Ir ao conteúdo
  • Cadastre-se
Alisson Costa Lisboa

Vírus de atalho persistente aos antivirus

Recommended Posts

Boa noite!

Havia criado há um mês o tópico referente a esta máquina, entretanto não dei acompanhamento ao processo de orientação e o tópico foi movido ao arquivo morto. Peço licença à moderação para tornar a postá-lo. Já tentei contato com a pessoa que estava me acompanhando (@diego_moicano)  mas meu perfil não permite mensagens privadas, como foi sugerido na mensagem de arquivamento. Agradeço bastante, desde já.

 

Este foi o texto do tópico original:

Este notebook foi infectado com pendrives que a dona utilizou em seus computadores no trabalho. Costumava resolver a questão do vírus no pendrive pelo CMD, com o attrib, mas este não funciona. Consigo remover com alguns programas, mas termina que eles excluem todos os arquivos do pendrive. Já perdi arquivos importantes nisso. Agora o computador está infectado também. Removo do pendrive e, automaticamente, ele retorna. Não sei se há também outros vírus na máquina. Poderiam me ajudar? Obrigado!

 

@diego_moicano Conforme me orientou no tópico passado, seguem os relatórios e agradeço se puder retomar o acompanhamento. Obrigado, desde já.

 

Alisson

 

Link do tópico passado: 

 

1 - AdwCleaner[C0].txt

2 - JRT.txt

3 - ZHPCleaner.txt

Editado por Alisson Costa Lisboa

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

 

Não estou conseguindo resolver a infecção de vírus no computador de minha mãe. Foi infectado com pendrives infectados com vírus que ela utiliza no trabalho dela.

Segue o log do ZA-Scan.

Agradeço a ajuda!

 


ZA-Scan V1.0.0.5 Updated 19-September-2016
Tool run by Lisboa on 02/12/2016 at 15:34:56,57.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Lisboa\Desktop\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\WSED\WSED.exe
C:\Program Files (x86)\CLaunchKey\CLaunchKey.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Users\Lisboa\Desktop\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Lisboa\AppData\Local\Temp\ZAScan.exe

==== Services and Drivers ======================

You do not have Microsoft .NET Framework 4.0(or higher) installed.
Download it here v4.0: http://www.microsoft.com/en-us/download/details.aspx?id=17851
Download it here v4.5: http://www.microsoft.com/en-in/download/details.aspx?id=30653

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"EgisTecPMMUpdate"="C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate"="C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe -d"
"VitaKeyTSR"="C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run"
"WSED"="C:\Program Files (x86)\WSED\WSED.exe"
"CLaunchKey"="C:\Program Files (x86)\CLaunchKey\CLaunchKey.exe"
"DTManager ScreenShot"="C:\Program Files (x86)\Daten\DT-Manager Cliente\DTScreenShot\DTManagerScreenShot.exe"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"USB Security"="C:\Program Files (x86)\USB Disk Security\USBGuard.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"Avira SystrayStartTrigger"="C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"BLEServicesCtrl"="C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Excel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Microsoft Excel"
"hkey"="HKCU"
"command"="wscript.exe //D \"C:\\Users\\Lisboa\\AppData\\Roaming\\Microsoft Office\\\\Microsoft Excel.WsF\""


==== Startup Folders ======================

2016-08-24 14:49:42    1080    ----a-w-    C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [24/04/2016 18:55]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job --a------ C:\Program Files (x86)\Intel\IntelR ME FW Recovery Agent\bin\Bootstrap.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" [C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files (x86)\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\SRS Premium Sound" [C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe]
"C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}"="C:\Program Files (x86)\EgisTec BioExcess\FFExt20" [31/12/2010 23:50]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Lisboa\AppData\Roaming\Mozilla\Firefox\Profiles\rY1BIfgA.default
- Segurana do navegador Avira - %ProfilePath%\extensions\abs@avira.com

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
ladimmjldcgbeamniagencjbodhnmgen - C:\Program Files (x86)\EgisTec BioExcess\ChromeEx\EgisPBChromeExt.crx[26/10/2011 14:41]

Google Slides - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheets - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avira Browser Safety - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Google Docs Offline - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Chrome Media Router - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Skype Calling - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk
undetermined - Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\WebNavigation.crx

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://login.latinamweb.com/"
"Search Page"="http://login.latinamweb.com/"
"Search Bar"="https://search.avast.com/AV772/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://search.avast.com/AV772/"
"Search Page"="https://search.avast.com/AV772/search/web?q={searchTerms}"
"Search Bar"="https://search.avast.com/AV772/"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://search.avast.com/AV772/"
"Search Page"="https://search.avast.com/AV772/search/web?q={searchTerms}"
"Search Bar"="https://search.avast.com/AV772/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{73C25264-9C19-4E82-BC19-57A39AE583F7}"
HKLM\SearchScopes\{73C25264-9C19-4E82-BC19-57A39AE583F7} - http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9}"
HKLM\Wow6432Node\SearchScopes\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} - https://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{B61A6AC0-0834-4ED7-9797-2A7DF068096B} - http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
HKCU\SearchScopes "DefaultScope"="{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9}"
HKCU\SearchScopes\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} - https://search.avast.com/AV772/search/web?q={searchTerms}

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://search.avast.com/AV772/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://login.latinamweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://search.avast.com/AV772/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avast.com/AV772/search/web?q={searchTerms}
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll

==== EOF on 02/12/2016 at 15:37:32,41 ======================
 

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alisson Costa Lisboa

 

O pendrive esta infectado? Apresenta atalhos?

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o Farbar Recovery Scan Tool e salve-o na Área de Trabalho (Desktop).


32 bit (x86) ou 64 bit (x64)

 

  • Clique duas vezes para executar a ferramenta.
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Marque a caixa Arquivos 90 dias,  e clique no botão Examinar.
  • Aguarde e ao final os logs FRST.txt e Addition.txt serão salvos em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo do log  FRST.txt em sua próxima resposta.
  • Anexe o log Addition.txt

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 07-12-2016
Executado por Lisboa (administrador) em LISBOA-PC (12-12-2016 13:39:07)
Executando a partir de C:\Users\Lisboa\Desktop
Perfis Carregados: Lisboa (Perfis Disponíveis: Lisboa & Classic .NET AppPool & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
() C:\Program Files (x86)\DATEN\DTAgentePadrao\DTAgentePadrao.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\DATEN\DTAgenteRede\DTAgenteRede.exe
(Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
() C:\Program Files (x86)\DATEN\DTManagerClientService\DTManagerClient.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(TODO: <Company name>) C:\Program Files (x86)\WSED\WSED.exe
() C:\Program Files (x86)\CLaunchKey\CLaunchKey.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\DATEN\DT-Manager Cliente\DTScreenShot\DTManagerScreenShot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2776360 2011-09-25] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-05-15] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-16] (Intel Corporation)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [418672 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [384048 2011-10-26] (Egis Technology Inc. )
HKLM-x32\...\Run: [WSED] => C:\Program Files (x86)\WSED\WSED.exe [320880 2010-12-02] (TODO: <Company name>)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CLaunchKey] => C:\Program Files (x86)\CLaunchKey\CLaunchKey.exe [366448 2011-08-31] ()
HKLM-x32\...\Run: [DTManager ScreenShot] => C:\Program Files (x86)\Daten\DT-Manager Cliente\DTScreenShot\DTManagerScreenShot.exe [7680 2011-06-14] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-03] (Zbshareware Lab)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [916072 2016-11-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\...\MountPoints2: {23f2d787-95fe-11e6-af4f-20898454d5a8} - E:\Lenovo_Suite.exe
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Nenhum Arquivo
Startup: C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-08-30]
ShortcutTarget: Start.lnk -> C:\Users\Lisboa\AppData\Roaming\prqecird\qwwdkqoct.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01CD3054-9F4F-4282-A98A-093660CEC5FD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EB1D50E0-2DE1-4AA3-8BCC-D904490D4E8C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV772/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {73C25264-9C19-4E82-BC19-57A39AE583F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {73C25264-9C19-4E82-BC19-57A39AE583F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {B61A6AC0-0834-4ED7-9797-2A7DF068096B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1641810859-1864636158-1853844546-1004 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1641810859-1864636158-1853844546-1004 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
BHO: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2011-10-26] (Egis Technology Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-01] (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: EgisPBIE Sign-in Helper -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2011-10-26] (Egis Technology Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Lisboa\AppData\Roaming\Mozilla\Firefox\Profiles\rY1BIfgA.default [2016-08-30]
FF Extension: (Avira Browser Safety) - C:\Users\Lisboa\AppData\Roaming\Mozilla\Firefox\Profiles\rY1BIfgA.default\Extensions\abs@avira.com [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension: ( Online Accounts Extension ) - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2010-12-31] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt20
FF Extension: ( Online Accounts Extension ) - C:\Program Files (x86)\EgisTec BioExcess\FFExt20 [2010-12-31] [não assinado]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Profile: C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Google Apresentações) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-24]
CHR Extension: (Google Docs) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-25]
CHR Extension: (Google Drive) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-24]
CHR Extension: (YouTube) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-24]
CHR Extension: (Planilhas do Google) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-24]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-25]
CHR Extension: (Documentos Google off-line) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24]
CHR Extension: (Gmail) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR Extension: (Chamada pelo Skype) - C:\Users\Lisboa\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-05-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ladimmjldcgbeamniagencjbodhnmgen] - C:\Program Files (x86)\EgisTec BioExcess\ChromeEx\EgisPBChromeExt.crx [2011-10-26]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089088 2016-11-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [475232 2016-11-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [475232 2016-11-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1488240 2016-11-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R2 DTAgentePadrao; C:\Program Files (x86)\DATEN\DTAgentePadrao\DTAgentePadrao.exe [11776 2011-06-14] () [Arquivo não assinado]
R2 DTAgenteRede; C:\Program Files (x86)\DATEN\DTAgenteRede\DTAgenteRede.exe [16384 2011-06-14] () [Arquivo não assinado]
R2 DTManagerClient; C:\Program Files (x86)\DATEN\DTManagerClientService\DTManagerClient.exe [33792 2011-06-14] () [Arquivo não assinado]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350208 2010-11-21] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Arquivo não assinado]
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-21] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-05-15] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-05-15] (Intel Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [177432 2016-11-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145536 2016-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-08-30] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2016-05-04] (DT Soft Ltd)
R3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [45568 2011-08-26] (Generic)
U0 aswVmm; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-12-12 13:39 - 2016-12-12 13:39 - 00019426 _____ C:\Users\Lisboa\Desktop\FRST.txt
2016-12-12 13:36 - 2016-12-12 13:36 - 00025955 _____ C:\Users\Lisboa\Downloads\Addition.txt
2016-12-12 13:35 - 2016-12-12 13:36 - 00030201 _____ C:\Users\Lisboa\Downloads\FRST.txt
2016-12-12 13:34 - 2016-12-12 13:39 - 00000000 ____D C:\FRST
2016-12-12 13:34 - 2016-12-12 13:34 - 02420224 _____ (Farbar) C:\Users\Lisboa\Desktop\FRST64.exe
2016-12-02 15:37 - 2016-12-02 15:37 - 00011827 _____ C:\ZA-Scan.txt
2016-11-30 20:52 - 2016-11-30 20:52 - 00001138 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-11-24 21:57 - 2016-11-24 21:57 - 00000000 _____ C:\Users\Lisboa\Desktop\Novo Documento de Texto.txt
2016-11-24 21:49 - 2016-11-24 21:50 - 01370112 _____ C:\Users\Lisboa\Downloads\ZA-Scan.exe
2016-11-22 23:21 - 2016-12-05 16:01 - 00003947 _____ C:\Users\Lisboa\Desktop\ZHPCleaner.txt
2016-11-22 23:14 - 2016-12-05 16:01 - 00000000 ____D C:\Users\Lisboa\AppData\Roaming\ZHP
2016-11-22 23:14 - 2016-12-05 15:50 - 00000795 _____ C:\Users\Lisboa\Desktop\ZHPCleaner.lnk
2016-11-22 23:13 - 2016-11-22 23:13 - 02523648 _____ C:\Users\Lisboa\Desktop\ZHPCleaner.exe
2016-11-22 23:12 - 2016-12-05 15:49 - 00001871 _____ C:\Users\Lisboa\Desktop\JRT.txt
2016-11-22 23:09 - 2016-11-22 23:10 - 01631928 _____ (Malwarebytes) C:\Users\Lisboa\Desktop\JRT.exe
2016-11-22 23:05 - 2016-12-05 16:02 - 00000000 ____D C:\Users\Lisboa\Desktop\Relatórios Limpeza PC
2016-11-22 22:59 - 2016-12-05 15:43 - 00000000 ____D C:\AdwCleaner
2016-11-22 22:53 - 2016-11-22 22:54 - 03910208 _____ C:\Users\Lisboa\Desktop\adwcleaner_6.030.exe
2016-11-21 22:03 - 2016-11-21 22:05 - 01424631 _____ C:\Users\Lisboa\Desktop\Hino Família   Regis Danese.part
2016-11-10 22:43 - 2016-11-10 22:43 - 00773635 _____ C:\Users\Lisboa\Downloads\progsuple_carlos_fundeb.pdf
2016-11-10 22:35 - 2016-11-10 22:36 - 01069437 _____ C:\Users\Lisboa\Downloads\Apresentacao_Modulo_FUNDEB_Unid_I_e_II.pptx
2016-11-10 22:34 - 2016-11-10 22:35 - 02532671 _____ C:\Users\Lisboa\Downloads\FUNDEB_GERAL (1)
2016-11-10 22:32 - 2016-11-10 22:32 - 01056733 _____ C:\Users\Lisboa\Downloads\Apresentacao_Modulo_FUNDEB_Unid_III.pptx
2016-11-10 15:14 - 2016-11-10 15:15 - 02713784 _____ C:\Users\Lisboa\Downloads\Apresentação Oliveira 2.pptx
2016-11-10 15:14 - 2016-11-10 15:15 - 02067595 _____ C:\Users\Lisboa\Downloads\Apresentação Oliveira Brito.pptx
2016-11-10 15:12 - 2016-11-10 15:13 - 00710692 _____ C:\Users\Lisboa\Downloads\TELMA0001.pdf
2016-11-10 15:12 - 2016-11-10 15:12 - 00416637 _____ C:\Users\Lisboa\Downloads\TELMA0002.pdf
2016-11-10 15:11 - 2016-11-10 15:11 - 00996010 _____ C:\Users\Lisboa\Downloads\PNLD001.pdf
2016-11-08 21:16 - 2016-11-09 00:19 - 00000000 ____D C:\Users\Lisboa\Documents\fotos formatura
2016-11-05 01:04 - 2016-11-05 01:04 - 00003850 _____ C:\Users\Lisboa\Downloads\BAFUNDEB68916.csv
2016-11-01 20:52 - 2016-11-01 20:53 - 238096968 _____ C:\Users\Lisboa\Desktop\Arrecadação e investimento dos recursos da educação   Como funciona o FUNDEB.avi
2016-11-01 19:24 - 2016-11-01 19:24 - 00105592 _____ C:\Users\Lisboa\Downloads\3_Ficha_de_acompanhamento_dos_cursistas_no_AVA_2016 (17).xlsx
2016-11-01 18:49 - 2016-11-01 18:49 - 00104800 _____ C:\Users\Lisboa\Downloads\3_Ficha_de_acompanhamento_dos_cursistas_no_AVA_2016 (15).xlsx
2016-11-01 18:45 - 2016-11-01 18:45 - 00105592 _____ C:\Users\Lisboa\Downloads\3_Ficha_de_acompanhamento_dos_cursistas_no_AVA_2016 (14).xlsx
2016-11-01 18:41 - 2016-11-01 18:41 - 00780539 _____ C:\Users\Lisboa\Downloads\Anadege0001.pdf
2016-11-01 18:41 - 2016-11-01 18:41 - 00763132 _____ C:\Users\Lisboa\Downloads\Anadege0002.pdf
2016-11-01 18:41 - 2016-11-01 18:41 - 00509918 _____ C:\Users\Lisboa\Downloads\Anadege0003.pdf
2016-10-31 23:40 - 2016-10-31 23:40 - 00104798 _____ C:\Users\Lisboa\Downloads\3_Ficha_de_acompanhamento_dos_cursistas_no_AVA_2016 (13).xlsx
2016-10-31 23:37 - 2016-10-31 23:37 - 00105592 _____ C:\Users\Lisboa\Downloads\3_Ficha_de_acompanhamento_dos_cursistas_no_AVA_2016 (12).xlsx
2016-10-31 23:36 - 2016-10-31 23:36 - 00105592 _____ C:\Users\Lisboa\Downloads\3_Ficha_de_acompanhamento_dos_cursistas_no_AVA_2016 (11).xlsx
2016-10-31 12:09 - 2016-10-31 22:09 - 00000000 ____D C:\Users\Lisboa\Desktop\fotos mainha
2016-10-28 21:45 - 2016-11-01 00:05 - 00000000 ____D C:\Users\Lisboa\Desktop\Fundeb 2016
2016-10-20 22:50 - 2016-10-20 22:52 - 06009249 _____ C:\Users\Lisboa\Downloads\Domino (1).wmv
2016-10-19 10:19 - 2016-10-19 07:26 - 00689354 _____ C:\Users\Lisboa\Desktop\Outubro rosa Gloria.pptx.ppt
2016-10-18 22:36 - 2016-10-18 22:36 - 01563283 _____ C:\Users\Lisboa\Downloads\4_Relatorio_Bimestral_do_Tutor_2016 (1) PLI (2).pdf
2016-10-18 22:36 - 2016-10-18 22:36 - 01563283 _____ C:\Users\Lisboa\Downloads\4_Relatorio_Bimestral_do_Tutor_2016 (1) PLI (1).pdf
2016-10-18 22:22 - 2016-10-28 20:05 - 00000000 ____D C:\Users\Lisboa\Documents\PLANOS FORMAÇÃO
2016-10-18 21:12 - 2016-10-18 21:56 - 00000000 ____D C:\Users\Lisboa\Desktop\Relatorios Formação
2016-10-18 21:11 - 2016-10-18 21:11 - 01563283 _____ C:\Users\Lisboa\Downloads\4_Relatorio_Bimestral_do_Tutor_2016 (1) PLI.pdf
2016-10-16 18:09 - 2016-10-16 18:09 - 01500103 _____ C:\Users\Lisboa\Desktop\PPP2010VersaoPreliminar.pdf
2016-10-15 15:05 - 2016-10-15 15:05 - 00000000 ____D C:\zoek_backup
2016-10-15 15:04 - 2016-10-15 15:04 - 01370112 _____ C:\Users\Lisboa\Desktop\ZA-Scan.exe
2016-10-15 14:47 - 2016-10-14 16:36 - 00335133 _____ C:\Users\Lisboa\Desktop\pressupostos educacionais.pdf
2016-10-15 14:47 - 2016-10-14 16:02 - 00833247 _____ C:\Users\Lisboa\Desktop\GUIA-ORIENTATIVO-PPP2014.pdf
2016-10-14 11:22 - 2016-10-14 11:22 - 02093084 _____ C:\Users\Lisboa\Downloads\Educação-inclusiva-e-Direitos-Humanos.ppsx
2016-10-14 10:14 - 2016-10-14 10:14 - 00520395 _____ C:\Users\Lisboa\Desktop\orientacoes-para-o-projeto-politico-pedagogico (1).pdf
2016-10-14 10:13 - 2016-10-14 10:13 - 00520395 _____ C:\Users\Lisboa\Downloads\orientacoes-para-o-projeto-politico-pedagogico (1).pdf
2016-10-14 09:43 - 2016-10-14 09:43 - 00120745 _____ C:\Users\Lisboa\Downloads\ANADEGE FARIAS COSTA LISBOA (A)%2c..%2c.pdf
2016-10-14 07:57 - 2016-10-14 07:57 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2016-10-14 07:57 - 2012-07-26 01:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-10-14 07:57 - 2012-07-26 01:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-10-14 07:57 - 2012-07-25 23:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-10-14 07:57 - 2012-06-02 11:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-10-14 07:56 - 2016-10-14 07:54 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-09-14 07:01 - 2016-09-14 07:01 - 05769671 _____ C:\Users\Lisboa\Downloads\APRESENTACAO_CONTROLE_SOCIAL (3).pptx
2016-09-14 06:57 - 2016-11-01 21:35 - 00000000 ____D C:\Users\Lisboa\Desktop\controle social
2016-09-13 22:36 - 2016-09-13 22:39 - 05769671 _____ C:\Users\Lisboa\Downloads\APRESENTACAO_CONTROLE_SOCIAL (2).pptx
2016-09-13 22:13 - 2016-09-13 22:35 - 04898963 _____ C:\Users\Lisboa\Downloads\APRESENTACAO_CONTROLE_SOCIAL (1).pptx

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-12-12 13:38 - 2009-07-14 01:45 - 00017280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-12 13:38 - 2009-07-14 01:45 - 00017280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-12 13:34 - 2010-11-21 06:37 - 00823224 _____ C:\Windows\system32\prfh0416.dat
2016-12-12 13:34 - 2010-11-21 06:37 - 00187184 _____ C:\Windows\system32\prfc0416.dat
2016-12-12 13:34 - 2009-07-14 02:13 - 01955402 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-12 13:34 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-12-12 13:29 - 2016-04-24 18:55 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-12 13:29 - 2010-12-31 23:35 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-12-12 13:29 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-12 13:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-12-10 13:16 - 2016-04-24 18:55 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-10 10:30 - 2010-12-31 23:35 - 00000832 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-11-30 20:52 - 2016-08-30 08:32 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-11-30 20:52 - 2016-08-30 08:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-30 20:52 - 2016-08-30 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-21 22:34 - 2016-08-30 15:54 - 00000000 ____D C:\Users\Lisboa\Desktop\Drive
2016-11-21 21:51 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-11-19 18:21 - 2016-04-24 19:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-19 18:21 - 2016-04-24 19:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

Alguns arquivos em TEMP:
====================
C:\Users\Lisboa\AppData\Local\Temp\avgnt.exe
C:\Users\Lisboa\AppData\Local\Temp\libeay32.dll
C:\Users\Lisboa\AppData\Local\Temp\msvcr120.dll
C:\Users\Lisboa\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2016-12-04 12:25

==================== Fim de FRST.txt ============================

Addition.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alisson Costa Lisboa

 

Não respondeu minhas perguntas: O pendrive esta infectado? Apresenta atalhos?

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Nenhum Arquivo
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {73C25264-9C19-4E82-BC19-57A39AE583F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {73C25264-9C19-4E82-BC19-57A39AE583F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {B61A6AC0-0834-4ED7-9797-2A7DF068096B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1641810859-1864636158-1853844546-1004 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1641810859-1864636158-1853844546-1004 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
U0 aswVmm; não ImagePath
C:\Users\Lisboa\AppData\Local\Temp\avgnt.exe
C:\Users\Lisboa\AppData\Local\Temp\libeay32.dll
C:\Users\Lisboa\AppData\Local\Temp\msvcr120.dll
C:\Users\Lisboa\AppData\Local\Temp\sqlite3.dll

CMD:ipconfig /flushdns
EmptyTemp:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Perdão. Passei-me de responder às perguntas.

 

O pendrive está infectado e apresenta atalhos.

Vou realizar o procedimento agora.

 

Abraço!

 

adicionado 10 minutos depois

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 07-12-2016
Executado por Lisboa (14-12-2016 19:40:09) Run:1
Executando a partir de C:\Users\Lisboa\Desktop
Perfis Carregados: Lisboa (Perfis Disponíveis: Lisboa & Classic .NET AppPool & DefaultAppPool)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Nenhum Arquivo
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {73C25264-9C19-4E82-BC19-57A39AE583F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {73C25264-9C19-4E82-BC19-57A39AE583F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {B61A6AC0-0834-4ED7-9797-2A7DF068096B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1641810859-1864636158-1853844546-1004 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1641810859-1864636158-1853844546-1004 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
U0 aswVmm; não ImagePath
C:\Users\Lisboa\AppData\Local\Temp\avgnt.exe
C:\Users\Lisboa\AppData\Local\Temp\libeay32.dll
C:\Users\Lisboa\AppData\Local\Temp\msvcr120.dll
C:\Users\Lisboa\AppData\Local\Temp\sqlite3.dll
CMD:ipconfig /flushdns
EmptyTemp:
*****************

Erro: (0) Falha ao criar um ponto de restauração.
Processos fechados com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => valor removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => chave removido (a) com sucesso.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a). 
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73C25264-9C19-4E82-BC19-57A39AE583F7}" => chave removido (a) com sucesso.
HKCR\CLSID\{73C25264-9C19-4E82-BC19-57A39AE583F7} => chave não encontrado (a). 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => chave não encontrado (a). 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B61A6AC0-0834-4ED7-9797-2A7DF068096B}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{B61A6AC0-0834-4ED7-9797-2A7DF068096B} => chave não encontrado (a). 
HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
"HKU\S-1-5-21-1641810859-1864636158-1853844546-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9}" => chave removido (a) com sucesso.
HKCR\CLSID\{8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} => chave não encontrado (a). 
aswVmm => serviço removido (a) com sucesso.
C:\Users\Lisboa\AppData\Local\Temp\avgnt.exe => movido com sucesso
C:\Users\Lisboa\AppData\Local\Temp\libeay32.dll => movido com sucesso
C:\Users\Lisboa\AppData\Local\Temp\msvcr120.dll => movido com sucesso
C:\Users\Lisboa\AppData\Local\Temp\sqlite3.dll => movido com sucesso

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 65034671 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 71366390 B
Edge => 0 B
Chrome => 563645033 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 101064 B
systemprofile32 => 65960 B
LocalService => 66228 B
NetworkService => 213560 B
Lisboa => 72202223 B
Classic .NET AppPool => 0 B
DefaultAppPool => 0 B

RecycleBin => 2464076234 B
EmptyTemp: => 3 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 19:40:23 ====

adicionado 12 minutos depois

Ele também está apresentando este erro ao iniciar e o gerenciador de tarefas teve sua barra suprimida.

 

Obrigado!

Abraço!

Sem título.jpg

Sem título2.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok... amigo, vamos tratar primeiro desta mensagem.

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está abaixo:

 

Citação

CreateRestorePoint:
CloseProcesses:

Startup: C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-08-30]
C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk

Reboot:

 

  • Salve este arquivo na Área de Trabalho (Desktop) como fixlist.txt
  • Execute novamente o FRST e clique no botão Corrigir;
  • Aguarde... ao final será gerado o log Fixlog.txt em sua Área de Trabalho (Desktop).
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 17-12-2016
Executado por Lisboa (17-12-2016 18:05:47) Run:2
Executando a partir de C:\Users\Lisboa\Desktop
Perfis Carregados: Lisboa (Perfis Disponíveis: Lisboa & Classic .NET AppPool & DefaultAppPool)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
Startup: C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2016-08-30]
C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk
Reboot:

*****************

Erro: (0) Falha ao criar um ponto de restauração.
Processos fechados com sucesso.
C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk => movido com sucesso
"C:\Users\Lisboa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk" => não encontrado (a).


O sistema precisou ser reiniciado.

==== Fim de Fixlog 18:05:47 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro @Alisson Costa Lisboa

 

Mantenha pressionado a tecla SHIFT e conecte o pendrive.


Vá em:

 

iniciar > executar e digite cmd

 

No ícone que aparece clique com o bot&atilde;o direito do mouse e escolha: execadmin.png e aguarde.


No prompt digite:

 

attrib -h -r -s /s /d F:\*.*

 

Note: a letra F deve ser substituída pela letra atribuída ao seu pendrive.

 

Feche o prompt e remove o pendrive com segurança.

 

Me informe do resultado.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

 

CarlosTurco

diego_moicano

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×