Ionara 2 Denunciar post Postado Outubro 5, 2014 PC em modo de segurança reinicia quando tento rodar o malware bytes, segue log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:31:50, on 05/10/2014 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\avastui.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9912 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 11, 2014 Bom Dia! Ionara > Baixe: < Farbar Recovery Scan Tool > > Baixe: < > ( ... by Farbar ) > Ou aqui... < Farbar Recovery Scan Tool 64-Bit > > Ou aqui,para sistemas 64bit! > > Salve-o no desktop! (Área de trabalho ...)> Execute a ferramenta! Clique "Yes" >> "Scan". > Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.> Poste o relatório! (FRST.txt + Addition.txt) A+ Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Outubro 12, 2014 Bom dia, desculpe o atraso, geraram dois logs que seguem abaixo, Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014 Ran by reparo (administrator) on CASA-PC on 12-10-2014 09:21:21 Running from C:\Users\reparo\Desktop Loaded Profile: reparo (Available profiles: reparo) Platform: Windows 7 Home Premium (X64) OS Language: Português (Brasil) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2870896 2010-12-22] (VIA) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal) Startup: C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk ShortcutTarget: 4t Tray Minimizer.lnk -> C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe (4t Niagara Software) Startup: C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67467664.lnk ShortcutTarget: _uninst_67467664.lnk -> C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat (No File) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 SearchScopes: HKCU - Web URL = http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Facilitador de Leitor de Link Adobe PDF -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1579848 2014-02-26] (Caixa Economica Federal) Tcpip\Parameters: [DhcpNameServer] 172.16.0.254 FireFox: ======== FF ProfilePath: C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF Keyword.URL: hxxp://br.yhs4.search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\reparo\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-27] FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi Chrome: ======= CHR StartupUrls: Default -> "https://www.google.com/" CHR Profile: C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30] CHR Extension: (Google Docs) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30] CHR Extension: (Google Drive) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-30] CHR Extension: (YouTube) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30] CHR Extension: (Pesquisa do Google) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30] CHR Extension: (Planilhas do Google) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30] CHR Extension: (avast! Online Security) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-30] CHR Extension: (Google Wallet) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30] CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-09-10] CHR Extension: (Gmail) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-30] CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-27] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520 2014-02-26] (GAS Tecnologia) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-07-31] (IBM Corp.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2010-12-14] (VIA Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 67467664; C:\Windows\System32\DRIVERS\67467664.sys [460888 2012-12-29] (Kaspersky Lab ZAO) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-27] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-27] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-27] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-27] () S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [47720 2012-10-04] (GAS Tecnologia) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation) R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-09-01] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-07-31] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-07-31] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562136 2014-07-31] (IBM Corp.) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 09:21 - 2014-10-12 09:21 - 00016350 _____ () C:\Users\reparo\Desktop\FRST.txt 2014-10-12 09:21 - 2014-10-12 09:21 - 00000000 ____D () C:\FRST 2014-10-12 09:20 - 2014-10-12 09:20 - 02109952 _____ (Farbar) C:\Users\reparo\Desktop\FRST64.exe 2014-10-12 09:18 - 2014-10-12 09:18 - 02109952 _____ (Farbar) C:\Users\reparo\Downloads\FRST64 (1).exe 2014-10-12 09:17 - 2014-10-12 09:18 - 02109952 _____ (Farbar) C:\Users\reparo\Downloads\FRST64.exe 2014-10-10 19:25 - 2014-10-10 19:30 - 00000000 ____D () C:\Users\reparo\Desktop\provas 2014-10-05 07:18 - 2014-10-05 07:47 - 159406720 _____ () C:\Users\reparo\Downloads\setup_11.0.3.7.x01_2014_10_05_12_26.exe 2014-09-30 20:25 - 2014-09-30 20:41 - 00653177 _____ () C:\Users\reparo\Desktop\GRUPO DE SAÚDE CENTRO.pptx 2014-09-30 19:57 - 2014-09-30 19:58 - 05104640 _____ () C:\Users\reparo\Downloads\07-16-24-aulapratica.ppt 2014-09-30 19:55 - 2014-09-30 19:55 - 01520640 _____ () C:\Users\reparo\Downloads\aula1-farmacologia.ppt 2014-09-30 19:52 - 2014-09-30 19:53 - 03685376 _____ () C:\Users\reparo\Downloads\Administração de Medicamentos.ppt 2014-09-30 19:48 - 2014-09-30 19:48 - 04930048 _____ () C:\Users\reparo\Downloads\cuidar+II+-+administração+de+medicamentos.ppt 2014-09-28 09:41 - 2014-09-28 09:42 - 00000000 ____D () C:\Users\reparo\Desktop\COISAS PARA PNEUMONIA 2014-09-28 09:30 - 2014-09-28 11:33 - 00012860 _____ () C:\Users\reparo\Desktop\Pneumonia.odt 2014-09-24 22:47 - 2014-09-24 22:47 - 00543744 _____ () C:\Users\reparo\Desktop\GRUPO DE SAÚDE DALTRO FILHO.pot 2014-09-24 22:46 - 2014-09-24 22:46 - 00440966 _____ () C:\Users\reparo\Desktop\GRUPO DE SAÚDE DALTRO FILHO.pptx 2014-09-24 22:15 - 2014-09-24 22:16 - 00000000 ____D () C:\Users\reparo\Desktop\Nova pasta 2014-09-24 21:52 - 2014-09-24 22:43 - 00440967 _____ () C:\Users\reparo\Documents\GRUPO DE SAÚDE DALTRO FILHO.pptx 2014-09-20 15:55 - 2014-09-20 15:55 - 00076819 _____ () C:\Users\reparo\Desktop\Sem Título.wma 2014-09-16 21:06 - 2014-09-16 21:06 - 00000009 _____ () C:\Users\reparo\Desktop\smiles.txt 2014-09-14 14:51 - 2014-09-14 14:51 - 00175599 _____ () C:\Users\reparo\Documents\Test 1.wma 2014-09-14 14:50 - 2014-09-14 14:50 - 00085799 _____ () C:\Users\reparo\Documents\test.wma 2014-09-14 11:37 - 2014-09-08 14:55 - 00014092 _____ () C:\Users\reparo\Desktop\Iliada e odisseia.odt 2014-09-13 11:54 - 2014-09-13 18:47 - 00000000 ____D () C:\Users\reparo\Desktop\Fotos maquina ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-12 09:17 - 2014-08-27 21:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-10-12 09:15 - 2012-09-22 18:16 - 01227772 _____ () C:\Windows\WindowsUpdate.log 2014-10-12 09:13 - 2014-08-30 20:51 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-12 09:13 - 2012-10-04 18:29 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-12 09:11 - 2014-07-29 19:03 - 00017261 _____ () C:\Windows\setupact.log 2014-10-12 09:11 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-11 23:56 - 2014-08-30 20:51 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-11 21:22 - 2009-07-14 01:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-11 21:22 - 2009-07-14 01:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 11:00 - 2009-07-14 14:55 - 00007196 _____ () C:\Windows\system32\prfh0416.dat 2014-10-07 11:00 - 2009-07-14 14:55 - 00004944 _____ () C:\Windows\system32\prfc0416.dat 2014-10-07 11:00 - 2009-07-14 02:13 - 00734540 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-05 07:07 - 2014-07-29 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-02 22:59 - 2013-09-02 20:44 - 00000000 ____D () C:\ProgramData\GAS Tecnologia 2014-09-29 08:04 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-24 22:46 - 2014-09-11 18:17 - 00000000 ____D () C:\Users\reparo\Desktop\docmentos nara 2014-09-24 08:13 - 2012-10-04 18:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-24 08:13 - 2012-10-04 18:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-24 08:13 - 2012-10-04 18:29 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-22 07:32 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-18 19:25 - 2012-10-07 21:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk Files to move or delete: ==================== C:\Users\Nara\instaladordonsandbox.exe Some content of TEMP: ==================== C:\Users\reparo\AppData\Local\Temp\bdgA9FD.exe C:\Users\reparo\AppData\Local\Temp\DeltaTB.exe C:\Users\reparo\AppData\Local\Temp\Quarantine.exe C:\Users\reparo\AppData\Local\Temp\setup.exe C:\Users\reparo\AppData\Local\Temp\SHSetup.exe C:\Users\reparo\AppData\Local\Temp\spark_install.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 09:27 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014 Ran by reparo at 2014-10-12 09:22:04 Running from C:\Users\reparo\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4t Tray Minimizer Free 5.52 (HKLM-x32\...\4t Tray Minimizer_is1) (Version: 5.52 - 4t Niagara Software) Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) Age of Empires III Trial (HKLM-x32\...\InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}) (Version: 1.00.0000 - Microsoft Game Studios) Age of Empires III Trial (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft) Dynasty of Nordics versão 7.55 (HKLM-x32\...\{5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1) (Version: 7.55 - Galaxy Games) Dynasty of Nordics versão 7.55 (HKLM-x32\...\{C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1) (Version: 7.55 - Galaxy Games) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.0 - Receita Federal do Brasil) IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil) Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle) Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 1.0 - LG Electronics) LG_MobileSync (HKLM-x32\...\{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}) (Version: 1.00.0000 - LGE GSM PC Sync) Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.2000 - Maxthon International Limited) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 pt-BR)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios) My Game Long Name (HKLM\...\UDK-b24c41af-37f3-4c9c-a9d5-f2c2e33ba206) (Version: - Epic Games, Inc.) My Game Long Name (HKLM\...\UDK-ba9b1043-d09b-4017-a2a9-1df5a2bb7fee) (Version: - Epic Games, Inc.) MYD 7.59 (HKLM-x32\...\MYD 7.59) (Version: 7.59 - MYD) New Destiny versão 7.57 (HKLM-x32\...\{3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1) (Version: 7.57 - Star Group) Pacote de Driver do Windows - Atheros (L1C) Net (09/27/2010 1.0.0.36) (HKLM\...\2E85B24B7EDF495B57D81136F09567FA79E17482) (Version: 09/27/2010 1.0.0.36 - Atheros) Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1403.67 - Trusteer) RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com) Rapport (x32 Version: 3.5.1403.67 - Trusteer) Hidden Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Star Destiny versão 3.7 (HKLM-x32\...\{3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1) (Version: 3.7 - Star Group) The Forest version 0.04 (HKLM-x32\...\The Forest_is1) (Version: 0.04 - GMT-MAX.ORG) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Unlocker Packages (HKCU\...\Unlocker Packages) (Version: - ) <==== ATTENTION Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{956FF6E4-8BBB-4B9A-9279-8A34D8C1FF9D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{27F43FC3-052A-41B5-9F39-68514C0AABC2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) VIA Gerenciador de dispositivo de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) WYD (remove only) (HKLM-x32\...\WYD) (Version: - ) ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1462533520-1097849640-156291995-1006_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll No File CustomCLSID: HKU\S-1-5-21-1462533520-1097849640-156291995-1006_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll No File ==================== Restore Points ========================= 08-10-2014 12:49:34 Ponto de Verificação Agendado 08-10-2014 15:09:45 Windows Update 08-10-2014 20:06:39 Windows Update 09-10-2014 03:33:38 Windows Update 09-10-2014 15:33:26 Windows Update 10-10-2014 02:16:11 Windows Update 10-10-2014 15:45:22 Windows Update 11-10-2014 03:27:52 Windows Update 12-10-2014 03:51:11 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 23:34 - 2014-08-07 12:42 - 00000841 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A} - System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe Task: {47600E67-CECA-4DE2-941A-F3D2B911CACE} - System32\Tasks\{ADB16F87-F25E-472A-8E08-8B8031A04E0F} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/pt/abandoninstall?source=lightinstaller&page=tsProgressBar Task: {5EB7984D-DD2C-4F30-A1D5-5B9FFF29E016} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {5FDE14A4-D5CA-426C-A508-6FB2114B5707} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" Task: {616175D8-B9C1-46B6-B686-B6089379F924} - System32\Tasks\{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74} => C:\Program Files (x86)\Don\DoN Launcher.exe [2014-06-16] () Task: {79291467-33B6-430E-9548-5239BE18A5FB} - System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe Task: {8F8916EA-72AD-4F81-B084-6EF3C21BD0A8} - System32\Tasks\{85348F2F-2F86-496D-9269-15EC1B37614D} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/pt/go/help.faq.installer?LastError=1603 Task: {917C4C2A-3770-461C-A837-FFFA5EB2EE5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {97EA6FA1-6691-4E2F-B828-859C368034C6} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.) Task: {AA60B73D-C622-4A21-9E75-A8EF26A7C7C2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-27] (AVAST Software) Task: {B46B1454-5213-4380-BC53-6020C236C840} - System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe Task: {B78A47A7-5313-4D0C-A1D2-C6C03389A574} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-07-15 01:44 - 2010-07-15 01:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2011-07-28 20:34 - 2010-11-12 01:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-07-28 20:37 - 2010-12-22 16:28 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2011-07-28 20:37 - 2010-12-22 16:28 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2011-07-28 20:37 - 2010-12-22 16:28 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll 2014-08-27 21:39 - 2014-08-27 21:39 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-10-12 09:12 - 2014-10-12 09:12 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101200\algo.dll 2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2014-08-27 21:39 - 2014-08-27 21:39 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-01-16 12:11 - 2013-01-16 12:11 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97cbe41318bb8d5b8a6f83d346e5f3c8\IsdiInterop.ni.dll 2011-07-28 20:35 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows\System32:CCE46E64_Cef.gbp ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Users^Nara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_44332762.lnk => C:\Windows\pss\_uninst_44332762.lnk.Startup MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe ========================= Accounts: ========================== Administrador (S-1-5-21-1462533520-1097849640-156291995-500 - Administrator - Disabled) Convidado (S-1-5-21-1462533520-1097849640-156291995-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1462533520-1097849640-156291995-1008 - Limited - Enabled) reparo (S-1-5-21-1462533520-1097849640-156291995-1006 - Administrator - Enabled) => C:\Users\reparo ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. . Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida. . Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202} Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. . Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida. . Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202} Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. . Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. . Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida. . Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435} Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida. . Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435} Error: (10/10/2014 00:45:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. . Error: (10/10/2014 00:45:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. . System errors: ============= Error: (10/12/2014 00:51:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932). Error: (10/12/2014 00:51:25 AM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT) Description: Falha na instalação do Service Pack com o código de erro 0x80070026. Error: (10/11/2014 00:28:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932). Error: (10/11/2014 00:28:06 AM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT) Description: Falha na instalação do Service Pack com o código de erro 0x80070026. Error: (10/10/2014 00:45:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932). Error: (10/10/2014 00:45:35 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT) Description: Falha na instalação do Service Pack com o código de erro 0x80070026. Error: (10/09/2014 11:16:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932). Error: (10/09/2014 11:16:24 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT) Description: Falha na instalação do Service Pack com o código de erro 0x80070026. Error: (10/09/2014 00:33:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932). Error: (10/09/2014 00:33:39 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT) Description: Falha na instalação do Service Pack com o código de erro 0x80070026. Microsoft Office Sessions: ========================= Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida. Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202} Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida. Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202} Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida. Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435} Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: ) Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida. Operação: Evento OnIdentify Obtendo Dados do Gravador Contexto: Contexto de Execução: Shadow Copy Optimization Writer Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Nome do Gravador: Shadow Copy Optimization Writer ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435} Error: (10/10/2014 00:45:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. Error: (10/10/2014 00:45:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddCoreCsiFiles : BeginFileEnumeration() failed. System Error: Acesso negado. CodeIntegrity Errors: =================================== Date: 2014-08-27 06:39:08.470 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 06:38:18.472 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 06:37:05.635 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 06:37:05.635 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 06:37:05.635 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-27 06:16:02.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 08:09:11.967 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 08:08:30.097 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 08:06:37.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-26 08:06:37.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5-2300 CPU @ 2.80GHz Percentage of memory in use: 18% Total physical RAM: 8098.91 MB Available physical RAM: 6585.13 MB Total Pagefile: 16195.96 MB Available Pagefile: 14629.09 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Win7) (Fixed) (Total:465.76 GB) (Free:391.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 86B57702) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 12, 2014 Bom Dia! Ionara > Caso,ainda,possua!> Desinstale: Kaspersky PURE ou AVG2014 > > Desinstale o Malwarebytes e,à seguir,utilize sua ferramenta de limpeza.>> Baixe: < MBAM_CleanTool >> Salve-o em local adequado e execute-o como administrador.> Aceite o reboot,ao ser solicitado!>> Copie estas informações que estão em vermelho,para o Bloco de Notas.> Salve-a com o nome fixlist.txt.> Salve-a no desktop! ( Área de trabalho ... ) >> C:\Users\reparo\Desktop << startHKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)ShortcutTarget: _uninst_67467664.lnk -> C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat (No File)BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No FileFF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION2014-10-05 07:07 - 2014-07-29 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sysR0 67467664; C:\Windows\System32\DRIVERS\67467664.sys [460888 2012-12-29] (Kaspersky Lab ZAO)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation)S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]C:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\AVG\AVG2014C:\Program Files (x86)\AVGC:\Users\Nara\instaladordonsandbox.exeC:\Users\reparo\AppData\Local\Temp\bdgA9FD.exeC:\Users\reparo\AppData\Local\Temp\DeltaTB.exeC:\Users\reparo\AppData\Local\Temp\Quarantine.exeC:\Users\reparo\AppData\Local\Temp\setup.exeC:\Users\reparo\AppData\Local\Temp\SHSetup.exeC:\Users\reparo\AppData\Local\Temp\spark_install.exeTask: {04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A} - System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => C:\Program Files (x86)\AVG\AVG2014\avgui.exeTask: {79291467-33B6-430E-9548-5239BE18A5FB} - System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => C:\Program Files (x86)\AVG\AVG2014\avgui.exeTask: {B46B1454-5213-4380-BC53-6020C236C840} - System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => C:\Program Files (x86)\AVG\AVG2014\avgui.exeHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"end > Execute FRST/FRST64 >> Clique "Fix". << Aguarde!> Poste o relatório! (Fixlog.txt) A+ Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Outubro 14, 2014 Bomdia O Karspesky e o AVG já foram desinstalados segue log solicitado... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02 Ran by reparo at 2014-10-14 07:05:11 Run:1 Running from C:\Users\reparo\Desktop Loaded Profile: reparo (Available profiles: reparo) Boot Mode: Normal ============================================== Content of fixlist: ***************** start HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) ShortcutTarget: _uninst_67467664.lnk -> C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat (No File) BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-10-05 07:07 - 2014-07-29 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys R0 67467664; C:\Windows\System32\DRIVERS\67467664.sys [460888 2012-12-29] (Kaspersky Lab ZAO) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\AVG\AVG2014 C:\Program Files (x86)\AVG C:\Users\Nara\instaladordonsandbox.exe C:\Users\reparo\AppData\Local\Temp\bdgA9FD.exe C:\Users\reparo\AppData\Local\Temp\DeltaTB.exe C:\Users\reparo\AppData\Local\Temp\Quarantine.exe C:\Users\reparo\AppData\Local\Temp\setup.exe C:\Users\reparo\AppData\Local\Temp\SHSetup.exe C:\Users\reparo\AppData\Local\Temp\spark_install.exe Task: {04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A} - System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe Task: {79291467-33B6-430E-9548-5239BE18A5FB} - System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe Task: {B46B1454-5213-4380-BC53-6020C236C840} - System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver" end ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully. C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully. "HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully. "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key Deleted successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "C:\Windows\system32\Drivers\MBAMSwissArmy.sys" => File/Directory not found. 67467664 => Unable to stop service 67467664 => Service deleted successfully. MBAMSwissArmy => Service not found. BprotectEx => Service deleted successfully. PCFApiUtil => Service deleted successfully. X6va010 => Service deleted successfully. X6va011 => Service deleted successfully. X6va012 => Service deleted successfully. X6va015 => Service deleted successfully. X6va016 => Service deleted successfully. X6va021 => Service deleted successfully. "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" => File/Directory not found. "C:\Program Files (x86)\AVG\AVG2014" => File/Directory not found. "C:\Program Files (x86)\AVG" => File/Directory not found. C:\Users\Nara\instaladordonsandbox.exe => Moved successfully. "C:\Users\reparo\AppData\Local\Temp\bdgA9FD.exe" => File/Directory not found. "C:\Users\reparo\AppData\Local\Temp\DeltaTB.exe" => File/Directory not found. "C:\Users\reparo\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. "C:\Users\reparo\AppData\Local\Temp\setup.exe" => File/Directory not found. "C:\Users\reparo\AppData\Local\Temp\SHSetup.exe" => File/Directory not found. "C:\Users\reparo\AppData\Local\Temp\spark_install.exe" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A}" => Key deleted successfully. C:\Windows\System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79291467-33B6-430E-9548-5239BE18A5FB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79291467-33B6-430E-9548-5239BE18A5FB}" => Key deleted successfully. C:\Windows\System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54CFC7A2-0D64-440E-A3BA-28E526D758C1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B46B1454-5213-4380-BC53-6020C236C840}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46B1454-5213-4380-BC53-6020C236C840}" => Key deleted successfully. C:\Windows\System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EDBB60B9-FA76-450E-A395-0B94C370F307}" => Key deleted successfully. "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy" => Key not found. "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy" => Key not found. The system needed a reboot. ==== End of Fixlog ==== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 14, 2014 Bom Dia! Ionara Vamos remover as ferramentas utilizadas na desinfecção! Baixe: :arrow: < > ( ... de Xplode ) Estando na página,clique em Download Now. Salve-a em um local conveniente! ( desktop! ) Feche aplicativos que estejam abertos. Remover ferramentas de desinfecção Criar backup do registro Limpar pontos da restauração do sistema Com estas caixinhas marcadas,clique Executar! Reinicie o computador! Baixe: < Adware Removal Tool > ( ... by techsupportall.com ) Salve-a no desktop! Execute o arquivo Adware-Removal-Tool-v3.9.1.exe << Dê início a verificação,clicando em Scan. Ao concluir seu prescan,clique OK. Ps: Cada guia irá mostrar o que será removido! Clique "Next" >> Aguarde! < Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_10_dia_h_min_seg.txt << Poste o relatório! A+ Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Outubro 14, 2014 Boa tarde, Delfix executado e segue log solicitado.... * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Adware Removal Tool v3.9 Time: 2014_10_14_12_39_04 OS: Windows 7 - 64 Bit Account Name: reparo U0L0S4 \\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\ Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bef52f5c-3d39-4f4f-af87-a8051c72f18a}:appname Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74FF248F-E79A-4590-90DE-D8659A791F97}:appname Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bef52f5c-3d39-4f4f-af87-a8051c72f18a}:appname Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB9DDC2D-3F1B-4739-BE5D-47C8822B9ACC}:appname \\ Finished Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 14, 2014 Boa Tarde! Ionara > Seus logs estão limpos! > Caso queira,baixe daqui o MBAM e realize escaneamento,na opção personalizada. > E...caso queira,poste o relatório! > > Baixe: < Malwarebytes Anti-Malware > > Acesse este Tutorial! < Tutorial do Malwarebytes Anti-Malware > > Obtenha informações de instalação,atualização e configuração do MBAM.> Escolha o "Tipo da Verificação": Verificação Personalizada> Ao concluir,envie suas detecções para a Quarentena. > > Leia no Tutorial: "Como acessar o Log (relatório) do Malwarebytes:" A+ Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Outubro 17, 2014 Ok, obrigada. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 17, 2014 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
