Format du document : text/plain
Prévisualisation
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 20-07-2016
Executado por walbe (2016-07-21 11:52:23) Run:1
Executando a partir de C:\Users\walbe\Desktop
Perfis Carregados: walbe (Perfis Disponíveis: walbe)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
start
CloseProcesses:
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://minilua.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://minilua.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://minilua.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://minilua.com/
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://minilua.com/
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:/www.google.com.br
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://slightsearch.ru/?ri=1&uid=7af36c21a84027677a308064513d2926&q={searchTerms}
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://minilua.com/
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://minilua.com/
URLSearchHook: [S-1-5-21-605499448-4286189888-3652374249-1001] ATENÇÃO => A URLSearchHook Padrão está ausente
SearchScopes: HKU\S-1-5-21-605499448-4286189888-3652374249-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: WSWSVCUchrome - Nenhum Valor CLSID
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2016-04-10 23:23 - 2016-04-10 23:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
ShortcutWithArgument: C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\SendTo\Destinatário do fax.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\setup.exe (Samsung Electronics Co., Ltd.) -> /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\setup.exe (Samsung Electronics Co., Ltd.) -> /removeonly
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -> C:\Program Files (x86)\Java\jre1.8.0_92\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\Users\walbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk -> C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Co., Ltd.) -> /help
ShortcutWithArgument: C:\Users\walbe\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\walbe\AppData\Roaming\IObit\Advanced SystemCare V7\Advanced SystemCare 9.lnk -> C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe (IObit) -> /manual
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
Task: {01862897-EBC2-40CA-816E-3F6B5C0DB766} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [1969-12-31] (Enigma Software Group USA, LLC.)
Task: {13B7ED8B-FD87-42B3-B45C-7DB9C0C4C2BA} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic
Task: {735939EE-AF05-4D54-A4D6-0FB34681EF43} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic
Shortcut: C:\Users\walbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk -> hxxp://yamb.unite-video.com/
2016-04-28 22:58 - 2016-04-28 22:58 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
FirewallRules: [{4C388D64-C066-4E7E-83DE-C314FDC75546}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{6621CC18-FF4B-4DEC-B54E-F7A5157D6615}] => (Allow) C:\Windows\KMS-R@1n.exe
C:\Users\walbe\AppData\Local\Temp\50mqwrh1.dll
C:\Users\walbe\AppData\Local\Temp\7za.exe
C:\Users\walbe\AppData\Local\Temp\hijackthis.exe
C:\Users\walbe\AppData\Local\Temp\k2w3mmsj.dll
C:\Users\walbe\AppData\Local\Temp\NirCmd.exe
C:\Users\walbe\AppData\Local\Temp\PEVZ.EXE
C:\Users\walbe\AppData\Local\Temp\remove.exe
C:\Users\walbe\AppData\Local\Temp\sed.exe
C:\Users\walbe\AppData\Local\Temp\shortcut.exe
C:\Users\walbe\AppData\Local\Temp\swreg.exe
C:\Users\walbe\AppData\Local\Temp\wget.exe
C:\Users\walbe\AppData\Local\Temp\ZAScan.exe
C:\Users\walbe\AppData\Local\Temp\zoek-delete.exe
CreateRestorePoint:
CMD: sfc /scannow
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processos fechados com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => chave removido (a) com sucesso.
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => chave não encontrado (a).
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => chave removido (a) com sucesso.
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => chave não encontrado (a).
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => chave removido (a) com sucesso.
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => chave não encontrado (a).
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => chave não encontrado (a).
"HKLM\SOFTWARE\Policies\Google" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Bar => valor removido (a) com sucesso.
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso.
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => valor removido (a) com sucesso.
Não foi possível restaurar Padrão URLSearchHook.
HKU\S-1-5-21-605499448-4286189888-3652374249-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => chave removido (a) com sucesso.
AvastVBoxSvc => serviço Não pode ser removido
intaud_WaveExtensible => serviço removido (a) com sucesso.
VBoxAswDrv => serviço Não pode ser removido
C:\ProgramData\DP45977C.lfl => movido com sucesso
C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\SendTo\Destinatário do fax.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Administrador\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Search.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Roaming\IObit\Advanced SystemCare V7\Advanced SystemCare 9.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\walbe\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk => Atalho argumento removido (a) com sucesso..
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01862897-EBC2-40CA-816E-3F6B5C0DB766}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01862897-EBC2-40CA-816E-3F6B5C0DB766}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13B7ED8B-FD87-42B3-B45C-7DB9C0C4C2BA}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13B7ED8B-FD87-42B3-B45C-7DB9C0C4C2BA}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{735939EE-AF05-4D54-A4D6-0FB34681EF43}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{735939EE-AF05-4D54-A4D6-0FB34681EF43}" => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\R@1n-KMS\Office16ProPlus => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office16ProPlus" => chave removido (a) com sucesso.
C:\Users\walbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2\Yamb - Website.lnk => movido com sucesso
C:\Windows\KMS-R@1n.exe => movido com sucesso
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C388D64-C066-4E7E-83DE-C314FDC75546} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6621CC18-FF4B-4DEC-B54E-F7A5157D6615} => valor removido (a) com sucesso.
C:\Users\walbe\AppData\Local\Temp\50mqwrh1.dll => movido com sucesso
"C:\Users\walbe\AppData\Local\Temp\7za.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\hijackthis.exe" => não encontrado (a).
C:\Users\walbe\AppData\Local\Temp\k2w3mmsj.dll => movido com sucesso
"C:\Users\walbe\AppData\Local\Temp\NirCmd.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\PEVZ.EXE" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\remove.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\sed.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\shortcut.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\swreg.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\wget.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\ZAScan.exe" => não encontrado (a).
"C:\Users\walbe\AppData\Local\Temp\zoek-delete.exe" => não encontrado (a).
Ponto de Restauração criado com sucesso.
========= sfc /scannow =========