Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:12-12-2015 01
Executado por João Cascimiro (2015-12-12 19:34:11) Run:1
Executando a partir de C:\Users\João Cascimiro\Desktop
Perfis Carregados: João Cascimiro (Perfis Disponíveis: João Cascimiro)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
() C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
(Bandoo Media, inc) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-09-02] (Bandoo Media, inc)
HKLM-x32\...\Run: [mbot_br_014010168] => [X]
HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe
HKLM-x32\...\Run: [HomePageHelper] => C:\Users\JOOCAS~1\AppData\Local\Temp\HomePage.exe <===== ATENÇÃO
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [CrashService] => "C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [YeaInstaller] => C:\Users\João Cascimiro\AppData\Local\Temp\setup.exe <===== ATENÇÃO
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [-] => C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe [1923584 2015-12-10] () <===== ATENÇÃO
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [Pritc] => C:\Windows\Temp\00001270\casrss.exe [3154944 2015-12-10] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\MountPoints2: {21572460-66a1-11e3-b303-c32ad72989f3} - E:\AutoRun.exe
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\MountPoints2: {21572725-66a1-11e3-b303-c32ad72989f3} - E:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll [2300344 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1528760 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
Tcpip\Parameters: [DhcpNameServer] 80.82.64.136 8.8.8.8
Tcpip\..\Interfaces\{8DB20170-BFD6-4DDA-886F-D72AC4960A4B}: [DhcpNameServer] 80.82.64.136 8.8.8.8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=42826&home=true&tid=3393
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=42826&tid=3393&bs=true&q=
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=42826&bs=true&tid=3393&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=42826&bs=true&tid=3393&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {1B28C45F-FB65-4D8A-8AC6-7ACBDFB200C7} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=B010BR662D20140722&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {3BFDF95F-D2FD-47B5-BF43-0F76EBFF9753} URL = hxxp://br.search.yahoo.com/search?fr=mcafee&type=A010BR662&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {7D7E2DD8-73C5-8E3A-DBBD-70156B1698B5} URL = 
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll [2012-09-02] (Bandoo Media, inc)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll [2012-09-02] (Bandoo Media, inc)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Nenhum Arquivo
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Nenhum Arquivo
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&t...d=WDCXWD3200BPVT-22JJ5T0_WD-WXU1EA1MYCYCMYCYC
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
FF HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Firefox\Extensions: [D7C802E4-BDDC-4A1F-A790-F4C9D43DA9FD] - C:\Program Files (x86)\LyricsTab\116.xpi => não encontrado (a)
FF HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Firefox\Extensions: [connect@LyricsTab.co] - C:\Program Files (x86)\LyricsTab\120.xpi => não encontrado (a)
CHR HKLM-x32\...\Chrome\Extension: [dfbjjbgnapmckapgljdjahlnfonhglai] - C:\Program Files (x86)\LyricsTab\120.crx <não encontrado (a)>
StartMenuInternet: Google Chrome.PPJ2QNC4DSINTBWF4F2M2Q6P5A - C:\Users\João Cascimiro\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado]
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [155280 2015-12-06] (TODO: <公司名>)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-06] (Sysinternals process Explorer) <==== ATENÇÃO
R3 WinHttpAutoProxySvc; winhttp.dll [X]
2016-06-07 18:23 - 2015-12-10 20:22 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\fb1e6ae1f3cd.exe
2016-06-07 18:22 - 2015-12-10 20:22 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\6240c801ad89.exe
2016-06-07 18:21 - 2015-12-10 20:21 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\53cca628f322.exe
2016-06-07 18:21 - 2015-12-10 20:19 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\799662a5f35e.exe
2015-12-10 19:19 - 2015-12-09 14:55 - 01923584 _____ C:\Users\João Cascimiro\AppData\Roaming\carssn.exe.1
2015-12-10 17:00 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe.1
2015-12-10 16:52 - 2015-12-10 16:52 - 00005569 _____ C:\Users\João Cascimiro\AppData\Roaming\webad.xml
2015-12-10 16:52 - 2015-12-09 14:55 - 01923584 _____ C:\Users\João Cascimiro\AppData\Roaming\carssn.exe
2015-12-10 16:50 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\João Cascimiro\AppData\Roaming\download.exe
2015-12-09 21:18 - 2015-12-09 21:19 - 00000000 ____D C:\Users\João Cascimiro\AppData\Local\Yeaplayer
2015-12-09 21:17 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\João Cascimiro\AppData\Roaming\yeaplayer_51472.exe
2015-12-07 14:17 - 2015-12-10 21:56 - 00000000 ____D C:\Users\João Cascimiro\AppData\Roaming\CalendarTool
2015-12-07 14:17 - 2015-12-07 14:17 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-12-07 14:17 - 2015-12-07 14:17 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-12-06 17:58 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe
2015-12-06 17:58 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe
2015-12-06 17:58 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-06 17:57 - 2015-12-06 20:53 - 00002976 _____ C:\Windows\System32\Tasks\svchost
2015-12-06 17:56 - 2015-12-06 17:56 - 00003192 _____ C:\Windows\System32\Tasks\{1076E5AF-74F2-4057-8F43-7B9B64172C7F}
2015-12-06 17:52 - 2015-12-06 17:52 - 00000000 ____D C:\Program Files (x86)\28C593F3-1449431530-E111-A7D6-DC0EA1C33D50
2015-12-05 18:11 - 2015-12-05 18:11 - 00000000 __SHD C:\found.004
2015-11-18 21:45 - 2015-11-18 21:45 - 00000000 __SHD C:\found.003
2015-11-16 17:21 - 2015-11-16 17:21 - 00000000 __SHD C:\found.002
2015-12-06 18:03 - 2012-02-21 08:54 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2015-12-06 18:03 - 2012-02-21 08:54 - 00000000 ____D C:\ProgramData\McAfee
2016-06-07 18:21 - 2015-12-10 20:21 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\53cca628f322.exe
2016-06-07 18:22 - 2015-12-10 20:22 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\6240c801ad89.exe
2016-06-07 18:21 - 2015-12-10 20:19 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\799662a5f35e.exe
2015-12-10 16:52 - 2015-12-09 14:55 - 1923584 _____ () C:\Users\João Cascimiro\AppData\Roaming\carssn.exe
2015-12-10 19:19 - 2015-12-09 14:55 - 1923584 _____ () C:\Users\João Cascimiro\AppData\Roaming\carssn.exe.1
2015-12-10 16:50 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\João Cascimiro\AppData\Roaming\download.exe
2016-06-07 18:23 - 2015-12-10 20:22 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\fb1e6ae1f3cd.exe
2015-12-06 17:58 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe
2015-12-10 17:00 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe.1
2015-12-09 21:17 - 2015-11-14 21:08 - 2496403 _____ () C:\Users\João Cascimiro\AppData\Roaming\yeaplayer_51472.exe
2012-08-28 23:50 - 2012-10-09 00:01 - 0031465 _____ () C:\Users\João Cascimiro\AppData\Local\funmoods.crx
2015-12-06 17:58 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-11 08:10 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-11-23 06:41 - 2015-11-23 06:41 - 00151688 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
2015-11-23 06:42 - 2015-11-23 06:42 - 03999880 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\Calendar.exe
2015-11-23 06:42 - 2015-11-23 06:42 - 00158344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarEntry.dll
2015-12-10 16:52 - 2015-12-10 16:52 - 01923584 ____N () C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
Task: {26DC6C72-A38A-4C57-817D-4D8B34B22561} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {29697219-5E5E-4883-ACF6-7394EB90D6AC} - System32\Tasks\svchost => C:\Users\João Cascimiro\AppData\Local\Temp\setup.exe <==== ATENÇÃO
Task: {8852E801-4AE8-4E55-8B48-EADAB8921510} - System32\Tasks\crash_service => C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\crash_service.exe <==== ATENÇÃO
Task: {E5A8BD64-11EE-4DED-9AF8-D1B4C945DAF7} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATENÇÃO
FirewallRules: [{56E1FDE6-5981-4A97-92D8-E295621E4A93}] => (Allow) C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\bobrowser.exe
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Users\João Cascimiro\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\João Cascimiro\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk -> C:\Program Files (x86)\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe () -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxps://www.netflix.com/?mqso=80031250 <==== ATENÇÃO
AlternateDataStreams: C:\Windows\System32:1577F0F1_Uni.gbp
C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
C:\Windows\Temp\00001270\casrss.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\upgsvr.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
C:\Users\João Cascimiro\AppData\Local\Temp\da3c3f44f7de8ef5.exe
CMD: type C:\AVScanner.ini
Folder: C:\4d609fc31fd8de56149a9c1c9243
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processos fechados com sucesso.
[4528] C:\Program Files (x86)\SFK\SSFK.exe => processo fechado com sucesso.
C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe => Não foi encontrado em execução o processo
C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe => Não foi encontrado em execução o processo
[4824] C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe => processo fechado com sucesso.
C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe => Não foi encontrado em execução o processo
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_br_014010168 => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LightGate => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HomePageHelper => valor removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => chave removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CrashService => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YeaInstaller => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Yeaplayer => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\- => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pritc => valor removido (a) com sucesso.
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => chave removido (a) com sucesso.
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21572460-66a1-11e3-b303-c32ad72989f3}" => chave removido (a) com sucesso.
HKCR\CLSID\{21572460-66a1-11e3-b303-c32ad72989f3} => chave não encontrado (a). 
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{21572725-66a1-11e3-b303-c32ad72989f3}" => chave removido (a) com sucesso.
HKCR\CLSID\{21572725-66a1-11e3-b303-c32ad72989f3} => chave não encontrado (a). 
"C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll" => Dados do Valor removido (a) com sucesso..
"C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll" => Dados do Valor removido (a) com sucesso..
"C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll" => Dados do Valor removido (a) com sucesso..
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => chave removido (a) com sucesso.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => chave não encontrado (a). 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => chave removido (a) com sucesso.
HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => chave não encontrado (a). 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => chave não encontrado (a). 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => chave não encontrado (a). 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => chave não encontrado (a). 
"HKLM\SOFTWARE\Policies\Google" => chave removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => valor removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8DB20170-BFD6-4DDA-886F-D72AC4960A4B}\\DhcpNameServer => valor removido (a) com sucesso.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => valor removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}" => chave removido (a) com sucesso.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} => chave não encontrado (a). 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} => chave não encontrado (a). 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{E921F400-D383-4B1B-9DE6-FCFCACFC1173} => chave não encontrado (a). 
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => chave removido (a) com sucesso.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). 
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B28C45F-FB65-4D8A-8AC6-7ACBDFB200C7}" => chave removido (a) com sucesso.
HKCR\CLSID\{1B28C45F-FB65-4D8A-8AC6-7ACBDFB200C7} => chave não encontrado (a). 
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BFDF95F-D2FD-47B5-BF43-0F76EBFF9753}" => chave removido (a) com sucesso.
HKCR\CLSID\{3BFDF95F-D2FD-47B5-BF43-0F76EBFF9753} => chave não encontrado (a). 
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7D7E2DD8-73C5-8E3A-DBBD-70156B1698B5}" => chave removido (a) com sucesso.
HKCR\CLSID\{7D7E2DD8-73C5-8E3A-DBBD-70156B1698B5} => chave não encontrado (a). 
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}" => chave removido (a) com sucesso.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} => chave não encontrado (a). 
"HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}" => chave removido (a) com sucesso.
HKCR\CLSID\{E921F400-D383-4B1B-9DE6-FCFCACFC1173} => chave não encontrado (a). 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}" => chave removido (a) com sucesso.
"HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}" => chave removido (a) com sucesso.
"HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}" => chave removido (a) com sucesso.
"HKCR\Wow6432Node\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}" => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => valor removido (a) com sucesso.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => chave removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} => valor removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} => chave não encontrado (a). 
"HKCR\PROTOCOLS\Filter\application/octet-stream" => chave removido (a) com sucesso.
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => chave removido (a) com sucesso.
"HKCR\PROTOCOLS\Filter\application/x-complus" => chave removido (a) com sucesso.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => chave não encontrado (a). 
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => chave removido (a) com sucesso.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => chave não encontrado (a). 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => valor restaurado com sucesso
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => chave removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Mozilla\Firefox\Extensions\\D7C802E4-BDDC-4A1F-A790-F4C9D43DA9FD => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Mozilla\Firefox\Extensions\\connect@LyricsTab.co => valor removido (a) com sucesso.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dfbjjbgnapmckapgljdjahlnfonhglai" => chave removido (a) com sucesso.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.PPJ2QNC4DSINTBWF4F2M2Q6P5A\shell\open\command\\Default => valor restaurado com sucesso
GoogleChromeUpService => serviço removido (a) com sucesso.
SSFK => serviço removido (a) com sucesso.
TheCalendarService => serviço removido (a) com sucesso.
WindowsMangerProtect => serviço removido (a) com sucesso.
WinHttpAutoProxySvc => Não foi possível finalizar o serviço.
WinHttpAutoProxySvc => serviço removido (a) com sucesso.
C:\Users\João Cascimiro\AppData\Roaming\fb1e6ae1f3cd.exe => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\6240c801ad89.exe => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\53cca628f322.exe => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\799662a5f35e.exe => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\carssn.exe.1 => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe.1 => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\webad.xml => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\carssn.exe => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\download.exe => movido com sucesso
C:\Users\João Cascimiro\AppData\Local\Yeaplayer => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\yeaplayer_51472.exe => movido com sucesso
C:\Users\João Cascimiro\AppData\Roaming\CalendarTool => movido com sucesso
C:\Users\Public\Documents\Guid => movido com sucesso
C:\Program Files (x86)\CalendarTool => movido com sucesso
"C:\Users\Todos os Usuários\upgsvr.exe" => não encontrado (a).
C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe => movido com sucesso
"C:\ProgramData\upgsvr.exe" => não encontrado (a).
C:\Windows\System32\Tasks\svchost => movido com sucesso
C:\Windows\System32\Tasks\{1076E5AF-74F2-4057-8F43-7B9B64172C7F} => movido com sucesso
"C:\Program Files (x86)\28C593F3-1449431530-E111-A7D6-DC0EA1C33D50" => não encontrado (a).
C:\found.004 => movido com sucesso
C:\found.003 => movido com sucesso
C:\found.002 => movido com sucesso
C:\Users\Todos os Usuários\McAfee => movido com sucesso
"C:\ProgramData\McAfee" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\53cca628f322.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\6240c801ad89.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\799662a5f35e.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\carssn.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\carssn.exe.1" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\download.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\fb1e6ae1f3cd.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe.1" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Roaming\yeaplayer_51472.exe" => não encontrado (a).
C:\Users\João Cascimiro\AppData\Local\funmoods.crx => movido com sucesso
"C:\ProgramData\upgsvr.exe" => não encontrado (a).
"C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => não encontrado (a).
"C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe" => não encontrado (a).
"C:\Program Files (x86)\CalendarTool\2.0.0.11061\Calendar.exe" => não encontrado (a).
"C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarEntry.dll" => não encontrado (a).
C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26DC6C72-A38A-4C57-817D-4D8B34B22561}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26DC6C72-A38A-4C57-817D-4D8B34B22561}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{29697219-5E5E-4883-ACF6-7394EB90D6AC}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29697219-5E5E-4883-ACF6-7394EB90D6AC}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\svchost => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svchost" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8852E801-4AE8-4E55-8B48-EADAB8921510}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8852E801-4AE8-4E55-8B48-EADAB8921510}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\crash_service => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\crash_service" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5A8BD64-11EE-4DED-9AF8-D1B4C945DAF7}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5A8BD64-11EE-4DED-9AF8-D1B4C945DAF7}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Go for FilesUpdate => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate" => chave removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56E1FDE6-5981-4A97-92D8-E295621E4A93} => valor removido (a) com sucesso.
C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk => Atalho argumento removido (a) com sucesso..
C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Public\Desktop\Netflix.lnk => Atalho argumento removido (a) com sucesso..
C:\Windows\System32 => ":1577F0F1_Uni.gbp" ADS removido (a) com sucesso..
"C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\bobrowser.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe" => não encontrado (a).
C:\Windows\Temp\00001270\casrss.exe => movido com sucesso
"C:\ProgramData\upgsvr.exe" => não encontrado (a).
"C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe" => não encontrado (a).
"C:\Users\Todos os Usuários\upgsvr.exe" => não encontrado (a).
"C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe" => não encontrado (a).
"C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe" => não encontrado (a).
C:\Users\João Cascimiro\AppData\Local\Temp\da3c3f44f7de8ef5.exe => movido com sucesso

=========  type C:\AVScanner.ini =========

O sistema n�o pode encontrar o arquivo especificado.

========= Fim de CMD: =========


========================= Folder: C:\4d609fc31fd8de56149a9c1c9243 ========================

2015-11-12 20:20 - 2015-11-12 20:20 - 0000788 ____H () C:\4d609fc31fd8de56149a9c1c9243\$shtdwn$.req
2015-10-27 18:44 - 2015-10-27 18:44 - 9801387 _____ () C:\4d609fc31fd8de56149a9c1c9243\mrt.exe._p
2015-10-27 18:41 - 2015-10-27 18:41 - 0093912 _____ (Microsoft Corporation) C:\4d609fc31fd8de56149a9c1c9243\mrtstub.exe

====== Fim de Folder: ======

Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
EmptyTemp: => 130.7 MB de dados temporários Removidos.


O sistema precisou ser reiniciado.

==== Fim de Fixlog 19:39:56 ====