cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Fix result of Farbar Recovery Scan Tool (x86) Version:05-11-2015
Ran by casal (2015-11-07 00:04:42) Run:1
Running from C:\Users\casal\Downloads
Loaded Profiles: casal (Available Profiles: casal & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-2364669226-1398954891-4146519358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-07-22] ()
S3 AppObserver; \??\C:\Program Files\NetRatingsNetSight\NetSight\meter2\appobserver.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-10-28 08:22 - 2015-10-28 08:22 - 00000000 ____D C:\Users\Todos os Usuários\Uniblue
2015-10-28 08:22 - 2015-10-28 08:22 - 00000000 ____D C:\ProgramData\Uniblue
2015-10-28 08:16 - 2015-10-28 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2015-10-28 08:13 - 2015-10-28 08:14 - 01339288 _____ (Uniblue Systems Limited ) C:\Users\casal\Downloads\speedupmypc.exe
2015-10-27 19:23 - 2015-06-08 17:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit
2015-10-27 19:23 - 2015-06-08 17:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-05 22:29 - 2015-06-05 22:29 - 0004838 _____ () C:\Program Files\mbam-log-2015-06-05 (21-12-33).xml
2015-06-30 15:04 - 2015-06-30 15:04 - 0002500 _____ () C:\Program Files\mbam-log-2015-06-30 (13-36-14).xml
2015-08-26 22:51 - 2015-08-26 22:51 - 0003442 _____ () C:\Program Files\mbam-log-2015-08-26 (21-22-09).xml
Task: {06C8318D-B39E-4462-8F54-C14099EB5C08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {32012730-E320-4CA4-9074-9461A0BA4D83} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {33E08388-F37B-42C9-9E9C-D5E19E9111C5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6203C21B-E4B4-42C8-8AB2-D9535CF154D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {632933D8-8C96-4235-BB5F-2A9CE5644036} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {8BBDF691-B311-4AD8-ACF1-002C3BE7FEAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {939D7229-C2CB-4629-883C-91FE520ACD18} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A30DDDA2-8F1C-4359-BC80-5DD329D3F931} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A452AD3B-5ACE-4D47-8CCE-8DE0D4543D76} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A7A9A5F4-3352-4A95-B4DD-46569CAA754B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B2F95462-293A-42CD-BD3A-76E6CC32CEF2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D35C4AE2-356A-464A-AB9B-D62290EC2894} - System32\Tasks\LaunchPreSignup => C:\Program Files\OLBPre\OLBPre.exe <==== ATTENTION
Task: {DE3953E6-2C3E-4101-B3E2-6DEF5317B847} - System32\Tasks\{F7ED9E03-AA8D-4405-A914-D955176A81F5} => pcalua.exe -a "C:\Program Files\ZHPDiag\ZHPhep.exe" -d "C:\Program Files\ZHPDiag"
Task: {EFC0170A-7779-420C-ABB5-505945B9B2AD} - System32\Tasks\Programa de atualização online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
2015-09-03 03:40 - 2015-09-03 03:40 - 0003584 _____ () C:\Users\casal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34
C:\Users\casal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwrxzd.dll
C:\Users\casal\AppData\Local\Temp\jre-8u65-windows-au.exe
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processes closed successfully.
C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe => No running process found
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Exploit => value removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
"HKU\S-1-5-21-2364669226-1398954891-4146519358-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
ESProtectionDriver => Service stopped successfully.
ESProtectionDriver => service removed successfully.
AppObserver => service removed successfully.
idsvc => service removed successfully.
wfpcapture => service removed successfully.
wpcsvc => service removed successfully.
C:\Users\Todos os Usuários\Uniblue => moved successfully
"C:\ProgramData\Uniblue" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue => moved successfully
C:\Users\casal\Downloads\speedupmypc.exe => moved successfully
C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit => moved successfully
"C:\ProgramData\Malwarebytes Anti-Exploit" => not found.
C:\Program Files\mbam-log-2015-06-05 (21-12-33).xml => moved successfully
C:\Program Files\mbam-log-2015-06-30 (13-36-14).xml => moved successfully
C:\Program Files\mbam-log-2015-08-26 (21-22-09).xml => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06C8318D-B39E-4462-8F54-C14099EB5C08}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06C8318D-B39E-4462-8F54-C14099EB5C08}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32012730-E320-4CA4-9074-9461A0BA4D83}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32012730-E320-4CA4-9074-9461A0BA4D83}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33E08388-F37B-42C9-9E9C-D5E19E9111C5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33E08388-F37B-42C9-9E9C-D5E19E9111C5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6203C21B-E4B4-42C8-8AB2-D9535CF154D8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6203C21B-E4B4-42C8-8AB2-D9535CF154D8}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{632933D8-8C96-4235-BB5F-2A9CE5644036}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{632933D8-8C96-4235-BB5F-2A9CE5644036}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BBDF691-B311-4AD8-ACF1-002C3BE7FEAE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BBDF691-B311-4AD8-ACF1-002C3BE7FEAE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{939D7229-C2CB-4629-883C-91FE520ACD18}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{939D7229-C2CB-4629-883C-91FE520ACD18}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A30DDDA2-8F1C-4359-BC80-5DD329D3F931}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A30DDDA2-8F1C-4359-BC80-5DD329D3F931}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A452AD3B-5ACE-4D47-8CCE-8DE0D4543D76}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A452AD3B-5ACE-4D47-8CCE-8DE0D4543D76}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7A9A5F4-3352-4A95-B4DD-46569CAA754B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7A9A5F4-3352-4A95-B4DD-46569CAA754B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2F95462-293A-42CD-BD3A-76E6CC32CEF2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2F95462-293A-42CD-BD3A-76E6CC32CEF2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D35C4AE2-356A-464A-AB9B-D62290EC2894}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D35C4AE2-356A-464A-AB9B-D62290EC2894}" => key removed successfully.
C:\Windows\System32\Tasks\LaunchPreSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE3953E6-2C3E-4101-B3E2-6DEF5317B847}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE3953E6-2C3E-4101-B3E2-6DEF5317B847}" => key removed successfully.
C:\Windows\System32\Tasks\{F7ED9E03-AA8D-4405-A914-D955176A81F5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F7ED9E03-AA8D-4405-A914-D955176A81F5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFC0170A-7779-420C-ABB5-505945B9B2AD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFC0170A-7779-420C-ABB5-505945B9B2AD}" => key removed successfully.
C:\Windows\System32\Tasks\Programa de atualização online Adobe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Programa de atualização online Adobe" => key removed successfully.
C:\Users\casal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully..
"C:\Users\Todos os Usuários\TEMP" => ":5C321E34" ADS not found.
"C:\Users\casal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwrxzd.dll" => not found.
"C:\Users\casal\AppData\Local\Temp\jre-8u65-windows-au.exe" => not found.
Restore point was successfully created.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2364669226-1398954891-4146519358-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2364669226-1398954891-4146519358-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 24.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:06:02 ====

Publicité


Signaler le contenu de ce document

Publicité