Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:27-02-2016 Executado por vinicius (2016-02-27 19:31:37) Executando a partir de C:\Users\vinicius\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2015-10-01 01:32:39) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-462682576-571085668-2278026942-500 - Administrator - Disabled) Convidado (S-1-5-21-462682576-571085668-2278026942-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-462682576-571085668-2278026942-1002 - Limited - Enabled) vinicius (S-1-5-21-462682576-571085668-2278026942-1000 - Administrator - Enabled) => C:\Users\vinicius ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-462682576-571085668-2278026942-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) Ace Stream Media 3.1.0 (HKU\S-1-5-21-462682576-571085668-2278026942-1000\...\AceStream) (Version: 3.1.0 - Ace Stream Media) <==== ATENÇÃO Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Counter-Strike 1.6 (HKLM-x32\...\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}) (Version: 1.6 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation) Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft .NET Framework 4.6 (HKLM\...\{94A631D5-B30A-3DD8-B65C-1117C09DA73E}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 (PTB) (HKLM\...\{12EFB522-416F-383C-9DB6-5FFDFBBA35CD}) (Version: 4.6.00081 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 42.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 pt-BR)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla) Popcorn Time (HKU\S-1-5-21-462682576-571085668-2278026942-1000\...\Popcorn Time) (Version: - Popcorn Official) Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7464 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.10.0909 - REALTEK Semiconductor Corp.) SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-462682576-571085668-2278026942-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1907FA3C-9EE8-44DB-B292-E0042118C212} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.) Task: {1C082509-8B9E-4640-A2B0-0EE176982F31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-30] (Google Inc.) Task: {291FE8BE-0496-4C00-B515-014C039F22B8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-14] (Adobe Systems Incorporated) Task: {33DFE328-11D9-438E-8535-CD0D0DB3AE48} - System32\Tasks\{2E2086A1-9C7D-4974-AD3C-F48BF469E9B1} => pcalua.exe -a "C:\Users\vinicius\AppData\Local\Kingsoft\WPS Office\10.1.0.5458\utility\uninst.exe" Task: {3E39BFFA-3B10-4BE1-A7C0-E5404C893835} - System32\Tasks\svchost => C:\Users\vinicius\AppData\Local\Temp\61LVDKAVI\61LVDKAVI.exe <==== ATENÇÃO Task: {42DD8D05-6FF2-4826-BC5F-2F82715EFCDB} - \DailyPCClean Schedule -> Nenhum Arquivo <==== ATENÇÃO Task: {5F12F519-5EEF-49C2-AD1D-1FF5799D7486} - System32\Tasks\Cipraa => C:\PROGRA~1\SHOPPE~1\Iiraibn.bat Task: {699C84F7-0BFB-4125-BA88-4FF5A94ED70A} - System32\Tasks\Rifazy => C:\PROGRA~1\SHOPPE~2\Witdigs.bat Task: {797EB65F-D8C5-4609-A089-22D5EB369670} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.) Task: {7FF6E7BB-9075-4ADD-B0CA-3DFF318A84D8} - System32\Tasks\{9CD50BDD-C14C-43ED-B0C6-AE3EA8C3BD05} => pcalua.exe -a C:\Users\vinicius\AppData\Local\PPTAssist\utility\uninst.exe Task: {BA1D3885-DDA8-4E9F-A70A-FE5312330F4E} - System32\Tasks\{93A4C8D9-B672-4317-9E6F-0C11CC18DD96} => pcalua.exe -a "C:\Users\vinicius\AppData\Local\Kingsoft\WPS Office\10.1.0.5458\utility\uninst.exe" Task: {D72EA43F-7F5F-4F9E-B76E-5815BC46BAA9} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe Task: {E295B853-6A22-4DA2-B577-412DC8273B66} - \MixVideoPlayer Update -> Nenhum Arquivo <==== ATENÇÃO Task: {E4CA8E34-ECDE-43CE-B81C-9F267804F4DC} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-09] () (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\vinicius\Desktop\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\vinicius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\vinicius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\vinicius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\vinicius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/ ==================== Módulos Carregados (Whitelisted) ============== 2014-05-01 11:13 - 2014-05-01 11:13 - 00470016 _____ () C:\Users\vinicius\AppData\Local\MEGAsync\ShellExtX64.dll 2016-02-16 18:43 - 2016-02-09 11:30 - 02036224 _____ () C:\ProgramData\WindowsMsg\osmsg.exe 2014-10-01 13:37 - 2015-11-10 09:31 - 00027000 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\ace_update.exe 2015-09-24 07:34 - 2015-12-25 14:04 - 00027000 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\ace_engine.exe 2011-06-12 10:09 - 2011-06-12 10:09 - 00038400 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\_socket.pyd 2011-06-12 10:09 - 2011-06-12 10:09 - 00720896 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\_ssl.pyd 2011-07-15 16:37 - 2011-07-15 16:37 - 00981504 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\wx._core_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00746496 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\wx._gdi_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00670720 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\wx._windows_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00966144 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\wx._controls_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00674816 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\wx._misc_.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00287232 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\_hashlib.pyd 2011-01-18 18:56 - 2011-01-18 18:56 - 00334336 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\M2Crypto.__m2crypto.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00011776 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\select.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00152576 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\pyexpat.pyd 2012-02-07 13:37 - 2012-02-07 13:37 - 00098816 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\win32api.pyd 2012-02-07 13:35 - 2012-02-07 13:35 - 00110080 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\pywintypes27.dll 2012-02-07 13:38 - 2012-02-07 13:38 - 00358912 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\pythoncom27.dll 2012-02-07 13:36 - 2012-02-07 13:36 - 00111616 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\win32file.pyd 2012-02-07 13:36 - 2012-02-07 13:36 - 00024064 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\updater\lib\win32pdh.pyd 2015-09-30 23:19 - 1999-12-31 21:00 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-09-24 07:35 - 2015-12-25 14:04 - 00309248 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\acestreamengine.Core.pyd 2011-06-12 10:09 - 2011-06-12 10:09 - 00038400 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\_socket.pyd 2011-06-12 10:09 - 2011-06-12 10:09 - 00720896 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\_ssl.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00287232 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\_hashlib.pyd 2015-04-16 09:27 - 2015-04-16 09:27 - 00018944 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pycompat.pyd 2014-01-23 08:37 - 2014-01-23 08:37 - 00036352 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\_psutil_mswindows.pyd 2012-02-07 13:37 - 2012-02-07 13:37 - 00098816 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\win32api.pyd 2012-02-07 13:35 - 2012-02-07 13:35 - 00110080 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\pywintypes27.dll 2012-02-07 13:38 - 2012-02-07 13:38 - 00358912 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\pythoncom27.dll 2012-02-07 13:36 - 2012-02-07 13:36 - 00111616 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\win32file.pyd 2012-02-07 13:36 - 2012-02-07 13:36 - 00024064 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\win32pdh.pyd 2015-04-16 09:27 - 2015-04-16 09:27 - 02386432 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pywebrtc.pyd 2015-09-24 07:31 - 2015-12-25 14:04 - 02997760 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\acestreamengine.live.pyd 2013-12-21 10:20 - 2013-12-21 10:20 - 00053248 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\_blist.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00106496 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\_ctypes.pyd 2013-12-21 10:20 - 2013-12-21 10:20 - 00040448 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\bitarray._bitarray.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00011776 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\select.pyd 2015-09-07 12:23 - 2015-12-25 14:04 - 00240232 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\acestreamengine.pysegmenter.pyd 2015-04-16 09:29 - 2015-04-16 09:29 - 00112142 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\libgcc_s_dw2-1.dll 2011-01-18 18:56 - 2011-01-18 18:56 - 00334336 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\M2Crypto.__m2crypto.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00152576 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\pyexpat.pyd 2011-02-13 12:02 - 2011-02-13 12:02 - 00031232 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\Crypto.Cipher.AES.pyd 2015-09-24 07:52 - 2015-12-25 14:04 - 04100608 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\acestreamengine.CoreApp.pyd 2010-10-10 19:23 - 2010-10-10 19:23 - 00723968 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\apsw.pyd 2013-01-29 13:20 - 2013-01-29 13:20 - 00082944 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\cpyamf.util.pyd 2011-07-15 16:37 - 2011-07-15 16:37 - 00981504 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\wx._core_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00746496 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\wx._gdi_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00670720 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\wx._windows_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00966144 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\wx._controls_.pyd 2011-07-15 16:38 - 2011-07-15 16:38 - 00674816 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\wx._misc_.pyd 2012-02-07 13:37 - 2012-02-07 13:37 - 00167424 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\win32gui.pyd 2012-02-07 13:36 - 2012-02-07 13:36 - 00035840 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\win32process.pyd 2011-06-12 10:06 - 2011-06-12 10:06 - 00688128 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\unicodedata.pyd 2015-04-16 09:29 - 2015-04-16 09:29 - 00061952 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\miniupnpc.pyd 2013-01-29 13:20 - 2013-01-29 13:20 - 00066048 _____ () C:\Users\vinicius\AppData\Roaming\ACEStream\engine\lib\cpyamf.amf0.pyd 2014-05-01 11:15 - 2014-05-01 11:15 - 00463360 _____ () C:\Users\vinicius\AppData\Local\MEGAsync\ShellExtX32.dll 2016-02-19 19:25 - 2016-02-18 01:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll 2016-02-19 19:25 - 2016-02-18 01:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll 2016-02-19 19:25 - 2016-02-18 01:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-02-16 18:40 - 00001253 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-462682576-571085668-2278026942-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\vinicius\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{C87F64C3-0D95-421F-9FAB-0450C8A1D4C0}C:\users\vinicius\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vinicius\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{3A2DFFF1-A66C-44CD-822D-99088E60C730}C:\users\vinicius\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\vinicius\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{DD3B7969-CDFD-4FCD-A664-479D769120BA}C:\users\vinicius\desktop\age of empires ii c\the conqueror sem patch.exe] => (Allow) C:\users\vinicius\desktop\age of empires ii c\the conqueror sem patch.exe FirewallRules: [UDP Query User{DB8889C2-D874-445A-BD73-9807CE17DE42}C:\users\vinicius\desktop\age of empires ii c\the conqueror sem patch.exe] => (Allow) C:\users\vinicius\desktop\age of empires ii c\the conqueror sem patch.exe FirewallRules: [{D61BA94C-28DD-49E2-8BF7-09D804D14AB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4BE64625-F546-4F22-982B-E3B779A809CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{124E0794-11DB-4865-A2BC-638A75375415}C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{D160D73C-7A89-45E3-846F-E5F85916DD3A}C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe] => (Allow) C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{CCEE26FB-5746-4A62-BC16-450CB3ACC4F8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{125C959D-4808-4C79-8041-82BB93D45BD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{62FCB87D-80D1-4B2F-A4E7-B643B9A7F88F}C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{65381F03-FDD4-448E-87DC-D710FA7438F6}C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{15D6CA4E-6877-4AC8-B1FA-38264CD95892}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe FirewallRules: [UDP Query User{ACD91D34-5FC1-4C08-8BDE-28B7B216CA7B}C:\program files (x86)\valve\hl.exe] => (Allow) C:\program files (x86)\valve\hl.exe FirewallRules: [TCP Query User{C7856C83-5E38-470F-8430-3386A2B330B5}C:\users\vinicius\desktop\age of empires ii c\jogar.exe] => (Allow) C:\users\vinicius\desktop\age of empires ii c\jogar.exe FirewallRules: [UDP Query User{230D4770-E714-4008-92EF-558F19D938D1}C:\users\vinicius\desktop\age of empires ii c\jogar.exe] => (Allow) C:\users\vinicius\desktop\age of empires ii c\jogar.exe FirewallRules: [TCP Query User{E530B138-C31F-4368-B456-A3BB00DEA3C9}C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{8ACC896C-5ACA-4DD4-AE63-15789675629D}C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\vinicius\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{95D3E4B0-AFFE-4A38-A044-ABF378A453A6}C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{5C705028-61AF-4616-A06C-418A97B6532C}C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\vinicius\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{52605B92-4226-4510-A403-99376049F5BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 01-02-2016 23:00:01 Ponto de Verificação Agendado 09-02-2016 23:00:00 Ponto de Verificação Agendado 17-02-2016 15:00:59 Ponto de Verificação Agendado 25-02-2016 00:00:01 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Dispositivo do sistema básico Description: Dispositivo do sistema básico Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Dispositivo do sistema básico Description: Dispositivo do sistema básico Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/20/2016 06:38:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: ace_engine.exe, versão: 0.0.0.0, carimbo de hora: 0x547c2acc Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.18933, carimbo de hora: 0x55a69e20 Código de exceção: 0xc0000005 Deslocamento com falha: 0x0003d968 Identificação do processo com falha: 0x9d8 Hora de início do aplicativo com falha: 0xace_engine.exe0 Caminho do aplicativo com falha: ace_engine.exe1 FCaminho do módulo de falhas: ace_engine.exe2 Identificação do Relatório: ace_engine.exe3 Error: (02/17/2016 02:29:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/17/2016 02:05:22 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/17/2016 01:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/17/2016 01:29:59 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (3352) WindowsMail0: O backup parou porque ele foi interrompido pelo cliente ou houve falha na conexão com o cliente. Error: (02/17/2016 01:29:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/17/2016 01:16:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: ktpcntr.exe, versão: 9.1.0.5248, carimbo de hora: 0x565ed70e Nome do módulo de falhas: msvcrt.dll, versão: 7.0.7601.17744, carimbo de hora: 0x4eeaf722 Código de exceção: 0x40000015 Deslocamento com falha: 0x0005620a Identificação do processo com falha: 0x17a8 Hora de início do aplicativo com falha: 0xktpcntr.exe0 Caminho do aplicativo com falha: ktpcntr.exe1 FCaminho do módulo de falhas: ktpcntr.exe2 Identificação do Relatório: ktpcntr.exe3 Error: (02/17/2016 01:14:56 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa mbot_en_037050240.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 19c0 Hora de Início: 01d1699ceb308b7b Hora de Término: 0 Caminho do Aplicativo: C:\Program Files (x86)\mbot_en_037050240\mbot_en_037050240.exe Id do Relatório: 6ad54dff-d591-11e5-9fa2-2089840c5f02 Error: (02/17/2016 12:44:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/17/2016 12:27:01 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa ynseB689.exe versão 1.0.0.1 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 1f98 Hora de Início: 01d1690f1fde8aa9 Hora de Término: 4020 Caminho do Aplicativo: C:\Program Files (x86)\8333F190-1455478810-E211-A7B8-2089840C5F02\ynseB689.exe Id do Relatório: daa810b9-d58a-11e5-91b9-2089840c5f02 Erros de Sistema: ============= Error: (02/27/2016 03:21:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/27/2016 03:20:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:38:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:38:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:38:55 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:38:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:37:43 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:37:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:37:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (02/26/2016 04:37:39 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. CodeIntegrity: =================================== Date: 2016-02-16 19:53:21.633 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:21.603 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:19.442 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:19.422 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:19.172 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:19.152 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:18.541 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:18.511 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:18.221 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-02-16 19:53:18.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Percentagem de memória em uso: 53% RAM física total: 3914.36 MB RAM física disponível: 1814.93 MB Virtual Total: 7826.91 MB Virtual disponível: 5322.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:117.09 GB) (Free:78.34 GB) NTFS Drive d: () (Fixed) (Total:348.57 GB) (Free:298.83 GB) NTFS Drive e: (MeuDisco) (CDROM) (Total:4.28 GB) (Free:0 GB) CDFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 7049F2E9) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=348.6 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================