cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:07-02-2016
Executado por Icaro (2016-02-17 10:30:18) Run:1
Executando a partir de C:\Users\Icaro\Desktop
Perfis Carregados: Icaro (Perfis Disponíveis: Icaro & artur)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
HKLM\...\Run: [gplyra] => C:\Users\Icaro\AppData\Roaming\gplyra\gplyra\start.cmd [216 2016-01-19] ()
HKU\S-1-5-21-717865306-1892228015-2496639535-1001\...\MountPoints2: {0739614a-5a4b-11e5-9bc4-806e6f6e6963} - "K:\Setup.exe"
HKU\S-1-5-21-717865306-1892228015-2496639535-1001\...\MountPoints2: {0bc82ae3-58ad-11e5-9bc2-448a5b9f657d} - "F:\setup.exe"
HKU\S-1-5-21-717865306-1892228015-2496639535-1001\...\MountPoints2: {0bc82b58-58ad-11e5-9bc2-448a5b9f657d} - "H:\setup.exe"
AutoConfigURL: [S-1-5-21-717865306-1892228015-2496639535-1001] => hxxp://stop-block.org/wpad.dat?24599f3085a9105959641c6dab4b38266308519
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-717865306-1892228015-2496639535-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObaiwDoGXtuiqHEBCb4acb5Zd9wp0XevMVD9bMSQSOAexPe--Ch_i567i1L1VIFHGhLYM1seSk_dZqw47JH3YPSX_bFzpnvZ0ZHldRYiYYY3xU2j-GShH44AiTQqSfEv8DttZlFFZvbgp0Dnako9quu36ntKWQMDYynh_w_nibu
S3 MSICDSetup; \??\H:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\H:\NTIOLib_X64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2016-02-16 17:20 - 2016-02-16 17:20 - 00000000 ____D C:\Windows\system32\koks
2016-02-16 17:14 - 2016-02-16 17:14 - 00000000 ____D C:\Users\Icaro\AppData\Roaming\gplyra
2016-02-16 17:13 - 2016-02-16 17:13 - 00003420 _____ C:\Windows\System32\Tasks\Cipraa
2016-02-16 17:13 - 2016-02-16 17:13 - 00000000 ____D C:\Users\Icaro\AppData\Local\Tempfolder
2016-02-16 17:13 - 2016-02-16 17:13 - 00000000 ____D C:\uninst
Task: {1E58C9E5-EBD9-4C88-897F-F8D34078C957} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {85946843-C1A2-428D-8069-4A69E1BBCA1B} - System32\Tasks\Cipraa => C:\PROGRA~1\SHOPPE~1\Iiraibn.bat
Task: {A1C96E4F-0068-4518-ABB3-9D805BE382B2} - \bvxvbyxvaa -> Nenhum Arquivo <==== ATENÇÃO
Task: {D970EA9E-F00D-44D5-A925-0289278AB0C9} - System32\Tasks\{51685B4A-523D-4EE3-8CA3-6D03F73F012A} => pcalua.exe -a F:\win\CDSplash.exe -d F:\
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\Windows\System32:42535750_Bb.gbp
AlternateDataStreams: C:\Windows\System32:42535750_Cef.gbp
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processos fechados com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gplyra => valor removido (a) com sucesso.
"HKU\S-1-5-21-717865306-1892228015-2496639535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0739614a-5a4b-11e5-9bc4-806e6f6e6963}" => chave removido (a) com sucesso.
HKCR\CLSID\{0739614a-5a4b-11e5-9bc4-806e6f6e6963} => chave não encontrado (a).
"HKU\S-1-5-21-717865306-1892228015-2496639535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bc82ae3-58ad-11e5-9bc2-448a5b9f657d}" => chave removido (a) com sucesso.
HKCR\CLSID\{0bc82ae3-58ad-11e5-9bc2-448a5b9f657d} => chave não encontrado (a).
"HKU\S-1-5-21-717865306-1892228015-2496639535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bc82b58-58ad-11e5-9bc2-448a5b9f657d}" => chave removido (a) com sucesso.
HKCR\CLSID\{0bc82b58-58ad-11e5-9bc2-448a5b9f657d} => chave não encontrado (a).
HKU\S-1-5-21-717865306-1892228015-2496639535-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => valor removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
"HKU\S-1-5-21-717865306-1892228015-2496639535-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => chave removido (a) com sucesso.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => chave não encontrado (a).
Chrome HomePage => removido (a) com sucesso.
MSICDSetup => serviço removido (a) com sucesso.
NTIOLib_1_0_C => serviço removido (a) com sucesso.
wfpcapture => serviço removido (a) com sucesso.
C:\Windows\system32\koks => movido com sucesso
C:\Users\Icaro\AppData\Roaming\gplyra => movido com sucesso
C:\Windows\System32\Tasks\Cipraa => movido com sucesso
C:\Users\Icaro\AppData\Local\Tempfolder => movido com sucesso
C:\uninst => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E58C9E5-EBD9-4C88-897F-F8D34078C957}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E58C9E5-EBD9-4C88-897F-F8D34078C957}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\AutoPico Daily Restart => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85946843-C1A2-428D-8069-4A69E1BBCA1B}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85946843-C1A2-428D-8069-4A69E1BBCA1B}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Cipraa => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cipraa" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1C96E4F-0068-4518-ABB3-9D805BE382B2}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1C96E4F-0068-4518-ABB3-9D805BE382B2}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbyxvaa" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D970EA9E-F00D-44D5-A925-0289278AB0C9}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D970EA9E-F00D-44D5-A925-0289278AB0C9}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\{51685B4A-523D-4EE3-8CA3-6D03F73F012A} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{51685B4A-523D-4EE3-8CA3-6D03F73F012A}" => chave removido (a) com sucesso.
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..
C:\Windows\System32 => ":42535750_Bb.gbp" ADS removido (a) com sucesso..
C:\Windows\System32 => ":42535750_Cef.gbp" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
"C:\Program Files\Microsoft Security Client" => não encontrado (a)
"C:\Program Files\Windows Defender" => Deletando reparse point e desbloqueando começado:
"C:\Program Files\Windows Defender" =>Deletando reparse point e desbloqueando completado.
Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-717865306-1892228015-2496639535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-717865306-1892228015-2496639535-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
EmptyTemp: => 4 GB de dados temporários Removidos.


O sistema precisou ser reiniciado.

==== Fim de Fixlog 10:35:11 ====

Publicité


Signaler le contenu de ce document

Publicité