Publicité
Publicité
Format du document : text/plain
Prévisualisation
Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by sylvania (24-01-2018 21:10:38) Run:4
Running from C:\Users\sylvania\Desktop
Loaded Profiles: sylvania (Available Profiles: sylvania & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorepoint:
R3 ruxaeh; system32\drivers\xaehkn.sys [X]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) [File not signed]
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) [File not signed]
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) [File not signed]
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Services\edoalm <==== ATTENTION (Rootkit!)
HKLM\...\RunOnce: [KICTHEN] => C:\Windows\Temp\g746A.tmp.exe <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
2018-01-21 12:45 - 2018-01-21 12:46 - 082634184 _____ (Malwarebytes ) C:\Users\sylvania\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3739.exe
2018-01-21 12:42 - 2018-01-21 12:42 - 008206624 _____ (Malwarebytes) C:\Users\sylvania\Downloads\adwcleaner_7.0.7.0.exe
2018-01-21 12:37 - 2018-01-21 12:39 - 000005717 _____ C:\Users\sylvania\Desktop\ZHPCleaner.txt
2018-01-21 12:29 - 2018-01-21 12:39 - 000000000 ____D C:\Users\sylvania\AppData\Roaming\ZHP
2018-01-21 12:29 - 2018-01-21 12:29 - 003046784 _____ C:\Users\sylvania\Downloads\ZHPCleaner.exe
2018-01-21 12:29 - 2018-01-21 12:29 - 000000880 _____ C:\Users\sylvania\Desktop\ZHPCleaner.lnk
2018-01-21 12:29 - 2018-01-21 12:29 - 000000000 ____D C:\Users\sylvania\AppData\Local\ZHP
2018-01-16 23:50 - 2018-01-16 23:50 - 000000000 ____D C:\Users\sylvania\AppData\Local\ESET
2018-01-16 23:36 - 2018-01-21 12:54 - 000000000 ____D C:\Users\sylvania\Desktop\Adware
2018-01-16 21:05 - 2018-01-16 21:05 - 005660870 _____ (Swearware) C:\Users\sylvania\Downloads\ComboFix (1).exe
2018-01-16 21:02 - 2018-01-16 21:02 - 000388608 _____ (Trend Micro Inc.) C:\Users\sylvania\Downloads\HijackThis.exe
2018-01-16 19:45 - 2018-01-16 19:46 - 083316440 _____ (Malwarebytes ) C:\Users\sylvania\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-16 19:38 - 2018-01-16 19:38 - 000000000 ____D C:\Malware
2018-01-16 16:05 - 2018-01-17 00:08 - 000002662 _____ C:\WINDOWS\System32\Tasks\FreeAntiVirus
2018-01-16 09:52 - 2018-01-16 10:08 - 000000000 ____D C:\Users\sylvania\Downloads\Malwarebytes Premium 3.3.1.2183 + Crack [CracksNow]
2018-01-15 14:13 - 2018-01-15 14:09 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151604513090604
2018-01-15 14:02 - 2018-01-16 11:35 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-15 13:51 - 2018-01-15 13:51 - 000000000 ____D C:\Users\sylvania\Downloads\Avast! Internet Security + Premier Antivirus 17.8.2318 (build 17.8.3705.0) [CracksNow]
2018-01-15 18:01 - 2018-01-15 18:01 - 008198432 _____ (Malwarebytes) C:\Users\sylvania\Downloads\adwcleaner_7.0.6.0.exe
2018-01-15 17:38 - 2018-01-17 19:26 - 000000000 ____D C:\Program Files (x86)\Spyware Terminator
2018-01-15 17:37 - 2018-01-15 17:37 - 009694960 _____ (Crawler Group ) C:\Users\sylvania\Downloads\Baixaki_spyware-terminator [1].exe
2018-01-15 17:07 - 2018-01-15 17:07 - 031622688 _____ (SUPERAntiSpyware) C:\Users\sylvania\Downloads\Baixaki_superantispyware-free [1].exe
2018-01-15 17:02 - 2018-01-15 17:03 - 000249390 _____ C:\Users\sylvania\Downloads\Baixaki_spybot-search-destroy [1].exe
2018-01-15 16:50 - 2018-01-15 16:50 - 002189240 _____ ( ) C:\Users\sylvania\Downloads\Baixaki_spyware-terminator.exe
2018-01-15 16:47 - 2018-01-15 16:47 - 005660870 _____ (Swearware) C:\Users\sylvania\Downloads\ComboFix.exe
2018-01-15 13:30 - 2018-01-15 13:30 - 000003580 _____ C:\WINDOWS\System32\Tasks\Guard
2018-01-15 13:27 - 2018-01-19 14:44 - 000000000 ____D C:\Users\sylvania\AppData\Local\atomeug
2018-01-15 13:25 - 2018-01-15 13:25 - 000000000 ____D C:\Users\sylvania\AppData\Local\pcckgxe
2018-01-15 13:24 - 2018-01-15 13:24 - 000016876 _____ C:\WINDOWS\System32\Tasks\Unreal Tournament System
2018-01-15 12:28 - 2018-01-17 00:08 - 000016784 _____ C:\WINDOWS\System32\Tasks\MAndnoid
2018-01-15 12:26 - 2018-01-15 15:22 - 000000000 ____D C:\Users\sylvania\AppData\Local\8e00a5bd31a24925985c7e814dbcd34a
2018-01-15 12:26 - 2018-01-15 12:26 - 000000000 ____D C:\Users\sylvania\AppData\Local\b94931fdcac5403c92e2e73da835b9f3
2018-01-15 12:24 - 2018-01-15 12:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-15 12:11 - 2018-01-15 12:11 - 000003532 _____ C:\WINDOWS\System32\Tasks\MicrosoftUpd
2018-01-15 12:10 - 2018-01-17 00:08 - 000014468 _____ C:\WINDOWS\System32\Tasks\5the-StoryPDF
2018-01-15 12:10 - 2018-01-15 12:10 - 000000258 __RSH C:\Users\sylvania\ntuser.pol
2018-01-15 12:09 - 2018-01-21 12:53 - 000000000 ____D C:\Users\sylvania\AppData\Local\aucoblx
2018-01-15 11:23 - 2018-01-15 11:23 - 000003908 _____ C:\WINDOWS\System32\Tasks\8841884888418848
2018-01-15 11:23 - 2018-01-15 11:23 - 000003900 _____ C:\WINDOWS\System32\Tasks\4149211341492113
2018-01-15 11:23 - 2018-01-15 11:23 - 000003892 _____ C:\WINDOWS\System32\Tasks\23421212342121
2018-01-15 11:23 - 2018-01-15 11:23 - 000003856 _____ C:\WINDOWS\System32\Tasks\k41492113
2018-01-15 11:23 - 2018-01-15 11:23 - 000003854 _____ C:\WINDOWS\System32\Tasks\88418848
2018-01-15 11:23 - 2018-01-15 11:23 - 000003844 _____ C:\WINDOWS\System32\Tasks\41492113
2018-01-15 11:23 - 2018-01-15 11:23 - 000003842 _____ C:\WINDOWS\System32\Tasks\2342121
2018-01-15 11:22 - 2018-01-15 14:04 - 000000000 ___HD C:\Program Files (x86)\Peh
2018-01-15 11:22 - 2018-01-15 13:28 - 000000103 _____ C:\WINDOWS\SysWOW64\del.bat
2018-01-15 11:21 - 2018-01-15 13:27 - 000000000 ____D C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225
2018-01-15 11:21 - 2018-01-15 11:21 - 000140800 _____ C:\Users\sylvania\AppData\Local\installer.dat
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN
2018-01-15 11:21 - 2018-01-15 11:21 - 000004080 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP
2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\WINDOWS\SysWOW64\cokgrnb
2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\WINDOWS\system32\cokgrnb
2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\Users\sylvania\AppData\Local\zmvkn
2018-01-15 11:19 - 2018-01-15 11:19 - 000014848 _____ C:\Users\sylvania\AppData\Local\dolsaw.dll
2018-01-15 11:19 - 2018-01-15 11:19 - 000003072 _____ C:\Users\sylvania\AppData\Local\uninstallBR.exe
2018-01-15 11:19 - 2018-01-15 11:19 - 000014848 _____ () C:\Users\sylvania\AppData\Local\dolsaw.dll
2018-01-15 11:21 - 2018-01-15 11:21 - 000140800 _____ () C:\Users\sylvania\AppData\Local\installer.dat
2018-01-16 19:46 - 2018-01-16 19:46 - 083316440 _____ (Malwarebytes) C:\Users\sylvania\AppData\Local\Temp\mb3-setup-1878.1878-3.3.1.2183.exe
Task: {015FB16F-C445-420C-95F7-95D08DA02A30} - System32\Tasks\MAndnoid => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\MAndnoid\MAndnoid.dll",KagZyluac <==== ATTENTION
Task: {072FCC2B-D313-44EE-B379-74168ADCF076} - System32\Tasks\GoogleUpdateSecurityTaskMachine_RC => C:\Users\sylvania\AppData\Roaming\240e403a56ce48ff959050de1779ae41\chipset.exe exec hide CCHRXSFIFC.cmd <==== ATTENTION
Task: {1A5217E1-C498-461F-A06C-67CC443AC9A8} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HO => C:\Users\sylvania\AppData\Roaming\46fdfd7893ed431e9266132606b9faed\chipset.exe exec hide OUOHPHRXPB.cmd <==== ATTENTION
Task: {3509B144-F3FC-47A6-B99D-3A7A8372646D} - System32\Tasks\Unreal Tournament System => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Unreal Tournament System\Unreal Tournament System.dll",DuMAuBY <==== ATTENTION
Task: {35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UP => C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225\chipset.exe exec hide NSMPNQGYAN.cmd <==== ATTENTION
Task: {3EC0033B-3370-4733-84EB-10C3D464B24D} - System32\Tasks\88418848 => C:\Users\sylvania\AppData\Local\hawaiian.exe <==== ATTENTION
Task: {5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} - System32\Tasks\MicrosoftUpd => C:\ProgramData\MicrosoftUpd.exe <==== ATTENTION
Task: {68D47E07-5B30-4370-AD36-9F066B16B564} - System32\Tasks\Mouse Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll",nZajaVdtGGmp <==== ATTENTION
Task: {7088B7C3-248B-4C76-914E-AB9189D0DE98} - System32\Tasks\23421212342121 => C:\Program Files (x86)\volpi\correlations.exe <==== ATTENTION
Task: {8F437DF9-F650-4F8C-81B1-01B33EEEBC37} - System32\Tasks\8841884888418848 => C:\Users\sylvania\AppData\Local\correlations.exe <==== ATTENTION
Task: {98E9D453-9E6A-4397-9C9F-0363B15D7D00} - System32\Tasks\5the-StoryPDF => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\5the-StoryPDF\5the-StoryPDF.dll",PqMfKgc <==== ATTENTION
Task: {A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} - System32\Tasks\2342121 => C:\Program Files (x86)\Prune\hawaiian.exe <==== ATTENTION
Task: {B3738D91-2C51-4462-970D-317C6037E48B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B94D0EA6-32CC-4439-A59A-83BC922EA69F} - System32\Tasks\4149211341492113 => C:\Program Files (x86)\Peh\correlations.exe <==== ATTENTION
Task: {BA1ED955-A2B0-41B6-8E93-75F6398430F1} - System32\Tasks\FreeAntiVirus => C:\WINDOWS\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATTENTION
Task: {DB5BCFD7-3048-404A-874A-7D2691407738} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AN => C:\Users\sylvania\AppData\Roaming\37c695d4924440dcbd07c800b3d8eab3\chipset.exe exec hide QKASIHBDFV.cmd <==== ATTENTION
Task: {E1C71B97-2836-4369-BB76-8DD9B72F755F} - System32\Tasks\Guard => C:\Program Files (x86)\System Native\Main Services\Guard.exe <==== ATTENTION
Task: {F3FFC702-2A04-4223-93E8-4CCF6634E93F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F5EF4418-8A45-4FA9-9ABF-3E402704BD02} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HT => C:\Users\sylvania\AppData\Roaming\3a8c3ef3fd414bff8a3e5a34158aceae\chipset.exe exec hide AHCWRJOCHC.cmd <==== ATTENTION
Task: {F753E39E-3850-40B4-8EBA-D39731575138} - System32\Tasks\41492113 => C:\Program Files (x86)\Peh\hawaiian.exe <==== ATTENTION
AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe
C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe
C:\Users\sylvania\AppData\Local\aucoblx\aucoblx.exe
C:\Users\sylvania\AppData\Local\pcckgxe\pwnvdtm.exe
C:\Users\sylvania\AppData\Local\zmvkn\apexpsvc.exe
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Users\sylvania\AppData\Local\pcckgxe
C:\Users\sylvania\AppData\Local\zmvkn
C:\Users\sylvania\AppData\Local\aucoblx
CMD: rd /S /Q "%WinDir%\System32\GroupPolicyUsers"
CMD: rd /S /Q "%WinDir%\System32\GroupPolicy"
CMD: gpupdate /force
CMD: netsh winsock reset catalog
VirusTotal: C:\WINDOWS\system32\drivers\wdbnruxa.sys
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
Hosts:
Reboot:
end
*****************
Processes closed successfully.
Error: Restore point can only be created in normal mode.
ruxaeh => service not found.
"HKLM\System\CurrentControlSet\Services\TrueKey" => removed successfully
TrueKey => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueKeyScheduler" => removed successfully
TrueKeyScheduler => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueKeyServiceHelper" => removed successfully
TrueKeyServiceHelper => service removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
"C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\edoalm <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KICTHEN" => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key could not remove. Access Denied.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key could not remove. Access Denied.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"C:\Users\sylvania\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3739.exe" => not found
C:\Users\sylvania\Downloads\adwcleaner_7.0.7.0.exe => moved successfully
"C:\Users\sylvania\Desktop\ZHPCleaner.txt" => not found
C:\Users\sylvania\AppData\Roaming\ZHP => moved successfully
C:\Users\sylvania\Downloads\ZHPCleaner.exe => moved successfully
"C:\Users\sylvania\Desktop\ZHPCleaner.lnk" => not found
C:\Users\sylvania\AppData\Local\ZHP => moved successfully
C:\Users\sylvania\AppData\Local\ESET => moved successfully
C:\Users\sylvania\Desktop\Adware => moved successfully
"C:\Users\sylvania\Downloads\ComboFix (1).exe" => not found
C:\Users\sylvania\Downloads\HijackThis.exe => moved successfully
"C:\Users\sylvania\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe" => not found
C:\Malware => moved successfully
"C:\WINDOWS\System32\Tasks\FreeAntiVirus" => not found
C:\Users\sylvania\Downloads\Malwarebytes Premium 3.3.1.2183 + Crack [CracksNow] => moved successfully
C:\WINDOWS\system32\Drivers\aswSP.sys.151604513090604 => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\sylvania\Downloads\Avast! Internet Security + Premier Antivirus 17.8.2318 (build 17.8.3705.0) [CracksNow] => moved successfully
"C:\Users\sylvania\Downloads\adwcleaner_7.0.6.0.exe" => not found
C:\Program Files (x86)\Spyware Terminator => moved successfully
C:\Users\sylvania\Downloads\Baixaki_spyware-terminator [1].exe => moved successfully
C:\Users\sylvania\Downloads\Baixaki_superantispyware-free [1].exe => moved successfully
C:\Users\sylvania\Downloads\Baixaki_spybot-search-destroy [1].exe => moved successfully
"C:\Users\sylvania\Downloads\Baixaki_spyware-terminator.exe" => not found
C:\Users\sylvania\Downloads\ComboFix.exe => moved successfully
"C:\WINDOWS\System32\Tasks\Guard" => not found
"C:\Users\sylvania\AppData\Local\atomeug" folder move:
Could not move "C:\Users\sylvania\AppData\Local\atomeug" => Scheduled to move on reboot.
"C:\Users\sylvania\AppData\Local\pcckgxe" folder move:
Could not move "C:\Users\sylvania\AppData\Local\pcckgxe" => Scheduled to move on reboot.
"C:\WINDOWS\System32\Tasks\Unreal Tournament System" => not found
"C:\WINDOWS\System32\Tasks\MAndnoid" => not found
C:\Users\sylvania\AppData\Local\8e00a5bd31a24925985c7e814dbcd34a => moved successfully
C:\Users\sylvania\AppData\Local\b94931fdcac5403c92e2e73da835b9f3 => moved successfully
C:\WINDOWS\system32\Drivers\wd => moved successfully
"C:\WINDOWS\System32\Tasks\MicrosoftUpd" => not found
C:\WINDOWS\System32\Tasks\5the-StoryPDF => moved successfully
C:\Users\sylvania\ntuser.pol => moved successfully
"C:\Users\sylvania\AppData\Local\aucoblx" folder move:
Could not move "C:\Users\sylvania\AppData\Local\aucoblx" => Scheduled to move on reboot.
"C:\WINDOWS\System32\Tasks\8841884888418848" => not found
"C:\WINDOWS\System32\Tasks\4149211341492113" => not found
"C:\WINDOWS\System32\Tasks\23421212342121" => not found
"C:\WINDOWS\System32\Tasks\k41492113" => not found
"C:\WINDOWS\System32\Tasks\88418848" => not found
"C:\WINDOWS\System32\Tasks\41492113" => not found
"C:\WINDOWS\System32\Tasks\2342121" => not found
C:\Program Files (x86)\Peh => moved successfully
"C:\WINDOWS\SysWOW64\del.bat" => not found
"C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225" => not found
C:\Users\sylvania\AppData\Local\installer.dat => moved successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP" => not found
C:\WINDOWS\SysWOW64\cokgrnb => moved successfully
"C:\WINDOWS\system32\cokgrnb" folder move:
Could not move "C:\WINDOWS\system32\cokgrnb" => Scheduled to move on reboot.
C:\Users\sylvania\AppData\Local\zmvkn => moved successfully
"C:\Users\sylvania\AppData\Local\dolsaw.dll" => not found
"C:\Users\sylvania\AppData\Local\uninstallBR.exe" => not found
"C:\Users\sylvania\AppData\Local\dolsaw.dll" => not found
"C:\Users\sylvania\AppData\Local\installer.dat" => not found
"C:\Users\sylvania\AppData\Local\Temp\mb3-setup-1878.1878-3.3.1.2183.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{015FB16F-C445-420C-95F7-95D08DA02A30} => could not remove key. ErrorCode1: 0x00000001
"C:\WINDOWS\System32\Tasks\MAndnoid" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MAndnoid => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{072FCC2B-D313-44EE-B379-74168ADCF076}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{072FCC2B-D313-44EE-B379-74168ADCF076} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_RC => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A5217E1-C498-461F-A06C-67CC443AC9A8}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A5217E1-C498-461F-A06C-67CC443AC9A8} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_HO => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3509B144-F3FC-47A6-B99D-3A7A8372646D} => key not found
"C:\WINDOWS\System32\Tasks\Unreal Tournament System" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Unreal Tournament System => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35BE92FA-70C2-45F5-BB8F-ABF996B3AB11}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_UP => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EC0033B-3370-4733-84EB-10C3D464B24D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC0033B-3370-4733-84EB-10C3D464B24D} => key not found
"C:\WINDOWS\System32\Tasks\88418848" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\88418848 => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} => key not found
"C:\WINDOWS\System32\Tasks\MicrosoftUpd" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftUpd => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D47E07-5B30-4370-AD36-9F066B16B564} => key not found
C:\WINDOWS\System32\Tasks\Mouse Video Converter => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mouse Video Converter" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7088B7C3-248B-4C76-914E-AB9189D0DE98}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7088B7C3-248B-4C76-914E-AB9189D0DE98} => key not found
"C:\WINDOWS\System32\Tasks\23421212342121" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\23421212342121 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F437DF9-F650-4F8C-81B1-01B33EEEBC37}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F437DF9-F650-4F8C-81B1-01B33EEEBC37} => key not found
"C:\WINDOWS\System32\Tasks\8841884888418848" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8841884888418848 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{98E9D453-9E6A-4397-9C9F-0363B15D7D00}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E9D453-9E6A-4397-9C9F-0363B15D7D00}" => removed successfully
"C:\WINDOWS\System32\Tasks\5the-StoryPDF" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5the-StoryPDF" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6D298CF-E2E7-45D3-8EB2-59BE56F206AF}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} => key not found
"C:\WINDOWS\System32\Tasks\2342121" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2342121 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3738D91-2C51-4462-970D-317C6037E48B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3738D91-2C51-4462-970D-317C6037E48B}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B94D0EA6-32CC-4439-A59A-83BC922EA69F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B94D0EA6-32CC-4439-A59A-83BC922EA69F} => key not found
"C:\WINDOWS\System32\Tasks\4149211341492113" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4149211341492113 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA1ED955-A2B0-41B6-8E93-75F6398430F1}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA1ED955-A2B0-41B6-8E93-75F6398430F1} => key not found
"C:\WINDOWS\System32\Tasks\FreeAntiVirus" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeAntiVirus => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB5BCFD7-3048-404A-874A-7D2691407738}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB5BCFD7-3048-404A-874A-7D2691407738} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_AN => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1C71B97-2836-4369-BB76-8DD9B72F755F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1C71B97-2836-4369-BB76-8DD9B72F755F} => key not found
"C:\WINDOWS\System32\Tasks\Guard" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Guard => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3FFC702-2A04-4223-93E8-4CCF6634E93F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3FFC702-2A04-4223-93E8-4CCF6634E93F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5EF4418-8A45-4FA9-9ABF-3E402704BD02}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5EF4418-8A45-4FA9-9ABF-3E402704BD02} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_HT => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F753E39E-3850-40B4-8EBA-D39731575138}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F753E39E-3850-40B4-8EBA-D39731575138} => key not found
"C:\WINDOWS\System32\Tasks\41492113" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\41492113 => key not found
C:\Users\sylvania\Desktop\1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\sylvania\Desktop\1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\sylvania\Desktop\2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\sylvania\Desktop\2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\sylvania\Desktop\3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\sylvania\Desktop\3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe" => not found
"C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe" => not found
"C:\Users\sylvania\AppData\Local\aucoblx\aucoblx.exe" => not found
"C:\Users\sylvania\AppData\Local\pcckgxe\pwnvdtm.exe" => not found
"C:\Users\sylvania\AppData\Local\zmvkn\apexpsvc.exe" => not found
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe => moved successfully
C:\Program Files\TrueKey\McTkSchedulerService.exe => moved successfully
"C:\Users\sylvania\AppData\Local\pcckgxe" folder move:
Could not move "C:\Users\sylvania\AppData\Local\pcckgxe" => Scheduled to move on reboot.
"C:\Users\sylvania\AppData\Local\zmvkn" => not found
"C:\Users\sylvania\AppData\Local\aucoblx" folder move:
Could not move "C:\Users\sylvania\AppData\Local\aucoblx" => Scheduled to move on reboot.
========= rd /S /Q "%WinDir%\System32\GroupPolicyUsers" =========
========= End of CMD: =========
========= rd /S /Q "%WinDir%\System32\GroupPolicy" =========
========= End of CMD: =========
========= gpupdate /force =========
Updating policy...
Computer Policy Update Failed.
User Policy Update Failed.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
"VirusTotal: C:\WINDOWS\system32\drivers\wdbnruxa.sys" => not found
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2400762992-834235184-972392584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2400762992-834235184-972392584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38507832 B
Java, Flash, Steam htmlcache => 74072908 B
Windows/system/drivers => 3859 B
Edge => 2092292 B
Chrome => 316626008 B
Firefox => 227027647 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 99852 B
systemprofile32 => 0 B
LocalService => 78674 B
NetworkService => 0 B
sylvania => 430464236 B
Administrator => 71898 B
RecycleBin => 99170756 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 24-01-2018 21:12:40)
C:\Users\sylvania\AppData\Local\atomeug => Could not move
C:\Users\sylvania\AppData\Local\pcckgxe => Could not move
C:\Users\sylvania\AppData\Local\aucoblx => Could not move
C:\WINDOWS\system32\cokgrnb => Could not move
C:\Users\sylvania\AppData\Local\pcckgxe => Could not move
C:\Users\sylvania\AppData\Local\aucoblx => Could not move
Result of scheduled keys to remove after reboot:
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key removed successfully
==== End of Fixlog 21:12:40 ====
Ran by sylvania (24-01-2018 21:10:38) Run:4
Running from C:\Users\sylvania\Desktop
Loaded Profiles: sylvania (Available Profiles: sylvania & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================
fixlist content:
*****************
start
CloseProcesses:
CreateRestorepoint:
R3 ruxaeh; system32\drivers\xaehkn.sys [X]
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) [File not signed]
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) [File not signed]
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) [File not signed]
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (No File)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Services\edoalm <==== ATTENTION (Rootkit!)
HKLM\...\RunOnce: [KICTHEN] => C:\Windows\Temp\g746A.tmp.exe <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
2018-01-21 12:45 - 2018-01-21 12:46 - 082634184 _____ (Malwarebytes ) C:\Users\sylvania\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3739.exe
2018-01-21 12:42 - 2018-01-21 12:42 - 008206624 _____ (Malwarebytes) C:\Users\sylvania\Downloads\adwcleaner_7.0.7.0.exe
2018-01-21 12:37 - 2018-01-21 12:39 - 000005717 _____ C:\Users\sylvania\Desktop\ZHPCleaner.txt
2018-01-21 12:29 - 2018-01-21 12:39 - 000000000 ____D C:\Users\sylvania\AppData\Roaming\ZHP
2018-01-21 12:29 - 2018-01-21 12:29 - 003046784 _____ C:\Users\sylvania\Downloads\ZHPCleaner.exe
2018-01-21 12:29 - 2018-01-21 12:29 - 000000880 _____ C:\Users\sylvania\Desktop\ZHPCleaner.lnk
2018-01-21 12:29 - 2018-01-21 12:29 - 000000000 ____D C:\Users\sylvania\AppData\Local\ZHP
2018-01-16 23:50 - 2018-01-16 23:50 - 000000000 ____D C:\Users\sylvania\AppData\Local\ESET
2018-01-16 23:36 - 2018-01-21 12:54 - 000000000 ____D C:\Users\sylvania\Desktop\Adware
2018-01-16 21:05 - 2018-01-16 21:05 - 005660870 _____ (Swearware) C:\Users\sylvania\Downloads\ComboFix (1).exe
2018-01-16 21:02 - 2018-01-16 21:02 - 000388608 _____ (Trend Micro Inc.) C:\Users\sylvania\Downloads\HijackThis.exe
2018-01-16 19:45 - 2018-01-16 19:46 - 083316440 _____ (Malwarebytes ) C:\Users\sylvania\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-16 19:38 - 2018-01-16 19:38 - 000000000 ____D C:\Malware
2018-01-16 16:05 - 2018-01-17 00:08 - 000002662 _____ C:\WINDOWS\System32\Tasks\FreeAntiVirus
2018-01-16 09:52 - 2018-01-16 10:08 - 000000000 ____D C:\Users\sylvania\Downloads\Malwarebytes Premium 3.3.1.2183 + Crack [CracksNow]
2018-01-15 14:13 - 2018-01-15 14:09 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151604513090604
2018-01-15 14:02 - 2018-01-16 11:35 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-15 13:51 - 2018-01-15 13:51 - 000000000 ____D C:\Users\sylvania\Downloads\Avast! Internet Security + Premier Antivirus 17.8.2318 (build 17.8.3705.0) [CracksNow]
2018-01-15 18:01 - 2018-01-15 18:01 - 008198432 _____ (Malwarebytes) C:\Users\sylvania\Downloads\adwcleaner_7.0.6.0.exe
2018-01-15 17:38 - 2018-01-17 19:26 - 000000000 ____D C:\Program Files (x86)\Spyware Terminator
2018-01-15 17:37 - 2018-01-15 17:37 - 009694960 _____ (Crawler Group ) C:\Users\sylvania\Downloads\Baixaki_spyware-terminator [1].exe
2018-01-15 17:07 - 2018-01-15 17:07 - 031622688 _____ (SUPERAntiSpyware) C:\Users\sylvania\Downloads\Baixaki_superantispyware-free [1].exe
2018-01-15 17:02 - 2018-01-15 17:03 - 000249390 _____ C:\Users\sylvania\Downloads\Baixaki_spybot-search-destroy [1].exe
2018-01-15 16:50 - 2018-01-15 16:50 - 002189240 _____ ( ) C:\Users\sylvania\Downloads\Baixaki_spyware-terminator.exe
2018-01-15 16:47 - 2018-01-15 16:47 - 005660870 _____ (Swearware) C:\Users\sylvania\Downloads\ComboFix.exe
2018-01-15 13:30 - 2018-01-15 13:30 - 000003580 _____ C:\WINDOWS\System32\Tasks\Guard
2018-01-15 13:27 - 2018-01-19 14:44 - 000000000 ____D C:\Users\sylvania\AppData\Local\atomeug
2018-01-15 13:25 - 2018-01-15 13:25 - 000000000 ____D C:\Users\sylvania\AppData\Local\pcckgxe
2018-01-15 13:24 - 2018-01-15 13:24 - 000016876 _____ C:\WINDOWS\System32\Tasks\Unreal Tournament System
2018-01-15 12:28 - 2018-01-17 00:08 - 000016784 _____ C:\WINDOWS\System32\Tasks\MAndnoid
2018-01-15 12:26 - 2018-01-15 15:22 - 000000000 ____D C:\Users\sylvania\AppData\Local\8e00a5bd31a24925985c7e814dbcd34a
2018-01-15 12:26 - 2018-01-15 12:26 - 000000000 ____D C:\Users\sylvania\AppData\Local\b94931fdcac5403c92e2e73da835b9f3
2018-01-15 12:24 - 2018-01-15 12:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-15 12:11 - 2018-01-15 12:11 - 000003532 _____ C:\WINDOWS\System32\Tasks\MicrosoftUpd
2018-01-15 12:10 - 2018-01-17 00:08 - 000014468 _____ C:\WINDOWS\System32\Tasks\5the-StoryPDF
2018-01-15 12:10 - 2018-01-15 12:10 - 000000258 __RSH C:\Users\sylvania\ntuser.pol
2018-01-15 12:09 - 2018-01-21 12:53 - 000000000 ____D C:\Users\sylvania\AppData\Local\aucoblx
2018-01-15 11:23 - 2018-01-15 11:23 - 000003908 _____ C:\WINDOWS\System32\Tasks\8841884888418848
2018-01-15 11:23 - 2018-01-15 11:23 - 000003900 _____ C:\WINDOWS\System32\Tasks\4149211341492113
2018-01-15 11:23 - 2018-01-15 11:23 - 000003892 _____ C:\WINDOWS\System32\Tasks\23421212342121
2018-01-15 11:23 - 2018-01-15 11:23 - 000003856 _____ C:\WINDOWS\System32\Tasks\k41492113
2018-01-15 11:23 - 2018-01-15 11:23 - 000003854 _____ C:\WINDOWS\System32\Tasks\88418848
2018-01-15 11:23 - 2018-01-15 11:23 - 000003844 _____ C:\WINDOWS\System32\Tasks\41492113
2018-01-15 11:23 - 2018-01-15 11:23 - 000003842 _____ C:\WINDOWS\System32\Tasks\2342121
2018-01-15 11:22 - 2018-01-15 14:04 - 000000000 ___HD C:\Program Files (x86)\Peh
2018-01-15 11:22 - 2018-01-15 13:28 - 000000103 _____ C:\WINDOWS\SysWOW64\del.bat
2018-01-15 11:21 - 2018-01-15 13:27 - 000000000 ____D C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225
2018-01-15 11:21 - 2018-01-15 11:21 - 000140800 _____ C:\Users\sylvania\AppData\Local\installer.dat
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO
2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN
2018-01-15 11:21 - 2018-01-15 11:21 - 000004080 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP
2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\WINDOWS\SysWOW64\cokgrnb
2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\WINDOWS\system32\cokgrnb
2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\Users\sylvania\AppData\Local\zmvkn
2018-01-15 11:19 - 2018-01-15 11:19 - 000014848 _____ C:\Users\sylvania\AppData\Local\dolsaw.dll
2018-01-15 11:19 - 2018-01-15 11:19 - 000003072 _____ C:\Users\sylvania\AppData\Local\uninstallBR.exe
2018-01-15 11:19 - 2018-01-15 11:19 - 000014848 _____ () C:\Users\sylvania\AppData\Local\dolsaw.dll
2018-01-15 11:21 - 2018-01-15 11:21 - 000140800 _____ () C:\Users\sylvania\AppData\Local\installer.dat
2018-01-16 19:46 - 2018-01-16 19:46 - 083316440 _____ (Malwarebytes) C:\Users\sylvania\AppData\Local\Temp\mb3-setup-1878.1878-3.3.1.2183.exe
Task: {015FB16F-C445-420C-95F7-95D08DA02A30} - System32\Tasks\MAndnoid => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\MAndnoid\MAndnoid.dll",KagZyluac <==== ATTENTION
Task: {072FCC2B-D313-44EE-B379-74168ADCF076} - System32\Tasks\GoogleUpdateSecurityTaskMachine_RC => C:\Users\sylvania\AppData\Roaming\240e403a56ce48ff959050de1779ae41\chipset.exe exec hide CCHRXSFIFC.cmd <==== ATTENTION
Task: {1A5217E1-C498-461F-A06C-67CC443AC9A8} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HO => C:\Users\sylvania\AppData\Roaming\46fdfd7893ed431e9266132606b9faed\chipset.exe exec hide OUOHPHRXPB.cmd <==== ATTENTION
Task: {3509B144-F3FC-47A6-B99D-3A7A8372646D} - System32\Tasks\Unreal Tournament System => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Unreal Tournament System\Unreal Tournament System.dll",DuMAuBY <==== ATTENTION
Task: {35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UP => C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225\chipset.exe exec hide NSMPNQGYAN.cmd <==== ATTENTION
Task: {3EC0033B-3370-4733-84EB-10C3D464B24D} - System32\Tasks\88418848 => C:\Users\sylvania\AppData\Local\hawaiian.exe <==== ATTENTION
Task: {5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} - System32\Tasks\MicrosoftUpd => C:\ProgramData\MicrosoftUpd.exe <==== ATTENTION
Task: {68D47E07-5B30-4370-AD36-9F066B16B564} - System32\Tasks\Mouse Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll",nZajaVdtGGmp <==== ATTENTION
Task: {7088B7C3-248B-4C76-914E-AB9189D0DE98} - System32\Tasks\23421212342121 => C:\Program Files (x86)\volpi\correlations.exe <==== ATTENTION
Task: {8F437DF9-F650-4F8C-81B1-01B33EEEBC37} - System32\Tasks\8841884888418848 => C:\Users\sylvania\AppData\Local\correlations.exe <==== ATTENTION
Task: {98E9D453-9E6A-4397-9C9F-0363B15D7D00} - System32\Tasks\5the-StoryPDF => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\5the-StoryPDF\5the-StoryPDF.dll",PqMfKgc <==== ATTENTION
Task: {A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} - System32\Tasks\2342121 => C:\Program Files (x86)\Prune\hawaiian.exe <==== ATTENTION
Task: {B3738D91-2C51-4462-970D-317C6037E48B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {B94D0EA6-32CC-4439-A59A-83BC922EA69F} - System32\Tasks\4149211341492113 => C:\Program Files (x86)\Peh\correlations.exe <==== ATTENTION
Task: {BA1ED955-A2B0-41B6-8E93-75F6398430F1} - System32\Tasks\FreeAntiVirus => C:\WINDOWS\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATTENTION
Task: {DB5BCFD7-3048-404A-874A-7D2691407738} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AN => C:\Users\sylvania\AppData\Roaming\37c695d4924440dcbd07c800b3d8eab3\chipset.exe exec hide QKASIHBDFV.cmd <==== ATTENTION
Task: {E1C71B97-2836-4369-BB76-8DD9B72F755F} - System32\Tasks\Guard => C:\Program Files (x86)\System Native\Main Services\Guard.exe <==== ATTENTION
Task: {F3FFC702-2A04-4223-93E8-4CCF6634E93F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {F5EF4418-8A45-4FA9-9ABF-3E402704BD02} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HT => C:\Users\sylvania\AppData\Roaming\3a8c3ef3fd414bff8a3e5a34158aceae\chipset.exe exec hide AHCWRJOCHC.cmd <==== ATTENTION
Task: {F753E39E-3850-40B4-8EBA-D39731575138} - System32\Tasks\41492113 => C:\Program Files (x86)\Peh\hawaiian.exe <==== ATTENTION
AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89]
AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe
C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe
C:\Users\sylvania\AppData\Local\aucoblx\aucoblx.exe
C:\Users\sylvania\AppData\Local\pcckgxe\pwnvdtm.exe
C:\Users\sylvania\AppData\Local\zmvkn\apexpsvc.exe
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Users\sylvania\AppData\Local\pcckgxe
C:\Users\sylvania\AppData\Local\zmvkn
C:\Users\sylvania\AppData\Local\aucoblx
CMD: rd /S /Q "%WinDir%\System32\GroupPolicyUsers"
CMD: rd /S /Q "%WinDir%\System32\GroupPolicy"
CMD: gpupdate /force
CMD: netsh winsock reset catalog
VirusTotal: C:\WINDOWS\system32\drivers\wdbnruxa.sys
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
Hosts:
Reboot:
end
*****************
Processes closed successfully.
Error: Restore point can only be created in normal mode.
ruxaeh => service not found.
"HKLM\System\CurrentControlSet\Services\TrueKey" => removed successfully
TrueKey => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueKeyScheduler" => removed successfully
TrueKeyScheduler => service removed successfully
"HKLM\System\CurrentControlSet\Services\TrueKeyServiceHelper" => removed successfully
TrueKeyServiceHelper => service removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
"C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe" => not found
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\edoalm <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KICTHEN" => not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key could not remove. Access Denied.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key could not remove. Access Denied.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key not found
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key not found
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"C:\Users\sylvania\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3739.exe" => not found
C:\Users\sylvania\Downloads\adwcleaner_7.0.7.0.exe => moved successfully
"C:\Users\sylvania\Desktop\ZHPCleaner.txt" => not found
C:\Users\sylvania\AppData\Roaming\ZHP => moved successfully
C:\Users\sylvania\Downloads\ZHPCleaner.exe => moved successfully
"C:\Users\sylvania\Desktop\ZHPCleaner.lnk" => not found
C:\Users\sylvania\AppData\Local\ZHP => moved successfully
C:\Users\sylvania\AppData\Local\ESET => moved successfully
C:\Users\sylvania\Desktop\Adware => moved successfully
"C:\Users\sylvania\Downloads\ComboFix (1).exe" => not found
C:\Users\sylvania\Downloads\HijackThis.exe => moved successfully
"C:\Users\sylvania\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe" => not found
C:\Malware => moved successfully
"C:\WINDOWS\System32\Tasks\FreeAntiVirus" => not found
C:\Users\sylvania\Downloads\Malwarebytes Premium 3.3.1.2183 + Crack [CracksNow] => moved successfully
C:\WINDOWS\system32\Drivers\aswSP.sys.151604513090604 => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Users\sylvania\Downloads\Avast! Internet Security + Premier Antivirus 17.8.2318 (build 17.8.3705.0) [CracksNow] => moved successfully
"C:\Users\sylvania\Downloads\adwcleaner_7.0.6.0.exe" => not found
C:\Program Files (x86)\Spyware Terminator => moved successfully
C:\Users\sylvania\Downloads\Baixaki_spyware-terminator [1].exe => moved successfully
C:\Users\sylvania\Downloads\Baixaki_superantispyware-free [1].exe => moved successfully
C:\Users\sylvania\Downloads\Baixaki_spybot-search-destroy [1].exe => moved successfully
"C:\Users\sylvania\Downloads\Baixaki_spyware-terminator.exe" => not found
C:\Users\sylvania\Downloads\ComboFix.exe => moved successfully
"C:\WINDOWS\System32\Tasks\Guard" => not found
"C:\Users\sylvania\AppData\Local\atomeug" folder move:
Could not move "C:\Users\sylvania\AppData\Local\atomeug" => Scheduled to move on reboot.
"C:\Users\sylvania\AppData\Local\pcckgxe" folder move:
Could not move "C:\Users\sylvania\AppData\Local\pcckgxe" => Scheduled to move on reboot.
"C:\WINDOWS\System32\Tasks\Unreal Tournament System" => not found
"C:\WINDOWS\System32\Tasks\MAndnoid" => not found
C:\Users\sylvania\AppData\Local\8e00a5bd31a24925985c7e814dbcd34a => moved successfully
C:\Users\sylvania\AppData\Local\b94931fdcac5403c92e2e73da835b9f3 => moved successfully
C:\WINDOWS\system32\Drivers\wd => moved successfully
"C:\WINDOWS\System32\Tasks\MicrosoftUpd" => not found
C:\WINDOWS\System32\Tasks\5the-StoryPDF => moved successfully
C:\Users\sylvania\ntuser.pol => moved successfully
"C:\Users\sylvania\AppData\Local\aucoblx" folder move:
Could not move "C:\Users\sylvania\AppData\Local\aucoblx" => Scheduled to move on reboot.
"C:\WINDOWS\System32\Tasks\8841884888418848" => not found
"C:\WINDOWS\System32\Tasks\4149211341492113" => not found
"C:\WINDOWS\System32\Tasks\23421212342121" => not found
"C:\WINDOWS\System32\Tasks\k41492113" => not found
"C:\WINDOWS\System32\Tasks\88418848" => not found
"C:\WINDOWS\System32\Tasks\41492113" => not found
"C:\WINDOWS\System32\Tasks\2342121" => not found
C:\Program Files (x86)\Peh => moved successfully
"C:\WINDOWS\SysWOW64\del.bat" => not found
"C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225" => not found
C:\Users\sylvania\AppData\Local\installer.dat => moved successfully
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN" => not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP" => not found
C:\WINDOWS\SysWOW64\cokgrnb => moved successfully
"C:\WINDOWS\system32\cokgrnb" folder move:
Could not move "C:\WINDOWS\system32\cokgrnb" => Scheduled to move on reboot.
C:\Users\sylvania\AppData\Local\zmvkn => moved successfully
"C:\Users\sylvania\AppData\Local\dolsaw.dll" => not found
"C:\Users\sylvania\AppData\Local\uninstallBR.exe" => not found
"C:\Users\sylvania\AppData\Local\dolsaw.dll" => not found
"C:\Users\sylvania\AppData\Local\installer.dat" => not found
"C:\Users\sylvania\AppData\Local\Temp\mb3-setup-1878.1878-3.3.1.2183.exe" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{015FB16F-C445-420C-95F7-95D08DA02A30} => could not remove key. ErrorCode1: 0x00000001
"C:\WINDOWS\System32\Tasks\MAndnoid" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MAndnoid => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{072FCC2B-D313-44EE-B379-74168ADCF076}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{072FCC2B-D313-44EE-B379-74168ADCF076} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_RC => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A5217E1-C498-461F-A06C-67CC443AC9A8}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A5217E1-C498-461F-A06C-67CC443AC9A8} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_HO => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3509B144-F3FC-47A6-B99D-3A7A8372646D} => key not found
"C:\WINDOWS\System32\Tasks\Unreal Tournament System" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Unreal Tournament System => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35BE92FA-70C2-45F5-BB8F-ABF996B3AB11}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_UP => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EC0033B-3370-4733-84EB-10C3D464B24D}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC0033B-3370-4733-84EB-10C3D464B24D} => key not found
"C:\WINDOWS\System32\Tasks\88418848" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\88418848 => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} => key not found
"C:\WINDOWS\System32\Tasks\MicrosoftUpd" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftUpd => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D47E07-5B30-4370-AD36-9F066B16B564} => key not found
C:\WINDOWS\System32\Tasks\Mouse Video Converter => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mouse Video Converter" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7088B7C3-248B-4C76-914E-AB9189D0DE98}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7088B7C3-248B-4C76-914E-AB9189D0DE98} => key not found
"C:\WINDOWS\System32\Tasks\23421212342121" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\23421212342121 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F437DF9-F650-4F8C-81B1-01B33EEEBC37}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F437DF9-F650-4F8C-81B1-01B33EEEBC37} => key not found
"C:\WINDOWS\System32\Tasks\8841884888418848" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8841884888418848 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{98E9D453-9E6A-4397-9C9F-0363B15D7D00}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E9D453-9E6A-4397-9C9F-0363B15D7D00}" => removed successfully
"C:\WINDOWS\System32\Tasks\5the-StoryPDF" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5the-StoryPDF" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6D298CF-E2E7-45D3-8EB2-59BE56F206AF}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} => key not found
"C:\WINDOWS\System32\Tasks\2342121" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2342121 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3738D91-2C51-4462-970D-317C6037E48B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3738D91-2C51-4462-970D-317C6037E48B}" => removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B94D0EA6-32CC-4439-A59A-83BC922EA69F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B94D0EA6-32CC-4439-A59A-83BC922EA69F} => key not found
"C:\WINDOWS\System32\Tasks\4149211341492113" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4149211341492113 => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA1ED955-A2B0-41B6-8E93-75F6398430F1}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA1ED955-A2B0-41B6-8E93-75F6398430F1} => key not found
"C:\WINDOWS\System32\Tasks\FreeAntiVirus" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeAntiVirus => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB5BCFD7-3048-404A-874A-7D2691407738}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB5BCFD7-3048-404A-874A-7D2691407738} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_AN => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1C71B97-2836-4369-BB76-8DD9B72F755F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1C71B97-2836-4369-BB76-8DD9B72F755F} => key not found
"C:\WINDOWS\System32\Tasks\Guard" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Guard => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3FFC702-2A04-4223-93E8-4CCF6634E93F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3FFC702-2A04-4223-93E8-4CCF6634E93F}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5EF4418-8A45-4FA9-9ABF-3E402704BD02}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5EF4418-8A45-4FA9-9ABF-3E402704BD02} => key not found
"C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_HT => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F753E39E-3850-40B4-8EBA-D39731575138}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F753E39E-3850-40B4-8EBA-D39731575138} => key not found
"C:\WINDOWS\System32\Tasks\41492113" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\41492113 => key not found
C:\Users\sylvania\Desktop\1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\sylvania\Desktop\1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\sylvania\Desktop\2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\sylvania\Desktop\2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
C:\Users\sylvania\Desktop\3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove.
C:\Users\sylvania\Desktop\3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully
"C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe" => not found
"C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe" => not found
"C:\Users\sylvania\AppData\Local\aucoblx\aucoblx.exe" => not found
"C:\Users\sylvania\AppData\Local\pcckgxe\pwnvdtm.exe" => not found
"C:\Users\sylvania\AppData\Local\zmvkn\apexpsvc.exe" => not found
C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe => moved successfully
C:\Program Files\TrueKey\McTkSchedulerService.exe => moved successfully
"C:\Users\sylvania\AppData\Local\pcckgxe" folder move:
Could not move "C:\Users\sylvania\AppData\Local\pcckgxe" => Scheduled to move on reboot.
"C:\Users\sylvania\AppData\Local\zmvkn" => not found
"C:\Users\sylvania\AppData\Local\aucoblx" folder move:
Could not move "C:\Users\sylvania\AppData\Local\aucoblx" => Scheduled to move on reboot.
========= rd /S /Q "%WinDir%\System32\GroupPolicyUsers" =========
========= End of CMD: =========
========= rd /S /Q "%WinDir%\System32\GroupPolicy" =========
========= End of CMD: =========
========= gpupdate /force =========
Updating policy...
Computer Policy Update Failed.
User Policy Update Failed.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
"VirusTotal: C:\WINDOWS\system32\drivers\wdbnruxa.sys" => not found
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-2400762992-834235184-972392584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2400762992-834235184-972392584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38507832 B
Java, Flash, Steam htmlcache => 74072908 B
Windows/system/drivers => 3859 B
Edge => 2092292 B
Chrome => 316626008 B
Firefox => 227027647 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 99852 B
systemprofile32 => 0 B
LocalService => 78674 B
NetworkService => 0 B
sylvania => 430464236 B
Administrator => 71898 B
RecycleBin => 99170756 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 24-01-2018 21:12:40)
C:\Users\sylvania\AppData\Local\atomeug => Could not move
C:\Users\sylvania\AppData\Local\pcckgxe => Could not move
C:\Users\sylvania\AppData\Local\aucoblx => Could not move
C:\WINDOWS\system32\cokgrnb => Could not move
C:\Users\sylvania\AppData\Local\pcckgxe => Could not move
C:\Users\sylvania\AppData\Local\aucoblx => Could not move
Result of scheduled keys to remove after reboot:
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key removed successfully
==== End of Fixlog 21:12:40 ====