Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by WWW (07-09-2017 09:20:28)
Running from D:\Documents and Settings\WWW\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-05-23 18:07:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-484763869-1957994488-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-484763869-1957994488-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-484763869-1957994488-1177238915-1000 - Limited - Disabled)
WWW (S-1-5-21-484763869-1957994488-1177238915-1001 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\WWW
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.34 alpha (HKLM\...\7-Zip) (Version: - )
Advanced IP Scanner v1.5 (HKLM\...\Advanced IP Scanner v1.5) (Version: - )
Advanced Port Scanner 2.4 (HKLM\...\{664C0995-0DBD-4783-B3F2-BE1A32E96387}) (Version: 2.4.2750 - Famatech)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 3.34.0.50 - Conexant)
Connection Keeper (HKLM\...\Connection Keeper) (Version: 16.0 - Gammadyne Corporation)
EZMTOOL (HKLM\...\EZMTOOL1.0.7) (Version: 1.0.7 - NEWGLEE)
FormatFactory 3.6.0.0 (HKLM\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HCWP Web Components (HKLM\...\{908EFECF-6E38-4193-A858-587FD21FD9EA}_is1) (Version: - )
HDD Regenerator (HKLM\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software)
IDA PRO Advanced Edition (HKLM\...\IDA PRO Advanced Editionv6.1.1) (Version: v6.1.1 - Tom_Da_Man)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intelbras Cloud FF Control v1.0.1.8 (HKLM\...\{89AAD60A-82CF-4b9d-9C56-C9AEDEA533E9}}_is1) (Version: 1.0.1.8 - Intelbras S.A.)
Intelbras Cloud IE Control v1.0.2.9 (HKLM\...\{87AF0BBF-432B-47d5-A759-54B0155F225C}}_is1) (Version: 1.0.2.9 - Intelbras S.A.)
LAN Internet Watcher (HKLM\...\{87123CFB-7446-4286-8B51-A8991BDCF9DC}) (Version: 4.1 - United Software)
Malwarebytes Anti-Malware versão 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.5.2000 - Maxthon International Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 43.0.1 (x86 pt-BR)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NetSurveillance (HKLM\...\NetSurveillance) (Version: - )
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version: - )
PCPlayer (HKLM\...\{B54CE443-35EF-4776-A0CD-6D961B983097}_is1) (Version: 3.18.4.1 - HangZhou Hikvision Digital Technology Co., Ltd.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.12.0 - Ralink)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
TFTP Client (HKLM\...\TFTP Client) (Version: - )
update_server (HKLM\...\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VIVO INTERNET (HKLM\...\VIVO INTERNET) (Version: 11.302.06.20.149 - Huawei Technologies Co.,Ltd)
Warsaw 1.8.0.10356 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.0 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.0 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => D:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2015-07-10] (Foxit Software Inc.)
ContextMenuHandlers1: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => D:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt32.dll [2014-09-01] (BreakPoint Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] ()
ContextMenuHandlers2: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => D:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt32.dll [2014-09-01] (BreakPoint Software, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => D:\WINDOWS\system32\igfxpph.dll [2009-01-21] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] ()
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: D:\WINDOWS\Tasks\Avast Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1473445032.job => D:\Program Files\AVAST Software\SZBrowser\launcher.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: D:\Documents and Settings\All Users\Start Menu\Programs\IDA PRO Advanced Edition\idle.lnk -> D:\Program Files\IDA PRO Advanced Edition\lib\idlelib\idle.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-07-29 13:32 - 2017-07-29 13:32 - 000170224 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000192664 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000224256 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-06 14:34 - 2017-09-06 14:34 - 005897648 _____ () D:\Program Files\AVAST Software\Avast\defs\17090604\algo.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000689272 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000231664 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 001059160 _____ () D:\Program Files\AVAST Software\Avast\AvChrome.dll
2016-09-09 14:23 - 2016-09-09 14:23 - 048936448 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-29 13:29 - 2017-07-29 13:29 - 000134928 _____ () d:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-09-07 10:52 - 2017-08-29 14:05 - 005197312 _____ () D:\Documents and Settings\WWW\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 10:52 - 2017-08-29 14:04 - 000147456 _____ () D:\Documents and Settings\WWW\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: D:\WINDOWS\system32:96593690_Bb.gbp [2]
AlternateDataStreams: D:\WINDOWS\system32\drivers:GbpKmAp.lst [208]
AlternateDataStreams: D:\Documents and Settings\All Users\Application Data\Temp:DBC416F8 [144]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\com.br -> aapj.bb.com.br
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 09:00 - 2015-07-27 12:22 - 000000734 ____N D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-484763869-1957994488-1177238915-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 208.67.220.222 - 8.8.8.8
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: D:^Documents and Settings^All Users^Start Menu^Programs^Startup^avast! SecureLine.lnk => D:\WINDOWS\pss\avast! SecureLine.lnkCommon Startup
MSCONFIG\startupreg: ANIWZCS2Service => D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSCONFIG\startupreg: AVG_UI => "D:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BluetoothAuthenticationAgent => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ctfmon.exe => D:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: D-Link D-Link Wireless G DWA-110 => D:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
MSCONFIG\startupreg: Diebold - Warsaw => D:\Program Files\Diebold\Warsaw\core.exe
MSCONFIG\startupreg: HotKeysCmds => D:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => D:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: MSConfig => D:\WINDOWS\system32\msconfig.exe /auto
MSCONFIG\startupreg: Persistence => D:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SPUpDateServerrun => D:\Program Files\hicloud\update_server\startUp.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [D:\Documents and Settings\WWW\My Documents\Downloads\BaiduPortable\App\Baidu Browser\Spark.exe] => Enabled:Baidu
StandardProfile\AuthorizedApplications: [D:\Program Files\Maxthon\Bin\MxUp.exe] => Enabled:MxUp
StandardProfile\AuthorizedApplications: [D:\Program Files\Maxthon\Bin\Maxthon.exe] => Enabled:Maxthon
StandardProfile\AuthorizedApplications: [D:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:Instalador do AVG
StandardProfile\AuthorizedApplications: [D:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [D:\Program Files\Diebold\Warsaw\core.exe] => Enabled:Warsaw
StandardProfile\AuthorizedApplications: [D:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (D:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [D:\Documents and Settings\WWW\My Documents\Downloads\BaiduPortable\App\Baidu Browser\Spark.exe] => Enabled:Baidu
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Modem Device on High Definition Audio Bus
Description: Modem Device on High Definition Audio Bus
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error:
The authentication service is unknown.
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbp Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (09/07/2017 08:51:17 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.15,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error:
The authentication service is unknown.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbp Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (09/06/2017 05:29:34 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.15,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) M CPU 530 @ 1.73GHz
Percentage of memory in use: 76%
Total physical RAM: 1013.96 MB
Available physical RAM: 235.17 MB
Total Virtual: 2440.59 MB
Available Virtual: 1564.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:24.02 GB) (Free:23.92 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:42.76 GB) (Free:27.89 GB) NTFS
Drive e: (PRESARIO_RP) (Fixed) (Total:7.75 GB) (Free:7.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9C77B172)
Partition 1: (Active) - (Size=24 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=42.8 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=7.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by WWW (07-09-2017 09:20:28)
Running from D:\Documents and Settings\WWW\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-05-23 18:07:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-484763869-1957994488-1177238915-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-484763869-1957994488-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-484763869-1957994488-1177238915-1000 - Limited - Disabled)
WWW (S-1-5-21-484763869-1957994488-1177238915-1001 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\WWW
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.34 alpha (HKLM\...\7-Zip) (Version: - )
Advanced IP Scanner v1.5 (HKLM\...\Advanced IP Scanner v1.5) (Version: - )
Advanced Port Scanner 2.4 (HKLM\...\{664C0995-0DBD-4783-B3F2-BE1A32E96387}) (Version: 2.4.2750 - Famatech)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.5.2303 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: 3.34.0.50 - Conexant)
Connection Keeper (HKLM\...\Connection Keeper) (Version: 16.0 - Gammadyne Corporation)
EZMTOOL (HKLM\...\EZMTOOL1.0.7) (Version: 1.0.7 - NEWGLEE)
FormatFactory 3.6.0.0 (HKLM\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HCWP Web Components (HKLM\...\{908EFECF-6E38-4193-A858-587FD21FD9EA}_is1) (Version: - )
HDD Regenerator (HKLM\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software)
IDA PRO Advanced Edition (HKLM\...\IDA PRO Advanced Editionv6.1.1) (Version: v6.1.1 - Tom_Da_Man)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intelbras Cloud FF Control v1.0.1.8 (HKLM\...\{89AAD60A-82CF-4b9d-9C56-C9AEDEA533E9}}_is1) (Version: 1.0.1.8 - Intelbras S.A.)
Intelbras Cloud IE Control v1.0.2.9 (HKLM\...\{87AF0BBF-432B-47d5-A759-54B0155F225C}}_is1) (Version: 1.0.2.9 - Intelbras S.A.)
LAN Internet Watcher (HKLM\...\{87123CFB-7446-4286-8B51-A8991BDCF9DC}) (Version: 4.1 - United Software)
Malwarebytes Anti-Malware versão 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.5.2000 - Maxthon International Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 43.0.1 (x86 pt-BR)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
NetSurveillance (HKLM\...\NetSurveillance) (Version: - )
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version: - )
PCPlayer (HKLM\...\{B54CE443-35EF-4776-A0CD-6D961B983097}_is1) (Version: 3.18.4.1 - HangZhou Hikvision Digital Technology Co., Ltd.)
Ralink RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.12.0 - Ralink)
SafeZone Stable 1.48.2066.120 (HKLM\...\SafeZone 1.48.2066.120) (Version: 1.48.2066.120 - Avast Software) Hidden
TFTP Client (HKLM\...\TFTP Client) (Version: - )
update_server (HKLM\...\{1D08522D-308D-4615-AEA9-44021FD7445A}_is1) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VIVO INTERNET (HKLM\...\VIVO INTERNET) (Version: 11.302.06.20.149 - Huawei Technologies Co.,Ltd)
Warsaw 1.8.0.10356 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia)
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.0 (32-bit) (HKLM\...\Wireshark) (Version: 1.10.0 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => D:\Program Files\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x86.dll [2015-07-10] (Foxit Software Inc.)
ContextMenuHandlers1: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => D:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt32.dll [2014-09-01] (BreakPoint Software, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] ()
ContextMenuHandlers2: [HexWorkshopContextMenu] -> {DB34D5DC-D41A-482E-A5EF-8FA0F88761DA} => D:\Program Files\BreakPoint Software\Hex Workshop v6.8\HWExt32.dll [2014-09-01] (BreakPoint Software, Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => D:\Program Files\7-Zip\7-zip.dll [2014-06-22] (Igor Pavlov)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => D:\WINDOWS\system32\igfxpph.dll [2009-01-21] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShell.dll [2017-07-29] (AVAST Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => D:\Program Files\WinRAR\rarext.dll [2003-05-15] ()
==================== Scheduled Tasks=============================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: D:\WINDOWS\Tasks\Avast Emergency Update.job => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => D:\Program Files\Google\Update\GoogleUpdate.exe
Task: D:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1473445032.job => D:\Program Files\AVAST Software\SZBrowser\launcher.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: D:\Documents and Settings\All Users\Start Menu\Programs\IDA PRO Advanced Edition\idle.lnk -> D:\Program Files\IDA PRO Advanced Edition\lib\idlelib\idle.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-07-29 13:32 - 2017-07-29 13:32 - 000170224 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000192664 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000224256 _____ () D:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-09-06 14:34 - 2017-09-06 14:34 - 005897648 _____ () D:\Program Files\AVAST Software\Avast\defs\17090604\algo.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000689272 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 000231664 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll
2017-07-29 13:32 - 2017-07-29 13:32 - 001059160 _____ () D:\Program Files\AVAST Software\Avast\AvChrome.dll
2016-09-09 14:23 - 2016-09-09 14:23 - 048936448 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-29 13:29 - 2017-07-29 13:29 - 000134928 _____ () d:\Program Files\AVAST Software\Avast\vaarclient.dll
2016-09-07 10:52 - 2017-08-29 14:05 - 005197312 _____ () D:\Documents and Settings\WWW\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 10:52 - 2017-08-29 14:04 - 000147456 _____ () D:\Documents and Settings\WWW\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: D:\WINDOWS\system32:96593690_Bb.gbp [2]
AlternateDataStreams: D:\WINDOWS\system32\drivers:GbpKmAp.lst [208]
AlternateDataStreams: D:\Documents and Settings\All Users\Application Data\Temp:DBC416F8 [144]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-484763869-1957994488-1177238915-1001\...\com.br -> aapj.bb.com.br
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 09:00 - 2015-07-27 12:22 - 000000734 ____N D:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-484763869-1957994488-1177238915-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 208.67.220.222 - 8.8.8.8
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: D:^Documents and Settings^All Users^Start Menu^Programs^Startup^avast! SecureLine.lnk => D:\WINDOWS\pss\avast! SecureLine.lnkCommon Startup
MSCONFIG\startupreg: ANIWZCS2Service => D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSCONFIG\startupreg: AVG_UI => "D:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: BluetoothAuthenticationAgent => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
MSCONFIG\startupreg: CCleaner Monitoring => "D:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: ctfmon.exe => D:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: D-Link D-Link Wireless G DWA-110 => D:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
MSCONFIG\startupreg: Diebold - Warsaw => D:\Program Files\Diebold\Warsaw\core.exe
MSCONFIG\startupreg: HotKeysCmds => D:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => D:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: MSConfig => D:\WINDOWS\system32\msconfig.exe /auto
MSCONFIG\startupreg: Persistence => D:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: SPUpDateServerrun => D:\Program Files\hicloud\update_server\startUp.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [D:\Documents and Settings\WWW\My Documents\Downloads\BaiduPortable\App\Baidu Browser\Spark.exe] => Enabled:Baidu
StandardProfile\AuthorizedApplications: [D:\Program Files\Maxthon\Bin\MxUp.exe] => Enabled:MxUp
StandardProfile\AuthorizedApplications: [D:\Program Files\Maxthon\Bin\Maxthon.exe] => Enabled:Maxthon
StandardProfile\AuthorizedApplications: [D:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:Instalador do AVG
StandardProfile\AuthorizedApplications: [D:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [D:\Program Files\Diebold\Warsaw\core.exe] => Enabled:Warsaw
StandardProfile\AuthorizedApplications: [D:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (D:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [D:\Documents and Settings\WWW\My Documents\Downloads\BaiduPortable\App\Baidu Browser\Spark.exe] => Enabled:Baidu
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Modem Device on High Definition Audio Bus
Description: Modem Device on High Definition Audio Bus
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error:
The authentication service is unknown.
Error: (09/07/2017 08:52:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbp Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (09/07/2017 08:51:17 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.15,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7028) (User: )
Description: The Warsaw Technology Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPSEC Services service terminated with the following error:
The authentication service is unknown.
Error: (09/06/2017 05:30:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Gbp Service service failed to start due to the following error:
The system cannot find the path specified.
Error: (09/06/2017 05:29:34 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.15,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) M CPU 530 @ 1.73GHz
Percentage of memory in use: 76%
Total physical RAM: 1013.96 MB
Available physical RAM: 235.17 MB
Total Virtual: 2440.59 MB
Available Virtual: 1564.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:24.02 GB) (Free:23.92 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:42.76 GB) (Free:27.89 GB) NTFS
Drive e: (PRESARIO_RP) (Fixed) (Total:7.75 GB) (Free:7.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9C77B172)
Partition 1: (Active) - (Size=24 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=42.8 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=7.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================