extension: Adblock Plus - C:\Users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\oovu64sn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-18] Chrome: ======= CHR StartupUrls: Default -> "https://www.duolingo.com/" CHR Profile: C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Duolingo on the Web) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-10-04] CHR Extension: (Google Drive) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-23] CHR Extension: (YouTube) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-23] CHR Extension: (Google Search) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-23] CHR Extension: (Kindle Cloud Reader) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-21] CHR Extension: (Google Wallet) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Cleber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.) [] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation) S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1753144 2015-05-13] (GOG.com) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-20] (SurfRight B.V.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [] R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-16] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-30] () S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-09-20] (Broadcom Corporation.) R0 D87BBA26; C:\Windows\System32\drivers\D87BBA26.sys [457824 2015-05-23] (Kaspersky Lab ZAO) S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] () S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-19] () R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation) R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project) S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X] S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-24 22:48 - 2015-05-24 22:49 - 00018894 _____ () C:\Users\Cleber\Desktop\FRST.txt 2015-05-24 22:48 - 2015-05-24 22:48 - 02108416 _____ (Farbar) C:\Users\Cleber\Desktop\FRST64.exe 2015-05-23 21:12 - 2015-05-23 21:26 - 89150014 _____ () C:\Users\Cleber\Desktop\Modern.Family.S06E24._TVix.rmvb 2015-05-23 14:18 - 2015-05-23 14:18 - 00457824 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\D87BBA26.sys 2015-05-23 14:17 - 2015-05-23 14:18 - 00000000 ____D () C:\KVRT_Data 2015-05-23 14:06 - 2015-05-23 14:17 - 112636576 _____ (Kaspersky Lab ZAO) C:\Users\Cleber\Desktop\KVRT.exe 2015-05-22 20:30 - 2015-05-22 20:30 - 00000000 ____D () C:\Users\Cleber\AppData\Local\TempTaskUpdateDetection9AA3EC07-8F2E-458C-98E7-89C80D7DF446 2015-05-22 19:42 - 2015-05-22 19:42 - 00000220 _____ () C:\Users\Cleber\Desktop\ESET scan.txt 2015-05-22 12:54 - 2015-05-22 12:54 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-05-22 12:53 - 2015-05-22 12:53 - 02347384 _____ (ESET) C:\Users\Cleber\Desktop\esetsmartinstaller_enu.exe 2015-05-22 09:18 - 2015-05-22 09:18 - 00036848 _____ () C:\ComboFix.txt 2015-05-22 08:54 - 2015-05-22 09:18 - 00000000 ____D () C:\Qoobox 2015-05-22 08:54 - 2011-06-26 03:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-05-22 08:54 - 2010-11-07 14:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-05-22 08:54 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-05-22 08:54 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-05-22 08:54 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-05-22 08:54 - 2000-08-30 21:00 - 00098816 _____ () C:\Windows\sed.exe 2015-05-22 08:54 - 2000-08-30 21:00 - 00080412 _____ () C:\Windows\grep.exe 2015-05-22 08:54 - 2000-08-30 21:00 - 00068096 _____ () C:\Windows\zip.exe 2015-05-22 08:53 - 2015-05-22 09:15 - 00000000 ____D () C:\Windows\erdnt 2015-05-22 08:46 - 2015-05-22 08:47 - 05627500 ____R (Swearware) C:\Users\Cleber\Desktop\ComboFix.exe 2015-05-21 13:24 - 2015-05-21 13:24 - 00000000 ____D () C:\Users\Cleber\Desktop\FRST-OlderVersion 2015-05-21 12:10 - 2015-05-21 12:11 - 05684904 _____ (Avast Software s.r.o.) C:\Users\Cleber\Desktop\avastclear.exe 2015-05-21 10:21 - 2015-05-21 10:21 - 00023925 _____ () C:\Users\Cleber\Desktop\malwarebytes report.txt 2015-05-21 09:48 - 2015-05-24 22:48 - 00000000 ____D () C:\FRST 2015-05-21 00:43 - 2015-05-21 00:43 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-05-20 23:36 - 2015-05-21 00:50 - 00000000 ____D () C:\Users\Todos os Usuários\HitmanPro 2015-05-20 23:36 - 2015-05-21 00:50 - 00000000 ____D () C:\ProgramData\HitmanPro 2015-05-20 23:36 - 2015-05-21 00:49 - 00000000 ____D () C:\Program Files\HitmanPro 2015-05-20 23:36 - 2015-05-20 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2015-05-20 23:17 - 2015-05-20 23:23 - 00000000 ____D () C:\AdwCleaner 2015-05-20 23:11 - 2015-05-20 23:19 - 161478737 _____ () C:\Users\Cleber\Downloads\The.Flash.S01E23._TVix.rmvb 2015-05-19 20:57 - 2015-05-19 21:02 - 73342952 _____ () C:\Users\Cleber\Downloads\Y.and.H.S02E08._TVix.rmvb 2015-05-19 19:44 - 2015-05-24 17:07 - 00001420 _____ () C:\Users\Cleber\Desktop\Rkill.txt 2015-05-19 18:05 - 2015-05-19 18:09 - 77143094 _____ () C:\Users\Cleber\Downloads\Modern.Family.S06E23._TVix.rmvb 2015-05-19 17:24 - 2015-05-19 17:35 - 195188501 _____ () C:\Users\Cleber\Downloads\GoT.S05E06._TVix.rmvb 2015-05-19 17:07 - 2015-05-24 17:08 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2015-05-19 17:07 - 2015-05-19 17:27 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller 2015-05-19 17:07 - 2015-05-19 17:27 - 00000000 ____D () C:\ProgramData\RogueKiller 2015-05-19 17:06 - 2015-05-24 15:01 - 00000000 ____D () C:\Users\Cleber\Desktop\safety 2015-05-13 20:02 - 2015-05-13 20:02 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\ATI 2015-05-13 20:02 - 2015-05-13 20:02 - 00000000 ____D () C:\Users\Cleber\AppData\Local\AMD 2015-05-13 17:47 - 2015-04-21 23:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-05-13 17:47 - 2015-04-21 22:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-05-13 17:47 - 2015-04-21 14:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-05-13 17:47 - 2015-04-21 14:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-05-13 17:47 - 2015-04-21 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-05-13 17:47 - 2015-04-21 13:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-05-13 17:47 - 2015-04-21 13:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-05-13 17:47 - 2015-04-21 13:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-05-13 17:47 - 2015-04-21 13:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-05-13 17:47 - 2015-04-21 13:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-05-13 17:47 - 2015-04-21 13:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-05-13 17:47 - 2015-04-21 13:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-05-13 17:47 - 2015-04-21 13:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-05-13 17:47 - 2015-04-21 13:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-05-13 17:47 - 2015-04-21 13:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-05-13 17:47 - 2015-04-21 13:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-05-13 17:47 - 2015-04-21 13:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-05-13 17:47 - 2015-04-21 13:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-05-13 17:47 - 2015-04-21 13:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-05-13 17:47 - 2015-04-21 13:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-05-13 17:47 - 2015-04-21 13:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-05-13 17:47 - 2015-04-21 13:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-05-13 17:47 - 2015-04-21 13:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-05-13 17:47 - 2015-04-21 13:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-05-13 17:47 - 2015-04-21 13:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-05-13 17:47 - 2015-04-21 13:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-05-13 17:47 - 2015-04-21 13:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-05-13 17:47 - 2015-04-21 13:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-05-13 17:47 - 2015-04-21 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-05-13 17:47 - 2015-04-21 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-05-13 17:47 - 2015-04-21 13:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-05-13 17:47 - 2015-04-21 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-05-13 17:47 - 2015-04-21 13:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-05-13 17:47 - 2015-04-21 13:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-05-13 17:47 - 2015-04-21 13:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-05-13 17:47 - 2015-04-21 13:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-05-13 17:47 - 2015-04-21 12:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-05-13 17:47 - 2015-04-21 12:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-05-13 17:47 - 2015-04-21 12:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-05-13 17:47 - 2015-04-21 12:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-05-13 17:47 - 2015-04-21 12:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-05-13 17:47 - 2015-04-21 12:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-05-13 17:47 - 2015-04-21 12:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-05-13 17:47 - 2015-04-21 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-05-13 17:47 - 2015-04-21 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-05-13 17:47 - 2015-04-21 12:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-05-13 17:47 - 2015-04-21 12:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-05-13 17:47 - 2015-04-21 12:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-05-13 17:47 - 2015-04-21 12:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-05-13 17:47 - 2015-04-21 12:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-05-13 17:47 - 2015-04-21 12:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-05-13 17:47 - 2015-04-21 12:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-05-13 17:47 - 2015-04-21 12:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-05-13 17:47 - 2015-04-21 12:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-05-13 17:47 - 2015-04-21 12:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-05-13 17:47 - 2015-04-21 12:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-05-13 17:47 - 2015-04-21 12:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-05-13 17:47 - 2015-04-21 12:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-05-13 17:47 - 2015-04-21 11:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-05-13 17:47 - 2015-04-21 11:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-05-12 23:51 - 2015-05-01 10:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 23:51 - 2015-05-01 10:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 19:12 - 2015-05-04 22:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-05-12 19:12 - 2015-05-04 22:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-05-12 19:12 - 2015-04-18 00:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2015-05-12 19:12 - 2015-04-17 23:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2015-05-12 18:41 - 2015-04-27 16:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-05-12 18:41 - 2015-04-27 15:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-05-12 18:40 - 2015-04-27 16:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-05-12 18:40 - 2015-04-27 16:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-05-12 18:40 - 2015-04-27 16:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-05-12 18:40 - 2015-04-27 16:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-05-12 18:40 - 2015-04-27 16:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-05-12 18:40 - 2015-04-27 16:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-05-12 18:40 - 2015-04-27 16:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-05-12 18:40 - 2015-04-27 16:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-05-12 18:40 - 2015-04-27 16:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-05-12 18:40 - 2015-04-27 16:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 16:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-05-12 18:40 - 2015-04-27 16:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-05-12 18:40 - 2015-04-27 16:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-05-12 18:40 - 2015-04-27 16:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-05-12 18:40 - 2015-04-27 16:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-05-12 18:40 - 2015-04-27 16:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-05-12 18:40 - 2015-04-27 16:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-05-12 18:40 - 2015-04-27 16:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-05-12 18:40 - 2015-04-27 16:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-05-12 18:40 - 2015-04-27 16:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-05-12 18:40 - 2015-04-27 16:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-05-12 18:40 - 2015-04-27 16:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-05-12 18:40 - 2015-04-27 16:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-05-12 18:40 - 2015-04-27 16:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-05-12 18:40 - 2015-04-27 16:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-05-12 18:40 - 2015-04-27 16:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-05-12 18:40 - 2015-04-27 16:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-05-12 18:40 - 2015-04-27 16:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-05-12 18:40 - 2015-04-27 16:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-05-12 18:40 - 2015-04-27 16:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 15:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 14:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-05-12 18:40 - 2015-04-27 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-05-12 18:40 - 2015-04-27 14:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 14:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 14:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-05-12 18:40 - 2015-04-27 14:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-05-12 18:18 - 2015-03-04 01:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-05-12 18:18 - 2015-03-04 01:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-05-12 18:18 - 2015-03-04 01:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-05-12 18:18 - 2015-03-04 01:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-05-12 18:18 - 2015-03-04 01:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-05-12 18:18 - 2015-03-04 01:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-05-12 18:18 - 2015-03-04 01:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-05-12 18:11 - 2015-04-13 00:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe 2015-05-12 17:56 - 2015-04-20 00:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-05-12 17:56 - 2015-04-20 00:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-05-12 17:56 - 2015-04-19 23:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-05-12 17:56 - 2015-04-19 23:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-05-12 17:55 - 2015-04-08 00:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-05-12 17:55 - 2015-04-08 00:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-05-12 17:50 - 2015-01-29 00:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll 2015-05-12 17:50 - 2015-01-29 00:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll 2015-05-12 17:47 - 2015-02-18 04:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-05-12 17:47 - 2015-02-18 04:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-05-10 22:53 - 2015-05-10 22:53 - 00000000 ____D () C:\Users\Todos os Usuários\GOG.com 2015-05-10 22:53 - 2015-05-10 22:53 - 00000000 ____D () C:\ProgramData\GOG.com 2015-05-10 22:53 - 2015-05-10 22:53 - 00000000 ____D () C:\Program Files (x86)\GalaxyClient 2015-05-09 15:29 - 2015-05-09 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elgato 2015-05-09 15:29 - 2015-05-09 15:29 - 00000000 ____D () C:\Program Files\Elgato 2015-05-09 15:29 - 2012-11-12 05:50 - 00050288 _____ (UB658) C:\Windows\system32\Drivers\ElgatoGC658.sys 2015-05-09 15:24 - 2015-05-09 15:25 - 42131456 _____ () C:\Users\Cleber\Downloads\GameCaptureSetup_2.01.56.msi 2015-05-09 15:09 - 2015-05-09 15:09 - 02434048 _____ () C:\Users\Cleber\Downloads\msxml.msi 2015-05-09 15:09 - 2015-05-09 15:09 - 00710976 _____ (Microsoft Corporation) C:\Users\Cleber\Downloads\msxmlcab.exe 2015-05-09 15:09 - 2015-05-09 15:09 - 00051318 _____ () C:\Users\Cleber\Downloads\MSXML4 SP3 RTM Release Note.htm 2015-05-09 15:03 - 2015-05-09 15:05 - 48267264 _____ () C:\Users\Cleber\Downloads\GameCaptureSetup_2.10.67.msi 2015-05-02 22:51 - 2015-05-04 22:30 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\FontForge 2015-05-02 22:51 - 2015-05-02 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge 2015-05-02 22:51 - 2015-05-02 22:51 - 00000000 ____D () C:\Program Files (x86)\FontForgeBuilds 2015-05-02 22:11 - 2015-05-02 22:12 - 16685343 _____ (FontForgeBuilds ) C:\Users\Cleber\Downloads\FontForgeSetup-2015-04-30.exe 2015-05-02 12:01 - 2015-05-02 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2015-05-02 12:00 - 2015-05-02 12:00 - 00000000 ____D () C:\Users\Todos os Usuários\Apple Computer 2015-05-02 12:00 - 2015-05-02 12:00 - 00000000 ____D () C:\ProgramData\Apple Computer 2015-05-02 11:59 - 2015-05-02 11:59 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2015-05-02 11:59 - 2015-05-02 11:59 - 00000000 ____D () C:\Windows\System32\Tasks\Apple 2015-05-02 11:59 - 2015-05-02 11:59 - 00000000 ____D () C:\Users\Todos os Usuários\Apple 2015-05-02 11:59 - 2015-05-02 11:59 - 00000000 ____D () C:\Users\Cleber\AppData\Local\Apple 2015-05-02 11:59 - 2015-05-02 11:59 - 00000000 ____D () C:\ProgramData\Apple 2015-05-02 11:59 - 2015-05-02 11:59 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2015-05-02 11:56 - 2015-05-02 11:57 - 42096984 _____ (Apple Inc.) C:\Users\Cleber\Downloads\QuickTimeInstaller.exe 2015-05-01 22:56 - 2015-05-01 22:56 - 00000000 ____D () C:\Program Files\Red Giant 2015-05-01 22:56 - 2015-03-16 11:14 - 13487616 _____ (Red Giant Software) C:\Windows\system32\Gpu_Shader_Engine_x64.dll 2015-05-01 22:56 - 2015-03-16 11:14 - 05849600 _____ (Noesis Technologies) C:\Windows\system32\Noesis.dll 2015-05-01 22:36 - 2015-05-19 22:31 - 00000000 ____D () C:\Users\Todos os Usuários\rgt 2015-05-01 22:36 - 2015-05-19 22:31 - 00000000 ____D () C:\ProgramData\rgt 2015-05-01 22:32 - 2015-05-01 22:32 - 00000000 ____D () C:\Users\Todos os Usuários\goodasnew 2015-05-01 22:32 - 2015-05-01 22:32 - 00000000 ____D () C:\ProgramData\goodasnew 2015-05-01 22:31 - 2015-05-01 22:57 - 00000000 ____D () C:\Users\Todos os Usuários\Red Giant 2015-05-01 22:31 - 2015-05-01 22:57 - 00000000 ____D () C:\ProgramData\Red Giant 2015-05-01 22:31 - 2015-05-01 22:32 - 00000000 ____D () C:\Program Files (x86)\Red Giant Link 2015-05-01 22:31 - 2015-05-01 22:31 - 00003660 _____ () C:\Windows\System32\Tasks\Red Giant Link 2015-05-01 22:31 - 2015-05-01 22:31 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Red Giant 2015-05-01 22:30 - 2015-05-01 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant 2015-05-01 22:30 - 2015-05-01 22:30 - 00000000 ____D () C:\Users\Todos os Usuários\RedGiant 2015-05-01 22:30 - 2015-05-01 22:30 - 00000000 ____D () C:\ProgramData\RedGiant 2015-05-01 22:30 - 2015-05-01 22:30 - 00000000 ____D () C:\Program Files (x86)\Red Giant 2015-05-01 20:33 - 2015-05-01 20:33 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk 2015-05-01 17:33 - 2015-05-01 17:33 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2015-05-01 16:51 - 2015-05-01 16:51 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robot Entertainment 2015-05-01 16:46 - 2015-05-01 16:46 - 00000000 ____D () C:\Program Files (x86)\Robot Entertainment 2015-05-01 16:37 - 2015-05-01 16:42 - 162353208 _____ (Robot Entertainment Inc.) C:\Users\Cleber\Downloads\OMDUInst.exe 2015-04-26 18:54 - 2015-04-26 18:54 - 00000744 _____ () C:\Users\Cleber\AppData\Local\recently-used.xbel 2015-04-26 00:21 - 2015-04-26 00:21 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Ponscripter 2015-04-25 17:28 - 2015-04-25 17:28 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2015-04-25 17:28 - 2015-04-25 17:28 - 00189864 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2015-04-25 17:28 - 2015-04-25 17:28 - 00189864 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2015-04-25 17:28 - 2015-04-25 17:28 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2015-04-25 17:28 - 2015-04-25 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-04-25 17:28 - 2015-04-25 17:28 - 00000000 ____D () C:\Program Files\Java 2015-04-25 15:26 - 2015-04-30 17:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-04-25 15:19 - 2015-04-25 15:19 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Cleber\Downloads\avast_free_antivirus_setup_online_cnet.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-05-24 22:43 - 2009-07-14 01:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-24 22:43 - 2009-07-14 01:45 - 00035040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-24 22:38 - 2012-06-19 06:09 - 01912712 _____ () C:\Windows\WindowsUpdate.log 2015-05-24 22:35 - 2014-05-25 20:03 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-24 22:35 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-24 22:34 - 2015-01-01 19:40 - 00020705 _____ () C:\Windows\setupact.log 2015-05-24 18:02 - 2013-06-23 12:50 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-05-24 11:47 - 2013-05-23 18:08 - 00000000 ____D () C:\Users\Cleber\AppData\Local\Adobe 2015-05-23 15:19 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-05-23 09:53 - 2015-04-03 14:07 - 00000000 ____D () C:\Users\Cleber\Desktop\Projetos 2015-05-22 09:11 - 2009-07-13 23:34 - 00000215 _____ () C:\Windows\system.ini 2015-05-22 09:10 - 2015-01-01 19:40 - 00372944 _____ () C:\Windows\PFRO.log 2015-05-22 09:09 - 2009-07-13 23:34 - 46137344 _____ () C:\Windows\system32\config\COMPONENTS.bak 2015-05-22 09:09 - 2009-07-13 23:34 - 18874368 _____ () C:\Windows\system32\config\SYSTEM.bak 2015-05-22 09:09 - 2009-07-13 23:34 - 106168320 _____ () C:\Windows\system32\config\SOFTWARE.bak 2015-05-22 09:09 - 2009-07-13 23:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2015-05-22 09:09 - 2009-07-13 23:34 - 00069632 _____ () C:\Windows\system32\config\SAM.bak 2015-05-22 09:09 - 2009-07-13 23:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY.bak 2015-05-21 20:55 - 2011-11-14 23:45 - 00707018 _____ () C:\Windows\system32\prfh0416.dat 2015-05-21 20:55 - 2011-11-14 23:45 - 00148600 _____ () C:\Windows\system32\prfc0416.dat 2015-05-21 20:55 - 2009-07-14 02:13 - 01637378 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-21 19:35 - 2015-01-02 12:37 - 00000000 ___RD () C:\Users\Cleber\Dropbox 2015-05-21 19:33 - 2015-01-02 12:30 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Dropbox 2015-05-21 13:00 - 2014-08-17 12:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-05-21 00:44 - 2014-12-23 17:27 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-05-21 00:43 - 2011-11-14 18:38 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-05-21 00:42 - 2011-11-14 18:38 - 00000000 ____D () C:\Users\Todos os Usuários\Adobe 2015-05-21 00:42 - 2011-11-14 18:38 - 00000000 ____D () C:\ProgramData\Adobe 2015-05-20 23:03 - 2015-01-16 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-05-19 20:55 - 2015-01-16 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-05-19 19:43 - 2015-04-16 22:03 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable) 2015-05-19 19:43 - 2015-04-16 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-05-18 17:44 - 2014-01-30 21:02 - 00007610 _____ () C:\Users\Cleber\AppData\Local\Resmon.ResmonCfg 2015-05-18 17:38 - 2013-05-23 19:33 - 00000000 ____D () C:\Users\Todos os Usuários\Unity 2015-05-18 17:38 - 2013-05-23 19:33 - 00000000 ____D () C:\ProgramData\Unity 2015-05-15 21:57 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\rescache 2015-05-15 19:14 - 2015-04-04 16:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-05-15 19:14 - 2015-04-04 16:48 - 00000000 ___SD () C:\Windows\system32\GWX 2015-05-15 17:15 - 2014-08-23 23:21 - 00001456 _____ () C:\Users\Cleber\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2015-05-15 17:15 - 2013-05-23 18:04 - 00000000 ____D () C:\Users\Cleber 2015-05-13 16:59 - 2014-08-23 23:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-05-13 16:59 - 2014-08-23 23:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2015-05-13 16:52 - 2014-07-31 22:18 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2015-05-13 16:52 - 2014-07-31 22:18 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-05-13 16:52 - 2013-05-26 14:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client 2015-05-13 16:52 - 2012-06-19 06:20 - 01656512 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-05-13 16:51 - 2014-07-31 22:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2015-05-13 16:51 - 2014-07-31 22:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2015-05-13 16:51 - 2013-07-22 02:20 - 00000000 ____D () C:\Windows\system32\MRT 2015-05-13 16:41 - 2014-08-23 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-05-13 16:41 - 2013-05-31 13:18 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-05-13 16:30 - 2009-07-14 01:45 - 05171872 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-05-13 16:27 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers 2015-05-12 23:42 - 2014-10-01 21:06 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit 2015-05-12 23:42 - 2014-10-01 21:06 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2015-05-11 20:32 - 2015-01-02 12:35 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-05-11 17:24 - 2013-05-24 23:41 - 00000000 ____D () C:\Users\Cleber\AppData\Local\CrashDumps 2015-05-11 16:55 - 2014-04-22 01:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-05-11 16:55 - 2009-07-14 02:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-05-11 16:54 - 2014-04-22 21:19 - 00000000 ____D () C:\GOG Games 2015-05-10 22:49 - 2013-05-23 18:51 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-05-10 22:25 - 2013-10-27 15:38 - 00000000 ____D () C:\Users\Cleber\AppData\Local\Battle.net 2015-05-09 15:29 - 2014-03-12 22:33 - 00000000 ____D () C:\Program Files (x86)\Elgato 2015-05-09 15:09 - 2014-01-09 19:48 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2015-05-04 22:33 - 2015-03-17 22:23 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2015-05-04 22:33 - 2013-06-28 17:03 - 00000000 ____D () C:\Users\Todos os Usuários\TechSmith 2015-05-04 22:33 - 2013-06-28 17:03 - 00000000 ____D () C:\ProgramData\TechSmith 2015-05-02 22:47 - 2015-01-03 14:34 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Apple Computer 2015-05-02 17:13 - 2013-05-23 18:09 - 00115368 _____ () C:\Users\Cleber\AppData\Local\GDIPFONTCACHEV1.DAT 2015-05-02 12:06 - 2015-01-03 14:34 - 00000000 ____D () C:\Users\Cleber\AppData\Local\Apple Computer 2015-05-01 22:30 - 2013-09-26 16:53 - 00000000 ____D () C:\Program Files\Adobe 2015-05-01 20:27 - 2013-09-26 15:20 - 00000000 ____D () C:\Program Files\Common Files\Adobe 2015-05-01 17:37 - 2014-08-12 21:56 - 00000000 ___RD () C:\Users\Cleber\Creative Cloud Files 2015-05-01 17:36 - 2013-09-30 14:31 - 00000000 ____D () C:\Users\Todos os Usuários\Package Cache 2015-05-01 17:36 - 2013-09-30 14:31 - 00000000 ____D () C:\ProgramData\Package Cache 2015-05-01 16:49 - 2015-01-09 21:03 - 00037212 _____ () C:\Windows\DirectX.log 2015-05-01 15:51 - 2013-05-23 19:32 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects 2015-04-29 21:37 - 2013-05-23 18:08 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F2DBE2A-C3C8-42D5-B7D4-0ADE7CF1FFE1} 2015-04-28 17:41 - 2015-03-02 22:22 - 00003832 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1425345757 2015-04-28 17:41 - 2015-03-02 22:21 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-04-26 18:54 - 2014-01-19 19:52 - 00000000 ____D () C:\Users\Cleber\AppData\Local\gtk-2.0 2015-04-26 18:52 - 2014-11-05 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2015-04-26 18:40 - 2015-04-18 15:41 - 00000000 ____D () C:\Users\Cleber\Documents\Carta Nova 2015-04-26 00:17 - 2013-09-07 19:42 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Skype 2015-04-26 00:16 - 2014-09-22 18:21 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-04-26 00:15 - 2011-11-14 18:34 - 00000000 ____D () C:\Users\Todos os Usuários\Skype 2015-04-26 00:15 - 2011-11-14 18:34 - 00000000 ____D () C:\ProgramData\Skype 2015-04-25 23:16 - 2013-07-14 20:51 - 00000000 ____D () C:\Users\Cleber\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-25 23:16 - 2013-07-14 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-04-25 23:16 - 2013-07-14 20:51 - 00000000 ____D () C:\Program Files (x86)\WinRAR 2015-04-25 17:36 - 2013-05-26 15:47 - 00002058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2015-04-25 17:36 - 2013-05-26 15:47 - 00000000 ____D () C:\Users\Cleber\AppData\Local\Thunderbird 2015-04-25 17:36 - 2013-05-26 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2015-04-25 17:09 - 2015-04-16 22:02 - 00000000 ____D () C:\Users\Cleber\Desktop\mbar 2015-04-25 15:33 - 2014-05-25 20:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-25 15:13 - 2014-08-16 17:30 - 00000034 _____ () C:\Users\Cleber\AppData\Roaming\AdobeWLCMCache.dat 2015-04-25 15:13 - 2014-05-25 20:03 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-25 15:13 - 2014-05-25 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-24 23:20 - 2013-05-24 12:58 - 00000000 ____D () C:\Users\Todos os Usuários\regid.1986-12.com.adobe 2015-04-24 23:20 - 2013-05-24 12:58 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe 2015-04-24 16:46 - 2013-05-23 19:33 - 00000000 ____D () C:\Users\Cleber\AppData\Local\Unity 2015-04-24 06:37 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\AppCompat ==================== Files in the root of some directories ======= 2013-09-26 23:28 - 2014-02-02 19:25 - 0000132 _____ () C:\Users\Cleber\AppData\Roaming\Adobe PNG Format CC Prefs 2014-08-16 17:30 - 2015-04-25 15:13 - 0000034 _____ () C:\Users\Cleber\AppData\Roaming\AdobeWLCMCache.dat 2014-02-23 18:30 - 2014-02-23 18:36 - 0000104 _____ () C:\Users\Cleber\AppData\Roaming\Camdata.ini 2014-02-23 18:30 - 2014-02-23 18:36 - 0000408 _____ () C:\Users\Cleber\AppData\Roaming\CamLayout.ini 2014-02-23 18:30 - 2014-02-23 18:36 - 0000408 _____ () C:\Users\Cleber\AppData\Roaming\CamShapes.ini 2014-02-23 18:29 - 2014-02-23 18:36 - 0004535 _____ () C:\Users\Cleber\AppData\Roaming\CamStudio.cfg 2014-02-23 18:24 - 2014-02-23 18:24 - 0000096 _____ () C:\Users\Cleber\AppData\Roaming\version2.xml 2014-08-23 23:21 - 2015-05-15 17:15 - 0001456 _____ () C:\Users\Cleber\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2014-02-02 19:20 - 2014-03-16 20:14 - 0001456 _____ () C:\Users\Cleber\AppData\Local\Adobe Save for Web 13.0 Prefs 2013-06-28 17:31 - 2013-07-02 20:55 - 0005120 _____ () C:\Users\Cleber\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-05 00:08 - 2013-06-05 00:09 - 0003072 _____ () C:\Users\Cleber\AppData\Local\file__0.localstorage 2015-04-26 18:54 - 2015-04-26 18:54 - 0000744 _____ () C:\Users\Cleber\AppData\Local\recently-used.xbel 2014-01-30 21:02 - 2015-05-18 17:44 - 0007610 _____ () C:\Users\Cleber\AppData\Local\Resmon.ResmonCfg Files to move or delete: ==================== C:\Users\Cleber\Captivate_7_x64_LS21.exe Some files in TEMP: ==================== C:\Users\Cleber\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-05-24 13:06 ==================== End of log ============================
  6. dashx
    Adding to my comment aboce, here are the registries that are being changed, Roguekiller found then now. Even when I fix then they get changed back to the malicious value as soon as I connect. RogueKiller V10.6.5.0 (x64) [May 20 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Cleber [Administrator] Started from : C:\Users\Cleber\Desktop\safety\RogueKillerX64.exe Mode : Delete -- Date : 05/24/2015 15:19:20 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 6 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 94.102.63.115 8.8.8.8 [NL][-] -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 94.102.63.115 8.8.8.8 [NL][-] -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 94.102.63.115 8.8.8.8 [NL][-] -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{16B33D7A-E8B2-4933-8743-B3E0EBD3C831} | DhcpNameServer : 94.102.63.115 8.8.8.8 [NL][-] -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{16B33D7A-E8B2-4933-8743-B3E0EBD3C831} | DhcpNameServer : 94.102.63.115 8.8.8.8 [NL][-] -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{16B33D7A-E8B2-4933-8743-B3E0EBD3C831} | DhcpNameServer : 94.102.63.115 8.8.8.8 [NL][-] -> Replaced () ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Deleted ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1059GSM SATA Disk Device +++++ --- User --- [MBR] 3933d87ea7e36d4afd79ce0b4147b5c5 [bSP] 1776fe05dd92ac87fd6cad7b7febcf82 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 927031 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1898969088 | Size: 22575 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1945202688 | Size: 4062 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_05192015_172022.log - RKreport_DEL_05192015_172137.log - RKreport_SCN_05192015_172649.log - RKreport_SCN_05202015_233051.log RKreport_DEL_05202015_233250.log - RKreport_SCN_05202015_233543.log - RKreport_SCN_05242015_151304.log
  7. dashx
    The problem is still happening. I looked around the registry, and I noticed that what is going on is that as soon as I connect to the internet something changes the DhcpNameServer value from 8.8.4.4 to the malicious ip (94.102.63.115). I guess I could change the NameServer to the correct value (I think it overides the DhcpNameServer). But I don't understand what is changing the DhcpNameServer, and I'm not sure if I can access all registries that are changed. Any ideas on how I can protect those DchpNameServer values? I'm thinking I could manually change then in regedit, and then revoke permissions so they don't get changed back. What do you think?
  8. dashx
    Kapersky didn't find anything, it says "No threats found". It didn't generate a log (I'm trying to include a screenshot of the results here, but it seens the forum doesn't allow me to insert images files).
  9. dashx
    Here is the ESET log. The problem keeps popping up, though. C:\Users\Cleber\Documents\MAGIX Downloads\Installationsmanager\Music_Maker_2014_Premium_DLV_en-US_130802_19-49_20_0_2_35.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
  10. dashx
    Combofix log below. Problem is still happening. ComboFix 15-05-19.01 - Cleber 22/05/2015 8:57.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.7659.4054 [GMT -3:00] Executando de: c:\users\Cleber\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Cleber\AppData\Roaming\SpeedRunnersLog.txt . . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_AdobeUpdateService . . (((((((((((((((( Arquivos/Ficheiros criados de 2015-04-22 to 2015-05-22 )))))))))))))))))))))))))))) . . 2015-05-22 12:09 . 2015-05-22 12:09 -------- d-----w- c:\users\Convidado\AppData\Local\temp 2015-05-21 12:48 . 2015-05-21 16:29 -------- d-----w- C:\FRST 2015-05-21 02:36 . 2015-05-21 03:49 -------- d-----w- c:\program files\HitmanPro 2015-05-21 02:36 . 2015-05-21 03:50 -------- d-----w- c:\programdata\HitmanPro 2015-05-21 02:20 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4DA7FC2-9832-407F-B61D-51C3D273EF93}\mpengine.dll 2015-05-21 02:17 . 2015-05-21 02:23 -------- d-----w- C:\AdwCleaner 2015-05-19 20:20 . 2015-05-19 20:15 1187344 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B86F4C12-A33A-4114-88C8-5D3FE44E20B9}\gapaengine.dll 2015-05-19 20:16 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-05-19 20:07 . 2015-05-21 02:26 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2015-05-19 20:07 . 2015-05-19 20:27 -------- d-----w- c:\programdata\RogueKiller 2015-05-13 23:02 . 2015-05-13 23:02 -------- d-----w- c:\users\Cleber\AppData\Local\AMD 2015-05-13 23:02 . 2015-05-13 23:02 -------- d-----w- c:\users\Cleber\AppData\Roaming\ATI 2015-05-13 02:51 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-13 02:51 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-05-12 22:12 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll 2015-05-12 22:12 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll 2015-05-12 22:12 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll 2015-05-12 22:12 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll 2015-05-12 21:41 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll 2015-05-12 21:41 . 2015-04-27 18:06 36864 ----a-w- c:\windows\system32\UtcResources.dll 2015-05-12 21:18 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll 2015-05-12 21:18 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll 2015-05-12 21:18 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll 2015-05-12 21:18 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe 2015-05-12 21:18 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll 2015-05-12 21:18 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll 2015-05-12 21:18 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe 2015-05-12 21:11 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe 2015-05-12 20:56 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll 2015-05-12 20:56 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll 2015-05-12 20:56 . 2015-04-20 02:11 3204608 ----a-w- c:\windows\system32\win32k.sys 2015-05-12 20:56 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-05-12 20:55 . 2015-04-08 03:29 1371136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2015-05-12 20:55 . 2015-04-08 03:29 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2015-05-12 20:55 . 2015-04-08 03:14 938496 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2015-05-12 20:55 . 2015-04-08 03:14 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll 2015-05-12 20:55 . 2015-04-08 03:29 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll 2015-05-12 20:55 . 2015-04-08 03:29 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll 2015-05-12 20:55 . 2015-04-08 03:29 275456 ----a-w- c:\windows\system32\InkEd.dll 2015-05-12 20:55 . 2015-04-08 03:14 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll 2015-05-12 20:55 . 2015-04-08 03:14 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll 2015-05-12 20:55 . 2015-04-08 03:14 216064 ----a-w- c:\windows\SysWow64\InkEd.dll 2015-05-12 20:50 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll 2015-05-12 20:50 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll 2015-05-12 20:50 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll 2015-05-12 20:47 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2015-05-12 20:47 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe 2015-05-11 01:53 . 2015-05-11 01:53 -------- d-----w- c:\program files (x86)\GalaxyClient 2015-05-11 01:53 . 2015-05-11 01:53 -------- d-----w- c:\programdata\GOG.com 2015-05-09 18:29 . 2015-05-09 18:29 -------- d-----w- c:\program files\Elgato 2015-05-09 18:29 . 2012-11-12 08:50 50288 ----a-w- c:\windows\system32\drivers\ElgatoGC658.sys 2015-05-03 01:51 . 2015-05-05 01:30 -------- d-----w- c:\users\Cleber\AppData\Roaming\FontForge 2015-05-03 01:51 . 2015-05-03 01:51 -------- d-----w- c:\program files (x86)\FontForgeBuilds 2015-05-02 15:01 . 2015-05-02 15:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2015-05-02 15:01 . 2015-05-02 15:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2015-05-02 15:01 . 2015-05-02 15:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2015-05-02 15:01 . 2015-05-02 15:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2015-05-02 15:01 . 2015-05-02 15:01 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2015-05-02 15:00 . 2015-05-02 15:00 -------- d-----w- c:\programdata\Apple Computer 2015-05-02 14:59 . 2015-05-02 14:59 -------- d-----w- c:\program files (x86)\Common Files\Apple 2015-05-02 14:59 . 2015-05-02 14:59 -------- d-----w- c:\users\Cleber\AppData\Local\Apple 2015-05-02 14:59 . 2015-05-02 14:59 -------- d-----w- c:\program files (x86)\Apple Software Update 2015-05-02 14:59 . 2015-05-02 14:59 -------- d-----w- c:\programdata\Apple 2015-05-02 01:56 . 2015-05-02 01:56 -------- d-----w- c:\program files\Red Giant 2015-05-02 01:56 . 2015-03-16 14:14 5849600 ----a-w- c:\windows\system32\Noesis.dll 2015-05-02 01:56 . 2015-03-16 14:14 13487616 ----a-w- c:\windows\system32\Gpu_Shader_Engine_x64.dll 2015-05-02 01:36 . 2015-05-20 01:31 -------- d-----w- c:\programdata\rgt 2015-05-02 01:32 . 2015-05-02 01:32 -------- d-----w- c:\programdata\goodasnew 2015-05-02 01:31 . 2015-05-02 01:31 -------- d-----w- c:\users\Cleber\AppData\Roaming\Red Giant 2015-05-02 01:31 . 2015-05-02 01:57 -------- d-----w- c:\programdata\Red Giant 2015-05-02 01:31 . 2015-05-02 01:32 -------- d-----w- c:\program files (x86)\Red Giant Link 2015-05-02 01:30 . 2015-05-02 01:30 -------- d-----w- c:\program files (x86)\Red Giant 2015-05-02 01:30 . 2015-05-02 01:30 -------- d-----w- c:\programdata\RedGiant 2015-05-01 19:46 . 2015-05-01 19:46 -------- d-----w- c:\program files (x86)\Robot Entertainment 2015-04-26 03:21 . 2015-04-26 03:21 -------- d-----w- c:\users\Cleber\AppData\Roaming\Ponscripter 2015-04-25 20:28 . 2015-04-25 20:28 320424 ----a-w- c:\windows\system32\javaws.exe 2015-04-25 20:28 . 2015-04-25 20:28 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-04-25 20:28 . 2015-04-25 20:28 189864 ----a-w- c:\windows\system32\javaw.exe 2015-04-25 20:28 . 2015-04-25 20:28 189864 ----a-w- c:\windows\system32\java.exe 2015-04-25 20:28 . 2015-04-25 20:28 -------- d-----w- c:\program files\Java 2015-04-24 02:02 . 2015-04-24 02:09 -------- d-----w- c:\program files\Unity5 . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-05-22 12:10 . 2014-05-25 23:03 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-05-21 15:44 . 2014-08-17 15:57 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2015-05-13 19:41 . 2013-05-31 16:18 140425016 ----a-w- c:\windows\system32\MRT.exe 2015-04-27 19:04 . 2015-05-12 21:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-04-15 21:03 . 2013-06-23 15:50 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-04-15 21:03 . 2011-11-14 21:29 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-04-14 12:37 . 2014-05-25 23:02 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-04-14 12:37 . 2014-05-25 23:02 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-04-14 12:37 . 2013-07-03 16:21 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-03-25 03:24 . 2015-04-14 20:43 98304 ----a-w- c:\windows\system32\wudriver.dll 2015-03-25 03:24 . 2015-04-14 20:43 37376 ----a-w- c:\windows\system32\wups2.dll 2015-03-25 03:24 . 2015-04-14 20:43 35328 ----a-w- c:\windows\system32\wups.dll 2015-03-25 03:24 . 2015-04-14 20:43 3298816 ----a-w- c:\windows\system32\wucltux.dll 2015-03-25 03:24 . 2015-04-14 20:43 2553856 ----a-w- c:\windows\system32\wuaueng.dll 2015-03-25 03:24 . 2015-04-14 20:43 191488 ----a-w- c:\windows\system32\wuwebv.dll 2015-03-25 03:24 . 2015-04-14 20:43 696320 ----a-w- c:\windows\system32\wuapi.dll 2015-03-25 03:24 . 2015-04-14 20:43 60416 ----a-w- c:\windows\system32\WinSetupUI.dll 2015-03-25 03:23 . 2015-04-14 20:43 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll 2015-03-25 03:23 . 2015-04-14 20:43 36864 ----a-w- c:\windows\system32\wuapp.exe 2015-03-25 03:23 . 2015-04-14 20:43 135168 ----a-w- c:\windows\system32\wuauclt.exe 2015-03-25 03:00 . 2015-04-14 20:43 92672 ----a-w- c:\windows\SysWow64\wudriver.dll 2015-03-25 03:00 . 2015-04-14 20:43 566784 ----a-w- c:\windows\SysWow64\wuapi.dll 2015-03-25 03:00 . 2015-04-14 20:43 29696 ----a-w- c:\windows\SysWow64\wups.dll 2015-03-25 03:00 . 2015-04-14 20:43 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll 2015-03-25 03:00 . 2015-04-14 20:43 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2015-03-23 03:25 . 2015-04-14 20:42 726528 ----a-w- c:\windows\system32\generaltel.dll 2015-03-23 03:25 . 2015-04-14 20:42 769536 ----a-w- c:\windows\system32\invagent.dll 2015-03-23 03:24 . 2015-04-14 20:42 419840 ----a-w- c:\windows\system32\devinv.dll 2015-03-23 03:24 . 2015-04-14 20:42 957952 ----a-w- c:\windows\system32\appraiser.dll 2015-03-23 03:24 . 2015-04-14 20:42 30720 ----a-w- c:\windows\system32\acmigration.dll 2015-03-23 03:24 . 2015-04-14 20:42 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-03-23 03:24 . 2015-04-14 20:42 192000 ----a-w- c:\windows\system32\aepic.dll 2015-03-23 03:17 . 2015-04-14 20:42 1111552 ----a-w- c:\windows\system32\aeinv.dll 2015-03-10 03:25 . 2015-04-14 20:41 1882624 ----a-w- c:\windows\system32\msxml3.dll 2015-03-10 03:21 . 2015-04-14 20:41 2048 ----a-w- c:\windows\system32\msxml3r.dll 2015-03-10 03:08 . 2015-04-14 20:41 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll 2015-03-10 03:05 . 2015-04-14 20:41 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2015-03-05 05:12 . 2015-04-14 20:41 404480 ----a-w- c:\windows\system32\gdi32.dll 2015-03-05 04:05 . 2015-04-14 20:41 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-03-04 22:34 . 2015-03-04 22:34 280376 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2015-03-04 22:34 . 2013-09-27 12:53 124568 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2015-03-04 04:55 . 2015-04-14 20:34 367552 ----a-w- c:\windows\system32\clfs.sys 2015-03-04 04:41 . 2015-04-14 20:34 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-03-04 04:41 . 2015-05-12 21:18 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2015-03-04 04:41 . 2015-05-12 21:18 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2015-03-04 04:10 . 2015-04-14 20:34 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-03-04 04:10 . 2015-05-12 21:18 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2015-03-04 04:10 . 2015-05-12 21:18 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll 2015-03-04 04:06 . 2015-05-12 21:18 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2015-03-03 13:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe 2015-02-25 03:18 . 2015-04-14 20:39 754688 ----a-w- c:\windows\system32\drivers\http.sys . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-09-01 21:03 233128 ----a-w- c:\users\Cleber\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-09-01 21:03 233128 ----a-w- c:\users\Cleber\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-09-01 21:03 233128 ----a-w- c:\users\Cleber\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IVONA ControlCenter"="c:\program files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2014-10-23 2541392] "GalaxyClient"="c:\program files (x86)\GalaxyClient\GalaxyClient.exe" [2015-05-13 7242808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-08-29 440632] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true "ADSK DLMSession"=c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe "BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "HPConnectionManager"=c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" . R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/06/19 06:43;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x] R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 ElgatoGC658Y;Elgato Game Capture;c:\windows\system32\Drivers\ElgatoGC658.sys;c:\windows\SYSNATIVE\Drivers\ElgatoGC658.sys [x] R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x] R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x] R3 hxsyol;hxsyol;c:\windows\system32\hxsy64.sys;c:\windows\SYSNATIVE\hxsy64.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TunnelBearMaintenance;TunnelBear Maintenance;c:\program files (x86)\TunnelBear\TBear.Maintenance.exe;c:\program files (x86)\TunnelBear\TBear.Maintenance.exe [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x] R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x] S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 ClickToRunSvc;Serviço Clique para Executar do Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x] S3 tap-tb-0901;TunnelBear Adapter V9;c:\windows\system32\DRIVERS\tap-tb-0901.sys;c:\windows\SYSNATIVE\DRIVERS\tap-tb-0901.sys [x] . . --- =Outros Serviços/Drivers Na Memória --- . *NewlyCreated* - MBAMSWISSARMY *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_38F51D56 . Conteúdo da pasta 'Tarefas Agendadas' . 2015-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-23 21:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2015-04-16 20:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2015-04-16 20:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2015-04-16 20:42 997536 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2014-09-01 21:03 260776 ----a-w- c:\users\Cleber\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2014-09-01 21:03 260776 ----a-w- c:\users\Cleber\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2014-09-01 21:03 260776 ----a-w- c:\users\Cleber\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2015-05-21 15:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2015-05-21 15:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2015-05-21 15:56 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2015-03-04 22:27 185824 ----a-w- c:\users\Cleber\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000] . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 94.102.63.115 8.8.8.8 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\oovu64sn.default\ . - - - - ORFÃOS REMOVIDOS - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Wacom WebTabletPlugin for Internet Explorer and Netscape - c:\program files (x86)\TabletPlugins\fbWTPUninstall.exe AddRemove-UnityWebPlayer - c:\users\Cleber\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Outros Processos em Execução ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe . ************************************************************************** . Tempo para conclusão: 2015-05-22 09:18:29 - Máquina reiniciou ComboFix-quarantined-files.txt 2015-05-22 12:18 . Pré-execução: 514.837.450.752 bytes disponíveis Pós execução: 514.307.674.112 bytes disponíveis . - - End Of File - - 7B9C2A33845BE5184DB79EFB5852D18C A36C5E4F47E84449FF07ED3517B43A31
  11. dashx
    Hi Borislav, thank you for the help. I followed the instructions, below are the two logs. The problem is still happening. Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015 Ran by Cleber at 2015-05-21 13:24:53 Run:1 Running from C:\Users\Cleber\Desktop Loaded Profiles: Cleber (Available profiles: Cleber & Convidado) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\adobe air application installer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\appvlp.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\dropboxinstaller.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\dropboxuninstaller.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\hpconnectionmanager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\ivona controlcenter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\msouc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\onenotem.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\origin.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\originuninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\pdvdlaunchpolicy.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\powerdvd10.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\quicktimeplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\setlang.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\sims3launcher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\skypelauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\tunnelbear-tap.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1346934619-67578464-4156683422-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF FF Extension: Ghostery - C:\Users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\oovu64sn.default\Extensions\firefox@ghostery.com.xpi [2015-05-18] 2015-05-03 11:24 - 2014-11-20 16:20 - 00000000 ____D () C:\Users\Todos os Usuários\boost_interprocess 2015-05-03 11:24 - 2014-11-20 16:20 - 00000000 ____D () C:\ProgramData\boost_interprocess EmptyTemp: end ***************** Processes closed successfully. AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} => Not found. Item might already be deleted. AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} => Not found. Item might already be deleted. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AcroRd32.exe" => Key Deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adobe air application installer.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\appvlp.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dropbox.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dropboxinstaller.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dropboxuninstaller.exe => Key not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe" => Key Deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hpconnectionmanager.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ivona controlcenter.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msouc.exe => Key not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\onenote.exe" => Key Deleted successfully. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\onenotem.exe" => Key Deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\origin.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\originer.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\originuninstall.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pdvdlaunchpolicy.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerdvd10.exe => Key not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe" => Key Deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\quicktimeplayer.exe => Key not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setlang.exe" => Key Deleted successfully. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sims3launcher.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\skype.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\skypelauncher.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tunnelbear-tap.exe => Key not found. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\uninstall.exe => Key not found. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\winword.exe" => Key Deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully. HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Deleted successfully. HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-1346934619-67578464-4156683422-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found. C:\Users\Cleber\AppData\Roaming\Mozilla\Firefox\Profiles\oovu64sn.default\Extensions\firefox@ghostery.com.xpi => Moved successfully. C:\Users\Todos os Usuários\boost_interprocess => Moved successfully. "C:\ProgramData\boost_interprocess" => File/Directory not found. EmptyTemp: => Removed 5.6 GB temporary data. The system needed a reboot. ==== End of Fixlog 13:27:40 ==== Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 21/05/2015 Scan Time: 12:21:46 Logfile: Malwarebytes scan log.txt Administrator: Yes Version: 2.01.6.1022 Malware Database: v2015.05.21.02 Rootkit Database: v2015.05.16.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Cleber Scan Type: Threat Scan Result: Completed Objects Scanned: 422713 Time Elapsed: 1 hr, 1 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  12. dashx
    Hello, A few days ago Malwarebytes real time protection started showing the following warning: Protection, Malicious Website Protection, IP, 94.102.63.115, 63823, Outbound, C:\Windows\System32\svchost.exe, It actually happens several times, every time I connect to the internet. It is happening on all 4 computers at my house, only when we connect to our internet provider. I ran scans with Malwarebytes, Hitman Pro, Malwarebytes anti-rootkit, AdwCleaner, Rkill and Roguekiller, all clean. I´m attaching Farbast reports for one of the computers with the problem (let me know if you think I should include for the other 3 computers). I would really appreciate any help with this problem. Thanks FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.