Jump to content

Annluciap

Members
  • Content count

    430
  • Joined

  • Last visited

Everything posted by Annluciap

  1. Annluciap

    Computador lento

    Seguem links dos logs do FRST para análise: https://www.cjoint.com/c/IEuvOzhKaPa https://www.cjoint.com/c/IEuvQSrcnWa Obrigada.
  2. Olá, o micro está lento, provavelmente, por causa de malwares. Seguem os links para os logs do FRST. http://www.cjoint.com/c/GAhanA7OtTZ http://www.cjoint.com/c/GAhapBrE1kZ Obrigada.
  3. Boa noite, sim, removi as detecções. Agora está tudo ok com o note. Muito obrigada pela ajuda. :)
  4. Boa noite, Como o relatório é longo envio o link para acessá-lo. http://www.cjoint.com/c/GAlapoKchA5 Obrigada.
  5. Boa tarde, seguem logs conforme solicitado. Obrigada. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 7 Ultimate x64 Ran by Lucimar (Limited) on 10/01/2017 at 13:01:30,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10/01/2017 at 13:05:18,15 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2017.1.7.4 by Nicolas Coolman (2017/01/07) ~ Run by Lucimar (Administrator) (10/01/2017 14:21:27) ~ Web: https://www.nicolascoolman.com ~ Blog: https://www.anti-malware.top ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Reparo ~ Report : C:\Users\Lucimar\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Lucimar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (21) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (60) MOVIDO pasta: C:\Users\Public\Desktop\1-click optimization.lnk [bad : C:\Program Files (x86)\simplitec\simpliclean\PowerSuiteStart.exe](.simplitec GmbH.) =>.Superfluous.SimpliClean MOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins001.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit MOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins002.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit MOVIDO pasta: C:\Windows\Prefetch\YTDOWNLOADER.EXE-16291FE1.pf =>PUP.Optional.YTDownloader MOVIDO arquivo: C:\Users\Lucimar\AppData\Local\Temp\scoped_dir_292_23992 =>.Superfluous.Temporary.Steam MOVIDO arquivo: C:\Program Files (x86)\simplitec\simpliclean =>.Superfluous.SimpliClean MOVIDO arquivo: C:\Windows\Installer\MSI110F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1748.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1A58.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1C79.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI1E28.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI22.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI2800.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3052.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI32A4.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3737.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI37AA.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI388.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI38BD.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3A.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3BAB.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI3C68.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI404D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI41F3.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI437D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI4619.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI48F5.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI4D1F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI50B3.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5216.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI583D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5948.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5E96.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI5F3F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI678C.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI6F79.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSI97B1.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIA16D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIA38F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIB99F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIC522.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIC838.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSICB99.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSICF9F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSICFAF.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID30A.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID645.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID73F.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSID75.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIDB17.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIE32D.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIE653.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIE81C.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIEFEA.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIF355.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIF7C9.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFB91.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFDC3.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFEAD.tmp- =>.Superfluous.Empty MOVIDO arquivo: C:\Windows\Installer\MSIFFE4.tmp- =>.Superfluous.Empty ---\\ Registro ( Chaves, Valores, Dados ) (32) SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Ammyy [] =>.Superfluous.Ammyy SUPRIMIDO chave: HKCU\Software\Ammyy [] =>.Superfluous.Ammyy SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [188] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\api.smarterpowerunite.com [172147] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [464] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d15vtg97aygy3q.cloudfront.net [10] =>.Superfluous.CloudfrontNet SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mixvideoplayer.com [] =>.Superfluous.Softforce SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\smarterpowerunite.com [153385] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vitruvianleads.com [] =>Adware.Vitruvian SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.vitruvianleads.com [25] =>Adware.Vitruvian SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\browsepulse-a.akamaihd.net [95848] =>PUP.Optional.BrowsePulse SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [308] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d15vtg97aygy3q.cloudfront.net [28] =>.Superfluous.CloudfrontNet SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHD SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vitruvianleads.com [] =>Adware.Vitruvian SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.vitruvianleads.com [25] =>Adware.Vitruvian SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Primary Color [] =>PUP.Optional.PrimaryColor SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Primary Color [] =>PUP.Optional.PrimaryColor SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Sakura [] =>PUP.Optional.GameGogle SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.Superfluous.ByteFence SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.Superfluous.ByteFence SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASAPI32 [] =>.Superfluous.Softforce SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASMANCS [] =>.Superfluous.Softforce SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32 [] =>PUP.Optional.MyPCBackup SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS [] =>PUP.Optional.MyPCBackup SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASAPI32 [] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASMANCS [] =>PUP.Optional.SmarterPower SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Sakura [] =>PUP.Optional.GameGogle SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1 [simplitec GmbH] =>.Superfluous.SimpliClean SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect ---\\ Resumo dos elementos encontrados na sua estação de trabalho (17) =>.Superfluous.SimpliClean =>PUP.Optional.Pirrit =>PUP.Optional.YTDownloader =>.Superfluous.Temporary.Steam =>.Superfluous.Empty =>.Superfluous.Ammyy =>.Superfluous.AkamaiHD =>PUP.Optional.SmarterPower =>.Superfluous.CloudfrontNet =>.Superfluous.Softforce =>Adware.Vitruvian =>PUP.Optional.BrowsePulse =>PUP.Optional.PrimaryColor =>PUP.Optional.GameGogle =>.Superfluous.ByteFence =>PUP.Optional.MyPCBackup https://www.anti-malware.top/2016/04/22/heuristic-suspect/%C2'> =>Heuristic.Suspect ---\\ Dodatkowe oczyszczenie. (37) ~ Chave de registro Tracing Supprimido (37) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ---\\ Estatísticas ~ Items scan : 3698 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 92 ~ End of clean in 00h02mn29s ~==================== ZHPCleaner-[R]-10012017-14_23_56.txt ZHPCleaner--10012017-14_10_33.txt
  6. Boa tarde, segue relatório. Obrigada. # AdwCleaner v6.042 - Relatório criado 08/01/2017 às 12:42:54 # *Updated on 06/01/2017 by Malwarebytes # Banco de dados : 2017-01-06.1 [servidor] # Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64) # Usuário : Lucimar - LUCIMAR-PC # Executando de : C:\Users\Lucimar\Desktop\adwcleaner_6.042.exe # Limpar # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** [-] Políticas do IE excluídasswdumon [-] Políticas do IE excluídasNETTCPHANDLER ***** [ Pastas ] ***** [-] RestauradoC:\ProgramData\{1005F8C6-4087-2940-F101-59C221838A4C} [#] *Folder deleted on reboot: C:\ProgramData\Application Data\{1005F8C6-4087-2940-F101-59C221838A4C} [-] RestauradoC:\Users\Lucimar\AppData\Local\BrowserHelper [-] RestauradoC:\Users\Lucimar\AppData\Local\slimware utilities inc [-] RestauradoC:\Users\Lucimar\AppData\Local\wincheck [-] RestauradoC:\Users\Lucimar\AppData\Local\YSearchUtil [#] *Folder deleted on reboot: C:\Users\Lucimar\AppData\Local\SlimWare Utilities Inc [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Elex-tech [-] RestauradoC:\Users\Lucimar\AppData\Roaming\GoldenGate [-] RestauradoC:\Users\Lucimar\AppData\Roaming\NetService [-] RestauradoC:\Users\Lucimar\AppData\Roaming\RunDir [-] RestauradoC:\Users\Lucimar\AppData\Roaming\shortCutStore [-] RestauradoC:\Users\Lucimar\AppData\Roaming\WinNetSvc [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Booking_helper [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader [-] RestauradoC:\ProgramData\apn [-] RestauradoC:\ProgramData\SlimWare Utilities, Inc [#] *Folder deleted on reboot: C:\ProgramData\Application Data\apn [#] *Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities, Inc [-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com [-] RestauradoC:\Users\Public\Documents\Guid [-] RestauradoC:\Users\Public\Documents\pc faster [-] RestauradoC:\Users\Public\Documents\Downloaded Installers [-] RestauradoC:\Program Files (x86)\Elex-tech [-] RestauradoC:\Program Files (x86)\oTweak [-] RestauradoC:\Program Files (x86)\predm [-] RestauradoC:\Program Files (x86)\YTDownloader [-] RestauradoC:\Program Files (x86)\Booking.com [-] RestauradoC:\Program Files (x86)\Yahoo!\yset [-] RestauradoC:\Program Files (x86)\Common Files\Umbrella [-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ntsvc [-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool [-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil [-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej ***** [ Arquivos ] ***** [-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url [-] RestauradoC:\Users\Lucimar\Desktop\Play Games Online.url [-] RestauradoC:\Windows\SysNative\drivers\swdumon.sys [-] RestauradoC:\END [-] RestauradoC:\Users\Public\Desktop\simpliclean.lnk [-] RestauradoC:\Users\Public\Desktop\Booking.com.lnk [-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk [-] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml [#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml [#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** [-] Chaves %sTracing%s excluídas{1005F8C6-4087-2940-F101-59C221838A4C} [-] Chaves %sTracing%s excluídas{D11EAD46-8D5B-4C3C-B5F5-E67B4B3C7841} ***** [ Registro ] ***** [-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER [#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [-] RestauradoHKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} [-] RestauradoHKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} [-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88} [-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}] [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] [-] RestauradoHKU\.DEFAULT\Software\PennyBee [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\GoldenGate [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\oTweak [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\PRODUCTSETUP [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\SlimWare Utilities Inc [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\WeatherTool [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Booking.com [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\csastats [-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\YTDownloader [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro [#] *Key deleted on reboot: HKU\S-1-5-18\Software\PennyBee [#] *Key deleted on reboot: HKCU\Software\GoldenGate [#] *Key deleted on reboot: HKCU\Software\oTweak [#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP [#] *Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc [#] *Key deleted on reboot: HKCU\Software\WeatherTool [#] *Key deleted on reboot: HKCU\Software\Booking.com [#] *Key deleted on reboot: HKCU\Software\csastats [#] *Key deleted on reboot: HKCU\Software\YTDownloader [-] RestauradoHKLM\SOFTWARE\SLIMWARE UTILITIES, INC. [-] RestauradoHKLM\SOFTWARE\Clara [-] RestauradoHKLM\SOFTWARE\NetTcpHandler [-] RestauradoHKLM\SOFTWARE\NtSvcHandler [-] RestauradoHKLM\SOFTWARE\searchult [-] RestauradoHKLM\SOFTWARE\SlimWare Utilities Inc [-] RestauradoHKLM\SOFTWARE\WaInternetEn [-] RestauradoHKLM\SOFTWARE\SkypeUpdateEx [-] RestauradoHKLM\SOFTWARE\MaxPower [-] RestauradoHKLM\SOFTWARE\WMPNetworkAcSvc [-] RestauradoHKLM\SOFTWARE\YTDownloader [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B552B283-6EBC-457E-8187-01682C83F26C}_is1 [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winsearch [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro [#] *Key deleted on reboot: [x64] HKCU\Software\GoldenGate [#] *Key deleted on reboot: [x64] HKCU\Software\oTweak [#] *Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP [#] *Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc [#] *Key deleted on reboot: [x64] HKCU\Software\WeatherTool [#] *Key deleted on reboot: [x64] HKCU\Software\Booking.com [#] *Key deleted on reboot: [x64] HKCU\Software\csastats [#] *Key deleted on reboot: [x64] HKCU\Software\YTDownloader [-] Restaurado[x64] HKLM\SOFTWARE\im-dosearch [-] Restaurado[x64] HKLM\SOFTWARE\navegaki [-] Restaurado[x64] HKLM\SOFTWARE\WaInternetEn [-] Restaurado[x64] HKLM\SOFTWARE\DtsEncodeTools [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com [#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\3D BubbleSound [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\DriverUpdaterPro [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SPDriver [-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\YTDownloader [-] RestauradoHKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5} [-] RestauradoHKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249} [-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe [-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [browserWeb.exe] [-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5} [-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D} [#] *Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E [-] RestauradoHKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej [-] RestauradoHKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej [#] *Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej [-] Restaurado[x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej ***** [ Verificando navegadores ... ] ***** [-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default\Web data] [search Provider] Excluídosearch provided by yahoo [-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk [-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [homepage] Excluídohxxp://br.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_27&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCtByBtBtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0DyD0CtCzz0DyEtGyC0F0BtAtGzy0D0F0CtGyD0D0B0EtGyE0F0AtDyB0E0DtB0DyEtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDtB0AyDyCyCyCtGtA0AyEtDtGyE0CtCtAtGzyzyyDtCtGtAtCzytAyByCtCzztC0C0F0F2QtN0A0LzuyE%26cr%3D2012913086%26a%3Dwncy_bxi01_15_27%26os%3DWindows 7 Ultimate%26uref%3Dchmm [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Excluídobr.ask.com [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídojcgcoifbkbphhjnekfkmohklfaimhikk [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídonbljechdpodpbchbmjcoamidppmpnmlc [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídooilkkkefbalmbfppgjmgjoefbclebkce [-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídopilplloabdedfmialnfchjomjmpjcoej ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas :: Configurações Proxy restauradas :: Políticas do IE excluídas :: Políticas do Chrome excluídas :: Chrome preferences resetC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default :: *Hosts file cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [16774 *Bytes] - [08/01/2017 12:42:54] C:\AdwCleaner\AdwCleaner[s0].txt - [15266 *Bytes] - [08/01/2017 12:31:31] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16924 *Bytes] ##########
  7. Boa noite, segue log. Obrigada. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 07-01-2017 Executado por Lucimar (07-01-2017 19:34:16) Run:1 Executando a partir de C:\Users\Lucimar\Desktop Perfis Carregados: Lucimar (Perfis Disponíveis: Lucimar) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: Task: {08FD459A-C931-4610-B4B9-C1AEA096EF1F} - \SPDriver -> Nenhum Arquivo <==== ATENÇÃO Task: {0C750A8C-92C2-4623-AF80-78E1629FD192} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () <==== ATENÇÃO Task: {1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} - \WSE_Vosteran -> Nenhum Arquivo <==== ATENÇÃO Task: {424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} - \Run_Bobby_Browser -> Nenhum Arquivo <==== ATENÇÃO Task: {44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-06-01] (YTDownloader) <==== ATENÇÃO Task: {464A631C-65FF-4B81-BD30-D95EA1232E0F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO Task: {4A74678F-F73E-4F03-B9A3-42A265529AA0} - \SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 -> Nenhum Arquivo <==== ATENÇÃO Task: {4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} - System32\Tasks\Yahoo! Powered nosar => Wscript.exe "C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633452d3332354437353743423939337d5c726964616665" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633 (a entrada de dados tem 78 mais caracteres). Task: {63D662ED-C65D-493F-83FB-48BB20B69954} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATENÇÃO Task: {81023610-D0C0-4F64-AC87-44C5CC0CCA2E} - \ShopperPro -> Nenhum Arquivo <==== ATENÇÃO Task: {8416AF03-2C01-45D7-9212-33244A3F7726} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO Task: {9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} - \Vosteran caco -> Nenhum Arquivo <==== ATENÇÃO Task: {A3442B28-79C1-4B33-BEC7-42540A227994} - System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE [2016-12-05] () <==== ATENÇÃO Task: {DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} - System32\Tasks\Gnorujsepe => C:\ProgramData\Gnorujsepe\1.0.1.0\onioluog.exe <==== ATENÇÃO Task: {DCE77CD0-231A-49F3-9781-D3ABA7375031} - \SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c -> Nenhum Arquivo <==== ATENÇÃO Task: {E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} - \ShopperProJSUpd -> Nenhum Arquivo <==== ATENÇÃO Task: {ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} - System32\Tasks\PostPoneInstall => C:\Users\Lucimar\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATENÇÃO Task: {FB98754A-A3E9-476A-9648-C965E27BC77A} - \{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} -> Nenhum Arquivo <==== ATENÇÃO Task: C:\Windows\Tasks\Yahoo! Powered nosar.job => Wscript.exe C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt <==== ATENÇÃO Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe?œ-RunCheckUpdate C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÇÃO Task: C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE <==== ATENÇÃO ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 2015-01-23 18:42 - 2015-01-23 18:42 - 0005632 _____ () C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-01 07:22 - 2015-06-01 07:22 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe 2015-08-13 09:50 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe 2016-09-21 13:53 - 2016-10-01 15:40 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe 2016-01-03 02:47 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe 2016-09-21 13:53 - 2016-10-01 15:40 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe 2016-01-03 02:47 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll 2015-03-30 06:51 - 2015-03-30 06:51 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll 2017-01-06 20:35 - 2016-03-21 12:07 - 00000000 ____D C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc 2017-01-06 19:01 - 2016-09-21 13:40 - 00000000 ____D C:\Program Files\ByteFence 2017-01-06 18:44 - 2016-05-12 15:03 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx 2017-01-06 19:45 - 2016-09-21 13:45 - 00000982 _____ C:\Windows\Tasks\Yahoo! Powered nosar.job 2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993} 2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993} HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {4fb45597-585b-11e4-a5dd-80ee736463d6} - E:\AutoRun.exe "motorola.html" HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {e3628e6e-9927-11e6-bc86-ea3791124264} - F:\Autorun.exe HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {f2bcf658-cdb8-11e4-a88c-80ee736463d6} - E:\MotorolaDeviceManagerSetup.exe -a HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partners HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678 SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {CCC6687C-7692-41F4-B214-4C5B42BC8148} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ProxyServer: [.DEFAULT] => http=127.0.0.1:52165;https=127.0.0.1:52165 R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bassvc.exe [208928 2015-03-30] (Baidu, Inc.) R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-06-01] () <==== ATENÇÃO R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-10-01] () R2 WinNetSvc; C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () R2 WMPNetworkAcSvc; C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-11] () R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSvc.exe [160536 2015-10-19] (Yahoo Inc.) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-06-01] (YTDownloader) S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S3 JME; system32\DRIVERS\JME.sys [X] S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:F13278F6_Abn.gbp [2] AlternateDataStreams: C:\Windows\System32:F13278F6_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:F13278F6_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exe C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job C:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exe C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe C:\Program Files\ByteFence\ByteFence.exe C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe C:\Program Files (x86)\SkypeUpdateEx CMD: sfc /scannow CreateRestorePoint: RemoveProxy: EmptyTemp: Reboot: Hosts: end ***************** Processos fechados com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08FD459A-C931-4610-B4B9-C1AEA096EF1F} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08FD459A-C931-4610-B4B9-C1AEA096EF1F} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C750A8C-92C2-4623-AF80-78E1629FD192} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C750A8C-92C2-4623-AF80-78E1629FD192} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\YTDownloader => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{464A631C-65FF-4B81-BD30-D95EA1232E0F} => chave não encontrado (a). C:\Windows\System32\Tasks\ByteFence => não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A74678F-F73E-4F03-B9A3-42A265529AA0} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A74678F-F73E-4F03-B9A3-42A265529AA0} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\Yahoo! Powered nosar => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered nosar => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63D662ED-C65D-493F-83FB-48BB20B69954} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63D662ED-C65D-493F-83FB-48BB20B69954} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\LaunchApp => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{81023610-D0C0-4F64-AC87-44C5CC0CCA2E} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81023610-D0C0-4F64-AC87-44C5CC0CCA2E} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8416AF03-2C01-45D7-9212-33244A3F7726} => chave não encontrado (a). C:\Windows\System32\Tasks\ByteFence Scan => não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran caco => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3442B28-79C1-4B33-BEC7-42540A227994} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3442B28-79C1-4B33-BEC7-42540A227994} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{950C9674-03B5-4ADF-9770-1491444BAC89} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\Gnorujsepe => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gnorujsepe => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCE77CD0-231A-49F3-9781-D3ABA7375031} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCE77CD0-231A-49F3-9781-D3ABA7375031} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} => chave removido (a) com sucesso. C:\Windows\System32\Tasks\PostPoneInstall => movido com sucesso HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB98754A-A3E9-476A-9648-C965E27BC77A} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB98754A-A3E9-476A-9648-C965E27BC77A} => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => chave não encontrado (a). C:\Windows\Tasks\Yahoo! Powered nosar.job => movido com sucesso C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => movido com sucesso C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => movido com sucesso C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Atalho argumento restaurado com sucesso C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso.. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Atalho argumento removido (a) com sucesso.. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucesso C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe => movido com sucesso C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe => movido com sucesso "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => não encontrado (a). C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe => movido com sucesso "C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => não encontrado (a). C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll => movido com sucesso C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll => movido com sucesso C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc => movido com sucesso C:\Program Files\ByteFence => movido com sucesso C:\Program Files (x86)\SkypeUpdateEx => movido com sucesso "C:\Windows\Tasks\Yahoo! Powered nosar.job" => não encontrado (a). C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993} => movido com sucesso "C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}" => não encontrado (a). HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fb45597-585b-11e4-a5dd-80ee736463d6} => chave removido (a) com sucesso. HKCR\CLSID\{4fb45597-585b-11e4-a5dd-80ee736463d6} => chave não encontrado (a). HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3628e6e-9927-11e6-bc86-ea3791124264} => chave removido (a) com sucesso. HKCR\CLSID\{e3628e6e-9927-11e6-bc86-ea3791124264} => chave não encontrado (a). HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2bcf658-cdb8-11e4-a88c-80ee736463d6} => chave removido (a) com sucesso. HKCR\CLSID\{f2bcf658-cdb8-11e4-a88c-80ee736463d6} => chave não encontrado (a). HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso. HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave removido (a) com sucesso. HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave removido (a) com sucesso. HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => chave removido (a) com sucesso. HKCR\CLSID\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => chave não encontrado (a). HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => chave removido (a) com sucesso. HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => chave não encontrado (a). HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso. HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave removido (a) com sucesso. HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave não encontrado (a). HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC6687C-7692-41F4-B214-4C5B42BC8148} => chave removido (a) com sucesso. HKCR\CLSID\{CCC6687C-7692-41F4-B214-4C5B42BC8148} => chave não encontrado (a). HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => chave removido (a) com sucesso. HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => chave não encontrado (a). HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => valor removido (a) com sucesso. HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => chave não encontrado (a). HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => valor removido (a) com sucesso. HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => chave não encontrado (a). C:\Windows\system32\GroupPolicy\Machine => movido com sucesso C:\Windows\system32\GroupPolicy\GPT.ini => movido com sucesso C:\Windows\SysWOW64\GroupPolicy\GPT.ini => movido com sucesso HKLM\SOFTWARE\Policies\Google => chave removido (a) com sucesso. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => valor removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\BASSVC => chave removido (a) com sucesso. BASSVC => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\BrsHelper => chave removido (a) com sucesso. BrsHelper => serviço removido (a) com sucesso. rtop => serviço não encontrado (a). HKLM\System\CurrentControlSet\Services\WinNetSvc => chave removido (a) com sucesso. WinNetSvc => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\WMPNetworkAcSvc => chave removido (a) com sucesso. WMPNetworkAcSvc => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\YSearchUtilSvc => chave removido (a) com sucesso. YSearchUtilSvc => serviço removido (a) com sucesso. sbmntr => Serviço finalizado com sucesso. HKLM\System\CurrentControlSet\Services\sbmntr => chave removido (a) com sucesso. sbmntr => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\wsddfac => chave removido (a) com sucesso. wsddfac => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\BprotectEx => chave removido (a) com sucesso. BprotectEx => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\gbpddfac => chave removido (a) com sucesso. gbpddfac => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\gbpddreg => chave removido (a) com sucesso. gbpddreg => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\JME => chave removido (a) com sucesso. JME => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\PCFApiUtil => chave removido (a) com sucesso. PCFApiUtil => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\Synth3dVsc => chave removido (a) com sucesso. Synth3dVsc => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\tsusbhub => chave removido (a) com sucesso. tsusbhub => serviço removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\VGPU => chave removido (a) com sucesso. VGPU => serviço removido (a) com sucesso. C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. C:\Windows\System32 => ":F13278F6_Abn.gbp" ADS removido (a) com sucesso.. C:\Windows\System32 => ":F13278F6_Bb.gbp" ADS removido (a) com sucesso.. C:\Windows\System32 => ":F13278F6_Cef.gbp" ADS removido (a) com sucesso.. C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso.. "C:\Users\Todos os Usuários\GbPlugin" => ":IncompleteStartGbprcm.cnt" ADS não encontrado (a). "C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe" => não encontrado (a). "C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe" => não encontrado (a). "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => não encontrado (a). "C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" => não encontrado (a). C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exe => movido com sucesso "C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job" => não encontrado (a). "C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job" => não encontrado (a). C:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exe => movido com sucesso "C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => não encontrado (a). "C:\Program Files\ByteFence\ByteFence.exe" => não encontrado (a). C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe => movido com sucesso "C:\Program Files (x86)\SkypeUpdateEx" => não encontrado (a). ========= sfc /scannow ========= Iniciando verifica‡Æo de arquivos. O processo levar alguns minutos para ser conclu¡do. Iniciando fase de verifica‡Æo de verifica‡Æo do sistema. Verifica‡Æo 0% conclu¡da.Verifica‡Æo 1% conclu¡da.Verifica‡Æo 1% conclu¡da.Verifica‡Æo 2% conclu¡da.Verifica‡Æo 2% conclu¡da.Verifica‡Æo 3% conclu¡da.Verifica‡Æo 3% conclu¡da.Verifica‡Æo 4% conclu¡da.Verifica‡Æo 4% conclu¡da.Verifica‡Æo 5% conclu¡da.Verifica‡Æo 5% conclu¡da.Verifica‡Æo 6% conclu¡da.Verifica‡Æo 6% conclu¡da.Verifica‡Æo 7% conclu¡da.Verifica‡Æo 7% conclu¡da.Verifica‡Æo 8% conclu¡da.Verifica‡Æo 8% conclu¡da.Verifica‡Æo 9% conclu¡da.Verifica‡Æo 9% conclu¡da.Verifica‡Æo 10% conclu¡da.Verifica‡Æo 11% conclu¡da.Verifica‡Æo 11% conclu¡da.Verifica‡Æo 12% conclu¡da.Verifica‡Æo 12% conclu¡da.Verifica‡Æo 13% conclu¡da.Verifica‡Æo 13% conclu¡da.Verifica‡Æo 14% conclu¡da.Verifica‡Æo 14% conclu¡da.Verifica‡Æo 15% conclu¡da.Verifica‡Æo 15% conclu¡da.Verifica‡Æo 16% conclu¡da.Verifica‡Æo 16% conclu¡da.Verifica‡Æo 17% conclu¡da.Verifica‡Æo 17% conclu¡da.Verifica‡Æo 18% conclu¡da.Verifica‡Æo 18% conclu¡da.Verifica‡Æo 19% conclu¡da.Verifica‡Æo 19% conclu¡da.Verifica‡Æo 20% conclu¡da.Verifica‡Æo 20% conclu¡da.Verifica‡Æo 21% conclu¡da.Verifica‡Æo 22% conclu¡da.Verifica‡Æo 22% conclu¡da.Verifica‡Æo 23% conclu¡da.Verifica‡Æo 23% conclu¡da.Verifica‡Æo 24% conclu¡da.Verifica‡Æo 24% conclu¡da.Verifica‡Æo 25% conclu¡da.Verifica‡Æo 25% conclu¡da.Verifica‡Æo 26% conclu¡da.Verifica‡Æo 26% conclu¡da.Verifica‡Æo 27% conclu¡da.Verifica‡Æo 27% conclu¡da.Verifica‡Æo 28% conclu¡da.Verifica‡Æo 28% conclu¡da.Verifica‡Æo 29% conclu¡da.Verifica‡Æo 29% conclu¡da.Verifica‡Æo 30% conclu¡da.Verifica‡Æo 30% conclu¡da.Verifica‡Æo 31% conclu¡da.Verifica‡Æo 31% conclu¡da.Verifica‡Æo 32% conclu¡da.Verifica‡Æo 33% conclu¡da.Verifica‡Æo 33% conclu¡da.Verifica‡Æo 34% conclu¡da.Verifica‡Æo 34% conclu¡da.Verifica‡Æo 35% conclu¡da.Verifica‡Æo 35% conclu¡da.Verifica‡Æo 36% conclu¡da.Verifica‡Æo 36% conclu¡da.Verifica‡Æo 37% conclu¡da.Verifica‡Æo 37% conclu¡da.Verifica‡Æo 38% conclu¡da.Verifica‡Æo 38% conclu¡da.Verifica‡Æo 39% conclu¡da.Verifica‡Æo 39% conclu¡da.Verifica‡Æo 40% conclu¡da.Verifica‡Æo 40% conclu¡da.Verifica‡Æo 41% conclu¡da.Verifica‡Æo 41% conclu¡da.Verifica‡Æo 42% conclu¡da.Verifica‡Æo 42% conclu¡da.Verifica‡Æo 43% conclu¡da.Verifica‡Æo 44% conclu¡da.Verifica‡Æo 44% conclu¡da.Verifica‡Æo 45% conclu¡da.Verifica‡Æo 45% conclu¡da.Verifica‡Æo 46% conclu¡da.Verifica‡Æo 46% conclu¡da.Verifica‡Æo 47% conclu¡da.Verifica‡Æo 47% conclu¡da.Verifica‡Æo 48% conclu¡da.Verifica‡Æo 48% conclu¡da.Verifica‡Æo 49% conclu¡da.Verifica‡Æo 49% conclu¡da.Verifica‡Æo 50% conclu¡da.Verifica‡Æo 50% conclu¡da.Verifica‡Æo 51% conclu¡da.Verifica‡Æo 51% conclu¡da.Verifica‡Æo 52% conclu¡da.Verifica‡Æo 52% conclu¡da.Verifica‡Æo 53% conclu¡da.Verifica‡Æo 53% conclu¡da.Verifica‡Æo 54% conclu¡da.Verifica‡Æo 55% conclu¡da.Verifica‡Æo 55% conclu¡da.Verifica‡Æo 56% conclu¡da.Verifica‡Æo 56% conclu¡da.Verifica‡Æo 57% conclu¡da.Verifica‡Æo 57% conclu¡da.Verifica‡Æo 58% conclu¡da.Verifica‡Æo 58% conclu¡da.Verifica‡Æo 59% conclu¡da.Verifica‡Æo 59% conclu¡da.Verifica‡Æo 60% conclu¡da.Verifica‡Æo 60% conclu¡da.Verifica‡Æo 61% conclu¡da.Verifica‡Æo 61% conclu¡da.Verifica‡Æo 62% conclu¡da.Verifica‡Æo 62% conclu¡da.Verifica‡Æo 63% conclu¡da.Verifica‡Æo 63% conclu¡da.Verifica‡Æo 64% conclu¡da.Verifica‡Æo 64% conclu¡da.Verifica‡Æo 65% conclu¡da.Verifica‡Æo 66% conclu¡da.Verifica‡Æo 66% conclu¡da.Verifica‡Æo 67% conclu¡da.Verifica‡Æo 67% conclu¡da.Verifica‡Æo 68% conclu¡da.Verifica‡Æo 68% conclu¡da.Verifica‡Æo 69% conclu¡da.Verifica‡Æo 69% conclu¡da.Verifica‡Æo 70% conclu¡da.Verifica‡Æo 70% conclu¡da.Verifica‡Æo 71% conclu¡da.Verifica‡Æo 71% conclu¡da.Verifica‡Æo 72% conclu¡da.Verifica‡Æo 72% conclu¡da.Verifica‡Æo 73% conclu¡da.Verifica‡Æo 73% conclu¡da.Verifica‡Æo 74% conclu¡da.Verifica‡Æo 74% conclu¡da.Verifica‡Æo 75% conclu¡da.Verifica‡Æo 75% conclu¡da.Verifica‡Æo 76% conclu¡da.Verifica‡Æo 77% conclu¡da.Verifica‡Æo 77% conclu¡da.Verifica‡Æo 78% conclu¡da.Verifica‡Æo 78% conclu¡da.Verifica‡Æo 79% conclu¡da.Verifica‡Æo 79% conclu¡da.Verifica‡Æo 80% conclu¡da.Verifica‡Æo 80% conclu¡da.Verifica‡Æo 81% conclu¡da.Verifica‡Æo 81% conclu¡da.Verifica‡Æo 82% conclu¡da.Verifica‡Æo 82% conclu¡da.Verifica‡Æo 83% conclu¡da.Verifica‡Æo 83% conclu¡da.Verifica‡Æo 84% conclu¡da.Verifica‡Æo 84% conclu¡da.Verifica‡Æo 85% conclu¡da.Verifica‡Æo 85% conclu¡da.Verifica‡Æo 86% conclu¡da.Verifica‡Æo 87% conclu¡da.Verifica‡Æo 87% conclu¡da.Verifica‡Æo 88% conclu¡da.Verifica‡Æo 88% conclu¡da.Verifica‡Æo 89% conclu¡da.Verifica‡Æo 89% conclu¡da.Verifica‡Æo 90% conclu¡da.Verifica‡Æo 90% conclu¡da.Verifica‡Æo 91% conclu¡da.Verifica‡Æo 91% conclu¡da.Verifica‡Æo 92% conclu¡da.Verifica‡Æo 92% conclu¡da.Verifica‡Æo 93% conclu¡da.Verifica‡Æo 93% conclu¡da.Verifica‡Æo 94% conclu¡da.Verifica‡Æo 94% conclu¡da.Verifica‡Æo 95% conclu¡da.Verifica‡Æo 95% conclu¡da.Verifica‡Æo 96% conclu¡da.Verifica‡Æo 96% conclu¡da.Verifica‡Æo 97% conclu¡da.Verifica‡Æo 98% conclu¡da.Verifica‡Æo 98% conclu¡da.Verifica‡Æo 99% conclu¡da.Verifica‡Æo 99% conclu¡da.Verifica‡Æo 100% conclu¡da. A Prote‡Æo de Recursos do Windows nÆo encontrou nenhuma viola‡Æo de integridade. ========= Fim de CMD: ========= Ponto de Restauração criado com sucesso. ========= RemoveProxy: ========= HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso. HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso. ========= Fim de RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5229177 B Java, Flash, Steam htmlcache => 492 B Windows/system/drivers => 57635464 B Edge => 0 B Chrome => 80994869 B Firefox => 47008686 B Opera => 5682176 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 66228 B Public => 0 B ProgramData => 0 B systemprofile => 56382883 B systemprofile32 => 172501 B LocalService => 0 B NetworkService => 0 B Lucimar => 115493429 B RecycleBin => 0 B EmptyTemp: => 359.6 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 20:10:10 ====
  8. JOGO 01: VENEZUELA JOGO 02: URUGUAI JOGO 03: COLÔMBIA JOGO 04: Empate JOGO 05: PARAGUAI
  9. JOGO 01: ARSENAL-ING JOGO 02: PSG-FRA JOGO 03: NAPOLI-ITA JOGO 04: BENFICA-POR JOGO 05: BORUSSIA MONCHENGLADBACH-ALE JOGO 06: BARCELONA-ESP JOGO 07: ATLETICO DE MADRID-ESP JOGO 08: BAYERN DE MUNIQUE-ALE JOGO 09: Empate JOGO 10: Empate JOGO 11: BORUSSIA DORTMUND-ALE JOGO 12: REAL MADRID-ESP JOGO 13 LEICESTER-ING JOGO 14: PORTO-POR JOGO 15: SEVILLA-ESP JOGO 16: JUVENTUS-ITA
  10. JOGO 01: CERRO PORTENO-PAR JOGO 02: CORITIBA-PR JOGO 03: JUNIOR BARRANQUILLA-COL x CHAPECOENSE-SC JOGO 04: SAN LORENZO-ARG
  11. JOGO 01: ARSENAL-ING JOGO 02: PSG-FRA JOGO 03: NAPOLI-ITA JOGO 04: BENFICA-POR JOGO 05: BORUSSIA MONCHENGLADBACH-ALE JOGO 06: BARCELONA-ESP JOGO 07: ATLETICO DE MADRID-ESP JOGO 08: BAYERN DE MUNIQUE-ALE JOGO 09: CSKA MOSCOU-RUS x MONACO-FRA JOGO 10: BAYER LEVERKUSEN-ALE JOGO 11: SPORTING-POR JOGO 12: REAL MADRID-ESP JOGO 13: LEICESTER-ING JOGO 14: PORTO-POR JOGO 15: DINAMO ZAGREB-CRO x SEVILLA-ESP JOGO 16: LYON-FRA
  12. O antivirus detectou mas não limpou. Deixei na quarentena o trojan. Segue log do Hijack. Obrigada. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:56:43, on 06/09/2016 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.10586.0545) Boot mode: Normal Running processes: C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\Program Files (x86)\Claro 3G\UIMain.exe C:\Program Files (x86)\Claro 3G\CMUpdater.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Ivan\Desktop\Backup ivan\ivansc\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/#web/result?source=art&q= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Avira SystrayStartTrigger] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - Startup: PalTalk.lnk = C:\Program Files (x86)\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE/3000 O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bancoreal.com.br O15 - Trusted Zone: http://www.bancosantander.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: http://www.santander.com.br O15 - Trusted Zone: www.santanderempresarial.com.br O15 - Trusted Zone: http://www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: wwws2.santandernet.com.br O15 - Trusted Zone: www.santandernetibe.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{BF684491-4F85-499F-BB7E-4C63E139817F}: NameServer = 200.169.117.221 200.169.117.222 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing) O23 - Service: MySQL56 - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: Unchecky - RaMMicHaeL - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @oem17.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNAT.EXE O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12647 bytes
  13. JOGO 01: INDEPENDIENTE MEDELLIN-COL JOGO 02: SANTA FE-COL JOGO 03: ATLETICO NACIONAL-COL JOGO 04: BELGRANO-ARG JOGO 05: SAN LORENZO-ARG JOGO 06: FLAMENGO-RJ JOGO 07: INDEPENDIENTE-ARG JOGO 08: JUNIOR BARRANQUILLA-COL x MONTEVIDEO WANDERERS-URU
  14. JOGO 01: PSG-FRA JOGO 02: ARSENAL-ING JOGO 03: DINAMO KIEV-UCR JOGO 04: NAPOLI-ITA JOGO 05: BARCELONA-ESP JOGO 06: MANCHESTER CITY-ING JOGO 07: PSV EINDHOVEN-HOL JOGO 08: BAYERN DE MUNIQUE-ALE JOGO 09: CSKA MOSCOU-RUS JOGO 10: MONACO-FRA x BAYER LEVERKUSEN-ALE JOGO 11: REAL MADRID-ESP JOGO 12: SPORTING-POR JOGO 13: BRUGGE-BEL JOGO 14: LEICESTER-ING JOGO 15: SEVILLA-ESP JOGO 16: DINAMO ZAGREB-CRO x JUVENTUS-ITA
  15. Olá, o antivirus não detectou mais o malware. Vou baixar o Delfix e seguir as instruções, ok? Muito obrigada. :)
  16. Olá, segue relatório. Obrigada. :) ~ ZHPCleaner v2016.9.8.126 by Nicolas Coolman (2016/09/08) ~ Run by Ivan (Administrator) (09/09/2016 23:38:05) ~ Web: https://www.nicolascoolman.com ~ Blog: https://www.anti-malware.top ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Scanner ~ Report : C:\Users\Ivan\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Ivan\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 10586) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (59) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Registro ( Chaves, Valores, Dados ) (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Resultado de reparação ~ Eventuais reparações feita ~ Este navegador está faltando ! (Google Chrome) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 94118 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 0 ~ End of search in 00h09mn50s ~==================== ZHPCleaner-[R]-09092016-23_37_31.txt ZHPCleaner-[R]-10072015-21_07_25.txt ZHPCleaner--09092016-23_36_13.txt ZHPCleaner--09092016-23_47_55.txt
  17. Boa tarde, segue mais um log. :) Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 31-08-2016 Executado por Ivan (07-09-2016 17:05:39) Run:1 Executando a partir de C:\Users\Ivan\Desktop Perfis Carregados: Ivan (Perfis Disponíveis: Ivan & Ana & Classic .NET AppPool) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CloseProcesses: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {a3b3cddc-429a-11e4-a996-00248cd00264} - "G:\Windows/AutoRun.exe" HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= SearchScopes: HKU\User-7 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HomePage: Profile 6 -> hxxp://www.netvibes.com/ivansc CHR StartupUrls: Profile 6 -> "hxxp://www.netvibes.com/ivansc","hxxp://app.webinspector.com/public/tasks/7510752#","hxxp://help.comodo.com/topic-120-1-279-2573-enabling-disabling-the-translate-bar.html" S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] U3 idsvc; não ImagePath U3 wpcsvc; não ImagePath Task: {1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO Task: {5796F8F3-07C5-4AEC-A827-972B8C26D94A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {7A17D296-A89B-4001-930B-DA6F48D6101E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {8A63A62D-6AE1-4C2F-B429-6B64A95EEA33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {8B305C2B-E3C7-4E33-A073-056157D35FBC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {914B79C5-0A34-4B16-B476-6BCA78790BFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO Task: {A67B39FE-7A95-4F3A-A9DE-2B1524264471} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {B21BE69D-B70C-4B49-91C9-946EF67E1F71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {C518C286-2630-4166-A47B-D6D58D7B902A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO Task: {D64E77D4-FC21-4E8F-9505-09C015DE279F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {DB27A538-4B02-4950-A7A4-0E67F316E0AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {F8D3449A-7DFA-47A9-8127-34ACE6DF7983} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO ShortcutWithArgument: C:\Users\Ivan\Desktop\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434] C:\Users\adm_isc\AppData\Local\Temp\avgnt.exe C:\Users\Ana\AppData\Local\Temp\avgnt.exe C:\Users\Ivan\AppData\Local\Temp\avgnt.exe CreateRestorePoint: EmptyTemp: Reboot: Hosts: end ***************** Processos fechados com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3b3cddc-429a-11e4-a996-00248cd00264}" => chave removido (a) com sucesso. HKCR\CLSID\{a3b3cddc-429a-11e4-a996-00248cd00264} => chave não encontrado (a). HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => valor restaurado com sucesso HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso HKU\User-7\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso. Chrome HomePage => removido (a) com sucesso. Chrome StartupUrls => removido (a) com sucesso. gbpddfac => serviço removido (a) com sucesso. idsvc => serviço removido (a) com sucesso. wpcsvc => serviço removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5796F8F3-07C5-4AEC-A827-972B8C26D94A}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5796F8F3-07C5-4AEC-A827-972B8C26D94A}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A17D296-A89B-4001-930B-DA6F48D6101E}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A17D296-A89B-4001-930B-DA6F48D6101E}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A63A62D-6AE1-4C2F-B429-6B64A95EEA33}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A63A62D-6AE1-4C2F-B429-6B64A95EEA33}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B305C2B-E3C7-4E33-A073-056157D35FBC}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B305C2B-E3C7-4E33-A073-056157D35FBC}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{914B79C5-0A34-4B16-B476-6BCA78790BFA}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{914B79C5-0A34-4B16-B476-6BCA78790BFA}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A67B39FE-7A95-4F3A-A9DE-2B1524264471}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A67B39FE-7A95-4F3A-A9DE-2B1524264471}" => chave removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B21BE69D-B70C-4B49-91C9-946EF67E1F71}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B21BE69D-B70C-4B49-91C9-946EF67E1F71}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C518C286-2630-4166-A47B-D6D58D7B902A}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C518C286-2630-4166-A47B-D6D58D7B902A}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D64E77D4-FC21-4E8F-9505-09C015DE279F}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D64E77D4-FC21-4E8F-9505-09C015DE279F}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB27A538-4B02-4950-A7A4-0E67F316E0AE}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB27A538-4B02-4950-A7A4-0E67F316E0AE}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D3449A-7DFA-47A9-8127-34ACE6DF7983}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D3449A-7DFA-47A9-8127-34ACE6DF7983}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => chave removido (a) com sucesso. C:\Users\Ivan\Desktop\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk => Atalho argumento removido (a) com sucesso.. C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk => Atalho argumento removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.. C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.. C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.. C:\Users\adm_isc\AppData\Local\Temp\avgnt.exe => movido com sucesso C:\Users\Ana\AppData\Local\Temp\avgnt.exe => movido com sucesso C:\Users\Ivan\AppData\Local\Temp\avgnt.exe => movido com sucesso Ponto de Restauração criado com sucesso. "C:\Windows\System32\Drivers\etc\hosts" => Não pode ser movido. Não foi possível restaurar Hosts. =========== EmptyTemp: ========== BITS transfer queue => 2496412 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 51880650 B Java, Flash, Steam htmlcache => 806 B Windows/system/drivers => 57516477 B Edge => 122675671 B Chrome => 854361116 B Firefox => 59786740 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 14366 B NetworkService => 0 B Ivan => 224247658 B adm_isc => 13940038 B Ana => 159137292 B Classic .NET AppPool => 0 B DefaultAppPool => 0 B RecycleBin => 1748058 B EmptyTemp: => 1.4 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 17:13:58 ====
  18. JOGO 01: PSG-FRA JOGO 02: BASEL-SUI JOGO 03: NAPOLI-ITA JOGO 04: BENFICA-POR JOGO 05: BARCELONA-ESP JOGO 06: MANCHESTER CITY-ING JOGO 07: BAYERN DE MUNIQUE-ALE JOGO 08: ATLETICO DE MADRID-ESP JOGO 09: BAYER LEVERKUSEN-ALE JOGO 10: TOTTENHAM-ING JOGO 11: REAL MADRID-ESP JOGO 12: BORUSSIA DORTMUND-ALE JOGO 13: BRUGGE-BEL JOGO 14: PORTO-POR JOGO 15: LYON-FRA JOGO 16: JUVENTUS-ITA
  19. JOGO 01: SPORT-PE 0 x 1 SANTA CRUZ-PE JOGO 02: SPORTIVO LUQUENO-PAR JOGO 03: CERRO PORTENO-PAR JOGO 04: ATLETICO NACIONAL-COL JOGO 05: SPORT HUANCAYO-PER JOGO 06: BELGRANO-ARG x ESTUDIANTES-ARG JOGO 07: CORITIBA-PR 1 x 0 VITORIA-BA JOGO 08: EMELEC-EQU JOGO 09: SAN LORENZO-ARG JOGO 10: FLAMENGO-RJ 3 x 1 FIGUEIRENSE-SC JOGO 11: REAL GARCILASO-PER JOGO 12: CHAPECOENSE-SC 3 x 1 CUIABA-MT JOGO 13: INDEPENDIENTE-ARG JOGO 14: JUNIOR BARRANQUILLA-COL JOGO 15: MONTEVIDEO WANDERERS-URU
  20. Olá, seguem os links dos logs. Novamente obrigada. http://www.cjoint.com/c/FIhcKPSGNkP http://www.cjoint.com/c/FIhcM63YApP
  21. JOGO 01: WOLFSBURG-ALE JOGO 02: REAL MADRID-ESP JOGO 03: PSG-FRA JOGO 04: BARCELONA-ESP JOGO 05: BAYERN DE MUNIQUE-ALE JOGO 06: PSV EINDHOVEN-HOL JOGO 07: EMPATE JOGO 08: DINAMO KIEV-UCR
  22. JOGO 01: SÃO PAULO-SP JOGO 02: VASCO-RJ JOGO 03: PONTE PRETA-SP JOGO 04: INTERNACIONAL-RS JOGO 05: ATLÉTICO-MG JOGO 06: PALMEIRAS-SP JOGO 07: CHAPECOENSE-SC JOGO 08: CRUZEIRO-MG JOGO 09: FLAMENGO-RJ JOGO 10: SPORT-PE x CORINTHIANS-SP
×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.