Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Ionara

[Resolvido] Reiniciando quando verifico vírus

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Ionara    2

Ionara
Postado

PC em modo de segurança

reinicia quando tento rodar

o malware bytes,

 

segue log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:31:50, on 05/10/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9912 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ionara

 

> Baixe: < Farbar Recovery Scan Tool >

 

> Baixe: < FRST_Logo.jpg > ( ... by Farbar )

> Ou aqui...

 

< Farbar Recovery Scan Tool 64-Bit >

 

> Ou aqui,para sistemas 64bit!

>

> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

 

FRST_Addition_Scan_zpsa9fe21c8.jpg

 

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ionara    2

Ionara
Postado

Bom dia,

 

desculpe o atraso,

 

geraram dois logs que seguem abaixo,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by reparo (administrator) on CASA-PC on 12-10-2014 09:21:21
Running from C:\Users\reparo\Desktop
Loaded Profile: reparo (Available profiles: reparo)
Platform: Windows 7 Home Premium (X64) OS Language: Português (Brasil)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2870896 2010-12-22] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef-x32: C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
Startup: C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4t Tray Minimizer.lnk
ShortcutTarget: 4t Tray Minimizer.lnk -> C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe (4t Niagara Software)
Startup: C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67467664.lnk
ShortcutTarget: _uninst_67467664.lnk -> C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Facilitador de Leitor de Link Adobe PDF -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1579848 2014-02-26] (Caixa Economica Federal)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.254
FireFox:
========
FF ProfilePath: C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF Keyword.URL: hxxp://br.yhs4.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\reparo\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-27]
FF HKCU\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-08-30]
CHR Extension: (Google Docs) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-30]
CHR Extension: (Google Drive) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-30]
CHR Extension: (YouTube) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-30]
CHR Extension: (Pesquisa do Google) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-30]
CHR Extension: (Planilhas do Google) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-08-30]
CHR Extension: (avast! Online Security) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-30]
CHR Extension: (Google Wallet) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-30]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-09-10]
CHR Extension: (Gmail) - C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-30]
CHR HKCU\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520 2014-02-26] (GAS Tecnologia)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-07-31] (IBM Corp.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2010-12-14] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 67467664; C:\Windows\System32\DRIVERS\67467664.sys [460888 2012-12-29] (Kaspersky Lab ZAO)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-27] ()
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [47720 2012-10-04] (GAS Tecnologia)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation)
R1 RapportCerberus_80049; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys [768184 2014-09-01] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [444184 2014-07-31] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [536984 2014-07-31] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [562136 2014-07-31] (IBM Corp.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 09:21 - 2014-10-12 09:21 - 00016350 _____ () C:\Users\reparo\Desktop\FRST.txt
2014-10-12 09:21 - 2014-10-12 09:21 - 00000000 ____D () C:\FRST
2014-10-12 09:20 - 2014-10-12 09:20 - 02109952 _____ (Farbar) C:\Users\reparo\Desktop\FRST64.exe
2014-10-12 09:18 - 2014-10-12 09:18 - 02109952 _____ (Farbar) C:\Users\reparo\Downloads\FRST64 (1).exe
2014-10-12 09:17 - 2014-10-12 09:18 - 02109952 _____ (Farbar) C:\Users\reparo\Downloads\FRST64.exe
2014-10-10 19:25 - 2014-10-10 19:30 - 00000000 ____D () C:\Users\reparo\Desktop\provas
2014-10-05 07:18 - 2014-10-05 07:47 - 159406720 _____ () C:\Users\reparo\Downloads\setup_11.0.3.7.x01_2014_10_05_12_26.exe
2014-09-30 20:25 - 2014-09-30 20:41 - 00653177 _____ () C:\Users\reparo\Desktop\GRUPO DE SAÚDE CENTRO.pptx
2014-09-30 19:57 - 2014-09-30 19:58 - 05104640 _____ () C:\Users\reparo\Downloads\07-16-24-aulapratica.ppt
2014-09-30 19:55 - 2014-09-30 19:55 - 01520640 _____ () C:\Users\reparo\Downloads\aula1-farmacologia.ppt
2014-09-30 19:52 - 2014-09-30 19:53 - 03685376 _____ () C:\Users\reparo\Downloads\Administração de Medicamentos.ppt
2014-09-30 19:48 - 2014-09-30 19:48 - 04930048 _____ () C:\Users\reparo\Downloads\cuidar+II+-+administração+de+medicamentos.ppt
2014-09-28 09:41 - 2014-09-28 09:42 - 00000000 ____D () C:\Users\reparo\Desktop\COISAS PARA PNEUMONIA
2014-09-28 09:30 - 2014-09-28 11:33 - 00012860 _____ () C:\Users\reparo\Desktop\Pneumonia.odt
2014-09-24 22:47 - 2014-09-24 22:47 - 00543744 _____ () C:\Users\reparo\Desktop\GRUPO DE SAÚDE DALTRO FILHO.pot
2014-09-24 22:46 - 2014-09-24 22:46 - 00440966 _____ () C:\Users\reparo\Desktop\GRUPO DE SAÚDE DALTRO FILHO.pptx
2014-09-24 22:15 - 2014-09-24 22:16 - 00000000 ____D () C:\Users\reparo\Desktop\Nova pasta
2014-09-24 21:52 - 2014-09-24 22:43 - 00440967 _____ () C:\Users\reparo\Documents\GRUPO DE SAÚDE DALTRO FILHO.pptx
2014-09-20 15:55 - 2014-09-20 15:55 - 00076819 _____ () C:\Users\reparo\Desktop\Sem Título.wma
2014-09-16 21:06 - 2014-09-16 21:06 - 00000009 _____ () C:\Users\reparo\Desktop\smiles.txt
2014-09-14 14:51 - 2014-09-14 14:51 - 00175599 _____ () C:\Users\reparo\Documents\Test 1.wma
2014-09-14 14:50 - 2014-09-14 14:50 - 00085799 _____ () C:\Users\reparo\Documents\test.wma
2014-09-14 11:37 - 2014-09-08 14:55 - 00014092 _____ () C:\Users\reparo\Desktop\Iliada e odisseia.odt
2014-09-13 11:54 - 2014-09-13 18:47 - 00000000 ____D () C:\Users\reparo\Desktop\Fotos maquina
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-12 09:17 - 2014-08-27 21:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-12 09:15 - 2012-09-22 18:16 - 01227772 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 09:13 - 2014-08-30 20:51 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 09:13 - 2012-10-04 18:29 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 09:11 - 2014-07-29 19:03 - 00017261 _____ () C:\Windows\setupact.log
2014-10-12 09:11 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 23:56 - 2014-08-30 20:51 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 21:22 - 2009-07-14 01:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 21:22 - 2009-07-14 01:45 - 00019520 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 11:00 - 2009-07-14 14:55 - 00007196 _____ () C:\Windows\system32\prfh0416.dat
2014-10-07 11:00 - 2009-07-14 14:55 - 00004944 _____ () C:\Windows\system32\prfc0416.dat
2014-10-07 11:00 - 2009-07-14 02:13 - 00734540 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 07:07 - 2014-07-29 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-02 22:59 - 2013-09-02 20:44 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-09-29 08:04 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-24 22:46 - 2014-09-11 18:17 - 00000000 ____D () C:\Users\reparo\Desktop\docmentos nara
2014-09-24 08:13 - 2012-10-04 18:29 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 08:13 - 2012-10-04 18:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 08:13 - 2012-10-04 18:29 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 07:32 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 19:25 - 2012-10-07 21:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
Files to move or delete:
====================
C:\Users\Nara\instaladordonsandbox.exe
Some content of TEMP:
====================
C:\Users\reparo\AppData\Local\Temp\bdgA9FD.exe
C:\Users\reparo\AppData\Local\Temp\DeltaTB.exe
C:\Users\reparo\AppData\Local\Temp\Quarantine.exe
C:\Users\reparo\AppData\Local\Temp\setup.exe
C:\Users\reparo\AppData\Local\Temp\SHSetup.exe
C:\Users\reparo\AppData\Local\Temp\spark_install.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-06 09:27
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by reparo at 2014-10-12 09:22:04
Running from C:\Users\reparo\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4t Tray Minimizer Free 5.52 (HKLM-x32\...\4t Tray Minimizer_is1) (Version: 5.52 - 4t Niagara Software)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Age of Empires III Trial (HKLM-x32\...\InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III Trial (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
Dynasty of Nordics versão 7.55 (HKLM-x32\...\{5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1) (Version: 7.55 - Galaxy Games)
Dynasty of Nordics versão 7.55 (HKLM-x32\...\{C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1) (Version: 7.55 - Galaxy Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2246 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2013) (Version: 1.0 - Receita Federal do Brasil)
IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 1.0 - LG Electronics)
LG_MobileSync (HKLM-x32\...\{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}) (Version: 1.00.0000 - LGE GSM PC Sync)
Malwarebytes Anti-Malware versão 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.1.3.2000 - Maxthon International Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 pt-BR)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
My Game Long Name (HKLM\...\UDK-b24c41af-37f3-4c9c-a9d5-f2c2e33ba206) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-ba9b1043-d09b-4017-a2a9-1df5a2bb7fee) (Version: - Epic Games, Inc.)
MYD 7.59 (HKLM-x32\...\MYD 7.59) (Version: 7.59 - MYD)
New Destiny versão 7.57 (HKLM-x32\...\{3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1) (Version: 7.57 - Star Group)
Pacote de Driver do Windows - Atheros (L1C) Net (09/27/2010 1.0.0.36) (HKLM\...\2E85B24B7EDF495B57D81136F09567FA79E17482) (Version: 09/27/2010 1.0.0.36 - Atheros)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1403.67 - Trusteer)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.8-1.0.8500.20 - raidcall.com)
Rapport (x32 Version: 3.5.1403.67 - Trusteer) Hidden
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.04 - Serpro - Serviço Federal de Processamento de Dados)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Star Destiny versão 3.7 (HKLM-x32\...\{3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1) (Version: 3.7 - Star Group)
The Forest version 0.04 (HKLM-x32\...\The Forest_is1) (Version: 0.04 - GMT-MAX.ORG)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unlocker Packages (HKCU\...\Unlocker Packages) (Version: - ) <==== ATTENTION
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{956FF6E4-8BBB-4B9A-9279-8A34D8C1FF9D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{27F43FC3-052A-41B5-9F39-68514C0AABC2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VIA Gerenciador de dispositivo de plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WYD (remove only) (HKLM-x32\...\WYD) (Version: - )
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1462533520-1097849640-156291995-1006_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll No File
CustomCLSID: HKU\S-1-5-21-1462533520-1097849640-156291995-1006_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\reparo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll No File
==================== Restore Points =========================
08-10-2014 12:49:34 Ponto de Verificação Agendado
08-10-2014 15:09:45 Windows Update
08-10-2014 20:06:39 Windows Update
09-10-2014 03:33:38 Windows Update
09-10-2014 15:33:26 Windows Update
10-10-2014 02:16:11 Windows Update
10-10-2014 15:45:22 Windows Update
11-10-2014 03:27:52 Windows Update
12-10-2014 03:51:11 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 23:34 - 2014-08-07 12:42 - 00000841 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A} - System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {47600E67-CECA-4DE2-941A-F3D2B911CACE} - System32\Tasks\{ADB16F87-F25E-472A-8E08-8B8031A04E0F} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/pt/abandoninstall?source=lightinstaller&page=tsProgressBar
Task: {5EB7984D-DD2C-4F30-A1D5-5B9FFF29E016} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {5FDE14A4-D5CA-426C-A508-6FB2114B5707} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {616175D8-B9C1-46B6-B686-B6089379F924} - System32\Tasks\{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74} => C:\Program Files (x86)\Don\DoN Launcher.exe [2014-06-16] ()
Task: {79291467-33B6-430E-9548-5239BE18A5FB} - System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {8F8916EA-72AD-4F81-B084-6EF3C21BD0A8} - System32\Tasks\{85348F2F-2F86-496D-9269-15EC1B37614D} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/pt/go/help.faq.installer?LastError=1603
Task: {917C4C2A-3770-461C-A837-FFFA5EB2EE5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.)
Task: {97EA6FA1-6691-4E2F-B828-859C368034C6} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-06-03] (Maxthon International ltd.)
Task: {AA60B73D-C622-4A21-9E75-A8EF26A7C7C2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-27] (AVAST Software)
Task: {B46B1454-5213-4380-BC53-6020C236C840} - System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {B78A47A7-5313-4D0C-A1D2-C6C03389A574} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-07-15 01:44 - 2010-07-15 01:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-07-28 20:34 - 2010-11-12 01:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-28 20:37 - 2010-12-22 16:28 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2011-07-28 20:37 - 2010-12-22 16:28 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2011-07-28 20:37 - 2010-12-22 16:28 - 00621168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-08-27 21:39 - 2014-08-27 21:39 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-12 09:12 - 2014-10-12 09:12 - 02873856 _____ () C:\Program Files\AVAST Software\Avast\defs\14101200\algo.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-08-27 21:39 - 2014-08-27 21:39 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-01-16 12:11 - 2013-01-16 12:11 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97cbe41318bb8d5b8a6f83d346e5f3c8\IsdiInterop.ni.dll
2011-07-28 20:35 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\System32:CCE46E64_Cef.gbp
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Nara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_44332762.lnk => C:\Windows\pss\_uninst_44332762.lnk.Startup
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
========================= Accounts: ==========================
Administrador (S-1-5-21-1462533520-1097849640-156291995-500 - Administrator - Disabled)
Convidado (S-1-5-21-1462533520-1097849640-156291995-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1462533520-1097849640-156291995-1008 - Limited - Enabled)
reparo (S-1-5-21-1462533520-1097849640-156291995-1006 - Administrator - Enabled) => C:\Users\reparo
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
.
Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida.
.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202}
Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
.
Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida.
.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202}
Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
.
Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
.
Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida.
.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435}
Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak). hr = 0x80070539, A estrutura da identificação de segurança é inválida.
.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435}
Error: (10/10/2014 00:45:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
.
Error: (10/10/2014 00:45:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
.
System errors:
=============
Error: (10/12/2014 00:51:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932).
Error: (10/12/2014 00:51:25 AM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT)
Description: Falha na instalação do Service Pack com o código de erro 0x80070026.
Error: (10/11/2014 00:28:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932).
Error: (10/11/2014 00:28:06 AM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT)
Description: Falha na instalação do Service Pack com o código de erro 0x80070026.
Error: (10/10/2014 00:45:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932).
Error: (10/10/2014 00:45:35 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT)
Description: Falha na instalação do Service Pack com o código de erro 0x80070026.
Error: (10/09/2014 11:16:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932).
Error: (10/09/2014 11:16:24 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT)
Description: Falha na instalação do Service Pack com o código de erro 0x80070026.
Error: (10/09/2014 00:33:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Windows 7 Service Pack 1 para sistemas com base em x64 (KB976932).
Error: (10/09/2014 00:33:39 PM) (Source: Microsoft-Windows-Service Pack Installer) (EventID: 8) (User: AUTORIDADE NT)
Description: Falha na instalação do Service Pack com o código de erro 0x80070026.
Microsoft Office Sessions:
=========================
Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202}
Error: (10/12/2014 00:51:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
Error: (10/12/2014 00:51:11 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {8eb41abf-7e2b-4079-9d4d-d882aa135202}
Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
Error: (10/11/2014 00:27:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435}
Error: (10/11/2014 00:27:52 AM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1462533520-1097849640-156291995-1003.bak)0x80070539, A estrutura da identificação de segurança é inválida.
Operação:
Evento OnIdentify
Obtendo Dados do Gravador
Contexto:
Contexto de Execução: Shadow Copy Optimization Writer
Id de Classe de Gravador: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Nome do Gravador: Shadow Copy Optimization Writer
ID de Instância de Gravador: {29779423-d3d1-4490-9ead-5a0e60d8e435}
Error: (10/10/2014 00:45:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
Error: (10/10/2014 00:45:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Acesso negado.
CodeIntegrity Errors:
===================================
Date: 2014-08-27 06:39:08.470
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-27 06:38:18.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-27 06:37:05.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-27 06:37:05.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-27 06:37:05.635
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-27 06:16:02.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-26 08:09:11.967
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-26 08:08:30.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-26 08:06:37.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-08-26 08:06:37.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 18%
Total physical RAM: 8098.91 MB
Available physical RAM: 6585.13 MB
Total Pagefile: 16195.96 MB
Available Pagefile: 14629.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Win7) (Fixed) (Total:465.76 GB) (Free:391.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 86B57702)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Ionara

 

> Caso,ainda,possua!
> Desinstale: Kaspersky PURE ou AVG2014

>

> Desinstale o Malwarebytes e,à seguir,utilize sua ferramenta de limpeza.
>
> Baixe: < MBAM_CleanTool >
> Salve-o em local adequado e execute-o como administrador.
> Aceite o reboot,ao ser solicitado!
>
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist.txt.
> Salve-a no desktop! ( Área de trabalho ... ) >> C:\Users\reparo\Desktop <<

 

start
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
ShortcutTarget: _uninst_67467664.lnk -> C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat (No File)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-10-05 07:07 - 2014-07-29 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
R0 67467664; C:\Windows\System32\DRIVERS\67467664.sys [460888 2012-12-29] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG\AVG2014
C:\Program Files (x86)\AVG
C:\Users\Nara\instaladordonsandbox.exe
C:\Users\reparo\AppData\Local\Temp\bdgA9FD.exe
C:\Users\reparo\AppData\Local\Temp\DeltaTB.exe
C:\Users\reparo\AppData\Local\Temp\Quarantine.exe
C:\Users\reparo\AppData\Local\Temp\setup.exe
C:\Users\reparo\AppData\Local\Temp\SHSetup.exe
C:\Users\reparo\AppData\Local\Temp\spark_install.exe
Task: {04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A} - System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {79291467-33B6-430E-9548-5239BE18A5FB} - System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {B46B1454-5213-4380-BC53-6020C236C840} - System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
end

 

> Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
> Poste o relatório! (Fixlog.txt)

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ionara    2

Ionara
Postado

Bomdia

 

O Karspesky e o AVG já foram

desinstalados segue log solicitado...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014 02
Ran by reparo at 2014-10-14 07:05:11 Run:1
Running from C:\Users\reparo\Desktop
Loaded Profile: reparo (Available profiles: reparo)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
ShortcutTarget: _uninst_67467664.lnk -> C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat (No File)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-10-05 07:07 - 2014-07-29 19:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
R0 67467664; C:\Windows\System32\DRIVERS\67467664.sys [460888 2012-12-29] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG\AVG2014
C:\Program Files (x86)\AVG
C:\Users\Nara\instaladordonsandbox.exe
C:\Users\reparo\AppData\Local\Temp\bdgA9FD.exe
C:\Users\reparo\AppData\Local\Temp\DeltaTB.exe
C:\Users\reparo\AppData\Local\Temp\Quarantine.exe
C:\Users\reparo\AppData\Local\Temp\setup.exe
C:\Users\reparo\AppData\Local\Temp\SHSetup.exe
C:\Users\reparo\AppData\Local\Temp\spark_install.exe
Task: {04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A} - System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {79291467-33B6-430E-9548-5239BE18A5FB} - System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
Task: {B46B1454-5213-4380-BC53-6020C236C840} - System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => C:\Program Files (x86)\AVG\AVG2014\avgui.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
end
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
C:\Users\reparo\AppData\Local\Temp\_uninst_67467664.bat not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key Deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"C:\Windows\system32\Drivers\MBAMSwissArmy.sys" => File/Directory not found.
67467664 => Unable to stop service
67467664 => Service deleted successfully.
MBAMSwissArmy => Service not found.
BprotectEx => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
X6va010 => Service deleted successfully.
X6va011 => Service deleted successfully.
X6va012 => Service deleted successfully.
X6va015 => Service deleted successfully.
X6va016 => Service deleted successfully.
X6va021 => Service deleted successfully.
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" => File/Directory not found.
"C:\Program Files (x86)\AVG\AVG2014" => File/Directory not found.
"C:\Program Files (x86)\AVG" => File/Directory not found.
C:\Users\Nara\instaladordonsandbox.exe => Moved successfully.
"C:\Users\reparo\AppData\Local\Temp\bdgA9FD.exe" => File/Directory not found.
"C:\Users\reparo\AppData\Local\Temp\DeltaTB.exe" => File/Directory not found.
"C:\Users\reparo\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\reparo\AppData\Local\Temp\setup.exe" => File/Directory not found.
"C:\Users\reparo\AppData\Local\Temp\SHSetup.exe" => File/Directory not found.
"C:\Users\reparo\AppData\Local\Temp\spark_install.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04FD7BBC-DC93-42BA-94B4-9FD683FA6E1A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD5EA2F8-30DB-4635-842D-5A1CC5C3E650}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79291467-33B6-430E-9548-5239BE18A5FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79291467-33B6-430E-9548-5239BE18A5FB}" => Key deleted successfully.
C:\Windows\System32\Tasks\{54CFC7A2-0D64-440E-A3BA-28E526D758C1} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54CFC7A2-0D64-440E-A3BA-28E526D758C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B46B1454-5213-4380-BC53-6020C236C840}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46B1454-5213-4380-BC53-6020C236C840}" => Key deleted successfully.
C:\Windows\System32\Tasks\{EDBB60B9-FA76-450E-A395-0B94C370F307} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EDBB60B9-FA76-450E-A395-0B94C370F307}" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy" => Key not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy" => Key not found.
The system needed a reboot.
==== End of Fixlog ====

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

  • Bom Dia! Ionara
  • Vamos remover as ferramentas utilizadas na desinfecção!
  • Baixe: :arrow: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )

     

    DelFix_Download_zpsb5d944c7.jpg

  • Estando na página,clique em Download Now.
  • Salve-a em um local conveniente! ( desktop! )
  • Feche aplicativos que estejam abertos.

     

    DelFix_RCL_zpscdf4940b.jpg

  • Remover ferramentas de desinfecção
  • Criar backup do registro
  • Limpar pontos da restauração do sistema
  • Com estas caixinhas marcadas,clique Executar!
  • Reinicie o computador!
  • Baixe: < Adware Removal Tool > ( ... by techsupportall.com )
  • Salve-a no desktop!

     

    AdwareRemovalTool_Logo_zpsbb2fdbf0.jpg

  • Execute o arquivo Adware-Removal-Tool-v3.9.1.exe <<

     

    AdwareRemovalTool_Scan_zps8096f94f.jpg

  • Dê início a verificação,clicando em Scan.

     

    AdwareRemovalTool_Ok_zps3849c402.jpg

  • Ao concluir seu prescan,clique OK.
  • Ps: Cada guia irá mostrar o que será removido!

     

    AdwareRemovalTool_Results_zps5b21f2d7.jp

  • Clique "Next" >> Aguarde!

     

    < Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_10_dia_h_min_seg.txt <<

  • Poste o relatório!
  • A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Ionara    2

Ionara
Postado

Boa tarde,

 

Delfix executado e segue log solicitado....

 

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Adware Removal Tool v3.9
Time: 2014_10_14_12_39_04
OS: Windows 7 - 64 Bit
Account Name: reparo
U0L0S4
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bef52f5c-3d39-4f4f-af87-a8051c72f18a}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74FF248F-E79A-4590-90DE-D8659A791F97}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bef52f5c-3d39-4f4f-af87-a8051c72f18a}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB9DDC2D-3F1B-4739-BE5D-47C8822B9ACC}:appname
\\ Finished

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Ionara

 

> Seus logs estão limpos!

> Caso queira,baixe daqui o MBAM e realize escaneamento,na opção personalizada.

> E...caso queira,poste o relatório!

>

> Baixe: < Malwarebytes Anti-Malware >

 

> Acesse este Tutorial! < Tutorial do Malwarebytes Anti-Malware >

 

> Obtenha informações de instalação,atualização e configuração do MBAM.
> Escolha o "Tipo da Verificação": Verificação Personalizada
> Ao concluir,envie suas detecções para a Quarentena.

>

> Leia no Tutorial: "Como acessar o Log (relatório) do Malwarebytes:"

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito