Jump to content
Sign in to follow this  
Annluciap

[Resolvido] Micro lento

Recommended Posts

/_ Bom Dia! Annluciap _\


> Desinstale: <2>


ByteFence Anti-Malware <<

Booking.com version 1.1.0.5019 <<

---

---

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-as com o nome fixlist. << Texto!

> Salve-as no desktop! ( Área de trabalho ... )


start

CloseProcesses:

Task: {08FD459A-C931-4610-B4B9-C1AEA096EF1F} - \SPDriver -> Nenhum Arquivo <==== ATENÇÃO

Task: {0C750A8C-92C2-4623-AF80-78E1629FD192} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () <==== ATENÇÃO

Task: {1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} - \WSE_Vosteran -> Nenhum Arquivo <==== ATENÇÃO

Task: {424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} - \Run_Bobby_Browser -> Nenhum Arquivo <==== ATENÇÃO

Task: {44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-06-01] (YTDownloader) <==== ATENÇÃO

Task: {464A631C-65FF-4B81-BD30-D95EA1232E0F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO

Task: {4A74678F-F73E-4F03-B9A3-42A265529AA0} - \SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 -> Nenhum Arquivo <==== ATENÇÃO

Task: {4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} - System32\Tasks\Yahoo! Powered nosar => Wscript.exe "C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633452d3332354437353743423939337d5c726964616665" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633 (a entrada de dados tem 78 mais caracteres).

Task: {63D662ED-C65D-493F-83FB-48BB20B69954} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATENÇÃO

Task: {81023610-D0C0-4F64-AC87-44C5CC0CCA2E} - \ShopperPro -> Nenhum Arquivo <==== ATENÇÃO

Task: {8416AF03-2C01-45D7-9212-33244A3F7726} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO

Task: {9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} - \Vosteran caco -> Nenhum Arquivo <==== ATENÇÃO

Task: {A3442B28-79C1-4B33-BEC7-42540A227994} - System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE [2016-12-05] () <==== ATENÇÃO

Task: {DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} - System32\Tasks\Gnorujsepe => C:\ProgramData\Gnorujsepe\1.0.1.0\onioluog.exe <==== ATENÇÃO

Task: {DCE77CD0-231A-49F3-9781-D3ABA7375031} - \SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c -> Nenhum Arquivo <==== ATENÇÃO

Task: {E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} - \ShopperProJSUpd -> Nenhum Arquivo <==== ATENÇÃO

Task: {ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} - System32\Tasks\PostPoneInstall => C:\Users\Lucimar\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATENÇÃO

Task: {FB98754A-A3E9-476A-9648-C965E27BC77A} - \{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} -> Nenhum Arquivo <==== ATENÇÃO

Task: C:\Windows\Tasks\Yahoo! Powered nosar.job => Wscript.exe C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt <==== ATENÇÃO

Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe�œ-RunCheckUpdate C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÇÃO

Task: C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE <==== ATENÇÃO

ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

2015-01-23 18:42 - 2015-01-23 18:42 - 0005632 _____ () C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-06-01 07:22 - 2015-06-01 07:22 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe

2015-08-13 09:50 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe

2016-09-21 13:53 - 2016-10-01 15:40 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe

2016-01-03 02:47 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe

2016-09-21 13:53 - 2016-10-01 15:40 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe

2016-01-03 02:47 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll

2015-03-30 06:51 - 2015-03-30 06:51 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll

2017-01-06 20:35 - 2016-03-21 12:07 - 00000000 ____D C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc

2017-01-06 19:01 - 2016-09-21 13:40 - 00000000 ____D C:\Program Files\ByteFence

2017-01-06 18:44 - 2016-05-12 15:03 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx

2017-01-06 19:45 - 2016-09-21 13:45 - 00000982 _____ C:\Windows\Tasks\Yahoo! Powered nosar.job

2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}

2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}

HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {4fb45597-585b-11e4-a5dd-80ee736463d6} - E:\AutoRun.exe "motorola.html"

HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {e3628e6e-9927-11e6-bc86-ea3791124264} - F:\Autorun.exe

HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {f2bcf658-cdb8-11e4-a88c-80ee736463d6} - E:\MotorolaDeviceManagerSetup.exe -a

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}

HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partners

HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678

SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {CCC6687C-7692-41F4-B214-4C5B42BC8148} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}

Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo

Toolbar: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo

GroupPolicy: Restrição - Chrome <======= ATENÇÃO

CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

ProxyServer: [.DEFAULT] => http=127.0.0.1:52165;https=127.0.0.1:52165

R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bassvc.exe [208928 2015-03-30] (Baidu, Inc.)

R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-06-01] () <==== ATENÇÃO

R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-10-01] ()

R2 WinNetSvc; C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()

R2 WMPNetworkAcSvc; C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-11] ()

R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSvc.exe [160536 2015-10-19] (Yahoo Inc.)

R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-06-01] (YTDownloader)

S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080

S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]

S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]

S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]

S3 JME; system32\DRIVERS\JME.sys [X]

S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]

AlternateDataStreams: C:\Windows\System32:F13278F6_Abn.gbp [2]

AlternateDataStreams: C:\Windows\System32:F13278F6_Bb.gbp [2]

AlternateDataStreams: C:\Windows\System32:F13278F6_Cef.gbp [2]

AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]

AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]

AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]

C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe

C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe

C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe

C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe

C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exe

C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job

C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job

C:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exe

C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe

C:\Program Files\ByteFence\ByteFence.exe

C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe

C:\Program Files (x86)\SkypeUpdateEx

CMD: sfc /scannow

CreateRestorePoint:

RemoveProxy:

EmptyTemp:

Reboot:

Hosts:

end


> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)

> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs


434264.gif

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >


[Abs]

Share this post


Link to post
Share on other sites

Boa noite,

segue log.

Obrigada.

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 07-01-2017
Executado por Lucimar (07-01-2017 19:34:16) Run:1
Executando a partir de C:\Users\Lucimar\Desktop
Perfis Carregados: Lucimar (Perfis Disponíveis: Lucimar)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CloseProcesses:
Task: {08FD459A-C931-4610-B4B9-C1AEA096EF1F} - \SPDriver -> Nenhum Arquivo <==== ATENÇÃO
Task: {0C750A8C-92C2-4623-AF80-78E1629FD192} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-15] () <==== ATENÇÃO
Task: {1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} - \WSE_Vosteran -> Nenhum Arquivo <==== ATENÇÃO
Task: {424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} - \Run_Bobby_Browser -> Nenhum Arquivo <==== ATENÇÃO
Task: {44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-06-01] (YTDownloader) <==== ATENÇÃO
Task: {464A631C-65FF-4B81-BD30-D95EA1232E0F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO
Task: {4A74678F-F73E-4F03-B9A3-42A265529AA0} - \SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 -> Nenhum Arquivo <==== ATENÇÃO
Task: {4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} - System32\Tasks\Yahoo! Powered nosar => Wscript.exe "C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633452d3332354437353743423939337d5c726964616665" "433a5c50726f6772616d446174615c7b45334241323644392d363946382d414331462d454633 (a entrada de dados tem 78 mais caracteres).
Task: {63D662ED-C65D-493F-83FB-48BB20B69954} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATENÇÃO
Task: {81023610-D0C0-4F64-AC87-44C5CC0CCA2E} - \ShopperPro -> Nenhum Arquivo <==== ATENÇÃO
Task: {8416AF03-2C01-45D7-9212-33244A3F7726} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== ATENÇÃO
Task: {9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} - \Vosteran caco -> Nenhum Arquivo <==== ATENÇÃO
Task: {A3442B28-79C1-4B33-BEC7-42540A227994} - System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE [2016-12-05] () <==== ATENÇÃO
Task: {DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} - System32\Tasks\Gnorujsepe => C:\ProgramData\Gnorujsepe\1.0.1.0\onioluog.exe <==== ATENÇÃO
Task: {DCE77CD0-231A-49F3-9781-D3ABA7375031} - \SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c -> Nenhum Arquivo <==== ATENÇÃO
Task: {E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} - \ShopperProJSUpd -> Nenhum Arquivo <==== ATENÇÃO
Task: {ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} - System32\Tasks\PostPoneInstall => C:\Users\Lucimar\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe <==== ATENÇÃO
Task: {FB98754A-A3E9-476A-9648-C965E27BC77A} - \{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} -> Nenhum Arquivo <==== ATENÇÃO
Task: C:\Windows\Tasks\Yahoo! Powered nosar.job => Wscript.exe C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}\tomi.txt <==== ATENÇÃO
Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe?œ-RunCheckUpdate C:\Users\Lucimar\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÇÃO
Task: C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => C:\Users\Lucimar\AppData\Roaming\{8AA5B~1\UPDATE~1.EXE <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
2015-01-23 18:42 - 2015-01-23 18:42 - 0005632 _____ () C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-01 07:22 - 2015-06-01 07:22 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
2015-08-13 09:50 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe
2016-09-21 13:53 - 2016-10-01 15:40 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2016-01-03 02:47 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe
2016-09-21 13:53 - 2016-10-01 15:40 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2016-01-03 02:47 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll
2015-03-30 06:51 - 2015-03-30 06:51 - 00141856 _____ () C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll
2017-01-06 20:35 - 2016-03-21 12:07 - 00000000 ____D C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc
2017-01-06 19:01 - 2016-09-21 13:40 - 00000000 ____D C:\Program Files\ByteFence
2017-01-06 18:44 - 2016-05-12 15:03 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx
2017-01-06 19:45 - 2016-09-21 13:45 - 00000982 _____ C:\Windows\Tasks\Yahoo! Powered nosar.job
2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}
2017-01-06 19:45 - 2016-09-21 13:45 - 00000000 ____D C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}
HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {4fb45597-585b-11e4-a5dd-80ee736463d6} - E:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {e3628e6e-9927-11e6-bc86-ea3791124264} - F:\Autorun.exe
HKU\S-1-5-21-2705312239-909248705-17524377-1000\...\MountPoints2: {f2bcf658-cdb8-11e4-a88c-80ee736463d6} - E:\MotorolaDeviceManagerSetup.exe -a
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=newportalhomesl&utm_medium=partners
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=43LYTRVQT_TOSHIBAMQ01ABD050&tm=1439471678
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> DefaultScope {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {CCC6687C-7692-41F4-B214-4C5B42BC8148} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_38&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCyBtByDtN1L2XzutAtFtByEtFyCtFyDtBtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StBtBtByDyCtByD0AtGyE0AtB0EtGzz0A0CyDtGtDyE0DyBtGtDtAzyyByDtB0C0DyBtC0FyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FyBtC0CyD0A0AtGyDtAtCyCtGyE0D0F0CtGzz0BtCyBtG0CtBzyzyyD0A0EyC0CyC0F0D2QtN0A0LzuyE%26cr%3D1216263441%26a%3Dwbf_bxinw_16_38%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2705312239-909248705-17524377-1000 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
ProxyServer: [.DEFAULT] => http=127.0.0.1:52165;https=127.0.0.1:52165
R2 BASSVC; C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bassvc.exe [208928 2015-03-30] (Baidu, Inc.)
R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-06-01] () <==== ATENÇÃO
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-10-01] ()
R2 WinNetSvc; C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
R2 WMPNetworkAcSvc; C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5098760 2016-07-11] ()
R2 YSearchUtilSvc; C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSvc.exe [160536 2015-10-19] (Yahoo Inc.)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-06-01] (YTDownloader)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 JME; system32\DRIVERS\JME.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\System32:F13278F6_Abn.gbp [2]
AlternateDataStreams: C:\Windows\System32:F13278F6_Bb.gbp [2]
AlternateDataStreams: C:\Windows\System32:F13278F6_Cef.gbp [2]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe
C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exe
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job
C:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
C:\Program Files\ByteFence\ByteFence.exe
C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe
C:\Program Files (x86)\SkypeUpdateEx
CMD: sfc /scannow
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************

Processos fechados com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{08FD459A-C931-4610-B4B9-C1AEA096EF1F} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08FD459A-C931-4610-B4B9-C1AEA096EF1F} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C750A8C-92C2-4623-AF80-78E1629FD192} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C750A8C-92C2-4623-AF80-78E1629FD192} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B3DD710-38E2-4E05-ACBE-B3F6F73F10B0} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{424336A4-F0EF-4F41-8E92-9AD6D9B7CC22} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44D16CCC-9D61-4F5F-A76E-31A9FDEDED30} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\YTDownloader => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{464A631C-65FF-4B81-BD30-D95EA1232E0F} => chave não encontrado (a).
C:\Windows\System32\Tasks\ByteFence => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A74678F-F73E-4F03-B9A3-42A265529AA0} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A74678F-F73E-4F03-B9A3-42A265529AA0} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323031363839313439342d34784145552a2a3423326c57 => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DA1F0FB-638A-4B38-9E8E-7A02C3974B4C} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Yahoo! Powered nosar => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered nosar => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63D662ED-C65D-493F-83FB-48BB20B69954} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63D662ED-C65D-493F-83FB-48BB20B69954} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\LaunchApp => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{81023610-D0C0-4F64-AC87-44C5CC0CCA2E} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81023610-D0C0-4F64-AC87-44C5CC0CCA2E} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8416AF03-2C01-45D7-9212-33244A3F7726} => chave não encontrado (a).
C:\Windows\System32\Tasks\ByteFence Scan => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence Scan => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BC5C81B-C8EF-47E0-8ECE-97A79C373A9E} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran caco => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3442B28-79C1-4B33-BEC7-42540A227994} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3442B28-79C1-4B33-BEC7-42540A227994} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89} => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{950C9674-03B5-4ADF-9770-1491444BAC89} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAFD8B6D-8E44-4860-9D7E-78E70A4F6D0B} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\Gnorujsepe => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gnorujsepe => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCE77CD0-231A-49F3-9781-D3ABA7375031} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCE77CD0-231A-49F3-9781-D3ABA7375031} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323031363839313439342d785b233457414a45415a506c => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6CDCEAF-FD51-4FA0-A71E-962A96F6DC95} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECDDEC66-68DB-4BB9-90B6-F05AED0D4F8F} => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\PostPoneInstall => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PostPoneInstall => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB98754A-A3E9-476A-9648-C965E27BC77A} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB98754A-A3E9-476A-9648-C965E27BC77A} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => chave não encontrado (a).
C:\Windows\Tasks\Yahoo! Powered nosar.job => movido com sucesso
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => movido com sucesso
C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job => movido com sucesso
C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Atalho argumento restaurado com sucesso
C:\Users\Lucimar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Lucimar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucesso
C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe => movido com sucesso
C:\Users\Lucimar\AppData\Roaming\NetService\netservice.exe => movido com sucesso
"C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => não encontrado (a).
C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe => movido com sucesso
"C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => não encontrado (a).
C:\Users\Lucimar\AppData\Roaming\WinNetSvc\Interface.dll => movido com sucesso
C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\zlib1.dll => movido com sucesso
C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc => movido com sucesso
C:\Program Files\ByteFence => movido com sucesso
C:\Program Files (x86)\SkypeUpdateEx => movido com sucesso
"C:\Windows\Tasks\Yahoo! Powered nosar.job" => não encontrado (a).
C:\Users\Todos os Usuários\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993} => movido com sucesso
"C:\ProgramData\{E3BA26D9-69F8-AC1F-EF3E-325D757CB993}" => não encontrado (a).
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4fb45597-585b-11e4-a5dd-80ee736463d6} => chave removido (a) com sucesso.
HKCR\CLSID\{4fb45597-585b-11e4-a5dd-80ee736463d6} => chave não encontrado (a).
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3628e6e-9927-11e6-bc86-ea3791124264} => chave removido (a) com sucesso.
HKCR\CLSID\{e3628e6e-9927-11e6-bc86-ea3791124264} => chave não encontrado (a).
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2bcf658-cdb8-11e4-a88c-80ee736463d6} => chave removido (a) com sucesso.
HKCR\CLSID\{f2bcf658-cdb8-11e4-a88c-80ee736463d6} => chave não encontrado (a).
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => valor restaurado com sucesso
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => valor restaurado com sucesso
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => valor removido (a) com sucesso.
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave removido (a) com sucesso.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave removido (a) com sucesso.
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave removido (a) com sucesso.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => chave removido (a) com sucesso.
HKCR\CLSID\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} => chave não encontrado (a).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => chave não encontrado (a).
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave removido (a) com sucesso.
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => chave não encontrado (a).
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC6687C-7692-41F4-B214-4C5B42BC8148} => chave removido (a) com sucesso.
HKCR\CLSID\{CCC6687C-7692-41F4-B214-4C5B42BC8148} => chave não encontrado (a).
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => chave removido (a) com sucesso.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => valor removido (a) com sucesso.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => chave não encontrado (a).
HKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => valor removido (a) com sucesso.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => chave não encontrado (a).
C:\Windows\system32\GroupPolicy\Machine => movido com sucesso
C:\Windows\system32\GroupPolicy\GPT.ini => movido com sucesso
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => movido com sucesso
HKLM\SOFTWARE\Policies\Google => chave removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => valor removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\BASSVC => chave removido (a) com sucesso.
BASSVC => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\BrsHelper => chave removido (a) com sucesso.
BrsHelper => serviço removido (a) com sucesso.
rtop => serviço não encontrado (a).
HKLM\System\CurrentControlSet\Services\WinNetSvc => chave removido (a) com sucesso.
WinNetSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\WMPNetworkAcSvc => chave removido (a) com sucesso.
WMPNetworkAcSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\YSearchUtilSvc => chave removido (a) com sucesso.
YSearchUtilSvc => serviço removido (a) com sucesso.
sbmntr => Serviço finalizado com sucesso.
HKLM\System\CurrentControlSet\Services\sbmntr => chave removido (a) com sucesso.
sbmntr => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\wsddfac => chave removido (a) com sucesso.
wsddfac => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\BprotectEx => chave removido (a) com sucesso.
BprotectEx => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\gbpddfac => chave removido (a) com sucesso.
gbpddfac => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\gbpddreg => chave removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\JME => chave removido (a) com sucesso.
JME => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\PCFApiUtil => chave removido (a) com sucesso.
PCFApiUtil => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => chave removido (a) com sucesso.
Synth3dVsc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\tsusbhub => chave removido (a) com sucesso.
tsusbhub => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\VGPU => chave removido (a) com sucesso.
VGPU => serviço removido (a) com sucesso.
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..
C:\Windows\System32 => ":F13278F6_Abn.gbp" ADS removido (a) com sucesso..
C:\Windows\System32 => ":F13278F6_Bb.gbp" ADS removido (a) com sucesso..
C:\Windows\System32 => ":F13278F6_Cef.gbp" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..
C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso..
"C:\Users\Todos os Usuários\GbPlugin" => ":IncompleteStartGbprcm.cnt" ADS não encontrado (a).
"C:\Users\Lucimar\AppData\Roaming\WinNetSvc\WinNetSvc.exe" => não encontrado (a).
"C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe" => não encontrado (a).
"C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" => não encontrado (a).
"C:\Users\Lucimar\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" => não encontrado (a).
C:\Program Files (x86)\Yahoo!\yset\{C92645F5-E8F2-9A45-B1EC-D047E33BCDC1}\YSearchUtilSVC.exe => movido com sucesso
"C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job" => não encontrado (a).
"C:\Windows\Tasks\{950C9674-03B5-4ADF-9770-1491444BAC89}.job" => não encontrado (a).
C:\Users\Lucimar\AppData\Local\Temp\jre-8u111-windows-au.exe => movido com sucesso
"C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe" => não encontrado (a).
"C:\Program Files\ByteFence\ByteFence.exe" => não encontrado (a).
C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe => movido com sucesso
"C:\Program Files (x86)\SkypeUpdateEx" => não encontrado (a).

========= sfc /scannow =========



Iniciando verifica‡Æo de arquivos. O processo levar alguns minutos para ser conclu¡do.



Iniciando fase de verifica‡Æo de verifica‡Æo do sistema.

Verifica‡Æo 0% conclu¡da.Verifica‡Æo 1% conclu¡da.Verifica‡Æo 1% conclu¡da.Verifica‡Æo 2% conclu¡da.Verifica‡Æo 2% conclu¡da.Verifica‡Æo 3% conclu¡da.Verifica‡Æo 3% conclu¡da.Verifica‡Æo 4% conclu¡da.Verifica‡Æo 4% conclu¡da.Verifica‡Æo 5% conclu¡da.Verifica‡Æo 5% conclu¡da.Verifica‡Æo 6% conclu¡da.Verifica‡Æo 6% conclu¡da.Verifica‡Æo 7% conclu¡da.Verifica‡Æo 7% conclu¡da.Verifica‡Æo 8% conclu¡da.Verifica‡Æo 8% conclu¡da.Verifica‡Æo 9% conclu¡da.Verifica‡Æo 9% conclu¡da.Verifica‡Æo 10% conclu¡da.Verifica‡Æo 11% conclu¡da.Verifica‡Æo 11% conclu¡da.Verifica‡Æo 12% conclu¡da.Verifica‡Æo 12% conclu¡da.Verifica‡Æo 13% conclu¡da.Verifica‡Æo 13% conclu¡da.Verifica‡Æo 14% conclu¡da.Verifica‡Æo 14% conclu¡da.Verifica‡Æo 15% conclu¡da.Verifica‡Æo 15% conclu¡da.Verifica‡Æo 16% conclu¡da.Verifica‡Æo 16% conclu¡da.Verifica‡Æo 17% conclu¡da.Verifica‡Æo 17% conclu¡da.Verifica‡Æo 18% conclu¡da.Verifica‡Æo 18% conclu¡da.Verifica‡Æo 19% conclu¡da.Verifica‡Æo 19% conclu¡da.Verifica‡Æo 20% conclu¡da.Verifica‡Æo 20% conclu¡da.Verifica‡Æo 21% conclu¡da.Verifica‡Æo 22% conclu¡da.Verifica‡Æo 22% conclu¡da.Verifica‡Æo 23% conclu¡da.Verifica‡Æo 23% conclu¡da.Verifica‡Æo 24% conclu¡da.Verifica‡Æo 24% conclu¡da.Verifica‡Æo 25% conclu¡da.Verifica‡Æo 25% conclu¡da.Verifica‡Æo 26% conclu¡da.Verifica‡Æo 26% conclu¡da.Verifica‡Æo 27% conclu¡da.Verifica‡Æo 27% conclu¡da.Verifica‡Æo 28% conclu¡da.Verifica‡Æo 28% conclu¡da.Verifica‡Æo 29% conclu¡da.Verifica‡Æo 29% conclu¡da.Verifica‡Æo 30% conclu¡da.Verifica‡Æo 30% conclu¡da.Verifica‡Æo 31% conclu¡da.Verifica‡Æo 31% conclu¡da.Verifica‡Æo 32% conclu¡da.Verifica‡Æo 33% conclu¡da.Verifica‡Æo 33% conclu¡da.Verifica‡Æo 34% conclu¡da.Verifica‡Æo 34% conclu¡da.Verifica‡Æo 35% conclu¡da.Verifica‡Æo 35% conclu¡da.Verifica‡Æo 36% conclu¡da.Verifica‡Æo 36% conclu¡da.Verifica‡Æo 37% conclu¡da.Verifica‡Æo 37% conclu¡da.Verifica‡Æo 38% conclu¡da.Verifica‡Æo 38% conclu¡da.Verifica‡Æo 39% conclu¡da.Verifica‡Æo 39% conclu¡da.Verifica‡Æo 40% conclu¡da.Verifica‡Æo 40% conclu¡da.Verifica‡Æo 41% conclu¡da.Verifica‡Æo 41% conclu¡da.Verifica‡Æo 42% conclu¡da.Verifica‡Æo 42% conclu¡da.Verifica‡Æo 43% conclu¡da.Verifica‡Æo 44% conclu¡da.Verifica‡Æo 44% conclu¡da.Verifica‡Æo 45% conclu¡da.Verifica‡Æo 45% conclu¡da.Verifica‡Æo 46% conclu¡da.Verifica‡Æo 46% conclu¡da.Verifica‡Æo 47% conclu¡da.Verifica‡Æo 47% conclu¡da.Verifica‡Æo 48% conclu¡da.Verifica‡Æo 48% conclu¡da.Verifica‡Æo 49% conclu¡da.Verifica‡Æo 49% conclu¡da.Verifica‡Æo 50% conclu¡da.Verifica‡Æo 50% conclu¡da.Verifica‡Æo 51% conclu¡da.Verifica‡Æo 51% conclu¡da.Verifica‡Æo 52% conclu¡da.Verifica‡Æo 52% conclu¡da.Verifica‡Æo 53% conclu¡da.Verifica‡Æo 53% conclu¡da.Verifica‡Æo 54% conclu¡da.Verifica‡Æo 55% conclu¡da.Verifica‡Æo 55% conclu¡da.Verifica‡Æo 56% conclu¡da.Verifica‡Æo 56% conclu¡da.Verifica‡Æo 57% conclu¡da.Verifica‡Æo 57% conclu¡da.Verifica‡Æo 58% conclu¡da.Verifica‡Æo 58% conclu¡da.Verifica‡Æo 59% conclu¡da.Verifica‡Æo 59% conclu¡da.Verifica‡Æo 60% conclu¡da.Verifica‡Æo 60% conclu¡da.Verifica‡Æo 61% conclu¡da.Verifica‡Æo 61% conclu¡da.Verifica‡Æo 62% conclu¡da.Verifica‡Æo 62% conclu¡da.Verifica‡Æo 63% conclu¡da.Verifica‡Æo 63% conclu¡da.Verifica‡Æo 64% conclu¡da.Verifica‡Æo 64% conclu¡da.Verifica‡Æo 65% conclu¡da.Verifica‡Æo 66% conclu¡da.Verifica‡Æo 66% conclu¡da.Verifica‡Æo 67% conclu¡da.Verifica‡Æo 67% conclu¡da.Verifica‡Æo 68% conclu¡da.Verifica‡Æo 68% conclu¡da.Verifica‡Æo 69% conclu¡da.Verifica‡Æo 69% conclu¡da.Verifica‡Æo 70% conclu¡da.Verifica‡Æo 70% conclu¡da.Verifica‡Æo 71% conclu¡da.Verifica‡Æo 71% conclu¡da.Verifica‡Æo 72% conclu¡da.Verifica‡Æo 72% conclu¡da.Verifica‡Æo 73% conclu¡da.Verifica‡Æo 73% conclu¡da.Verifica‡Æo 74% conclu¡da.Verifica‡Æo 74% conclu¡da.Verifica‡Æo 75% conclu¡da.Verifica‡Æo 75% conclu¡da.Verifica‡Æo 76% conclu¡da.Verifica‡Æo 77% conclu¡da.Verifica‡Æo 77% conclu¡da.Verifica‡Æo 78% conclu¡da.Verifica‡Æo 78% conclu¡da.Verifica‡Æo 79% conclu¡da.Verifica‡Æo 79% conclu¡da.Verifica‡Æo 80% conclu¡da.Verifica‡Æo 80% conclu¡da.Verifica‡Æo 81% conclu¡da.Verifica‡Æo 81% conclu¡da.Verifica‡Æo 82% conclu¡da.Verifica‡Æo 82% conclu¡da.Verifica‡Æo 83% conclu¡da.Verifica‡Æo 83% conclu¡da.Verifica‡Æo 84% conclu¡da.Verifica‡Æo 84% conclu¡da.Verifica‡Æo 85% conclu¡da.Verifica‡Æo 85% conclu¡da.Verifica‡Æo 86% conclu¡da.Verifica‡Æo 87% conclu¡da.Verifica‡Æo 87% conclu¡da.Verifica‡Æo 88% conclu¡da.Verifica‡Æo 88% conclu¡da.Verifica‡Æo 89% conclu¡da.Verifica‡Æo 89% conclu¡da.Verifica‡Æo 90% conclu¡da.Verifica‡Æo 90% conclu¡da.Verifica‡Æo 91% conclu¡da.Verifica‡Æo 91% conclu¡da.Verifica‡Æo 92% conclu¡da.Verifica‡Æo 92% conclu¡da.Verifica‡Æo 93% conclu¡da.Verifica‡Æo 93% conclu¡da.Verifica‡Æo 94% conclu¡da.Verifica‡Æo 94% conclu¡da.Verifica‡Æo 95% conclu¡da.Verifica‡Æo 95% conclu¡da.Verifica‡Æo 96% conclu¡da.Verifica‡Æo 96% conclu¡da.Verifica‡Æo 97% conclu¡da.Verifica‡Æo 98% conclu¡da.Verifica‡Æo 98% conclu¡da.Verifica‡Æo 99% conclu¡da.Verifica‡Æo 99% conclu¡da.Verifica‡Æo 100% conclu¡da.


A Prote‡Æo de Recursos do Windows nÆo encontrou nenhuma viola‡Æo de integridade.


========= Fim de CMD: =========

Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5229177 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 57635464 B
Edge => 0 B
Chrome => 80994869 B
Firefox => 47008686 B
Opera => 5682176 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 56382883 B
systemprofile32 => 172501 B
LocalService => 0 B
NetworkService => 0 B
Lucimar => 115493429 B

RecycleBin => 0 B
EmptyTemp: => 359.6 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 20:10:10 ====

Share this post


Link to post
Share on other sites

/_ Boa Noite! Annluciap _\

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )
> Ou daqui: < AdwCleaner > << Link!
> Ao acessar,clique em "Download Now".
> Salve-o no desktop!
> Desabilite seu antivírus!
< Executar_Administrador.jpg >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
x3PdXSYF.jpg
> Clique "Ferramentas" >> "Opções".
9dMG19qG.jpg
> Estando em "Opções",deixe as configurações conforme este banner.
> Clique "Ok".
72mv88Rt.jpg
> Ps: Dê início ao scan,clicando em "Verificar".
AdwCleaner_Limpar_zps06005ae9.jpg
> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[C0].txt >
[Abs]

Share this post


Link to post
Share on other sites

Boa tarde,

segue relatório.

Obrigada.

# AdwCleaner v6.042 - Relatório criado 08/01/2017 às 12:42:54
# *Updated on 06/01/2017 by Malwarebytes
# Banco de dados : 2017-01-06.1 [servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X64)
# Usuário : Lucimar - LUCIMAR-PC
# Executando de : C:\Users\Lucimar\Desktop\adwcleaner_6.042.exe
# Limpar
# Apoio : https://www.malwarebytes.com/support



***** [ Serviços ] *****

[-] Políticas do IE excluídasswdumon
[-] Políticas do IE excluídasNETTCPHANDLER


***** [ Pastas ] *****

[-] RestauradoC:\ProgramData\{1005F8C6-4087-2940-F101-59C221838A4C}
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\{1005F8C6-4087-2940-F101-59C221838A4C}
[-] RestauradoC:\Users\Lucimar\AppData\Local\BrowserHelper
[-] RestauradoC:\Users\Lucimar\AppData\Local\slimware utilities inc
[-] RestauradoC:\Users\Lucimar\AppData\Local\wincheck
[-] RestauradoC:\Users\Lucimar\AppData\Local\YSearchUtil
[#] *Folder deleted on reboot: C:\Users\Lucimar\AppData\Local\SlimWare Utilities Inc
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Elex-tech
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\GoldenGate
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\NetService
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\RunDir
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\shortCutStore
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\WinNetSvc
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Booking_helper
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software
[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[-] RestauradoC:\ProgramData\apn
[-] RestauradoC:\ProgramData\SlimWare Utilities, Inc
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\apn
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities, Inc
[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com
[-] RestauradoC:\Users\Public\Documents\Guid
[-] RestauradoC:\Users\Public\Documents\pc faster
[-] RestauradoC:\Users\Public\Documents\Downloaded Installers
[-] RestauradoC:\Program Files (x86)\Elex-tech
[-] RestauradoC:\Program Files (x86)\oTweak
[-] RestauradoC:\Program Files (x86)\predm
[-] RestauradoC:\Program Files (x86)\YTDownloader
[-] RestauradoC:\Program Files (x86)\Booking.com
[-] RestauradoC:\Program Files (x86)\Yahoo!\yset
[-] RestauradoC:\Program Files (x86)\Common Files\Umbrella
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ntsvc
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
[-] RestauradoC:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk
[-] RestauradoC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Arquivos ] *****

[-] RestauradoC:\Users\Lucimar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
[-] RestauradoC:\Users\Lucimar\Desktop\Play Games Online.url
[-] RestauradoC:\Windows\SysNative\drivers\swdumon.sys
[-] RestauradoC:\END
[-] RestauradoC:\Users\Public\Desktop\simpliclean.lnk
[-] RestauradoC:\Users\Public\Desktop\Booking.com.lnk
[-] RestauradoC:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml
[#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml
[#] RestauradoC:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Atalhos ] *****



***** [ Tarefas agendadas ] *****

[-] Chaves %sTracing%s excluídas{1005F8C6-4087-2940-F101-59C221838A4C}
[-] Chaves %sTracing%s excluídas{D11EAD46-8D5B-4C3C-B5F5-E67B4B3C7841}


***** [ Registro ] *****

[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER
[#] *Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\NETTCPHANDLER
[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[-] RestauradoHKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2
[#] *Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1
[-] RestauradoHKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] RestauradoHKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}
[-] RestauradoHKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] RestauradoHKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] RestauradoHKU\.DEFAULT\Software\PennyBee
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\GoldenGate
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\oTweak
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\PRODUCTSETUP
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\SlimWare Utilities Inc
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\WeatherTool
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\Booking.com
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\csastats
[-] RestauradoHKU\S-1-5-21-2705312239-909248705-17524377-1000\Software\YTDownloader
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro
[#] *Key deleted on reboot: HKU\S-1-5-18\Software\PennyBee
[#] *Key deleted on reboot: HKCU\Software\GoldenGate
[#] *Key deleted on reboot: HKCU\Software\oTweak
[#] *Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[#] *Key deleted on reboot: HKCU\Software\WeatherTool
[#] *Key deleted on reboot: HKCU\Software\Booking.com
[#] *Key deleted on reboot: HKCU\Software\csastats
[#] *Key deleted on reboot: HKCU\Software\YTDownloader
[-] RestauradoHKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] RestauradoHKLM\SOFTWARE\Clara
[-] RestauradoHKLM\SOFTWARE\NetTcpHandler
[-] RestauradoHKLM\SOFTWARE\NtSvcHandler
[-] RestauradoHKLM\SOFTWARE\searchult
[-] RestauradoHKLM\SOFTWARE\SlimWare Utilities Inc
[-] RestauradoHKLM\SOFTWARE\WaInternetEn
[-] RestauradoHKLM\SOFTWARE\SkypeUpdateEx
[-] RestauradoHKLM\SOFTWARE\MaxPower
[-] RestauradoHKLM\SOFTWARE\WMPNetworkAcSvc
[-] RestauradoHKLM\SOFTWARE\YTDownloader
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B552B283-6EBC-457E-8187-01682C83F26C}_is1
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winsearch
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2705312239-909248705-17524377-1000\Software\ShopperPro
[#] *Key deleted on reboot: [x64] HKCU\Software\GoldenGate
[#] *Key deleted on reboot: [x64] HKCU\Software\oTweak
[#] *Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] *Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[#] *Key deleted on reboot: [x64] HKCU\Software\WeatherTool
[#] *Key deleted on reboot: [x64] HKCU\Software\Booking.com
[#] *Key deleted on reboot: [x64] HKCU\Software\csastats
[#] *Key deleted on reboot: [x64] HKCU\Software\YTDownloader
[-] Restaurado[x64] HKLM\SOFTWARE\im-dosearch
[-] Restaurado[x64] HKLM\SOFTWARE\navegaki
[-] Restaurado[x64] HKLM\SOFTWARE\WaInternetEn
[-] Restaurado[x64] HKLM\SOFTWARE\DtsEncodeTools
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\adserver.iminent.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\webssearches.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\foxi69.tlscdn.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istart.webssearches.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\tlscdn.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\webssearches.com
[#] *Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\3D BubbleSound
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\DriverUpdaterPro
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\SPDriver
[-] Restaurado[x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\YTDownloader
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] RestauradoHKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] RestauradoHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
[-] RestauradoHKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [browserWeb.exe]
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] RestauradoHKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[#] *Key deleted on reboot: HKLM\SOFTWARE\Classes\AppID\3045035B-3C14-4698-8AC4-ADB18CC42C1E
[-] RestauradoHKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] RestauradoHKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[#] *Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Restaurado[x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default\Web data] [search Provider] Excluídosearch provided by yahoo
[-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk
[-] [C:\Users\Lucimar\AppData\Local\Chromium\User Data\Default] [homepage] Excluídohxxp://br.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_27&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyD0C0Czy0DtAtC0D0A0EtC0A0DyEyDtBtN0D0Tzu0StCtByBtBtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0DyD0CtCzz0DyEtGyC0F0BtAtGzy0D0F0CtGyD0D0B0EtGyE0F0AtDyB0E0DtB0DyEtByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDtB0AyDyCyCyCtGtA0AyEtDtGyE0CtCtAtGzyzyyDtCtGtAtCzytAyByCtCzztC0C0F0F2QtN0A0LzuyE%26cr%3D2012913086%26a%3Dwncy_bxi01_15_27%26os%3DWindows 7 Ultimate%26uref%3Dchmm
[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Excluídobr.ask.com
[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídoelggllhppljlljkgfeokjpehmdamkejk
[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídojcgcoifbkbphhjnekfkmohklfaimhikk
[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídonbljechdpodpbchbmjcoamidppmpnmlc
[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídooilkkkefbalmbfppgjmgjoefbclebkce
[-] [C:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default] [extension] Excluídopilplloabdedfmialnfchjomjmpjcoej


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas
:: Configurações Proxy restauradas
:: Políticas do IE excluídas
:: Políticas do Chrome excluídas
:: Chrome preferences resetC:\Users\Lucimar\AppData\Local\Google\Chrome\User Data\Default
:: *Hosts file cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [16774 *Bytes] - [08/01/2017 12:42:54]
C:\AdwCleaner\AdwCleaner[s0].txt - [15266 *Bytes] - [08/01/2017 12:31:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [16924 *Bytes] ##########

Share this post


Link to post
Share on other sites

/_ Boa Noite! Annluciap _\

> Siga,na ordem proposta,estes dois procedimentos!

> Baixe: < 2wZxkvW.jpg > ( ... by Malwarebytes.org )
> Ou aqui! < JRT.exe >
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...
Executar_Administrador.jpg
> Tendo dificuldades,pode executá-lo em Modo de Segurança com Rede.
KRBKDhB8.jpg
> Aguarde a conclusão e poste o relatório. ( JRT.txt )

> Baixe: < ZHPCleaner_zps71d274df.jpg > ( 6LcRokv.jpg... de Nicolas Coolman )
> Ou |Aqui!| << Mirror!
> Estando na página,clique 7ukwnm8.jpg
> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<
psizeTv.jpg
> Clique "Eu".
6MKUYyzn.jpg
> Clique Scanner.
ljOOETD.jpg
> Aguarde a conclusão!
9g2LW3p.jpg
> Ao concluir,clique Reparar.
> Acesse as guias que estão assinaladas em vermelho.
> Clique Reparar.
> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo
[Abs]

Share this post


Link to post
Share on other sites

Boa tarde,

seguem logs conforme solicitado.

Obrigada.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Ultimate x64
Ran by Lucimar (Limited) on 10/01/2017 at 13:01:30,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/01/2017 at 13:05:18,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ ZHPCleaner v2017.1.7.4 by Nicolas Coolman (2017/01/07)
~ Run by Lucimar (Administrator) (10/01/2017 14:21:27)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version :
~ Type : Reparo
~ Report : C:\Users\Lucimar\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Lucimar\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\ Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Explorer ( Arquivos, Pastas) (60)
MOVIDO pasta: C:\Users\Public\Desktop\1-click optimization.lnk [bad : C:\Program Files (x86)\simplitec\simpliclean\PowerSuiteStart.exe](.simplitec GmbH.) =>.Superfluous.SimpliClean
MOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins001.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit
MOVIDO pasta: C:\Users\Lucimar\AppData\Roaming\unins002.exe [ - Setup/Uninstall] =>PUP.Optional.Pirrit
MOVIDO pasta: C:\Windows\Prefetch\YTDOWNLOADER.EXE-16291FE1.pf =>PUP.Optional.YTDownloader
MOVIDO arquivo: C:\Users\Lucimar\AppData\Local\Temp\scoped_dir_292_23992 =>.Superfluous.Temporary.Steam
MOVIDO arquivo: C:\Program Files (x86)\simplitec\simpliclean =>.Superfluous.SimpliClean
MOVIDO arquivo: C:\Windows\Installer\MSI110F.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI1748.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI1A58.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI1C79.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI1E28.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI22.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI2800.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI3052.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI32A4.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI3737.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI37AA.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI388.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI38BD.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI3A.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI3BAB.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI3C68.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI404D.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI41F3.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI437D.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI4619.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI48F5.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI4D1F.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI50B3.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI5216.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI583D.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI5948.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI5E96.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI5F3F.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI678C.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI6F79.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSI97B1.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIA16D.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIA38F.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIB99F.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIC522.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIC838.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSICB99.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSICF9F.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSICFAF.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSID30A.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSID645.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSID73F.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSID75.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIDB17.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIE32D.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIE653.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIE81C.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIEFEA.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIF355.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIF7C9.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIFB91.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIFDC3.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIFEAD.tmp- =>.Superfluous.Empty
MOVIDO arquivo: C:\Windows\Installer\MSIFFE4.tmp- =>.Superfluous.Empty


---\\ Registro ( Chaves, Valores, Dados ) (32)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-2705312239-909248705-17524377-1000\SOFTWARE\Ammyy [] =>.Superfluous.Ammyy
SUPRIMIDO chave: HKCU\Software\Ammyy [] =>.Superfluous.Ammyy
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [188] =>.Superfluous.AkamaiHD
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\api.smarterpowerunite.com [172147] =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [464] =>.Superfluous.AkamaiHD
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\d15vtg97aygy3q.cloudfront.net [10] =>.Superfluous.CloudfrontNet
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHD
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mixvideoplayer.com [] =>.Superfluous.Softforce
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\smarterpowerunite.com [153385] =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\vitruvianleads.com [] =>Adware.Vitruvian
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.vitruvianleads.com [25] =>Adware.Vitruvian
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net [] =>.Superfluous.AkamaiHD
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\browsepulse-a.akamaihd.net [95848] =>PUP.Optional.BrowsePulse
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net [308] =>.Superfluous.AkamaiHD
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d15vtg97aygy3q.cloudfront.net [28] =>.Superfluous.CloudfrontNet
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net [8] =>.Superfluous.AkamaiHD
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\vitruvianleads.com [] =>Adware.Vitruvian
SUPRIMIDO chave*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.vitruvianleads.com [25] =>Adware.Vitruvian
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Primary Color [] =>PUP.Optional.PrimaryColor
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util Primary Color [] =>PUP.Optional.PrimaryColor
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Sakura [] =>PUP.Optional.GameGogle
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.Superfluous.ByteFence
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.Superfluous.ByteFence
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASAPI32 [] =>.Superfluous.Softforce
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MixVideoPlayer_RASMANCS [] =>.Superfluous.Softforce
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32 [] =>PUP.Optional.MyPCBackup
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS [] =>PUP.Optional.MyPCBackup
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASAPI32 [] =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\SmarterPower_RASMANCS [] =>PUP.Optional.SmarterPower
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Sakura [] =>PUP.Optional.GameGogle
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\simplitec POWER SUITE_is1 [simplitec GmbH] =>.Superfluous.SimpliClean
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.] =>Heuristic.Suspect


---\\ Resumo dos elementos encontrados na sua estação de trabalho (17)
=>.Superfluous.SimpliClean
=>PUP.Optional.Pirrit
=>PUP.Optional.YTDownloader
=>.Superfluous.Temporary.Steam
=>.Superfluous.Empty
=>.Superfluous.Ammyy
=>.Superfluous.AkamaiHD
=>PUP.Optional.SmarterPower
=>.Superfluous.CloudfrontNet
=>.Superfluous.Softforce
=>Adware.Vitruvian
=>PUP.Optional.BrowsePulse
=>PUP.Optional.PrimaryColor
=>PUP.Optional.GameGogle
=>.Superfluous.ByteFence
=>PUP.Optional.MyPCBackup
https://www.anti-malware.top/2016/04/22/heuristic-suspect/%C2'> =>Heuristic.Suspect


---\\ Dodatkowe oczyszczenie. (37)
~ Chave de registro Tracing Supprimido (37)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso


---\\ Estatísticas
~ Items scan : 3698
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 92


~ End of clean in 00h02mn29s
~====================
ZHPCleaner-[R]-10012017-14_23_56.txt
ZHPCleaner--10012017-14_10_33.txt

Share this post


Link to post
Share on other sites

/_ Boa Noite! Annluciap _\

> Aqui,para sistemas x86.
> Aqui,para sistemas x64.
update.png
> Atualize o engenho!
scanner.png
> Preliminarmente,escolha o escaneamento Quick scan ou Rápido.
> Caso queira,configure o 9-lab malware removal tool para Português-Brasil.
PEpkKBVu.jpg
> Para deletar suas detecções,clique em "Remover".
> Poste o relatório! (9lab-log-2017-mês-dia ***.txt)
[Abs]

Share this post


Link to post
Share on other sites

/_ Boa Noite! Annluciap _\

> Removeu as detecções do antimalware?

> Vamos remover as ferramentas utilizadas na desinfecção!
> Baixe: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )
> Ou Aqui > << Link opcional
DelFix_Download_zpsb5d944c7.jpg
> Estando na página,clique em Download Now.
> Salve-o em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
DelFix_RCL_zpscdf4940b.jpg
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
vxVxMTkY.jpg
> Ps: Desejando manter as ferramentas,marque somente estas caixinhas!
> Reinicie o computador!
> Tudo Ok?
A+

Share this post


Link to post
Share on other sites

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.