Format du document : text/plain
Prévisualisation
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 26-07-2020
Executado por marce (27-07-2020 21:52:50) Run:1
Executando a partir de D:\Dowloads
Perfis Carregados: marce
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÃÃO
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÃÃO
Task: {2C98BC02-9B01-4F21-86C5-36E5FD4CEE2E} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {3031AB16-44AF-48DA-9171-77E5315CE73E} - System32\Tasks\update-S-1-5-21-2491648592-1319402890-2819360954-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: )
Task: {DC56B25F-A930-4FA7-A6C9-1FF95CA512EF} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: {EDDC8BE0-2099-4058-AAA3-48667F593CFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1331792 2020-05-07] (Adobe Inc. -> Adobe Inc.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2491648592-1319402890-2819360954-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
SearchScopes: HKLM -> DefaultScope valor está ausente
SearchScopes: HKLM-x32 -> DefaultScope valor está ausente
SearchScopes: HKU\S-1-5-21-2491648592-1319402890-2819360954-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87bbk0epo8acegik1tc002820¶m1=y6bdVFVIsvuYsgEClQfz8DvEGkcjx4pP8Fm5IxAfh268QXeMrVIXluafJ4cDO9TpUNo4o3bUaP1rjycimA1GnV7NCmYbopnJFVR%2BKmme%2BkMNL8LHS1ov2HwWspjJINuAByiecMUmnkBgMvWtE5HugLNENT7JYulVy77X5QmPLiUYrMrkDxG0AC84PJH4agQcTk7axkucYKUlv8Jdb%2FelYEwrWV%2FJWCcrQWh6xD1ZwMpRmixPlRQmLCInmVBkI37%2FNGJNlwEwS%2BsKvsyoRHbiyOUMwwOK6M0nSiTrbt%2Bhw%2BqWTgQAsuWSsd8bA0%2B%2B3owtB%2F1AOMtWiEi4P8EFevQc1p16NW8bGS2bpUQ4sKCuFaDAuPc3vAzWXa7lJbpxs3CKB5J6114BeDOIuubkr0Qxzw%3D%3D&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2491648592-1319402890-2819360954-1001 -> {2A23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2491648592-1319402890-2819360954-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87bbk0epo8acegik1tc002820¶m1=y6bdVFVIsvuYsgEClQfz8DvEGkcjx4pP8Fm5IxAfh268QXeMrVIXluafJ4cDO9TpUNo4o3bUaP1rjycimA1GnV7NCmYbopnJFVR%2BKmme%2BkMNL8LHS1ov2HwWspjJINuAByiecMUmnkBgMvWtE5HugLNENT7JYulVy77X5QmPLiUYrMrkDxG0AC84PJH4agQcTk7axkucYKUlv8Jdb%2FelYEwrWV%2FJWCcrQWh6xD1ZwMpRmixPlRQmLCInmVBkI37%2FNGJNlwEwS%2BsKvsyoRHbiyOUMwwOK6M0nSiTrbt%2Bhw%2BqWTgQAsuWSsd8bA0%2B%2B3owtB%2F1AOMtWiEi4P8EFevQc1p16NW8bGS2bpUQ4sKCuFaDAuPc3vAzWXa7lJbpxs3CKB5J6114BeDOIuubkr0Qxzw%3D%3D&p={searchTerms}
Edge HomeButtonPage: HKU\S-1-5-21-2491648592-1319402890-2819360954-1001 -> hxxps://br.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87bbk0epo8acegik1tc002820¶m1=y6bdVFVIsvuYsgEClQfz8DvEGkcjx4pP8Fm5IxAfh268QXeMrVIXluafJ4cDO9TpUNo4o3bUaP1rjycimA1GnTfUN%2BYRjdlPoVLewKWO5Gdr1oHQn0rWb7XUAV1OmghSZ3pFvGGNfdcnLUPRVjIZ1iMlADwG4TK1%2BDOrw6pOvxThTFhd41D2RgVFiWpaJEGkM%2FgG2Mn5qzfsXQbHGoGk79hrudyLIohPMUgb57%2BIYtDVBbd1oSaoDWoqppZaEDni8s1bba9vVA%2BydOos4UopeI0ZnXa8Xnv0Im4Ls24bpdik81PFC6C39CyshXQ%2Be3L3kOqtE5HjVDwpc93Ku4XWLuAcrjfU84e%2F8mQAkEMww4gnMVsfKLnpG8ctqfz78InKAmXqJF%2BMzVIFvJuctO982g%3D%3D
Edge HomePage: Default -> hxxps://br.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87bbk0epo8acegik1tc002820¶m1=y6bdVFVIsvuYsgEClQfz8DvEGkcjx4pP8Fm5IxAfh268QXeMrVIXluafJ4cDO9TpUNo4o3bUaP1rjycimA1Gna%2BL5afMx1kcQU9cR9MMkcy8XUSJLCgFfB3PcpZEFkXUbaGeAoCkTe3bHlXM41NY0bjK8Kqi5FBgV%2BFqH6sG6I65ok4MyIZPkIRgx%2FJM9l9OAXDABUgazPWH8YGVUCfl9LaSMe4NqM8N08j0oXskit%2Fk8f1m6DX2RhNFZIX0N8zd1UhiFkMBvMKpfregpxnMIrZuoTteMJ8nHt0wKC9HlqoUyFwqA5gDCSzUK1dZkT5FSd%2BnTclqeogxvskHHMhvaY3bHKYD%2F%2BXPbdq9pzSUxe7aPdJGE1b0Z0PgbVuI35I5B8Yoh4eYFv0nDl9thVDzEQ%3D%3D
Edge StartupUrls: Default -> "hxxps://br.search.yahoo.com/yhs/web?hspart=omr&hsimp=yhs-001&type=87bbk0epo8acegik1tc002820¶m1=y6bdVFVIsvuYsgEClQfz8DvEGkcjx4pP8Fm5IxAfh268QXeMrVIXluafJ4cDO9TpUNo4o3bUaP1rjycimA1GnSlLt%2BpC5rB7Yipv1XcHLI7gnO9i37hZHlFQaAGw8molRnXKA%2Bg1I7xHAlwyl9totAkzxaT3fL5tit%2FD2nyonzf0EVo9%2FhgiaHyEAZe7%2BXKNP%2F5Ol8Lm4iQPEUEu1XLadqeT15DyZ9%2BB76S%2F2Nypmx6Sb5AzKu3bQXkr5YN0qzr%2BrFWqsxhycobBxuq6LzAcfSLj37Uvg2pkcoFUOVj3F1cgduCXExiTnGgl1tYfnjTCmAzxIp%2BbPQZwnRlhTT0ojhkzpuPyhv0zQzd2k30OFWn07ujrCFrepMlMhubrJDd%2FwAmneFc5zFrKjOzWUj6muQ%3D%3D"
Edge DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87bbk0epo8acegik1tc002820¶m1=y6bdVFVIsvuYsgEClQfz8DvEGkcjx4pP8Fm5IxAfh268QXeMrVIXluafJ4cDO9TpUNo4o3bUaP1rjycimA1GnfiWFhaxZL9A%2BjhCv3yWnSQS7YwCJYk0zQtgYPL5ENvTHsWpFYu6UtQRkEBuk%2BMmzjV5UImosmu0II3RuBHNI8nkxWZfROEdt%2Fh4lUFXr0AfXhwkXtP4z01%2BsPNPNEjEf%2BM37lwrI4uWrYziCiLjyWwv39JU9xWts3b%2B5fAgQBahP73rQAtAnEvgT7aeDBJXgBL1WedUPZOuQ0VQ8iGKaCmIAzYHjg%2BXWpzRFnMscr71xo3zRKi9gbSD2BOfRC1JGBmyh%2BBDA5YZZxa1F82VXP8WtKjHtXel5GKfMO2T4XnXN6JEE67cEkVQH56z2jVYLQ%3D%3D&p={searchTerms}
Edge DefaultSearchKeyword: Default -> search.yahoo.com
Edge DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
"SAntivirusIC" => serviço foi desbloqueado. <==== ATENÃÃO
R2 SAntivirusIC; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusIC.exe [6947608 2020-07-09] (Digital Communications Inc -> Incorp DigCom) <==== ATENÃÃO
S2 SAntivirusSvc; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusService.exe [X] <==== ATENÃÃO
R1 SANTIVIRUSKD; C:\Program Files (x86)\Digital Communications\SAntivirus\SAntivirusKD.sys [74544 2020-07-09] (Digital Communications Inc -> Digital Comm. Inc) <==== ATENÃÃO
U3 avgbdisk; não ImagePath
2020-07-16 01:33 - 2020-07-16 01:33 - 000000000 ____D C:\Users\marce\Documents\Lightshot
2020-07-16 01:33 - 2020-07-16 01:33 - 000000000 ____D C:\Program Files (x86)\Skillbrains
ContextMenuHandlers1: [FortiClient] -> {7AE5C558-994B-40B7-8730-2DAC2B96781B} => C:\Program Files\Fortinet\FortiClient\FortiCliSh.dll -> Nenhum Arquivo
StartPowershell:
DISM /Online /Cleanup-image /Restorehealth
sfc /scannow
EndPowershell:
CMD: ipconfig /flushdns
SubSystems: [Windows] ==> SAntivirus Realtime Protection Lite
CreateRestorePoint:
EmptyTemp:
Reboot:
Hosts:
*****************
Processos fechados com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Lightshot" => não encontrado (a)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso.
HKLM\SOFTWARE\Policies\Mozilla => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C98BC02-9B01-4F21-86C5-36E5FD4CEE2E}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C98BC02-9B01-4F21-86C5-36E5FD4CEE2E}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\update-sys => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3031AB16-44AF-48DA-9171-77E5315CE73E}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3031AB16-44AF-48DA-9171-77E5315CE73E}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\update-S-1-5-21-2491648592-1319402890-2819360954-1001 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-2491648592-1319402890-2819360954-1001" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DC56B25F-A930-4FA7-A6C9-1FF95CA512EF}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC56B25F-A930-4FA7-A6C9-1FF95CA512EF}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Antivirus Emergency Update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Antivirus Emergency Update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EDDC8BE0-2099-4058-AAA3-48667F593CFF}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDDC8BE0-2099-4058-AAA3-48667F593CFF}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso.
C:\WINDOWS\Tasks\update-S-1-5-21-2491648592-1319402890-2819360954-1001.job => movido com sucesso
C:\WINDOWS\Tasks\update-sys.job => movido com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso
"HKU\S-1-5-21-2491648592-1319402890-2819360954-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removido (a) com sucesso.
HKU\S-1-5-21-2491648592-1319402890-2819360954-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A23ab71-4ac6-41f2-a955-ea576e553146} => removido (a) com sucesso.
"\\SearchScopes: HKU\S-1-5-21-2491648592-1319402890-2819360954-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=omr&hsimp=yhs-001&type=87bbk0epo8acegik1tc002820¶m1=y6bdVFVIsvuYsgEClQfz8DvEGkcjx4pP8Fm5IxAfh268QXeMrVIXluafJ4cDO9TpUNo4o3bUaP1rjycimA1GnV7NCmYbopnJFVR%2BKmme%2BkMNL8LHS1ov2HwWspjJINuAByiecMUmnkBgMvWtE5HugLNENT7JYulVy77X5QmPLiUYrMrkDxG0AC84PJH4agQcTk7axkucYKUlv8Jdb%2FelYEwrWV%2FJWCcrQWh6xD1ZwMpRmixPlRQmLCInmVBkI37%2FNGJNlwEwS%2BsKvsyoRHbiyOUMwwOK6M0nSiTrbt%2Bhw%2BqWTgQAsuWSsd8bA0%2B%2B3owtB%2F1AOMtWiEi4P8EFevQc1p16NW8bGS2bpUQ4sKCuFaDAuPc3vAzWXa7lJbpxs3CKB5J6114BeDOIuubkr0Qxzw%3D%3D&p={searchTerms}" => não encontrado (a)
"HKU\S-1-5-21-2491648592-1319402890-2819360954-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage" => removido (a) com sucesso.
"Edge HomePage" => removido (a) com sucesso.
"Edge StartupUrls" => removido (a) com sucesso.
"Edge DefaultSearchURL" => removido (a) com sucesso.
"Edge DefaultSearchKeyword" => removido (a) com sucesso.
"Edge DefaultSuggestURL" => removido (a) com sucesso.
"SAntivirusIC" => serviço foi desbloqueado. <==== ATENÃÃO => Erro: Nenhuma correção automática foi encontrada para esta entrada.
SAntivirusIC => Não foi possÃvel finalizar o serviço.
HKLM\System\CurrentControlSet\Services\SAntivirusIC => Não pode ser removido, chave pode estar protegida
HKLM\System\CurrentControlSet\Services\SAntivirusSvc => Não pode ser removido, chave pode estar protegida
SANTIVIRUSKD => Não foi possÃvel finalizar o serviço.
HKLM\System\CurrentControlSet\Services\SANTIVIRUSKD => Não pode ser removido, chave pode estar protegida
HKLM\System\CurrentControlSet\Services\avgbdisk => removido (a) com sucesso.
avgbdisk => serviço removido (a) com sucesso.
C:\Users\marce\Documents\Lightshot => movido com sucesso
C:\Program Files (x86)\Skillbrains => movido com sucesso
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\FortiClient => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{7AE5C558-994B-40B7-8730-2DAC2B96781B} => removido (a) com sucesso.
========= Powershell: =========
Ferramenta de Gerenciamento e Manutenção de Imagens de Implantação
Versão: 10.0.18362.900
Versão da Imagem: 10.0.18363.959
[== 3.8% ]
[== 4.5% ]
[=== 5.5% ]
[=== 6.3% ]
[==== 7.1% ]
[==== 8.1% ]
[==== 8.6% ]
[===== 9.6% ]
[====== 10.6% ]
[====== 11.4% ]
[======= 12.4% ]
[======= 13.4% ]
[======== 14.3% ]
[======== 15.3% ]
[========= 16.2% ]
[========= 17.1% ]
[========== 18.1% ]
[=========== 19.1% ]
[=========== 20.1% ]
[============ 21.1% ]
[============ 22.0% ]
[============= 23.0% ]
[============= 24.0% ]
[============== 25.0% ]
[=============== 26.0% ]
[=============== 26.9% ]
[=============== 27.1% ]
[================ 27.7% ]
[================ 28.2% ]
[================ 28.4% ]
[================ 28.5% ]
[================= 29.4% ]
[================= 30.4% ]
[================== 31.4% ]
[================== 32.4% ]
[=================== 33.3% ]
[=================== 34.3% ]
[==================== 35.2% ]
[===================== 36.2% ]
[===================== 37.2% ]
[====================== 38.2% ]
[====================== 39.2% ]
[======================= 40.2% ]
[======================= 40.9% ]
[======================== 41.7% ]
[======================== 41.9% ]
[======================== 42.3% ]
[========================= 43.3% ]
[========================= 43.7% ]
[========================= 44.1% ]
[========================= 44.3% ]
[========================= 44.8% ]
[========================== 45.7% ]
[========================== 46.3% ]
[===========================46.6% ]
[===========================46.7% ]
[===========================47.4% ]
[===========================48.4% ]
[===========================49.4% ]
[===========================50.3% ]
[===========================51.3% ]
[===========================52.3% ]
[===========================53.3% ]
[===========================54.0% ]
[===========================54.2% ]
[===========================54.2% ]
[===========================54.3% ]
[===========================54.4% ]
[===========================54.4% ]
[===========================54.5% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.6% ]
[===========================54.7% ]
[===========================54.7% ]
[===========================54.8% ]
[===========================54.8% ]
[===========================54.9% ]
[===========================54.9% ]
[===========================55.1% ]
[===========================55.3% ]
[===========================55.3% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.6% ]
[===========================55.6% ]
[===========================55.7% ]
[===========================55.7% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.9% ]
[===========================56.0% ]
[===========================56.1% ]
[===========================56.2% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.7% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================57.0%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.7%= ]
[===========================58.7%== ]
[===========================59.6%== ]
[===========================62.3%==== ]
[===========================84.9%================= ]
[==========================100.0%==========================]
Operação de restauração concluÃda com êxito.
A operação foi concluÃda com êxito.