[Resolvido] Não consigo atualizar ou desinstalar o AVG 2014...

[Soraya Lourenço 0]

Consegui reinstalar o AVG 2014. E o atualizei.

 

Consegui rodar o programa AdwCleaner.

Segue o log:

# AdwCleaner v3.216 - Relatório criado 22/07/2014 às 14:09:24
# Atualizado 17/07/2014 por Xplode
# Sistema Operacional : Windows 7 Starter Service Pack 1 (32 bits)
# Usuário : Soraya - LOURENÇO-PC
# Executando de : C:\Users\Soraya\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Soraya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Arquivo Deletada : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\user.js

***** [ Atalhos ] *****


***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\Soraya\AppData\Roaming\Mozilla\Firefox\Profiles\d9gpgnfs.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [281 octets] - [21/07/2014 16:53:02]
AdwCleaner[R1].txt - [3845 octets] - [22/07/2014 13:57:36]
AdwCleaner[R2].txt - [3570 octets] - [22/07/2014 14:06:50]
AdwCleaner[s0].txt - [3893 octets] - [22/07/2014 14:03:16]
AdwCleaner[s1].txt - [3434 octets] - [22/07/2014 14:09:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3494 octets] ##########

[Power Max 54]

Consegui reinstalar o AVG 2014. E o atualizei.

Que bom! aproveite e faça uma verificação completa com ele e remova os vírus que ele encontrar.

________________________________________________________________________

 

Depois disto baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

[Soraya Lourenço 0]

5 vírus encontrados com o AVG.

 

Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Starter x86
Ran by Soraya on 22/07/2014 at 15:20:25,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1980178241-1392328930-356032191-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Soraya\AppData\Roaming\mozilla\firefox\profiles\d9gpgnfs.default\minidumps [882 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/07/2014 at 15:27:37,33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Power Max 54]

5 vírus encontrados com o AVG.

Você removeu estes vírus que ele encontrou para a quarentena dele? Caso não tenha removido, remova.

_______________________________________________________________

 

:seta: Faça também uma limpeza com o Malwarebytes seguindo as dicas da postagem abaixo:

 

Tutorial do Malwarebytes Anti-Malware

 

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

 

Ficamos no aguardo.

[Soraya Lourenço 0]

Acho que o AVG já manda direto pra quarenta. Devo excluir os arquivos em quarentena?

 

Segue o log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Data de Verificação: 22/07/2014
Hora da Verificação: 16:07:45
Logfile: soraya2.txt
Administrador: Sim

Versão: 2.00.2.1012
Malware Database: v2014.07.22.08
Rootkit Database: v2014.07.17.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Self-protection: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: Soraya

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 416553
Tempo Decorrido: 2 hr, 41 min, 31 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 3
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\defdhglnppeioeflggkmglipcecffkhk, Quarantined, [b2de0e947902989ee008e63e54b01be5],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [0e82158de09b6fc7f6933b98639fac54],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1980178241-1392328930-356032191-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [761a534f2f4cc5714c3ecb08cc3639c7],

Valores de Registro: 1
Hijack.FolderOptions, HKU\S-1-5-21-1980178241-1392328930-356032191-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NofolderOptions, 1, Quarantined, [deb210920e6d0531d0360758db28d828]

Dados do Registro: 5
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[95fb5a48f9827abc996fe0c9e61ef709]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[fb952f73d7a457dfe81eddcc5ba9cd33]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[d8b8851d8cefc37367a04267768e41bf]
PUM.Hijack.HomePageControl, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),Replaced,[e9a76b37fd7e8da98408bced30d4f50b]
Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[434d2280196231059535b3f8ea1abb45]

Pastas: 0
(No malicious items detected)

Arquivos: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Power Max 54]

Deixa os vírus na quarentena do Avg mesmo.

___________________________________________

 

Desative temporariamente seu antivirus para evitar conflitos.

 

Baixe < Shortcut_Module > ( de g3n-h@ckm@n )

|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download:

 

Execute-o da forma indicada nesta postagem:

 

Desinfecte atalhos infectados e exclua adwares com a ferramenta Shortcut_Module

 

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

[Soraya Lourenço 0]

Bom dia!

 

Não estou conseguindo faze-lo rodar. O programa começa a atualizar mas dá erro. E o programa não roda.

[Power Max 54]

inicie o PC em Modo Seguro com rede (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver iniciando e escolhendo a opção Modo Seguro com rede (ou Modo seguro). Quando o PC estiver em modo seguro com rede faça a verificação com o Shortcut_Module.

 

Se mesmo assim não for possível, me avise.

[Soraya Lourenço 0]

Não consegui.

 

O Explorer ainda continua com problemas e hoje o AVG avisou que o OiVeloxCheck esta infectado.

[Power Max 54]

Desative temporariamente seu antivirus para evitar conflitos.

 

Baixe: < Pre_Scan > ( de g3n-h@ckm@n )

|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download:

 

Execute-o da forma indicada nesta postagem:

 

Tutorial de instalação e execução do Pre_Scan

 

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Pre_Scan\Pre_Scan_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

[Soraya Lourenço 0]

Boa noite!

 

Segue log:

 

 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 04.07.20.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 17:36:57

Updated 20/07/2014 | 13.55 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_Script Infos : http://gen-hackman.purforum.com/t49-5-les-switchs-du-script
Pre_scan Feedbacks : http://gen-hackman.purforum.com/f10-pre_scan-feedbacks

[soraya (Administrator)] - [LOURENÇO-PC]
SID = S-1-5-21-1980178241-1392328930-356032191-1000

Starting up : Normal
System : Windows 7 Starter (32 bits) Starter Service Pack 1
ProcessorNameString : AMD E-350 Processor
Identifier : x86 Family 20 Model 1 Stepping 0


Memory RAM = Total (MB) : 1831 | Free (MB) : 1108
Pagefile = Total (MB) : 3662 | Free (MB) : 2778
Virtual = Total (MB) : 2097 | Free (MB) : 1919

¤¤¤¤¤¤¤¤¤¤ | Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ | Drives

C:\-> [Fixed] | [] | Total : 184320 Mo | Free : 131820 Mo -> NTFS
D:\-> [Fixed] | [] | Total : 274630 Mo | Free : 258720 Mo -> NTFS

¤¤¤¤¤¤¤¤¤¤ | Windows updates

Last detection : 2014-07-24 07:49:01
Downloaded last ones : 2014-07-24 20:23:57
Installed last ones : 2014-07-17 19:09:47
Next search : 2014-07-25 02:46:19


¤¤¤¤¤¤¤¤¤¤ | Sessions

C:\Windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\Soraya

Registry saved , to restore : C:\Pre_Scan\Save\Scan\ERDNT.exe

stand-by mode deleted !


¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9600.17207 (© Microsoft Corporation. Todos os direitos reservados.)
FF : 31.0.0.5310 (©Firefox and Mozilla Developers; available under the MPL 2 license.)

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

FlashPlayer ActiveX : 11.3.300.268
FlashPlayer Plugin : 14.0.0.145

¤¤¤¤¤¤¤¤¤¤ | Security

AV : AVG AntiVirus Free Edition 2014 Enabled
AS : AVG AntiVirus Free Edition 2014 Enabled
AM : Malwarebytes Anti-Malware ( 1.0.0.532) [2014.05.27.08]
FW :
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = stopped

¤¤¤¤¤¤¤¤¤¤ | Stopped processes

1016 | [Owner : SISTEMA |Parent : 832] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.2.2.0) = C:\PROGRA~1\GbPlugin\gbpsv.exe
1172 | [Owner : SISTEMA |Parent : 832] - (.AMD - AMD External Events Service Module.) - (6.14.11.1102) = C:\Windows\System32\atiesrxx.exe
1592 | [Owner : SISTEMA |Parent : 1172] - (.AMD - AMD External Events Client Module.) - (6.14.11.1102) = C:\Windows\System32\atieclxx.exe
1836 | [Owner : SISTEMA |Parent : 1300] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility Framework.) - (6.1.7600.16385) = C:\Windows\System32\wlanext.exe
1848 | [Owner : SISTEMA |Parent : 656] - (.Microsoft Corporation - Host da Janela do Console.) - (6.1.7601.18229) = C:\Windows\System32\conhost.exe
1956 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
912 | [Owner : SISTEMA |Parent : 832] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1220 | [Owner : SISTEMA |Parent : 832] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (14.0.0.4744) = C:\Program Files\AVG\AVG2014\avgwdsvc.exe
1144 | [Owner : SISTEMA |Parent : 832] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.3.0.8200) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
2064 | [Owner : SISTEMA |Parent : 832] - (. - .) - (0.0.0.0) = C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2124 | [Owner : SISTEMA |Parent : 832] - (. - RichVideo Module.) - (2.0.0.2930) = C:\Program Files\CyberLink\Shared files\RichVideo.exe
2376 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.3.24650) = C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
2556 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2600 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.3.24650) = C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
2720 | [Owner : Soraya |Parent : 832] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2888 | [Owner : SISTEMA |Parent : 2556] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3004 | [Owner : Soraya |Parent : 2928] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe
3688 | [Owner : Soraya |Parent : 3004] - (.RealNetworks, Inc. - RealNetworks Scheduler.) - (16.0.3.51) = C:\Program Files\Real\RealPlayer\Update\realsched.exe
3704 | [Owner : Soraya |Parent : 3004] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) - (14.0.0.4744) = C:\Program Files\AVG\AVG2014\avgui.exe
3740 | [Owner : Soraya |Parent : 3004] - (.Oracle Corporation - Java Update Scheduler.) - (2.1.9.8) = C:\Program Files\Common Files\Java\Java Update\jusched.exe
3768 | [Owner : Soraya |Parent : 3004] - (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) = C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3808 | [Owner : Soraya |Parent : 3004] - (.Broadcom Corporation. - Bluetooth Tray Application.) - (6.3.0.8200) = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3900 | [Owner : Soraya |Parent : 3004] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe
4016 | [Owner : Soraya |Parent : 3004] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) - (14.0.7104.5000) = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
2952 | [Owner : Soraya |Parent : 3704] - (.Microsoft Corporation - Carregador CTF.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe
3940 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service .) - (14.0.7101.5000) = C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
2344 | [Owner : Soraya |Parent : 1392] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
648 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
3820 | [Owner : Soraya |Parent : 2344] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) - (3.2.5.5) = C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
4148 | [Owner : Soraya |Parent : 2344] - (.Samsung Electronics Co., Ltd. - Wifi Manager.) - (1.0.1.6) = C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
4180 | [Owner : Soraya |Parent : 2344] - (.CyberLink - YouCam Mirage.) - (1.0.0.602) = C:\Program Files\CyberLink\YouCam\YCMMirage.exe
4876 | [Owner : SERVIÇO DE REDE |Parent : 832] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
5556 | [Owner : Soraya |Parent : 948] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) - (6.3.0.8200) = C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
5728 | [Owner : Soraya |Parent : 2344] - (.SEC - Samsung Recovery Solution 5.) - (5.0.1.2) = C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
3936 | [Owner : Soraya |Parent : 2344] - (.Samsung Electronics Co., Ltd. - Smart Restarter Program.) - (2.2.0.1) = C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
4992 | [Owner : Soraya |Parent : 2344] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) - (1.0.5.2) = C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
5140 | [Owner : Soraya |Parent : 4128] - (.CyberLink - CyberLink MediaLibray Service.) - (2.1.1803.0) = C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
5132 | [Owner : Soraya |Parent : 4128] - (.CyberLink Corp. - Media+Player RC Service.) - (10.0.920.0) = C:\Program Files\CyberLink\Media+Player10\Media+Player10Serv.exe
1528 | [Owner : Soraya |Parent : 2344] - (.SAMSUNG Electronics - SSCKbdHk.) - (1.1.2.5) = C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
1128 | [Owner : Soraya |Parent : 2344] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) - (3.0.0.8) = C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
3832 | [Owner : Soraya |Parent : 2344] - (.Samsung Electronics - Samsung Update Plus Background.) - (3.0.0.17) = C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
4228 | [Owner : Soraya |Parent : 3740] - (.Oracle Corporation - Java Update Checker.) - (2.1.9.8) = C:\Program Files\Common Files\Java\Java Update\jucheck.exe
2424 | [Owner : Soraya |Parent : 3004] - (.Mozilla Corporation - Firefox.) - (31.0.0.5310) = C:\Program Files\Mozilla Firefox\firefox.exe
2796 | [Owner : Soraya |Parent : 2424] - (.RealNetworks, Inc. - RealDownloader.) - (1.3.3.66) = C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
7632 | [Owner : SISTEMA |Parent : 1392] - (.Microsoft Corporation - Mecanismo do Agendador de Tarefas.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
6472 | [Owner : Soraya |Parent : 1392] - (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) = C:\Windows\System32\wuauclt.exe
7304 | [Owner : Soraya |Parent : 2424] - (.Mozilla Corporation - Plugin Container for Firefox.) - (31.0.0.5310) = C:\Program Files\Mozilla Firefox\plugin-container.exe
3292 | [Owner : Soraya |Parent : 7304] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) - (14.0.0.145) = C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
3236 | [Owner : Soraya |Parent : 3292] - (.Adobe Systems, Inc. - Adobe Flash Player 14.0 r0.) - (14.0.0.145) = C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe

¤¤¤¤¤¤¤¤¤¤ | Running processes

280 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18113) = C:\Windows\System32\smss.exe
656 | [Owner : SISTEMA |Parent : 648] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
724 | [Owner : SISTEMA |Parent : 648] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe
740 | [Owner : SISTEMA |Parent : 716] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe
792 | [Owner : SISTEMA |Parent : 716] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe
832 | [Owner : SISTEMA |Parent : 724] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) = C:\Windows\System32\services.exe
840 | [Owner : SISTEMA |Parent : 724] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe
860 | [Owner : SISTEMA |Parent : 724] - (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe
948 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1108 | [Owner : SERVIÇO DE REDE |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1248 | [Owner : SERVIÇO LOCAL |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1300 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1344 | [Owner : SERVIÇO LOCAL |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1392 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1512 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1676 | [Owner : SERVIÇO DE REDE |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
1996 | [Owner : SERVIÇO LOCAL |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
2944 | [Owner : Soraya |Parent : 1300] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe
4160 | [Owner : SERVIÇO LOCAL |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
4280 | [Owner : SERVIÇO LOCAL |Parent : 832] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe
4540 | [Owner : SERVIÇO DE REDE |Parent : 948] - (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) = C:\Windows\System32\wbem\WmiPrvSE.exe
8168 | [Owner : SERVIÇO LOCAL |Parent : 1248] - (.Microsoft Corporation - Isolamento de Gráfico de Dispositivo de Áudio do Windows .) - (6.1.7601.17514) = C:\Windows\System32\audiodg.exe
8112 | [Owner : Soraya |Parent : 3004] - (. - .) - (0.0.0.0) = C:\Users\Soraya\Desktop\Pre_Scan.exe
7040 | [Owner : SISTEMA |Parent : 832] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.2.2.0) = C:\PROGRA~1\GbPlugin\gbpsv.exe
7832 | [Owner : SISTEMA |Parent : 832] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (14.0.0.4744) = C:\Program Files\AVG\AVG2014\avgwdsvc.exe
1740 | [Owner : SISTEMA |Parent : 7832] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) - (14.0.0.4744) = C:\Program Files\AVG\AVG2014\avgnsx.exe
2736 | [Owner : SISTEMA |Parent : 7832] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) - (14.0.0.4744) = C:\Program Files\AVG\AVG2014\avgemcx.exe
6800 | [Owner : SISTEMA |Parent : 7832] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) - (14.0.0.4744) = C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
7988 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
6932 | [Owner : SISTEMA |Parent : 6800] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) - (14.0.0.4744) = C:\Program Files\AVG\AVG2014\avgcsrvx.exe
2412 | [Owner : SISTEMA |Parent : 7988] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4884 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe
5540 | [Owner : SERVIÇO DE REDE |Parent : 832] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
5964 | [Owner : SISTEMA |Parent : 4884] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe
380 | [Owner : SISTEMA |Parent : 832] - (.Broadcom Corporation. - Bluetooth Support Server.) - (6.3.0.8200) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
4116 | [Owner : SISTEMA |Parent : 832] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
484 | [Owner : SISTEMA |Parent : 4884] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe


¤¤¤¤¤¤¤¤¤¤ | Winlogon user : OK !


¤¤¤¤¤¤¤¤¤¤ | Winlogon machine : OK !


¤¤¤¤¤¤¤¤¤¤
Associations

Repaired : [HKLM\Software\Classes\Folder\shell\open\command] : C:\Windows\Explorer.exe -> C:\Windows\Explorer.exe


¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

¤¤¤¤¤¤¤¤¤¤
Registry

Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
[Hidden] : 2 -> 0
Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[NoControlPanel] : 1 -> 0
Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
[NoWindowsUpdate] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤
Access to the registry and to the administrator of the tasks



¤¤¤¤¤¤¤¤¤¤ | SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO


¤¤¤¤¤¤¤¤¤¤ | Mountpoints2



¤¤¤¤¤¤¤¤¤¤ | Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]|[] : @SYS:Software\Swearware\dump
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !


[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd

¤¤¤¤¤¤¤¤¤¤ | Security center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{003e0278-eca8-4bb8-a256-3689ca1c2600}]|[Autostart] : C:\Windows\system32\shell32.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{3BF043EF-A974-49B3-8322-B853CF1E5EC5}]|[Autostart] : C:\Windows\System32\SndVolSSO.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{566296fe-e0e8-475f-ba9c-a31ad31620b1}]|[Autostart] : C:\Windows\system32\dxp.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{68ddbb56-9d1d-4fd9-89c5-c0da2a625392}]|[Autostart] : C:\Windows\system32\stobject.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{7007ACCF-3202-11D1-AAD2-00805FC1270E}]|[Autostart] : C:\Windows\System32\netshell.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{7849596a-48ea-486e-8937-a2a3009f31a9}]|[Autostart] : C:\Windows\system32\shell32.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}]|[No 'Autostart'] : C:\Windows\System32\hcproviders.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{900c0763-5cad-4a34-bc1f-40cd513679d5}]|[No 'Autostart'] : C:\Windows\System32\hcproviders.dll C:\Windows\System32\hcproviders.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{A1607060-5D4C-467a-B711-2B59A6F25957}]|[Autostart] : C:\Windows\System32\AltTab.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}]|[Autostart] : C:\Windows\system32\wpdshserviceobj.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{C2796011-81BA-4148-8FCA-C6643245113F}]|[Autostart] : C:\Windows\System32\pnidui.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{DA67B8AD-E81B-4c70-9B91-B417B5E33527}]|[Autostart] : C:\Windows\System32\srchadmin.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{EF4D1E1A-1C87-4AA8-8934-E68E4367468D}]|[Autostart] : C:\Windows\system32\shdocvw.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F08C5AC2-E722-4116-ADB7-CE41B527994B}]|[Autostart] : C:\Windows\System32\bthprops.cpl [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F20487CC-FC04-4B1E-863F-D9801796130B}]|[Autostart] : C:\Windows\System32\SyncCenter.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]|[Autostart] : C:\Windows\System32\Actioncenter.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{fbeb8a05-beee-4442-804e-409d6c4515e9}]|[Autostart] : C:\Windows\system32\shell32.dll [ok]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{ff363bfe-4941-4179-a81c-f3f1ca72d820}]|[Autostart] : C:\Windows\System32\hgcpl.dll [ok]

Repaired : [HKLM\Software\Microsoft\Security Center]|[AntiVirusOverride] : 1 -> 0
Repaired : [HKLM\Software\Microsoft\Security Center]|[AutoUpdateDisableNotify] : 1 -> 0
Repaired : [HKLM\Software\Microsoft\Security Center]|[FirewallOverride] : 1 -> 0

Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Correction of the services


Repaired : [agp440] : 3 -> 2
Repaired : [EapHost] : 3 -> 2
Repaired : [sharedAccess] : 3 -> 2
Repaired : [windefend] : 3 -> 2
Repaired : [wudfsvc] : 3 -> 2
Repaired : [WerSvc] : 3 -> 2
Repaired : [wscsvc] : 4 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.google.com.br/ -> http://www.google.com/
Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/
Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\Software\Microsoft\Internet Explorer\Main]|[search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[searchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[search Bar] : http://search.msn.com/spbasic.htm -> http://www.google.com/

¤

Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1
Repaired : [HKU\S-1-5-21-1980178241-1392328930-356032191-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1

¤¤¤¤¤¤¤¤¤¤ | Hosts

C:\Windows\System32\Drivers\etc\hosts : Cleaned

¤¤¤¤¤¤¤¤¤¤ | reparsepoint



¤¤¤¤¤¤¤¤¤¤ | Detection of offsets


¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry


Deleted : C:\$Recycle.bin\S-1-5-21-1980178241-1392328930-356032191-1000

Moved to quarantine successfully : C:\Windows\system32\Tasks\SvcDelay -> %windir%\temp\SvcDelay.exe
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : TkBellExe -> "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot

Moved to quarantine successfully : C:\Users\Soraya\AppData\Roaming\unins000.dat
Moved to quarantine successfully : C:\Windows\System32\Config\SystemProfile\AppData\Roaming\360safe
Will be moved in quarantine in the restart : C:\Windows\AutoKMS
Moved to quarantine successfully : C:\HijackThis.exe
Moved to quarantine successfully : C:\Users\Soraya\AppData\Local\microsoft\windows\WebCacheLock.dat
Moved to quarantine successfully : C:\Windows\assembly\tmp\AECLY8XT
Moved to quarantine successfully : C:\Windows\assembly\tmp\CR2YODZ2
Moved to quarantine successfully : C:\Windows\assembly\tmp\MLE3WFYU
Moved to quarantine successfully : C:\Windows\assembly\tmp\QTPZVO15
Moved to quarantine successfully : C:\Windows\assembly\tmp\W640KO9K
Moved to quarantine successfully : C:\Windows\assembly\tmp\TL2PKWWT
Moved to quarantine successfully : C:\Windows\assembly\tmp\RBVIRX62
Moved to quarantine successfully : C:\Windows\assembly\tmp\8V4T9ZZA
Moved to quarantine successfully : C:\Windows\assembly\tmp\KWPI59L8
Moved to quarantine successfully : C:\Windows\assembly\tmp\04KXSOWT
Moved to quarantine successfully : C:\Windows\assembly\tmp\CF89AW7A
Moved to quarantine successfully : C:\Windows\assembly\tmp\UYVLCK0Q
Moved to quarantine successfully : C:\Windows\assembly\tmp\A9MU9Q4V
Moved to quarantine successfully : C:\Windows\assembly\tmp\H80MXIJJ
Moved to quarantine successfully : C:\Windows\assembly\tmp\UZPZSEB3
Moved to quarantine successfully : C:\Windows\assembly\tmp\E8NPDGW7
Moved to quarantine successfully : C:\Windows\assembly\tmp\PJ9L4DPB
Moved to quarantine successfully : C:\Windows\assembly\tmp\FZHI9RXL
Moved to quarantine successfully : C:\Windows\assembly\tmp\86XFCOTD
Moved to quarantine successfully : C:\Windows\assembly\tmp\YQXL4T90
Moved to quarantine successfully : C:\Windows\assembly\tmp\WNQP5YGH
Moved to quarantine successfully : C:\Windows\assembly\tmp\NPGY40RA
Moved to quarantine successfully : C:\Users\Soraya\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

¤¤¤¤¤¤¤¤¤¤ | ADS


C:\Windows\System32:
Deleted :E2EEAD74_Abn.gbp
Deleted :E2EEAD74_Bb.gbp

C:\Windows\System32\drivers:
Deleted :GbpKmAp.lst

Prefetch -> cleaned



D:\ : Vaccinated (Vaccin created by Pre_Scan)

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive D:] : Hidden : 123 | Restored : 123
~ [Drive C:] : Hidden : 5 | Restored : 5
~ [Program Files] : Hidden : 6 | Restored : 6
~ [users] : Hidden : 4 | Restored : 4
~ [Documents] : Hidden : 6 | Restored : 6
~ [Desktop] : Hidden : 125 | Restored : 125
~ [searches] : Hidden : 1 | Restored : 1
~ [Windows] : Hidden : 90 | Restored : 88
~ [start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
~ [Libraries] : Hidden : 60 | Restored : 60


¤¤¤¤¤¤¤¤¤¤ | Control of the partitions

Disk: 0 Size=477G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 100M Yes No 2,048 204,800
1 1 07-NTFS 184G No No 206,848 377,487,360
2 2 0F-EXTEND 275G No No 377,694,208 562,440,192
3 3 27-UNKNWN 18G No No 940,134,400 36,634,624

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

End : 18:25:06


Standby-mode restored
¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 393

[Power Max 54]

Como está o PC?

[Soraya Lourenço 0]

Algumas coisas que há muito não funcionavam voltaram ao normal. Inclusive ícones que haviam sumido reapareceram.

O computador parece estar mais rápido.

[Power Max 54]

:) Fico feliz que o problema tenha sido resolvido.

 

:seta: Só para finalizar siga estes tutoriais abaixo, por gentileza:

 

Excluindo erros e otimizando seu PC com o CCleaner

 

Elimine arquivos inúteis de seu PC com o PureRa

_______________________________________________________________________________________________________________________

 

:seta: Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.

_______________________________________________________________________________________________________________________

 

Foi um prazer ajudar. Conte sempre conosco!

[Soraya Lourenço 0]

Bom dia!

 

Usei o CCleaner.

Depois usarei o PureRa.

 

Obrigado! E qualquer coisa volto a te perturbar.

[Power Max 54]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.