Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x86) Version:31-08-2015
Ran by Usuario (2015-08-31 17:55:51) Run:1
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario (Available Profiles: Usuario)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
() C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
(DsNET) C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S3 catchme; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-07-29 20:11 - 2009-06-07 06:27 - 00073728 _____ () C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\vbzlib1.dll
2015-07-31 09:40 - 2015-08-25 11:38 - 02874656 _____ () C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
2015-08-29 15:52 - 2015-08-29 15:52 - 01938944 _____ C:\Users\Usuario\ZHPCleaner.exe
2015-08-29 11:21 - 2015-08-29 11:22 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Usuario\Downloads\JRT.exe
2015-08-28 01:00 - 2015-08-27 10:25 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-27 10:41 - 2015-08-28 09:26 - 00030448 _____ C:\zoek-results.log
2015-08-27 10:25 - 2015-08-27 20:39 - 00000000 ____D C:\zoek_backup
2015-08-27 10:24 - 2015-08-27 10:25 - 01308672 _____ C:\Users\Usuario\Downloads\zoek.exe
2015-08-14 10:20 - 2015-08-20 10:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 10:20 - 2015-08-14 10:20 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-14 10:20 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-14 10:20 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 10:20 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-13 21:26 - 2015-08-13 21:33 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe
2015-08-13 12:21 - 2015-08-13 12:21 - 00021384 _____ C:\ComboFix.txt
2015-08-11 20:26 - 2015-08-11 20:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2015-08-11 15:44 - 2015-08-11 15:44 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 5.9.lnk
2015-08-11 15:44 - 2015-08-11 15:44 - 00001266 _____ C:\Users\Public\Desktop\MV RegClean 5.9.lnk
2015-08-11 15:44 - 2015-08-11 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security
2015-08-11 15:43 - 2015-08-11 15:43 - 00000000 ____D C:\Program Files\Marcos Velasco Security
2015-08-10 11:34 - 2015-08-10 11:34 - 00501248 _____ (Facebook Inc.) C:\Users\Usuario\Downloads\FacebookVideoCallSetup_v1-2-205-0.exe
2015-08-09 10:57 - 2015-08-13 12:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-07 09:52 - 2015-08-07 09:53 - 02312551 _____ C:\Users\Usuario\Downloads\AMIR-ANTIVIRUS.zip
2015-08-07 09:36 - 2015-08-07 09:38 - 00000000 ____D C:\AdwCleaner
2015-08-07 09:35 - 2015-08-07 09:35 - 02248704 _____ C:\Users\Usuario\Downloads\adwcleaner-4-208-multi-win.exe
2015-08-06 23:08 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 23:08 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 23:08 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 23:07 - 2015-08-13 12:21 - 00000000 ____D C:\Qoobox
2015-08-06 23:05 - 2015-08-06 23:57 - 00000000 ____D C:\Windows\erdnt
2015-08-06 22:40 - 2015-08-06 22:44 - 05634244 ____R (Swearware) C:\Users\Usuario\Downloads\ComboFix.exe
2015-08-06 22:00 - 2015-08-29 15:53 - 00000834 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk
2015-08-02 20:28 - 2015-08-02 20:28 - 01871360 _____ C:\Users\Usuario\Downloads\ZHPCleaner-2015.8.1.312.exe
2015-08-29 20:33 - 2015-06-14 18:13 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2015-08-29 13:46 - 2015-06-12 14:24 - 46301184 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00323584 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\ProgramData\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Program Files\IObit
2015-08-27 13:14 - 2015-06-14 18:18 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2015-08-27 13:14 - 2015-06-14 18:13 - 00000000 ____D C:\Program Files\ZHPDiag
2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\Users\Todos os Usuários\Panda Security
2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-23 13:51 - 2015-06-12 14:24 - 30777344 _____ C:\Windows\system32\config\components.iobit
2015-08-05 19:51 - 2015-07-29 20:11 - 00001148 _____ C:\Users\Public\Desktop\:censurado: Catcher.lnk
2015-08-05 19:51 - 2015-07-29 20:11 - 00000049 _____ C:\Windows\system32\ScrRecX.log
2015-08-05 19:51 - 2015-07-29 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:censurado: Catcher
Task: {07850895-27F7-4038-925B-01FF3FF4AF13} - System32\Tasks\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB3001652.exe" -d "C:\Program Files\IObit\Advanced SystemCare 8" -c /quiet /norestart
Task: {36A780BA-2C58-49ED-822A-DE5AB17CAC2C} - System32\Tasks\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB2565063.exe" -d "C:\Program Files\IObit\Advanced SystemCare 8" -c /quiet /norestart
Task: {53F07026-2003-4678-B182-1F013FFA34DF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core => C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {855F6B56-3145-451F-B6AA-6B926DCC3B3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {A3250E99-CB5E-4008-A5F6-D52AE202E48C} - \Uninstaller_SkipUac_Usuario -> No File <==== ATTENTION
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processes closed successfully.
C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe => No running process found
C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe
C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe => No running process found
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
LiveUpdateSvc => service removed successfully.
catchme => service removed successfully.
VGPU => service removed successfully.
"C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\vbzlib1.dll" => File/Folder not found.
C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe => moved successfully
C:\Users\Usuario\ZHPCleaner.exe => moved successfully
C:\Users\Usuario\Downloads\JRT.exe => moved successfully
C:\Windows\zoek-delete.exe => moved successfully
C:\zoek-results.log => moved successfully
C:\zoek_backup => moved successfully
C:\Users\Usuario\Downloads\zoek.exe => moved successfully
C:\Windows\system32\Drivers\MBAMSwissArmy.sys => moved successfully
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware => moved successfully
C:\Program Files\Malwarebytes Anti-Malware => moved successfully
C:\Windows\system32\Drivers\mbamchameleon.sys => moved successfully
C:\Windows\system32\Drivers\mwac.sys => moved successfully
C:\Windows\system32\Drivers\mbam.sys => moved successfully
C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe => moved successfully
C:\ComboFix.txt => moved successfully
C:\Users\Usuario\Downloads\HijackThis.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 5.9.lnk => moved successfully
C:\Users\Public\Desktop\MV RegClean 5.9.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security => moved successfully
C:\Program Files\Marcos Velasco Security => moved successfully
C:\Users\Usuario\Downloads\FacebookVideoCallSetup_v1-2-205-0.exe => moved successfully
C:\Program Files\Spybot - Search & Destroy 2 => moved successfully
C:\Users\Todos os Usuários\Spybot - Search & Destroy => moved successfully
"C:\ProgramData\Spybot - Search & Destroy" => File/Folder not found.
C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit => moved successfully
"C:\ProgramData\Malwarebytes Anti-Exploit" => File/Folder not found.
C:\Users\Usuario\Downloads\AMIR-ANTIVIRUS.zip => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Usuario\Downloads\adwcleaner-4-208-multi-win.exe => moved successfully
C:\Windows\PEV.exe => moved successfully
C:\Windows\MBR.exe => moved successfully
C:\Windows\NIRCMD.exe => moved successfully
C:\Windows\SWREG.exe => moved successfully
C:\Windows\SWSC.exe => moved successfully
C:\Windows\sed.exe => moved successfully
C:\Windows\grep.exe => moved successfully
C:\Windows\zip.exe => moved successfully
C:\Qoobox => moved successfully
C:\Windows\erdnt => moved successfully
C:\Users\Usuario\Downloads\ComboFix.exe => moved successfully
C:\Users\Usuario\Desktop\ZHPCleaner.lnk => moved successfully
C:\Users\Usuario\Downloads\ZHPCleaner-2015.8.1.312.exe => moved successfully
C:\Users\Usuario\AppData\Roaming\ZHP => moved successfully
C:\Windows\system32\config\SOFTWARE.iobit => moved successfully
C:\Windows\system32\config\DEFAULT.iobit => moved successfully
C:\Windows\system32\config\SAM.iobit => moved successfully
C:\Windows\system32\config\SECURITY.iobit => moved successfully
C:\Users\Usuario\AppData\Roaming\IObit => moved successfully
C:\Users\Todos os Usuários\IObit => moved successfully
"C:\ProgramData\IObit" => File/Folder not found.
C:\Program Files\IObit => moved successfully
C:\PhysicalDisk0_MBR.bin => moved successfully
C:\Program Files\ZHPDiag => moved successfully
C:\Users\Todos os Usuários\Panda Security => moved successfully
"C:\ProgramData\Panda Security" => File/Folder not found.
C:\Windows\system32\config\components.iobit => moved successfully
"C:\Users\Public\Desktop\:censurado: Catcher.lnk" => File/Folder not found.
C:\Windows\system32\ScrRecX.log => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:censurado: Catcher" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07850895-27F7-4038-925B-01FF3FF4AF13}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07850895-27F7-4038-925B-01FF3FF4AF13}" => key removed successfully.
C:\Windows\System32\Tasks\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36A780BA-2C58-49ED-822A-DE5AB17CAC2C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A780BA-2C58-49ED-822A-DE5AB17CAC2C}" => key removed successfully.
C:\Windows\System32\Tasks\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53F07026-2003-4678-B182-1F013FFA34DF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F07026-2003-4678-B182-1F013FFA34DF}" => key removed successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855F6B56-3145-451F-B6AA-6B926DCC3B3F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855F6B56-3145-451F-B6AA-6B926DCC3B3F}" => key removed successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3250E99-CB5E-4008-A5F6-D52AE202E48C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3250E99-CB5E-4008-A5F6-D52AE202E48C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Usuario" => key removed successfully.
Restore point was successfully created.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 285.3 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 17:57:15 ====
Ran by Usuario (2015-08-31 17:55:51) Run:1
Running from C:\Users\Usuario\Downloads
Loaded Profiles: Usuario (Available Profiles: Usuario)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
() C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
(DsNET) C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6369048 2015-05-08] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
S3 catchme; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-07-29 20:11 - 2009-06-07 06:27 - 00073728 _____ () C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\vbzlib1.dll
2015-07-31 09:40 - 2015-08-25 11:38 - 02874656 _____ () C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
2015-08-29 15:52 - 2015-08-29 15:52 - 01938944 _____ C:\Users\Usuario\ZHPCleaner.exe
2015-08-29 11:21 - 2015-08-29 11:22 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Usuario\Downloads\JRT.exe
2015-08-28 01:00 - 2015-08-27 10:25 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-08-27 10:41 - 2015-08-28 09:26 - 00030448 _____ C:\zoek-results.log
2015-08-27 10:25 - 2015-08-27 20:39 - 00000000 ____D C:\zoek_backup
2015-08-27 10:24 - 2015-08-27 10:25 - 01308672 _____ C:\Users\Usuario\Downloads\zoek.exe
2015-08-14 10:20 - 2015-08-20 10:36 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 10:20 - 2015-08-14 10:20 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 10:20 - 2015-08-14 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-14 10:20 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-14 10:20 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 10:20 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-13 21:26 - 2015-08-13 21:33 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe
2015-08-13 12:21 - 2015-08-13 12:21 - 00021384 _____ C:\ComboFix.txt
2015-08-11 20:26 - 2015-08-11 20:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Usuario\Downloads\HijackThis.exe
2015-08-11 15:44 - 2015-08-11 15:44 - 00001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 5.9.lnk
2015-08-11 15:44 - 2015-08-11 15:44 - 00001266 _____ C:\Users\Public\Desktop\MV RegClean 5.9.lnk
2015-08-11 15:44 - 2015-08-11 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security
2015-08-11 15:43 - 2015-08-11 15:43 - 00000000 ____D C:\Program Files\Marcos Velasco Security
2015-08-10 11:34 - 2015-08-10 11:34 - 00501248 _____ (Facebook Inc.) C:\Users\Usuario\Downloads\FacebookVideoCallSetup_v1-2-205-0.exe
2015-08-09 10:57 - 2015-08-13 12:09 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\Users\Todos os Usuários\Spybot - Search & Destroy
2015-08-09 10:57 - 2015-08-13 10:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-08-08 13:27 - 2015-08-08 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-08-07 09:52 - 2015-08-07 09:53 - 02312551 _____ C:\Users\Usuario\Downloads\AMIR-ANTIVIRUS.zip
2015-08-07 09:36 - 2015-08-07 09:38 - 00000000 ____D C:\AdwCleaner
2015-08-07 09:35 - 2015-08-07 09:35 - 02248704 _____ C:\Users\Usuario\Downloads\adwcleaner-4-208-multi-win.exe
2015-08-06 23:08 - 2011-06-26 03:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-06 23:08 - 2010-11-07 14:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-06 23:08 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-06 23:08 - 2000-08-30 21:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-06 23:07 - 2015-08-13 12:21 - 00000000 ____D C:\Qoobox
2015-08-06 23:05 - 2015-08-06 23:57 - 00000000 ____D C:\Windows\erdnt
2015-08-06 22:40 - 2015-08-06 22:44 - 05634244 ____R (Swearware) C:\Users\Usuario\Downloads\ComboFix.exe
2015-08-06 22:00 - 2015-08-29 15:53 - 00000834 _____ C:\Users\Usuario\Desktop\ZHPCleaner.lnk
2015-08-02 20:28 - 2015-08-02 20:28 - 01871360 _____ C:\Users\Usuario\Downloads\ZHPCleaner-2015.8.1.312.exe
2015-08-29 20:33 - 2015-06-14 18:13 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2015-08-29 13:46 - 2015-06-12 14:24 - 46301184 _____ C:\Windows\system32\config\SOFTWARE.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00323584 _____ C:\Windows\system32\config\DEFAULT.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
2015-08-29 13:46 - 2015-06-12 14:24 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Users\Todos os Usuários\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\ProgramData\IObit
2015-08-29 12:30 - 2015-06-12 14:17 - 00000000 ____D C:\Program Files\IObit
2015-08-27 13:14 - 2015-06-14 18:18 - 00000512 _____ C:\PhysicalDisk0_MBR.bin
2015-08-27 13:14 - 2015-06-14 18:13 - 00000000 ____D C:\Program Files\ZHPDiag
2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\Users\Todos os Usuários\Panda Security
2015-08-26 11:14 - 2015-06-11 18:00 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-23 13:51 - 2015-06-12 14:24 - 30777344 _____ C:\Windows\system32\config\components.iobit
2015-08-05 19:51 - 2015-07-29 20:11 - 00001148 _____ C:\Users\Public\Desktop\:censurado: Catcher.lnk
2015-08-05 19:51 - 2015-07-29 20:11 - 00000049 _____ C:\Windows\system32\ScrRecX.log
2015-08-05 19:51 - 2015-07-29 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:censurado: Catcher
Task: {07850895-27F7-4038-925B-01FF3FF4AF13} - System32\Tasks\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB3001652.exe" -d "C:\Program Files\IObit\Advanced SystemCare 8" -c /quiet /norestart
Task: {36A780BA-2C58-49ED-822A-DE5AB17CAC2C} - System32\Tasks\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31} => pcalua.exe -a "C:\Program Files\IObit\Advanced SystemCare 8\SecurityHole_Backup\KB2565063.exe" -d "C:\Program Files\IObit\Advanced SystemCare 8" -c /quiet /norestart
Task: {53F07026-2003-4678-B182-1F013FFA34DF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core => C:\Users\Usuario\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {855F6B56-3145-451F-B6AA-6B926DCC3B3F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {A3250E99-CB5E-4008-A5F6-D52AE202E48C} - \Uninstaller_SkipUac_Usuario -> No File <==== ATTENTION
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processes closed successfully.
C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe
C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe => No running process found
C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe
C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\yct.exe => No running process found
HKU\S-1-5-21-2741043627-4026230127-4029745268-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
LiveUpdateSvc => service removed successfully.
catchme => service removed successfully.
VGPU => service removed successfully.
"C:\Program Files\DsNET Corp\:censurado: Catcher 2.0\vbzlib1.dll" => File/Folder not found.
C:\Program Files\IObit\LiveUpdate\IObitLauncher.exe => moved successfully
C:\Users\Usuario\ZHPCleaner.exe => moved successfully
C:\Users\Usuario\Downloads\JRT.exe => moved successfully
C:\Windows\zoek-delete.exe => moved successfully
C:\zoek-results.log => moved successfully
C:\zoek_backup => moved successfully
C:\Users\Usuario\Downloads\zoek.exe => moved successfully
C:\Windows\system32\Drivers\MBAMSwissArmy.sys => moved successfully
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware => moved successfully
C:\Program Files\Malwarebytes Anti-Malware => moved successfully
C:\Windows\system32\Drivers\mbamchameleon.sys => moved successfully
C:\Windows\system32\Drivers\mwac.sys => moved successfully
C:\Windows\system32\Drivers\mbam.sys => moved successfully
C:\Users\Usuario\Downloads\mbam-setup-2-1-8-1057.exe => moved successfully
C:\ComboFix.txt => moved successfully
C:\Users\Usuario\Downloads\HijackThis.exe => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\MV RegClean 5.9.lnk => moved successfully
C:\Users\Public\Desktop\MV RegClean 5.9.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marcos Velasco Security => moved successfully
C:\Program Files\Marcos Velasco Security => moved successfully
C:\Users\Usuario\Downloads\FacebookVideoCallSetup_v1-2-205-0.exe => moved successfully
C:\Program Files\Spybot - Search & Destroy 2 => moved successfully
C:\Users\Todos os Usuários\Spybot - Search & Destroy => moved successfully
"C:\ProgramData\Spybot - Search & Destroy" => File/Folder not found.
C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit => moved successfully
"C:\ProgramData\Malwarebytes Anti-Exploit" => File/Folder not found.
C:\Users\Usuario\Downloads\AMIR-ANTIVIRUS.zip => moved successfully
C:\AdwCleaner => moved successfully
C:\Users\Usuario\Downloads\adwcleaner-4-208-multi-win.exe => moved successfully
C:\Windows\PEV.exe => moved successfully
C:\Windows\MBR.exe => moved successfully
C:\Windows\NIRCMD.exe => moved successfully
C:\Windows\SWREG.exe => moved successfully
C:\Windows\SWSC.exe => moved successfully
C:\Windows\sed.exe => moved successfully
C:\Windows\grep.exe => moved successfully
C:\Windows\zip.exe => moved successfully
C:\Qoobox => moved successfully
C:\Windows\erdnt => moved successfully
C:\Users\Usuario\Downloads\ComboFix.exe => moved successfully
C:\Users\Usuario\Desktop\ZHPCleaner.lnk => moved successfully
C:\Users\Usuario\Downloads\ZHPCleaner-2015.8.1.312.exe => moved successfully
C:\Users\Usuario\AppData\Roaming\ZHP => moved successfully
C:\Windows\system32\config\SOFTWARE.iobit => moved successfully
C:\Windows\system32\config\DEFAULT.iobit => moved successfully
C:\Windows\system32\config\SAM.iobit => moved successfully
C:\Windows\system32\config\SECURITY.iobit => moved successfully
C:\Users\Usuario\AppData\Roaming\IObit => moved successfully
C:\Users\Todos os Usuários\IObit => moved successfully
"C:\ProgramData\IObit" => File/Folder not found.
C:\Program Files\IObit => moved successfully
C:\PhysicalDisk0_MBR.bin => moved successfully
C:\Program Files\ZHPDiag => moved successfully
C:\Users\Todos os Usuários\Panda Security => moved successfully
"C:\ProgramData\Panda Security" => File/Folder not found.
C:\Windows\system32\config\components.iobit => moved successfully
"C:\Users\Public\Desktop\:censurado: Catcher.lnk" => File/Folder not found.
C:\Windows\system32\ScrRecX.log => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\:censurado: Catcher" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07850895-27F7-4038-925B-01FF3FF4AF13}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07850895-27F7-4038-925B-01FF3FF4AF13}" => key removed successfully.
C:\Windows\System32\Tasks\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D76BBF7F-39CD-4E74-AE0C-93BFA377D6BA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36A780BA-2C58-49ED-822A-DE5AB17CAC2C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36A780BA-2C58-49ED-822A-DE5AB17CAC2C}" => key removed successfully.
C:\Windows\System32\Tasks\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94B31A35-61A9-4F4D-8906-07FEFC4CCB31}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53F07026-2003-4678-B182-1F013FFA34DF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53F07026-2003-4678-B182-1F013FFA34DF}" => key removed successfully.
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2741043627-4026230127-4029745268-1000Core" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855F6B56-3145-451F-B6AA-6B926DCC3B3F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855F6B56-3145-451F-B6AA-6B926DCC3B3F}" => key removed successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3250E99-CB5E-4008-A5F6-D52AE202E48C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3250E99-CB5E-4008-A5F6-D52AE202E48C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Usuario" => key removed successfully.
Restore point was successfully created.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 285.3 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 17:57:15 ====