Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão:27-01-2016 Executado por marco (2016-02-11 20:12:08) Run:1 Executando a partir de C:\Users\marco\Desktop Perfis Carregados: marco (Perfis Disponíveis: marco) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: (TODO: ) C:\ProgramData\Updata\GoogleUpdata.exe () C:\ProgramData\WindowsMsg\osmsg.exe HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-04] () HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\...\MountPoints2: {76ebbaf2-c344-11e5-9c26-1c39470c8d59} - "E:\Autorun.exe" ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254 SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1455129254 SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46&ts=1454872059 SearchScopes: HKU\S-1-5-21-4207123351-2558841533-2703887520-1001 -> {C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} URL = hxxp://www.baidu.com/s?wd={searchTerms}&tn=28026190_dg&ie=utf-8 FF NewTab: hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 FF DefaultSearchEngine: yessearches FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches FF SelectedSearchEngine: YAC Safe Search FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=DE63A734246A1A9212F5584D4B680417&ptid=sqr&ts=AHEpB3IpC34oBE..&v=20160121&mode=ffexttoolbar&q= FF SearchPlugin: C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yac-safe-search-.xml [2016-02-07] FF HKLM\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a) FF HKLM\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a) FF HKLM\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{DF371121-FC15-4E46-8DC1-7A1A108DC409}] - C:\Program Files\groover050220162330\Firefox\{DF371121-FC15-4E46-8DC1-7A1A108DC409}.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{0DA7B203-0BA9-477F-8563-38B199734B62}] - C:\Program Files\shopperz050220162301\Firefox\{0DA7B203-0BA9-477F-8563-38B199734B62}.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{D1F5921D-416A-4656-8B75-32B57057CA86}] - C:\Program Files\shopperz050220161443\Firefox\{D1F5921D-416A-4656-8B75-32B57057CA86}.xpi => não encontrado (a) CHR HomePage: Profile 1 -> hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46 CHR StartupUrls: Profile 1 -> "hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=wdcxwd10jpvx-22jc3t0_wd-wxj1a65fcn46fcn46" CHR Extension: (Ad.Block) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnhmodopgbdolkppmmmakhfpglglaoj [2016-02-05] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-05] S2 Uisulba; "C:\Users\marco\AppData\Roaming\SywsuUugol\Womgeamt.exe" -cms [X] S3 BtFilter; \SystemRoot\system32\DRIVERS\btfilter.sys [X] S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X] S1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X] S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] 2016-02-07 18:11 - 2016-02-07 18:11 - 00000000 ____D C:\Users\marco_np4ggej\AppData\Roaming\Elex-tech 2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Windows\system32\log 2016-02-07 15:57 - 2016-02-07 15:57 - 00000000 ____D C:\Users\marco\AppData\Roaming\Elex-tech 2016-02-07 15:56 - 2016-02-07 15:57 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\marco\Downloads\yet_another_cleaner_sk_7004786.exe 2016-02-05 22:38 - 2016-02-06 19:20 - 00000000 ____D C:\AdwCleaner 2016-02-05 22:38 - 2016-02-05 22:38 - 01508352 _____ C:\Users\marco\Downloads\AdwCleaner.exe 2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\OWdMO 2016-02-05 19:47 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\OWdMO 2016-02-05 19:46 - 2016-02-05 19:46 - 00003122 _____ C:\Windows\System32\Tasks\ttwifi 2016-02-05 19:46 - 2016-02-05 19:46 - 00003016 _____ C:\Windows\System32\Tasks\osTip 2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\Todos os Usuários\Updata 2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\Users\marco\AppData\Local\Tempfolder 2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-02-05 19:46 - 2016-02-05 19:46 - 00000000 ____D C:\ProgramData\Updata 2016-02-05 19:45 - 2016-02-05 19:45 - 00003416 _____ C:\Windows\System32\Tasks\Viubb 2016-02-05 19:15 - 2016-02-05 19:15 - 00003418 _____ C:\Windows\System32\Tasks\Buiwmev 2016-02-05 19:11 - 2016-02-05 19:11 - 00003422 _____ C:\Windows\System32\Tasks\Wiwlud 2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\Users\marco\AppData\LocalLow\Company 2016-02-05 19:11 - 2016-02-05 19:11 - 00000000 ____D C:\uninst 2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\Users\Todos os Usuários\2WdM2 2016-02-04 15:14 - 2016-02-07 16:38 - 00000000 ____D C:\ProgramData\2WdM2 2016-02-04 01:56 - 2015-03-05 02:12 - 00421784 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll 2016-02-04 01:56 - 2015-03-05 02:12 - 00332320 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll 2016-02-04 01:14 - 2016-02-04 01:07 - 00127800 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys 2016-02-04 01:09 - 2016-02-07 16:06 - 00002722 _____ C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\Todos os Usuários\Baidu Security 2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\Users\marco\AppData\LocalLow\BAVData 2016-02-04 01:09 - 2016-02-04 01:09 - 00000000 ____D C:\ProgramData\Baidu Security 2016-02-04 01:05 - 2016-02-04 01:05 - 00000000 ____D C:\Program Files (x86)\Baidu Security 2016-02-04 01:03 - 2016-02-05 22:46 - 00000000 ____D C:\Users\marco\AppData\Roaming\BavMini 2016-02-04 01:03 - 2016-02-04 01:03 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-02-04 01:01 - 2016-02-05 21:36 - 00000000 ____D C:\Users\marco\AppData\Roaming\Baidu 2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\Users\Todos os Usuários\Baidu 2016-02-04 01:01 - 2016-02-04 01:56 - 00000000 ____D C:\ProgramData\Baidu 2016-02-04 01:01 - 2016-02-04 01:02 - 00000000 ____D C:\Program Files (x86)\Baidu Task: {4F6F919E-01CA-4B01-92D4-11C5AF12AEF4} - System32\Tasks\Viubb => C:\PROGRA~1\SHOPPE~2\Mamzac.bat Task: {79D78755-6D19-4EF1-A774-83EB9D9EA50A} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: ) Task: {A9AF41E9-E79A-41D4-98E0-0529533FC44B} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-04] () Task: {ADD1A33D-D4B0-42C0-B4F4-B027701DCA50} - System32\Tasks\{F411FB24-EE32-4B94-8E58-3355B0D562AC} => pcalua.exe -a "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.8029\uninst.exe" Task: {B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D} - System32\Tasks\Buiwmev => C:\PROGRA~1\SHOPPE~1\Rukpa.bat Task: {C5C8078A-A1DB-4EAE-8F09-32363B5008E2} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATENÇÃO FirewallRules: [{61067DF8-0AAD-46BB-842F-E475984BBA21}] => (Allow) C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe C:\Users\marco\AppData\Local\Temp\AcerDocsSetup.exe C:\Users\marco\AppData\Local\Temp\AcerPortalSetup.exe C:\Users\marco\AppData\Local\Temp\AOPSetup.exe C:\Users\marco\AppData\Local\Temp\comver.dll C:\Users\marco\AppData\Local\Temp\EAD2D11.exe C:\Users\marco\AppData\Local\Temp\EAD4484.exe C:\Users\marco\AppData\Local\Temp\FoxitUpdater.exe C:\Users\marco\AppData\Local\Temp\HD-Logger-Native.dll C:\Users\marco\AppData\Local\Temp\HD-ShortcutHandler.dll C:\Users\marco\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe C:\Users\marco\AppData\Local\Temp\McCSPInstall.dll C:\Users\marco\AppData\Local\Temp\mccspuninstall.exe C:\Users\marco\AppData\Local\Temp\octDDB7.tmp.exe C:\Users\marco\AppData\Local\Temp\octDEDB.tmp.exe C:\Users\marco\AppData\Local\Temp\octE87F.tmp.exe C:\Users\marco\AppData\Local\Temp\oprun3237.exe C:\Users\marco\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_45129_Silence.exe C:\Users\marco\AppData\Local\Temp\SkypeSetup.exe C:\Users\marco\AppData\Local\Temp\sqlite3.dll C:\Users\marco\AppData\Local\Temp\uninstall.exe C:\Users\marco\AppData\Local\Temp\UninstallEADM.dll C:\Users\marco\AppData\Local\Temp\UninstallModule.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Users\All Users" CreateRestorePoint: RemoveProxy: EmptyTemp: Reboot: Hosts: end ***************** Processos fechados com sucesso. C:\ProgramData\Updata\GoogleUpdata.exe => Não foi encontrado em execução o processo C:\ProgramData\WindowsMsg\osmsg.exe => Não foi encontrado em execução o processo HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\Software\Microsoft\Windows\CurrentVersion\Run\\osmsg => valor removido (a) com sucesso. "HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76ebbaf2-c344-11e5-9c26-1c39470c8d59}" => chave removido (a) com sucesso. HKCR\CLSID\{76ebbaf2-c344-11e5-9c26-1c39470c8d59} => chave não encontrado (a). "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock" => chave removido (a) com sucesso. HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => chave não encontrado (a). "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => chave removido (a) com sucesso. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor removido (a) com sucesso. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => chave não encontrado (a). "HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => chave removido (a) com sucesso. HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => chave não encontrado (a). "HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C3BBCD0B-9234-4d36-9151-EC49EE32FCE3}" => chave removido (a) com sucesso. HKCR\CLSID\{C3BBCD0B-9234-4d36-9151-EC49EE32FCE3} => chave não encontrado (a). Firefox "newtab" removido (a) com sucesso. Firefox DefaultSearchEngine removido (a) com sucesso. Firefox DefaultSearchEngine.US removido (a) com sucesso. Firefox SelectedSearchEngine removido (a) com sucesso. Firefox "Keyword.URL" removido (a) com sucesso. C:\Users\marco\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yac-safe-search-.xml => movido com sucesso HKLM\Software\Mozilla\Firefox\Extensions\\{DF371121-FC15-4E46-8DC1-7A1A108DC409} => valor removido (a) com sucesso. HKLM\Software\Mozilla\Firefox\Extensions\\{0DA7B203-0BA9-477F-8563-38B199734B62} => valor removido (a) com sucesso. HKLM\Software\Mozilla\Firefox\Extensions\\{D1F5921D-416A-4656-8B75-32B57057CA86} => valor removido (a) com sucesso. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{DF371121-FC15-4E46-8DC1-7A1A108DC409} => valor removido (a) com sucesso. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0DA7B203-0BA9-477F-8563-38B199734B62} => valor removido (a) com sucesso. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{D1F5921D-416A-4656-8B75-32B57057CA86} => valor removido (a) com sucesso. Chrome HomePage => removido (a) com sucesso. Chrome StartupUrls => removido (a) com sucesso. C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdnhmodopgbdolkppmmmakhfpglglaoj => movido com sucesso C:\Users\marco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => movido com sucesso Uisulba => serviço removido (a) com sucesso. BtFilter => serviço removido (a) com sucesso. IntcAzAudAddService => serviço removido (a) com sucesso. SRepairDrv => serviço removido (a) com sucesso. wfpcapture => serviço removido (a) com sucesso. C:\Users\marco_np4ggej\AppData\Roaming\Elex-tech => movido com sucesso C:\Windows\system32\log => movido com sucesso C:\Users\marco\AppData\Roaming\Elex-tech => movido com sucesso C:\Users\marco\Downloads\yet_another_cleaner_sk_7004786.exe => movido com sucesso C:\AdwCleaner => movido com sucesso C:\Users\marco\Downloads\AdwCleaner.exe => movido com sucesso C:\Users\Todos os Usuários\OWdMO => movido com sucesso "C:\ProgramData\OWdMO" => não encontrado (a). C:\Windows\System32\Tasks\ttwifi => movido com sucesso C:\Windows\System32\Tasks\osTip => movido com sucesso C:\Users\Todos os Usuários\WindowsMsg => movido com sucesso C:\Users\Todos os Usuários\Updata => movido com sucesso C:\Users\marco\AppData\Local\Tempfolder => movido com sucesso "C:\ProgramData\WindowsMsg" => não encontrado (a). "C:\ProgramData\Updata" => não encontrado (a). C:\Windows\System32\Tasks\Viubb => movido com sucesso C:\Windows\System32\Tasks\Buiwmev => movido com sucesso C:\Windows\System32\Tasks\Wiwlud => movido com sucesso C:\Users\marco\AppData\LocalLow\Company => movido com sucesso C:\uninst => movido com sucesso C:\Users\Todos os Usuários\2WdM2 => movido com sucesso "C:\ProgramData\2WdM2" => não encontrado (a). C:\Windows\system32\BdSandboxDll64.dll => movido com sucesso C:\Windows\SysWOW64\BdSandboxDll32.dll => movido com sucesso C:\Windows\system32\Drivers\TAOKernelEx64.sys => movido com sucesso C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => movido com sucesso C:\Users\Todos os Usuários\Baidu Security => movido com sucesso C:\Users\marco\AppData\LocalLow\BAVData => movido com sucesso "C:\ProgramData\Baidu Security" => não encontrado (a). C:\Program Files (x86)\Baidu Security => movido com sucesso C:\Users\marco\AppData\Roaming\BavMini => movido com sucesso C:\Users\Public\Documents\Baidu => movido com sucesso C:\Users\marco\AppData\Roaming\Baidu => movido com sucesso C:\Users\Todos os Usuários\Baidu => movido com sucesso "C:\ProgramData\Baidu" => não encontrado (a). C:\Program Files (x86)\Baidu => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F6F919E-01CA-4B01-92D4-11C5AF12AEF4}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F6F919E-01CA-4B01-92D4-11C5AF12AEF4}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\Viubb => não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Viubb" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79D78755-6D19-4EF1-A774-83EB9D9EA50A}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79D78755-6D19-4EF1-A774-83EB9D9EA50A}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\UbtFrameworkService => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9AF41E9-E79A-41D4-98E0-0529533FC44B}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AF41E9-E79A-41D4-98E0-0529533FC44B}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\osTip => não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\osTip" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADD1A33D-D4B0-42C0-B4F4-B027701DCA50}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADD1A33D-D4B0-42C0-B4F4-B027701DCA50}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\{F411FB24-EE32-4B94-8E58-3355B0D562AC} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F411FB24-EE32-4B94-8E58-3355B0D562AC}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9AB3E3F-D9B0-4928-B867-4A6E8D2B350D}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\Buiwmev => não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Buiwmev" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5C8078A-A1DB-4EAE-8F09-32363B5008E2}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5C8078A-A1DB-4EAE-8F09-32363B5008E2}" => chave removido (a) com sucesso. C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\060184C3-9766-46a0-B258-F4518A0B2633" => chave removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{61067DF8-0AAD-46BB-842F-E475984BBA21} => valor removido (a) com sucesso. "C:\Users\marco\AppData\Local\BoBrowser\Application\bobrowser.exe" => não encontrado (a). C:\Users\marco\AppData\Local\Temp\AcerDocsSetup.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\AcerPortalSetup.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\AOPSetup.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\comver.dll => movido com sucesso C:\Users\marco\AppData\Local\Temp\EAD2D11.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\EAD4484.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\FoxitUpdater.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\HD-Logger-Native.dll => movido com sucesso C:\Users\marco\AppData\Local\Temp\HD-ShortcutHandler.dll => movido com sucesso C:\Users\marco\AppData\Local\Temp\launcher_vs2010_sp1_vcredist_x86.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\McCSPInstall.dll => movido com sucesso C:\Users\marco\AppData\Local\Temp\mccspuninstall.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\octDDB7.tmp.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\octDEDB.tmp.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\octE87F.tmp.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\oprun3237.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_45129_Silence.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\SkypeSetup.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\sqlite3.dll => movido com sucesso C:\Users\marco\AppData\Local\Temp\uninstall.exe => movido com sucesso C:\Users\marco\AppData\Local\Temp\UninstallEADM.dll => movido com sucesso C:\Users\marco\AppData\Local\Temp\UninstallModule.exe => movido com sucesso ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de Reg: ========= ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ========= A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de Reg: ========= ========= dir /a "C:\Program Files" ========= O volume na unidade C ‚ Pc :v O N£mero de S‚rie do Volume ‚ 6E2C-99F0 Pasta de C:\Program Files 05/02/2016 22:42 . 05/02/2016 22:42 .. 04/02/2016 15:16 3dsexvilla 14/12/2015 10:16 Accessory Store 05/02/2016 21:15 Acer 30/11/2015 15:08 Arquivos Comuns [C:\Program Files\Common Files] 16/07/2015 01:37 AVAST Software 13/08/2015 00:01 Booking.COM 05/02/2016 22:46 Common Files 10/07/2015 08:02 174 desktop.ini 12/08/2015 23:49 Intel 12/01/2016 12:10 Internet Explorer 16/07/2015 01:33 MSBuild 11/12/2015 23:08 ps 12/08/2015 23:47 Realtek 16/07/2015 01:33 Reference Assemblies 14/12/2015 06:53 torrents 10/07/2015 09:21 Uninstall Information 13/08/2015 03:52 Windows Defender 01/12/2015 14:59 Windows Journal 10/07/2015 10:13 Windows Mail 13/08/2015 03:52 Windows Media Player 10/07/2015 08:04 Windows Multimedia Platform 30/11/2015 15:08 Windows NT 13/08/2015 03:52 Windows Photo Viewer 10/07/2015 08:04 Windows Portable Devices 10/07/2015 08:04 Windows Sidebar 10/02/2016 15:48 WindowsApps 10/07/2015 08:04 WindowsPowerShell 30/11/2015 16:54 WinRAR 1 arquivo(s) 174 bytes 29 pasta(s) 759.615.156.224 bytes dispon¡veis ========= Fim de CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= O volume na unidade C ‚ Pc :v O N£mero de S‚rie do Volume ‚ 6E2C-99F0 Pasta de C:\Program Files (x86) 11/02/2016 20:12 . 11/02/2016 20:12 .. 05/02/2016 21:08 Acer 17/12/2015 08:43 Activision 13/08/2015 00:01 Amazon 05/02/2016 22:43 Common Files 15/12/2015 22:41 DAEMON Tools Lite 10/07/2015 08:02 174 desktop.ini 11/02/2016 15:13 Electronic Arts 11/02/2016 00:09 Google 11/02/2016 15:13 InstallShield Installation Information 12/08/2015 23:45 Intel 12/01/2016 12:10 Internet Explorer 23/12/2015 12:15 Java 28/12/2015 22:20 Legue Of Legends 24/12/2015 19:11 LogMeIn Hamachi 17/12/2015 09:19 Managed DirectX (0901) 04/02/2016 01:59 Microsoft Office 27/01/2016 16:52 Microsoft WSE 30/11/2015 23:21 Microsoft XNA 10/07/2015 08:04 Microsoft.NET 10/02/2016 15:33 Mozilla Firefox 10/02/2016 15:33 Mozilla Maintenance Service 16/07/2015 01:33 MSBuild 07/02/2016 18:31 Realtek 16/07/2015 01:33 Reference Assemblies 11/02/2016 07:05 SEGA 11/02/2016 20:08 Steam 04/02/2016 18:29 stronghold 07/02/2016 18:31 Temp 03/02/2016 15:29 Tribo Gamer 04/02/2016 00:58 t_201602040058 13/08/2015 03:52 Windows Defender 10/07/2015 10:13 Windows Mail 13/08/2015 03:52 Windows Media Player 10/07/2015 08:04 Windows Multimedia Platform 10/07/2015 08:04 Windows NT 13/08/2015 03:52 Windows Photo Viewer 10/07/2015 08:04 Windows Portable Devices 10/07/2015 08:04 Windows Sidebar 10/07/2015 08:04 WindowsPowerShell 1 arquivo(s) 174 bytes 40 pasta(s) 759.615.156.224 bytes dispon¡veis ========= Fim de CMD: ========= ========= dir /a "C:\Users\All Users" ========= O volume na unidade C ‚ Pc :v O N£mero de S‚rie do Volume ‚ 6E2C-99F0 Pasta de C:\Users\All Users 11/02/2016 20:12 . 11/02/2016 20:12 .. 14/12/2015 07:06 Acer 10/07/2015 09:21 Application Data [C:\ProgramData] 06/02/2016 20:00 BlueStacksSetup 01/01/2016 14:06 boost_interprocess 13/08/2015 00:06 CLSK 10/07/2015 08:04 Comms 07/02/2016 18:28 CyberLink 30/11/2015 15:08 Dados de Aplicativos [C:\ProgramData] 11/02/2016 07:04 DAEMON Tools Lite 10/07/2015 09:21 Desktop [C:\Users\Public\Desktop] 30/11/2015 15:08 Documentos [C:\Users\Public\Documents] 10/07/2015 09:21 Documents [C:\Users\Public\Documents] 12/08/2015 23:47 0 DP45977C.lfl 30/01/2016 17:27 Electronic Arts 01/01/2016 14:12 GAS Tecnologia 13/08/2015 00:06 install_clap 12/08/2015 23:40 Intel 13/08/2015 00:02 Kingsoft 24/12/2015 19:11 LogMeIn 15/12/2015 13:43 McAfee 30/11/2015 15:08 Menu Iniciar [C:\ProgramData\Microsoft\Windows\Start Menu] 04/02/2016 01:58 Microsoft 16/07/2015 01:35 Microsoft OneDrive 30/11/2015 15:08 Modelos [C:\ProgramData\Microsoft\Windows\Templates] 16/07/2015 01:38 Mozilla 14/12/2015 07:18 8.192 NTUSER.DAT 14/12/2015 07:18 8.192 NTUSER.DAT.LOG1 14/12/2015 07:18 0 NTUSER.DAT.LOG2 14/12/2015 07:18 65.536 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TM.blf 14/12/2015 07:18 524.288 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TMContainer00000000000000000001.regtrans-ms 14/12/2015 07:18 524.288 NTUSER.DAT{2861e5fa-a21a-11e5-9be9-1c39470c8d59}.TMContainer00000000000000000002.regtrans-ms 04/02/2016 01:16 286 ntuser.pol 05/02/2016 21:15 OEM 30/11/2015 15:29 OEM_YAHOO 23/12/2015 12:19 Oracle 25/12/2015 00:47 Package Cache 12/08/2015 23:42 Qualcomm Atheros 04/02/2016 01:58 regid.1991-06.com.microsoft 30/11/2015 15:43 Riot Games 19/12/2015 22:40 SoftwareDistribution 10/07/2015 09:21 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 11/02/2016 07:46 Steam 23/12/2015 12:19 Sun 01/01/2016 11:37 Temp 10/07/2015 09:21 Templates [C:\ProgramData\Microsoft\Windows\Templates] 12/12/2015 02:53 thriXXX 07/02/2016 18:18 TXQMPC 10/07/2015 09:22 USOPrivate 10/07/2015 09:22 USOShared 14/12/2015 07:04 WildTangent 8 arquivo(s) 1.130.782 bytes 44 pasta(s) 759.615.152.128 bytes dispon¡veis ========= Fim de CMD: ========= Ponto de Restauração criado com sucesso. ========= RemoveProxy: ========= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => valor removido (a) com sucesso. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\S-1-5-21-4207123351-2558841533-2703887520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. ========= Fim de RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. EmptyTemp: => 3.4 GB de dados temporários Removidos. O sistema precisou ser reiniciado. ==== Fim de Fixlog 20:28:08 ====