Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:27-01-2016
Executado por marco (2016-02-11 20:12:08) Run:1
Executando a partir de C:\Users\marco\Desktop
Perfis Carregados: marco (Perfis Disponíveis: marco)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
start
CloseProcesses:
(TODO: ) C:\ProgramData\Updata\GoogleUpdata.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-04] ()
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\MountPoints2: {76ebbaf2-c344-11e5-9c26-1c39470c8d59} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254
SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1454872059
SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=28026190_dg&ie=utf-8
FF NewTab: hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: YAC Safe Search
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=DE63A734246A1A9212F5584D4B680417&ptid=sqr&ts=AHEpB3IpC34oBE..&v=20160121&mode=ffexttoolbar&q=
FF SearchPlugin: C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yac-safe-search-.xml [2016-02-07]
FF HKLM\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a)
CHR HomePage: Profile 1 -> hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
CHR StartupUrls: Profile 1 -> "hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46"
CHR Extension: (Ad.Block) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnhmodopgbdolkppmmmakhfpglglaoj [2016-02-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-05]
S2 Uisulba; "C:\Users\marco\AppData\Roaming\SywsuUugol\Womgeamt.exe" -cms [X]
S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2016-02-07 18:11 - 2016-02-07 18:11 - 00000000 ____D C:\Users\marco_np4ggej\AppData\Roaming\Elex-tech
2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Windows\system32\log
2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Users\marco\AppData\Roaming\Elex-tech
2016-02-07 15:56 - 2016-02-07 15:57 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\marco\Downloads\yet_another_cleaner_sk_7004786.exe
2016-02-05 22:38 - 2016-02-06 19:20 - 00000000 ____D C:\AdwCleaner
2016-02-05 22:38 - 2016-02-05 22:38 - 01508352 _____ C:\Users\marco\Downloads\AdwCleaner.exe
2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\OWdMO
2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\OWdMO
2016-02-05 19:46 - 2016-02-05 19:46 - 00003122 _____ C:\Windows\System32\Tasks\ttwifi
2016-02-05 19:46 - 2016-02-05 19:46 - 00003016 _____ C:\Windows\System32\Tasks\osTip
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\Updata
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\marco\AppData\Local\Tempfolder
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\Updata
2016-02-05 19:45 - 2016-02-05 19:45 - 00003416 _____ C:\Windows\System32\Tasks\Viubb
2016-02-05 19:15 - 2016-02-05 19:15 - 00003418 _____ C:\Windows\System32\Tasks\Buiwmev
2016-02-05 19:11 - 2016-02-05 19:11 - 00003422 _____ C:\Windows\System32\Tasks\Wiwlud
2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\Users\marco\AppData\LocalLow\Company
2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\uninst
2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\2WdM2
2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\2WdM2
2016-02-04 01:56 - 2015-03-05 02:12 - 00421784 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll
2016-02-04 01:56 - 2015-03-05 02:12 - 00332320 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll
2016-02-04 01:14 - 2016-02-04 01:07 - 00127800 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
2016-02-04 01:09 - 2016-02-07 16:06 - 00002722 _____ C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\Todos os Usuários\Baidu Security
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\marco\AppData\LocalLow\BAVData
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\ProgramData\Baidu Security
2016-02-04 01:05 - 2016-02-04 01:05 - 00000000 ____D C:\Program Files (x86)\Baidu Security
2016-02-04 01:03 - 2016-02-05 22:46 - 00000000 ____D C:\Users\marco\AppData\Roaming\BavMini
2016-02-04 01:03 - 2016-02-04 01:03 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-02-04 01:01 - 2016-02-05 21:36 - 00000000 ____D C:\Users\marco\AppData\Roaming\Baidu
2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\ProgramData\Baidu
2016-02-04 01:01 - 2016-02-04 01:02 - 00000000 ____D C:\Program Files (x86)\Baidu
Task: {4F6F919E-01CA-4B01-92D4-11C5AF12AEF4} - System32\Tasks\Viubb => C:\PROGRA~1\SHOPPE~2\Mamzac.bat
Task: {79D78755-6D19-4EF1-A774-83EB9D9EA50A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO:)
Task: {A9AF41E9-E79A-41D4-98E0-0529533FC44B} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-04] ()
Task: {ADD1A33D-D4B0-42C0-B4F4-B027701DCA50} - System32\Tasks\{F411FB24-EE32-4B94-8E58-3355B0D562AC} => pcalua.exe -a "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\uninst.exe"
Task: {B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D} - System32\Tasks\Buiwmev => C:\PROGRA~1\SHOPPE~1\Rukpa.bat
Task: {C5C8078A-A1DB-4EAE-8F09-32363B5008E2} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATENÇÃO
FirewallRules: [{61067DF8-0AAD-46BB-842F-E475984BBA21}] => (Allow) C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\marco\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\marco\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\marco\AppData\Local\Temp\AOPSetup.exe
C:\Users\marco\AppData\Local\Temp\comver.dll
C:\Users\marco\AppData\Local\Temp\EAD2D11.exe
C:\Users\marco\AppData\Local\Temp\EAD4484.exe
C:\Users\marco\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\marco\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\marco\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\marco\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe
C:\Users\marco\AppData\Local\Temp\McCSPInstall.dll
C:\Users\marco\AppData\Local\Temp\mccspuninstall.exe
C:\Users\marco\AppData\Local\Temp\octDDB7.tmp.exe
C:\Users\marco\AppData\Local\Temp\octDEDB.tmp.exe
C:\Users\marco\AppData\Local\Temp\octE87F.tmp.exe
C:\Users\marco\AppData\Local\Temp\oprun3237.exe
C:\Users\marco\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_45129_Silence.exe
C:\Users\marco\AppData\Local\Temp\SkypeSetup.exe
C:\Users\marco\AppData\Local\Temp\sqlite3.dll
C:\Users\marco\AppData\Local\Temp\uninstall.exe
C:\Users\marco\AppData\Local\Temp\UninstallEADM.dll
C:\Users\marco\AppData\Local\Temp\UninstallModule.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: dir /a "C:\Program Files"
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a "C:\Users\All Users"
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processos fechados com sucesso.
C:\ProgramData\Updata\GoogleUpdata.exe => Não foi encontrado em execução o processo
C:\ProgramData\WindowsMsg\osmsg.exe => Não foi encontrado em execução o processo
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\Software\Microsoft\Windows\CurrentVersion\Run\\osmsg => valor removido (a) com sucesso.
"HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ebbaf2-c344-11e5-9c26-1c39470c8d59}" => chave removido (a) com sucesso.
HKCR\CLSID\{76ebbaf2-c344-11e5-9c26-1c39470c8d59} => chave não encontrado (a).
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => chave removido (a) com sucesso.
HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => chave não encontrado (a).
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => chave não encontrado (a).
"HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => chave removido (a) com sucesso.
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => chave não encontrado (a).
"HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3BBCD0B-9234-4d36-9151-EC49EE32FCE3}" => chave removido (a) com sucesso.
HKCR\CLSID\{C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} => chave não encontrado (a).
Firefox "newtab" removido (a) com sucesso.
Firefox DefaultSearchEngine removido (a) com sucesso.
Firefox DefaultSearchEngine.US removido (a) com sucesso.
Firefox SelectedSearchEngine removido (a) com sucesso.
Firefox "Keyword.URL" removido (a) com sucesso.
C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yac-safe-search-.xml => movido com sucesso
HKLM\Software\Mozilla\Firefox\Extensions\\{DF371121-FC15-4E46-8DC1-7A1A108DC409} => valor removido (a) com sucesso.
HKLM\Software\Mozilla\Firefox\Extensions\\{0DA7B203-0BA9-477F-8563-38B199734B62} => valor removido (a) com sucesso.
HKLM\Software\Mozilla\Firefox\Extensions\\{D1F5921D-416A-4656-8B75-32B57057CA86} => valor removido (a) com sucesso.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{DF371121-FC15-4E46-8DC1-7A1A108DC409} => valor removido (a) com sucesso.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0DA7B203-0BA9-477F-8563-38B199734B62} => valor removido (a) com sucesso.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D1F5921D-416A-4656-8B75-32B57057CA86} => valor removido (a) com sucesso.
Chrome HomePage => removido (a) com sucesso.
Chrome StartupUrls => removido (a) com sucesso.
C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnhmodopgbdolkppmmmakhfpglglaoj => movido com sucesso
C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => movido com sucesso
Uisulba => serviço removido (a) com sucesso.
BtFilter => serviço removido (a) com sucesso.
IntcAzAudAddService => serviço removido (a) com sucesso.
SRepairDrv => serviço removido (a) com sucesso.
wfpcapture => serviço removido (a) com sucesso.
C:\Users\marco_np4ggej\AppData\Roaming\Elex-tech => movido com sucesso
C:\Windows\system32\log => movido com sucesso
C:\Users\marco\AppData\Roaming\Elex-tech => movido com sucesso
C:\Users\marco\Downloads\yet_another_cleaner_sk_7004786.exe => movido com sucesso
C:\AdwCleaner => movido com sucesso
C:\Users\marco\Downloads\AdwCleaner.exe => movido com sucesso
C:\Users\Todos os Usuários\OWdMO => movido com sucesso
"C:\ProgramData\OWdMO" => não encontrado (a).
C:\Windows\System32\Tasks\ttwifi => movido com sucesso
C:\Windows\System32\Tasks\osTip => movido com sucesso
C:\Users\Todos os Usuários\WindowsMsg => movido com sucesso
C:\Users\Todos os Usuários\Updata => movido com sucesso
C:\Users\marco\AppData\Local\Tempfolder => movido com sucesso
"C:\ProgramData\WindowsMsg" => não encontrado (a).
"C:\ProgramData\Updata" => não encontrado (a).
C:\Windows\System32\Tasks\Viubb => movido com sucesso
C:\Windows\System32\Tasks\Buiwmev => movido com sucesso
C:\Windows\System32\Tasks\Wiwlud => movido com sucesso
C:\Users\marco\AppData\LocalLow\Company => movido com sucesso
C:\uninst => movido com sucesso
C:\Users\Todos os Usuários\2WdM2 => movido com sucesso
"C:\ProgramData\2WdM2" => não encontrado (a).
C:\Windows\system32\BdSandboxDll64.dll => movido com sucesso
C:\Windows\SysWOW64\BdSandboxDll32.dll => movido com sucesso
C:\Windows\system32\Drivers\TAOKernelEx64.sys => movido com sucesso
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => movido com sucesso
C:\Users\Todos os Usuários\Baidu Security => movido com sucesso
C:\Users\marco\AppData\LocalLow\BAVData => movido com sucesso
"C:\ProgramData\Baidu Security" => não encontrado (a).
C:\Program Files (x86)\Baidu Security => movido com sucesso
C:\Users\marco\AppData\Roaming\BavMini => movido com sucesso
C:\Users\Public\Documents\Baidu => movido com sucesso
C:\Users\marco\AppData\Roaming\Baidu => movido com sucesso
C:\Users\Todos os Usuários\Baidu => movido com sucesso
"C:\ProgramData\Baidu" => não encontrado (a).
C:\Program Files (x86)\Baidu => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F6F919E-01CA-4B01-92D4-11C5AF12AEF4}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F6F919E-01CA-4B01-92D4-11C5AF12AEF4}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Viubb => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Viubb" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79D78755-6D19-4EF1-A774-83EB9D9EA50A}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79D78755-6D19-4EF1-A774-83EB9D9EA50A}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\UbtFrameworkService => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9AF41E9-E79A-41D4-98E0-0529533FC44B}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AF41E9-E79A-41D4-98E0-0529533FC44B}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\osTip => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\osTip" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADD1A33D-D4B0-42C0-B4F4-B027701DCA50}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADD1A33D-D4B0-42C0-B4F4-B027701DCA50}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\{F411FB24-EE32-4B94-8E58-3355B0D562AC} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F411FB24-EE32-4B94-8E58-3355B0D562AC}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Buiwmev => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Buiwmev" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5C8078A-A1DB-4EAE-8F09-32363B5008E2}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5C8078A-A1DB-4EAE-8F09-32363B5008E2}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => chave removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61067DF8-0AAD-46BB-842F-E475984BBA21} => valor removido (a) com sucesso.
"C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe" => não encontrado (a).
C:\Users\marco\AppData\Local\Temp\AcerDocsSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\AcerPortalSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\AOPSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\comver.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\EAD2D11.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\EAD4484.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\FoxitUpdater.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\HD-Logger-Native.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\HD-ShortcutHandler.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\McCSPInstall.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\mccspuninstall.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\octDDB7.tmp.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\octDEDB.tmp.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\octE87F.tmp.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\oprun3237.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_45129_Silence.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\SkypeSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\sqlite3.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\uninstall.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\UninstallEADM.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\UninstallModule.exe => movido com sucesso
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
A opera‡Æo foi conclu¡da com ˆxito.
========= Fim de Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
A opera‡Æo foi conclu¡da com ˆxito.
========= Fim de Reg: =========
========= dir /a "C:\Program Files" =========
O volume na unidade C � Pc :v
O N�mero de S�rie do Volume � 6E2C-99F0
Pasta de C:\Program Files
05/02/2016 22:42 .
05/02/2016 22:42 ..
04/02/2016 15:16 3dsexvilla
14/12/2015 10:16 Accessory Store
05/02/2016 21:15 Acer
30/11/2015 15:08 Arquivos Comuns [C:\Program Files\Common Files]
16/07/2015 01:37 AVAST Software
13/08/2015 00:01 Booking.COM
05/02/2016 22:46 Common Files
10/07/2015 08:02 174 desktop.ini
12/08/2015 23:49 Intel
12/01/2016 12:10 Internet Explorer
16/07/2015 01:33 MSBuild
11/12/2015 23:08 ps
12/08/2015 23:47 Realtek
16/07/2015 01:33 Reference Assemblies
14/12/2015 06:53 torrents
10/07/2015 09:21 Uninstall Information
13/08/2015 03:52 Windows Defender
01/12/2015 14:59 Windows Journal
10/07/2015 10:13 Windows Mail
13/08/2015 03:52 Windows Media Player
10/07/2015 08:04 Windows Multimedia Platform
30/11/2015 15:08 Windows NT
13/08/2015 03:52 Windows Photo Viewer
10/07/2015 08:04 Windows Portable Devices
10/07/2015 08:04 Windows Sidebar
10/02/2016 15:48 WindowsApps
10/07/2015 08:04 WindowsPowerShell
30/11/2015 16:54 WinRAR
1 arquivo(s) 174 bytes
29 pasta(s) 759.615.156.224 bytes dispon�veis
========= Fim de CMD: =========
========= dir /a "C:\Program Files (x86)" =========
O volume na unidade C � Pc :v
O N�mero de S�rie do Volume � 6E2C-99F0
Pasta de C:\Program Files (x86)
11/02/2016 20:12 .
11/02/2016 20:12 ..
05/02/2016 21:08 Acer
17/12/2015 08:43 Activision
13/08/2015 00:01 Amazon
05/02/2016 22:43 Common Files
15/12/2015 22:41 DAEMON Tools Lite
10/07/2015 08:02 174 desktop.ini
11/02/2016 15:13 Electronic Arts
11/02/2016 00:09 Google
11/02/2016 15:13 InstallShield Installation Information
12/08/2015 23:45 Intel
12/01/2016 12:10 Internet Explorer
23/12/2015 12:15 Java
28/12/2015 22:20 Legue Of Legends
24/12/2015 19:11 LogMeIn Hamachi
17/12/2015 09:19 Managed DirectX (0901)
04/02/2016 01:59 Microsoft Office
27/01/2016 16:52 Microsoft WSE
30/11/2015 23:21 Microsoft XNA
10/07/2015 08:04 Microsoft.NET
10/02/2016 15:33 Mozilla Firefox
10/02/2016 15:33 Mozilla Maintenance Service
16/07/2015 01:33 MSBuild
07/02/2016 18:31 Realtek
16/07/2015 01:33 Reference Assemblies
11/02/2016 07:05 SEGA
11/02/2016 20:08 Steam
04/02/2016 18:29 stronghold
07/02/2016 18:31 Temp
03/02/2016 15:29 Tribo Gamer
04/02/2016 00:58 t_201602040058
13/08/2015 03:52 Windows Defender
10/07/2015 10:13 Windows Mail
13/08/2015 03:52 Windows Media Player
10/07/2015 08:04 Windows Multimedia Platform
10/07/2015 08:04 Windows NT
13/08/2015 03:52 Windows Photo Viewer
10/07/2015 08:04 Windows Portable Devices
10/07/2015 08:04 Windows Sidebar
10/07/2015 08:04 WindowsPowerShell
1 arquivo(s) 174 bytes
40 pasta(s) 759.615.156.224 bytes dispon�veis
========= Fim de CMD: =========
========= dir /a "C:\Users\All Users" =========
O volume na unidade C � Pc :v
O N�mero de S�rie do Volume � 6E2C-99F0
Pasta de C:\Users\All Users
11/02/2016 20:12 .
11/02/2016 20:12 ..
14/12/2015 07:06 Acer
10/07/2015 09:21 Application Data [C:\ProgramData]
06/02/2016 20:00 BlueStacksSetup
01/01/2016 14:06 boost_interprocess
13/08/2015 00:06 CLSK
10/07/2015 08:04 Comms
07/02/2016 18:28 CyberLink
30/11/2015 15:08 Dados de Aplicativos [C:\ProgramData]
11/02/2016 07:04 DAEMON Tools Lite
10/07/2015 09:21 Desktop [C:\Users\Public\Desktop]
30/11/2015 15:08 Documentos [C:\Users\Public\Documents]
10/07/2015 09:21 Documents [C:\Users\Public\Documents]
12/08/2015 23:47 0 DP45977C.lfl
30/01/2016 17:27 Electronic Arts
01/01/2016 14:12 GAS Tecnologia
13/08/2015 00:06 install_clap
12/08/2015 23:40 Intel
13/08/2015 00:02 Kingsoft
24/12/2015 19:11 LogMeIn
15/12/2015 13:43 McAfee
30/11/2015 15:08 Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu]
04/02/2016 01:58 Microsoft
16/07/2015 01:35 Microsoft OneDrive
30/11/2015 15:08 Modelos [C:\ProgramData\Microsoft\Windows\Templates]
16/07/2015 01:38 Mozilla
14/12/2015 07:18 8.192 NTUSER.DAT
14/12/2015 07:18 8.192 NTUSER.DAT.LOG1
14/12/2015 07:18 0 NTUSER.DAT.LOG2
14/12/2015 07:18 65.536 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TM.blf
14/12/2015 07:18 524.288 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TMContainer00000000000000000001.regtrans-ms
14/12/2015 07:18 524.288 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TMContainer00000000000000000002.regtrans-ms
04/02/2016 01:16 286 ntuser.pol
05/02/2016 21:15 OEM
30/11/2015 15:29 OEM_YAHOO
23/12/2015 12:19 Oracle
25/12/2015 00:47 Package Cache
12/08/2015 23:42 Qualcomm Atheros
04/02/2016 01:58 regid.1991-06.com.microsoft
30/11/2015 15:43 Riot Games
19/12/2015 22:40 SoftwareDistribution
10/07/2015 09:21 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2016 07:46 Steam
23/12/2015 12:19 Sun
01/01/2016 11:37 Temp
10/07/2015 09:21 Templates [C:\ProgramData\Microsoft\Windows\Templates]
12/12/2015 02:53 thriXXX
07/02/2016 18:18 TXQMPC
10/07/2015 09:22 USOPrivate
10/07/2015 09:22 USOShared
14/12/2015 07:04 WildTangent
8 arquivo(s) 1.130.782 bytes
44 pasta(s) 759.615.152.128 bytes dispon�veis
========= Fim de CMD: =========
Ponto de Restauração criado com sucesso.
========= RemoveProxy: =========
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
========= Fim de RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
EmptyTemp: => 3.4 GB de dados temporários Removidos.
O sistema precisou ser reiniciado.
==== Fim de Fixlog 20:28:08 ====
Executado por marco (2016-02-11 20:12:08) Run:1
Executando a partir de C:\Users\marco\Desktop
Perfis Carregados: marco (Perfis Disponíveis: marco)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
start
CloseProcesses:
(TODO: ) C:\ProgramData\Updata\GoogleUpdata.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-04] ()
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\MountPoints2: {76ebbaf2-c344-11e5-9c26-1c39470c8d59} - "E:\Autorun.exe"
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254
SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1454872059
SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=28026190_dg&ie=utf-8
FF NewTab: hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: YAC Safe Search
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=DE63A734246A1A9212F5584D4B680417&ptid=sqr&ts=AHEpB3IpC34oBE..&v=20160121&mode=ffexttoolbar&q=
FF SearchPlugin: C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yac-safe-search-.xml [2016-02-07]
FF HKLM\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a)
CHR HomePage: Profile 1 -> hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46
CHR StartupUrls: Profile 1 -> "hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46"
CHR Extension: (Ad.Block) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnhmodopgbdolkppmmmakhfpglglaoj [2016-02-05]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-05]
S2 Uisulba; "C:\Users\marco\AppData\Roaming\SywsuUugol\Womgeamt.exe" -cms [X]
S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X]
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2016-02-07 18:11 - 2016-02-07 18:11 - 00000000 ____D C:\Users\marco_np4ggej\AppData\Roaming\Elex-tech
2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Windows\system32\log
2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Users\marco\AppData\Roaming\Elex-tech
2016-02-07 15:56 - 2016-02-07 15:57 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\marco\Downloads\yet_another_cleaner_sk_7004786.exe
2016-02-05 22:38 - 2016-02-06 19:20 - 00000000 ____D C:\AdwCleaner
2016-02-05 22:38 - 2016-02-05 22:38 - 01508352 _____ C:\Users\marco\Downloads\AdwCleaner.exe
2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\OWdMO
2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\OWdMO
2016-02-05 19:46 - 2016-02-05 19:46 - 00003122 _____ C:\Windows\System32\Tasks\ttwifi
2016-02-05 19:46 - 2016-02-05 19:46 - 00003016 _____ C:\Windows\System32\Tasks\osTip
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\Updata
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\marco\AppData\Local\Tempfolder
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\Updata
2016-02-05 19:45 - 2016-02-05 19:45 - 00003416 _____ C:\Windows\System32\Tasks\Viubb
2016-02-05 19:15 - 2016-02-05 19:15 - 00003418 _____ C:\Windows\System32\Tasks\Buiwmev
2016-02-05 19:11 - 2016-02-05 19:11 - 00003422 _____ C:\Windows\System32\Tasks\Wiwlud
2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\Users\marco\AppData\LocalLow\Company
2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\uninst
2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\2WdM2
2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\2WdM2
2016-02-04 01:56 - 2015-03-05 02:12 - 00421784 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll
2016-02-04 01:56 - 2015-03-05 02:12 - 00332320 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll
2016-02-04 01:14 - 2016-02-04 01:07 - 00127800 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
2016-02-04 01:09 - 2016-02-07 16:06 - 00002722 _____ C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\Todos os Usuários\Baidu Security
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\marco\AppData\LocalLow\BAVData
2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\ProgramData\Baidu Security
2016-02-04 01:05 - 2016-02-04 01:05 - 00000000 ____D C:\Program Files (x86)\Baidu Security
2016-02-04 01:03 - 2016-02-05 22:46 - 00000000 ____D C:\Users\marco\AppData\Roaming\BavMini
2016-02-04 01:03 - 2016-02-04 01:03 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-02-04 01:01 - 2016-02-05 21:36 - 00000000 ____D C:\Users\marco\AppData\Roaming\Baidu
2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\ProgramData\Baidu
2016-02-04 01:01 - 2016-02-04 01:02 - 00000000 ____D C:\Program Files (x86)\Baidu
Task: {4F6F919E-01CA-4B01-92D4-11C5AF12AEF4} - System32\Tasks\Viubb => C:\PROGRA~1\SHOPPE~2\Mamzac.bat
Task: {79D78755-6D19-4EF1-A774-83EB9D9EA50A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO:
Task: {A9AF41E9-E79A-41D4-98E0-0529533FC44B} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-04] ()
Task: {ADD1A33D-D4B0-42C0-B4F4-B027701DCA50} - System32\Tasks\{F411FB24-EE32-4B94-8E58-3355B0D562AC} => pcalua.exe -a "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\uninst.exe"
Task: {B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D} - System32\Tasks\Buiwmev => C:\PROGRA~1\SHOPPE~1\Rukpa.bat
Task: {C5C8078A-A1DB-4EAE-8F09-32363B5008E2} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATENÇÃO
FirewallRules: [{61067DF8-0AAD-46BB-842F-E475984BBA21}] => (Allow) C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\marco\AppData\Local\Temp\AcerDocsSetup.exe
C:\Users\marco\AppData\Local\Temp\AcerPortalSetup.exe
C:\Users\marco\AppData\Local\Temp\AOPSetup.exe
C:\Users\marco\AppData\Local\Temp\comver.dll
C:\Users\marco\AppData\Local\Temp\EAD2D11.exe
C:\Users\marco\AppData\Local\Temp\EAD4484.exe
C:\Users\marco\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\marco\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\marco\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\marco\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe
C:\Users\marco\AppData\Local\Temp\McCSPInstall.dll
C:\Users\marco\AppData\Local\Temp\mccspuninstall.exe
C:\Users\marco\AppData\Local\Temp\octDDB7.tmp.exe
C:\Users\marco\AppData\Local\Temp\octDEDB.tmp.exe
C:\Users\marco\AppData\Local\Temp\octE87F.tmp.exe
C:\Users\marco\AppData\Local\Temp\oprun3237.exe
C:\Users\marco\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_45129_Silence.exe
C:\Users\marco\AppData\Local\Temp\SkypeSetup.exe
C:\Users\marco\AppData\Local\Temp\sqlite3.dll
C:\Users\marco\AppData\Local\Temp\uninstall.exe
C:\Users\marco\AppData\Local\Temp\UninstallEADM.dll
C:\Users\marco\AppData\Local\Temp\UninstallModule.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: dir /a "C:\Program Files"
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a "C:\Users\All Users"
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processos fechados com sucesso.
C:\ProgramData\Updata\GoogleUpdata.exe => Não foi encontrado em execução o processo
C:\ProgramData\WindowsMsg\osmsg.exe => Não foi encontrado em execução o processo
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\Software\Microsoft\Windows\CurrentVersion\Run\\osmsg => valor removido (a) com sucesso.
"HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ebbaf2-c344-11e5-9c26-1c39470c8d59}" => chave removido (a) com sucesso.
HKCR\CLSID\{76ebbaf2-c344-11e5-9c26-1c39470c8d59} => chave não encontrado (a).
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => chave removido (a) com sucesso.
HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => chave não encontrado (a).
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => chave não encontrado (a).
"HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => chave removido (a) com sucesso.
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => chave não encontrado (a).
"HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3BBCD0B-9234-4d36-9151-EC49EE32FCE3}" => chave removido (a) com sucesso.
HKCR\CLSID\{C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} => chave não encontrado (a).
Firefox "newtab" removido (a) com sucesso.
Firefox DefaultSearchEngine removido (a) com sucesso.
Firefox DefaultSearchEngine.US removido (a) com sucesso.
Firefox SelectedSearchEngine removido (a) com sucesso.
Firefox "Keyword.URL" removido (a) com sucesso.
C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yac-safe-search-.xml => movido com sucesso
HKLM\Software\Mozilla\Firefox\Extensions\\{DF371121-FC15-4E46-8DC1-7A1A108DC409} => valor removido (a) com sucesso.
HKLM\Software\Mozilla\Firefox\Extensions\\{0DA7B203-0BA9-477F-8563-38B199734B62} => valor removido (a) com sucesso.
HKLM\Software\Mozilla\Firefox\Extensions\\{D1F5921D-416A-4656-8B75-32B57057CA86} => valor removido (a) com sucesso.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{DF371121-FC15-4E46-8DC1-7A1A108DC409} => valor removido (a) com sucesso.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0DA7B203-0BA9-477F-8563-38B199734B62} => valor removido (a) com sucesso.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D1F5921D-416A-4656-8B75-32B57057CA86} => valor removido (a) com sucesso.
Chrome HomePage => removido (a) com sucesso.
Chrome StartupUrls => removido (a) com sucesso.
C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnhmodopgbdolkppmmmakhfpglglaoj => movido com sucesso
C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => movido com sucesso
Uisulba => serviço removido (a) com sucesso.
BtFilter => serviço removido (a) com sucesso.
IntcAzAudAddService => serviço removido (a) com sucesso.
SRepairDrv => serviço removido (a) com sucesso.
wfpcapture => serviço removido (a) com sucesso.
C:\Users\marco_np4ggej\AppData\Roaming\Elex-tech => movido com sucesso
C:\Windows\system32\log => movido com sucesso
C:\Users\marco\AppData\Roaming\Elex-tech => movido com sucesso
C:\Users\marco\Downloads\yet_another_cleaner_sk_7004786.exe => movido com sucesso
C:\AdwCleaner => movido com sucesso
C:\Users\marco\Downloads\AdwCleaner.exe => movido com sucesso
C:\Users\Todos os Usuários\OWdMO => movido com sucesso
"C:\ProgramData\OWdMO" => não encontrado (a).
C:\Windows\System32\Tasks\ttwifi => movido com sucesso
C:\Windows\System32\Tasks\osTip => movido com sucesso
C:\Users\Todos os Usuários\WindowsMsg => movido com sucesso
C:\Users\Todos os Usuários\Updata => movido com sucesso
C:\Users\marco\AppData\Local\Tempfolder => movido com sucesso
"C:\ProgramData\WindowsMsg" => não encontrado (a).
"C:\ProgramData\Updata" => não encontrado (a).
C:\Windows\System32\Tasks\Viubb => movido com sucesso
C:\Windows\System32\Tasks\Buiwmev => movido com sucesso
C:\Windows\System32\Tasks\Wiwlud => movido com sucesso
C:\Users\marco\AppData\LocalLow\Company => movido com sucesso
C:\uninst => movido com sucesso
C:\Users\Todos os Usuários\2WdM2 => movido com sucesso
"C:\ProgramData\2WdM2" => não encontrado (a).
C:\Windows\system32\BdSandboxDll64.dll => movido com sucesso
C:\Windows\SysWOW64\BdSandboxDll32.dll => movido com sucesso
C:\Windows\system32\Drivers\TAOKernelEx64.sys => movido com sucesso
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => movido com sucesso
C:\Users\Todos os Usuários\Baidu Security => movido com sucesso
C:\Users\marco\AppData\LocalLow\BAVData => movido com sucesso
"C:\ProgramData\Baidu Security" => não encontrado (a).
C:\Program Files (x86)\Baidu Security => movido com sucesso
C:\Users\marco\AppData\Roaming\BavMini => movido com sucesso
C:\Users\Public\Documents\Baidu => movido com sucesso
C:\Users\marco\AppData\Roaming\Baidu => movido com sucesso
C:\Users\Todos os Usuários\Baidu => movido com sucesso
"C:\ProgramData\Baidu" => não encontrado (a).
C:\Program Files (x86)\Baidu => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F6F919E-01CA-4B01-92D4-11C5AF12AEF4}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F6F919E-01CA-4B01-92D4-11C5AF12AEF4}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Viubb => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Viubb" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79D78755-6D19-4EF1-A774-83EB9D9EA50A}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79D78755-6D19-4EF1-A774-83EB9D9EA50A}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\UbtFrameworkService => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9AF41E9-E79A-41D4-98E0-0529533FC44B}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AF41E9-E79A-41D4-98E0-0529533FC44B}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\osTip => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\osTip" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADD1A33D-D4B0-42C0-B4F4-B027701DCA50}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADD1A33D-D4B0-42C0-B4F4-B027701DCA50}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\{F411FB24-EE32-4B94-8E58-3355B0D562AC} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F411FB24-EE32-4B94-8E58-3355B0D562AC}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Buiwmev => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Buiwmev" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5C8078A-A1DB-4EAE-8F09-32363B5008E2}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5C8078A-A1DB-4EAE-8F09-32363B5008E2}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => não encontrado (a).
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => chave removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61067DF8-0AAD-46BB-842F-E475984BBA21} => valor removido (a) com sucesso.
"C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe" => não encontrado (a).
C:\Users\marco\AppData\Local\Temp\AcerDocsSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\AcerPortalSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\AOPSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\comver.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\EAD2D11.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\EAD4484.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\FoxitUpdater.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\HD-Logger-Native.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\HD-ShortcutHandler.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\McCSPInstall.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\mccspuninstall.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\octDDB7.tmp.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\octDEDB.tmp.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\octE87F.tmp.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\oprun3237.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_45129_Silence.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\SkypeSetup.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\sqlite3.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\uninstall.exe => movido com sucesso
C:\Users\marco\AppData\Local\Temp\UninstallEADM.dll => movido com sucesso
C:\Users\marco\AppData\Local\Temp\UninstallModule.exe => movido com sucesso
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
A opera‡Æo foi conclu¡da com ˆxito.
========= Fim de Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
A opera‡Æo foi conclu¡da com ˆxito.
========= Fim de Reg: =========
========= dir /a "C:\Program Files" =========
O volume na unidade C � Pc :v
O N�mero de S�rie do Volume � 6E2C-99F0
Pasta de C:\Program Files
05/02/2016 22:42
05/02/2016 22:42
04/02/2016 15:16
14/12/2015 10:16
05/02/2016 21:15
30/11/2015 15:08
16/07/2015 01:37
13/08/2015 00:01
05/02/2016 22:46
10/07/2015 08:02 174 desktop.ini
12/08/2015 23:49
12/01/2016 12:10
16/07/2015 01:33
11/12/2015 23:08
12/08/2015 23:47
16/07/2015 01:33
14/12/2015 06:53
10/07/2015 09:21
13/08/2015 03:52
01/12/2015 14:59
10/07/2015 10:13
13/08/2015 03:52
10/07/2015 08:04
30/11/2015 15:08
13/08/2015 03:52
10/07/2015 08:04
10/07/2015 08:04
10/02/2016 15:48
10/07/2015 08:04
30/11/2015 16:54
1 arquivo(s) 174 bytes
29 pasta(s) 759.615.156.224 bytes dispon�veis
========= Fim de CMD: =========
========= dir /a "C:\Program Files (x86)" =========
O volume na unidade C � Pc :v
O N�mero de S�rie do Volume � 6E2C-99F0
Pasta de C:\Program Files (x86)
11/02/2016 20:12
11/02/2016 20:12
05/02/2016 21:08
17/12/2015 08:43
13/08/2015 00:01
05/02/2016 22:43
15/12/2015 22:41
10/07/2015 08:02 174 desktop.ini
11/02/2016 15:13
11/02/2016 00:09
11/02/2016 15:13
12/08/2015 23:45
12/01/2016 12:10
23/12/2015 12:15
28/12/2015 22:20
24/12/2015 19:11
17/12/2015 09:19
04/02/2016 01:59
27/01/2016 16:52
30/11/2015 23:21
10/07/2015 08:04
10/02/2016 15:33
10/02/2016 15:33
16/07/2015 01:33
07/02/2016 18:31
16/07/2015 01:33
11/02/2016 07:05
11/02/2016 20:08
04/02/2016 18:29
07/02/2016 18:31
03/02/2016 15:29
04/02/2016 00:58
13/08/2015 03:52
10/07/2015 10:13
13/08/2015 03:52
10/07/2015 08:04
10/07/2015 08:04
13/08/2015 03:52
10/07/2015 08:04
10/07/2015 08:04
10/07/2015 08:04
1 arquivo(s) 174 bytes
40 pasta(s) 759.615.156.224 bytes dispon�veis
========= Fim de CMD: =========
========= dir /a "C:\Users\All Users" =========
O volume na unidade C � Pc :v
O N�mero de S�rie do Volume � 6E2C-99F0
Pasta de C:\Users\All Users
11/02/2016 20:12
11/02/2016 20:12
14/12/2015 07:06
10/07/2015 09:21
06/02/2016 20:00
01/01/2016 14:06
13/08/2015 00:06
10/07/2015 08:04
07/02/2016 18:28
30/11/2015 15:08
11/02/2016 07:04
10/07/2015 09:21
30/11/2015 15:08
10/07/2015 09:21
12/08/2015 23:47 0 DP45977C.lfl
30/01/2016 17:27
01/01/2016 14:12
13/08/2015 00:06
12/08/2015 23:40
13/08/2015 00:02
24/12/2015 19:11
15/12/2015 13:43
30/11/2015 15:08
04/02/2016 01:58
16/07/2015 01:35
30/11/2015 15:08
16/07/2015 01:38
14/12/2015 07:18 8.192 NTUSER.DAT
14/12/2015 07:18 8.192 NTUSER.DAT.LOG1
14/12/2015 07:18 0 NTUSER.DAT.LOG2
14/12/2015 07:18 65.536 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TM.blf
14/12/2015 07:18 524.288 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TMContainer00000000000000000001.regtrans-ms
14/12/2015 07:18 524.288 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TMContainer00000000000000000002.regtrans-ms
04/02/2016 01:16 286 ntuser.pol
05/02/2016 21:15
30/11/2015 15:29
23/12/2015 12:19
25/12/2015 00:47
12/08/2015 23:42
04/02/2016 01:58
30/11/2015 15:43
19/12/2015 22:40
10/07/2015 09:21
11/02/2016 07:46
23/12/2015 12:19
01/01/2016 11:37
10/07/2015 09:21
12/12/2015 02:53
07/02/2016 18:18
10/07/2015 09:22
10/07/2015 09:22
14/12/2015 07:04
8 arquivo(s) 1.130.782 bytes
44 pasta(s) 759.615.152.128 bytes dispon�veis
========= Fim de CMD: =========
Ponto de Restauração criado com sucesso.
========= RemoveProxy: =========
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
========= Fim de RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
EmptyTemp: => 3.4 GB de dados temporários Removidos.
O sistema precisou ser reiniciado.
==== Fim de Fixlog 20:28:08 ====