Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 18-07-2017
Executado por Administrador (23-07-2017 14:50:27) Run:2
Executando a partir de C:\Documents and Settings\Administrador\Desktop
Perfis Carregados: Administrador (Perfis Disponíveis: Administrador)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
BootExecute: autocheck autochk * sdnclean.exe 
GroupPolicy: Restrição ? <==== ATENÇÃO 
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP
HKU\S-1-5-21-1214440339-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP
HKU\S-1-5-21-1214440339-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = &hxxp://home.microsoft.com/intl/br/access/allinone.asp 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP" <==== ATENÇÃO 
HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D2%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP" <==== ATENÇÃO 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} 
SearchScopes: HKU\S-1-5-21-1214440339-1547161642-725345543-500 -> {0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fsvideosft_17_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwinyahoo%26cd%3D2XzuyEtN2Y1L1QzutCtDyBzz0DtB0BtA0FyE0DyCtDyCtDtDtN0D0Tzu0StCzztAyDtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyEtAtBzz0B0ByEyEtGtD0EyEyCtGtCzz0B0AtGyEyE0BzytGyEtDyEyEtDyC0Ezy0DyDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0CtA0ByByE0E0BtG0Czy0D0CtGyE0E0F0DtG0AyBzz0AtGyBtDtDtA0BtA0BtAyEtDzy0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyEyDyC%26cr%3D1637499895%26a%3Dwbf_fsvideosft_17_02%26os_ver%3D5.1%26os%3DWindows%2BXP&p={searchTerms} 
SearchScopes: HKU\S-1-5-21-1214440339-1547161642-725345543-500 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F4C1CA5F-7D91-49F0-9A37-1EDD3BFC154D}&mid=Unknown&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-16 19:35:37&v=4.2.3.128&pid=wtu&sg=&sap=dsp&q={searchTerms} 
2017-07-22 17:05 - 2014-07-22 12:09 - 00000000 ____D C:\Arquivos de programas\SUPERAntiSpyware 
2017-07-22 17:03 - 2014-02-05 11:53 - 00000000 ____D C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 
2017-07-22 17:03 - 2014-02-05 11:53 - 00000000 ____D C:\Arquivos de programas\Spybot - Search & Destroy 2
2017-07-18 23:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Arquivos de programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl 
2017-07-18 23:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Arquivos de programas\Spybot - Search & Destroy 2\DEC150.bpl 
2013-10-10 09:18 - 2017-01-10 14:14 - 0011776 _____ () C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 
C:\Arquivos de programas\Spybot - Search & Destroy 2\SDTray.exe
AlternateDataStreams: C:\Arquivos de programas\GbPlugin:IncompleteStartProcessProtection.cnt [8] 
AlternateDataStreams: C:\WINDOWS\system32:2DE4E467_Cef.gbp [2] 
AlternateDataStreams: C:\WINDOWS\system32:E547E9E5_Cef.gbp [2] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:GbpKmAp.lst [444] 
AlternateDataStreams: C:\WINDOWS\system32\drivers:IncompleteBoot.cnt [12] 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1262] 
AlternateDataStreams: C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin:IncompleteStartGbprcm.cnt [10] 
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Processos fechados com sucesso.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => valor restaurado com sucesso
"C:\WINDOWS\system32\GroupPolicy\Machine" => não encontrado (a).
HKLM\SOFTWARE\Policies\Google => chave não encontrado (a). 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-1214440339-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-1214440339-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => valor restaurado com sucesso
HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => valor não encontrado (a).
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). 
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). 
HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} => chave não encontrado (a). 
HKLM\Software\Classes\CLSID\{0CE02FFA-A6B0-46F6-BA2F-BD32C3630126} => chave não encontrado (a). 
HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => chave não encontrado (a). 
HKLM\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => chave não encontrado (a). 
"C:\Arquivos de programas\SUPERAntiSpyware" => não encontrado (a).
"C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy" => não encontrado (a).
"C:\Arquivos de programas\Spybot - Search & Destroy 2" => não encontrado (a).
"C:\Arquivos de programas\Spybot - Search & Destroy 2\snlThirdParty150.bpl" => não encontrado (a).
"C:\Arquivos de programas\Spybot - Search & Destroy 2\DEC150.bpl" => não encontrado (a).
"C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini" => não encontrado (a).
"C:\Arquivos de programas\Spybot - Search & Destroy 2\SDTray.exe" => não encontrado (a).
C:\Arquivos de programas\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
"C:\WINDOWS\system32" => ":2DE4E467_Cef.gbp" ADS não encontrado (a).
"C:\WINDOWS\system32" => ":E547E9E5_Cef.gbp" ADS não encontrado (a).
C:\WINDOWS\system32\drivers => ":GbpKmAp.lst" ADS removido (a) com sucesso..
"C:\WINDOWS\system32\drivers" => ":IncompleteBoot.cnt" ADS não encontrado (a).
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..
"C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin" => ":IncompleteStartGbprcm.cnt" ADS não encontrado (a).
Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKU\S-1-5-21-1214440339-1547161642-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 0 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 159244053 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 258683114 B
LocalService => 14020 B
NetworkService => 68585 B
Administrador => 166253436 B

RecycleBin => 1243496245 B
EmptyTemp: => 1.7 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 14:52:38 ====