Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:05-03-2016 01 Executado por Vinícius (2016-03-29 01:08:29) Executando a partir de C:\Users\Vinícius\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2016-01-26 06:12:59) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-3974421794-2682367010-2033964058-500 - Administrator - Disabled) Convidado (S-1-5-21-3974421794-2682367010-2033964058-501 - Limited - Disabled) Vinícius (S-1-5-21-3974421794-2682367010-2033964058-1000 - Administrator - Enabled) => C:\Users\Vinícius ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-3974421794-2682367010-2033964058-1000\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.) Adobe Acrobat X Pro - Italiano, Español, Nederlands, Português (HKLM-x32\...\{AC76BA86-1040-7D70-7760-000000000005}) (Version: 10.1.16 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) AnyFlix (HKLM-x32\...\AnyFlix.ns) (Version: - ) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.48.55 - Broadcom Corporation) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) CGS17_Setup_x64 (Version: 17.4 - Corel Corporation) Hidden Chromium (HKU\.DEFAULT\...\Chromium) (Version: 46.0.2472.0 - Chromium) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Corel Graphics - Windows Shell Extension (HKLM\...\_{9DA7C2FD-AD83-4E2E-B9F2-9996749318E0}) (Version: 17.4.0.887 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 17.4.887 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.4.887 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - BR (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.4 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.4.0.887 - Corel Corporation) Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.) K-Lite Codec Pack 12.0.1 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.0.1 - KLCP) Legendas 3.5 (HKLM-x32\...\{461C0377-D2EC-4FB0-B038-847BC6455432}_is1) (Version: 3.5 - Legendas Brasil) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Painel de controle da NVIDIA 359.06 (Version: 359.06 - NVIDIA Corporation) Hidden PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) PriceFountain (remove only) (HKU\.DEFAULT\...\PriceFountain) (Version: 1.2.9.6 - PBNGTBJJPYO) <==== ATENÇÃO Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7634 - Realtek Semiconductor Corp.) Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATENÇÃO Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.) SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC) Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.) Update for PriceFountain (HKU\.DEFAULT\...\PriceFountainUpdateVer) (Version: - Update for PriceFountain) <==== ATENÇÃO Wajam (HKLM-x32\...\755d9f8d9532c56b8c203f2f9765ae65) (Version: 1.63.1.14 (i1.0) - Wajam) <==== ATENÇÃO WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8800 - Broadcom Corporation) WIN (HKLM-x32\...\win_en_77_is1) (Version: - ) <==== ATENÇÃO WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {114E75B7-6D10-41A7-88E6-53EF5A644492} - System32\Tasks\SISTEMABigamousIcebreakerV2 => Rundll32.exe BrevetciesTurfs.dll,main 7 1 <==== ATENÇÃO Task: {13DAC4ED-9826-4A7F-A643-61897D9550EA} - System32\Tasks\Mipwinje => C:\PROGRA~1\NUNQIU~1\Ehitivi.bat Task: {13EDF75F-C210-4BD8-B3D2-EBDD5FB48AB5} - System32\Tasks\Driver Booster SkipUAC (Vinícius) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-01-18] (IObit) Task: {145ADF3F-550F-4646-A595-5A18C31C7425} - System32\Tasks\AdobeAAMUpdater-1.0-Vinícius-PC-Vinícius => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated) Task: {1C19670F-FDC3-49FB-9B51-34856028CF2C} - System32\Tasks\{E3409E49-6089-4B4A-88EC-78326D030B74} => pcalua.exe -a C:\Users\Vinícius\AppData\Local\Temp\Temp1_Touchpad_WXP_4.1.0.0.ZIP\Elan\Setup.exe Task: {20E2CD4B-1527-4173-BE66-115BD11E03DB} - System32\Tasks\{0520339F-2658-4ED0-97E0-65487D019D30} => pcalua.exe -a C:\Users\Vinícius\AppData\Local\Temp\Temp1_Touchpad_WXP_4.1.0.0.ZIP\TouchpadSetup.exe Task: {27668232-83F3-4726-A20F-0EBB12FC35DF} - System32\Tasks\{59732EE8-2620-447A-BF56-9718BACDAD89} => pcalua.exe -a C:\Users\Vinícius\AppData\Local\Temp\Temp1_Touchpad_Elantech_Win7_64_Z11509.zip\Setup.exe Task: {36C76D25-636C-41A0-A1DC-3E5FA830979F} - System32\Tasks\PFExe => C:\Windows\system32\config\systemprofile\AppData\Local\PriceFountain\pricefountain.exe <==== ATENÇÃO Task: {3B64B068-0EE4-47D0-A61F-4ED78B8B05B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.) Task: {3E9741B9-F7A3-4DC2-B83E-CF5100674FF2} - System32\Tasks\{79790A47-7D7A-0978-0D11-0F0B0E7A117E} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAOwAgACAAIAAgADsAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUA (a entrada de dados tem 9272 mais caracteres). Task: {3F7A581F-8B4E-45E9-B486-B4FF3EE80C80} - System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} => C:\Program Files (x86)\baidu\update\baidujp_update.exe [2015-07-08] (Baidu) Task: {46CB3B58-3C24-45DE-A8AA-121428B18F9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.) Task: {7203CCD6-C9E0-4625-9A2E-8A3CD0F6C640} - System32\Tasks\{0FC873D5-1992-493F-807B-7C7E7AB401E0} => pcalua.exe -a "C:\Users\Vinícius\Desktop\setup (2).exe" -d C:\Users\Vinícius\Desktop Task: {80986D56-E458-443B-98D7-EA6F97F8A4B0} - System32\Tasks\{94D71080-0595-4B78-9136-D5F4A065E707} => pcalua.exe -a C:\Users\Vinícius\AppData\Local\Temp\Temp2_QCA_WLAN_Driver_1.0.0.1.ZIP\setup.exe Task: {9A03CD20-8160-4EB4-8EB0-A9ABEC46FB9B} - System32\Tasks\DNS Monitoring => C:\Windows\system32\regsvr32.exe [2009-07-13] (Microsoft Corporation) Task: {A7CE09FE-0E3A-4BC6-8052-AA3EB6EBD946} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-03-28] (Enigma Software Group USA, LLC.) Task: {AB815AD5-CBD4-47CE-870B-C73974877F5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {E732ACF4-0142-4BA1-9517-A4074C8D3BE1} - System32\Tasks\{A7353269-8173-4874-8C3F-40E48644E80E} => pcalua.exe -a "C:\Users\Vinícius\Desktop\setup (3).exe" -d C:\Users\Vinícius\Desktop Task: {E73381DE-E504-49B8-BBE3-67AE7B263DF0} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-01-13] (IObit) Task: {E85C497B-986E-436F-AE9B-2F977AE7E31B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-28] (Adobe Systems Incorporated) Task: {F4392C8E-2CBA-49E4-A9BB-243F1056D43A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.) Task: {FE472538-CD15-4C5B-8B64-06788409109C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-02] () (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job => C:\Program Files (x86)\baidu\update\baidujp_update.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Vinícius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459204836&a=1051314&src=sh&uuid=7cd7f37f-9ad5-45dd-b9bb-4d20e491d608" ShortcutWithArgument: C:\Users\Vinícius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459204836&a=1051314&src=sh&uuid=7cd7f37f-9ad5-45dd-b9bb-4d20e491d608" ShortcutWithArgument: C:\Users\Vinícius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1459204836&a=1051314&src=sh&uuid=7cd7f37f-9ad5-45dd-b9bb-4d20e491d608" --disable-quic ShortcutWithArgument: C:\Users\Vinícius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459204836&a=1051314&src=sh&uuid=7cd7f37f-9ad5-45dd-b9bb-4d20e491d608" ShortcutWithArgument: C:\Users\Vinícius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://trustedsurf.com/?ssid=1459204836&a=1051314&src=sh&uuid=7cd7f37f-9ad5-45dd-b9bb-4d20e491d608" --disable-quic ShortcutWithArgument: C:\Users\Vinícius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459204836&a=1051314&src=sh&uuid=7cd7f37f-9ad5-45dd-b9bb-4d20e491d608" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ ==================== Módulos Carregados (Whitelisted) ============== 2016-01-26 23:11 - 2016-01-26 23:11 - 00012080 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2016-01-26 23:13 - 2015-11-24 15:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-12-17 17:38 - 2015-12-17 17:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-12-17 17:38 - 2015-12-17 17:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-03-28 17:14 - 2016-03-28 17:14 - 00670568 _____ () C:\Users\Vinícius\AppData\Roaming\Wiuair\Fufdebna.dll 2016-03-28 19:51 - 2016-03-28 19:51 - 00302080 _____ () C:\Program Files (x86)\C833C764-1459205457-11E1-813C-46395B2F6F62\jnsk2668.tmp 2016-03-28 18:46 - 2016-03-28 18:46 - 00272896 _____ () C:\Program Files (x86)\C833C764-1459205457-11E1-813C-46395B2F6F62\knsuE8E.tmpfs 2016-03-28 17:14 - 2016-03-28 17:14 - 00174440 _____ () C:\Users\Vinícius\AppData\Roaming\Wiuair\Wiuair.exe 2016-03-28 19:51 - 2016-03-28 19:51 - 00416256 _____ () C:\Program Files (x86)\C833C764-1459205457-11E1-813C-46395B2F6F62\hnsu3E6C.tmp 2016-03-28 17:14 - 2016-03-28 17:14 - 00146280 _____ () C:\Users\Vinícius\AppData\Roaming\Wiuair\Fufdebna.exe 2016-03-28 17:14 - 2016-03-28 17:14 - 00115560 _____ () C:\Users\Vinícius\AppData\Roaming\Wiuair\Aiusek.exe 2016-01-26 23:26 - 2016-01-26 23:26 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-03-28 20:45 - 2016-03-26 09:16 - 02007040 _____ () C:\ProgramData\WindowsMsg\osmsg.exe 2015-08-07 07:20 - 2015-08-07 07:20 - 00122536 _____ () C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe 2016-03-28 19:43 - 2016-03-23 15:21 - 04055256 _____ () C:\Program Files (x86)\win_en_77\win_en_77.exe 2016-03-29 00:08 - 2016-03-29 00:08 - 00610280 _____ () c:\windows\temp\13461\setup.exe 2016-02-05 03:23 - 2016-01-23 07:10 - 01855488 _____ () C:\Program Files (x86)\Legendas-3.5\srvlegendas.exe 2016-03-29 00:23 - 2016-03-29 00:23 - 00600048 _____ () c:\windows\temp\16283\setup.exe 2016-01-26 23:11 - 2016-01-26 23:11 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2016-03-28 17:14 - 2016-03-28 17:14 - 00261992 _____ () C:\Users\Vinícius\AppData\Roaming\Wiuair\Aiusek.dll 2015-09-24 12:42 - 2015-09-24 12:42 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\pt_BR\acrotray.ptb 2016-03-15 00:25 - 2016-03-07 23:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll 2016-03-15 00:25 - 2016-03-07 23:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Users\Vinícius\AppData\Local\Temp:ro9hC0NUxihMVHM60c [2092] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-03-28 19:49 - 00001082 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 cdneu.limicimi.com 127.0.0.1 cdnus.limicimi.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3974421794-2682367010-2033964058-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.25.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{B0E44FD3-75F2-4E1F-A7F7-62A6ED2E3E01}C:\users\vinícius\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vinícius\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{EE1F542D-1571-4128-A6E6-B1B2A9C4222C}C:\users\vinícius\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\vinícius\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{406B5E45-5BDB-4200-9106-F2E7F19722D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{037DDEDB-A90F-4125-935C-367E39550989}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{5551F1B4-D7C9-4762-B17D-6F406BD1A4E7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C1EE3E48-35FF-41B1-B1A5-AE5C55084C00}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0B00546E-096E-4982-AF83-6DF76D84A504}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{88C4B6E4-8427-4D70-9CA2-FB1DAED3AE89}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{F6A2C367-F0EA-40A8-B349-83E82E4CA613}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe FirewallRules: [{88399141-D631-4A8B-ADD0-28F0B315D99B}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe FirewallRules: [{525E0958-BA21-417E-8A5E-2DF9E7B68D8C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9E5EF23C-4559-4CAB-B531-841646D6548F}] => (Allow) C:\Users\Vinícius\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{EF83488A-8FAA-4FDB-87E5-D73DCDC4F176}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [{84DFD74B-656B-4E62-8A08-EE2137892F2C}] => (Allow) C:\Windows\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe ==================== Pontos de Restauração ========================= 30-01-2016 02:01:51 Windows 7 Service Pack 1 31-01-2016 04:20:04 Windows Update 01-02-2016 17:14:20 Windows Update 01-02-2016 18:22:44 Windows Update 01-02-2016 23:00:40 Instalado Realtek High Definition Audio Driver 01-02-2016 23:28:31 Operação de restauração 01-02-2016 23:54:51 Windows Update 05-02-2016 02:00:24 Windows Update 09-02-2016 13:10:48 Windows Update 09-02-2016 14:56:11 Windows Update 10-02-2016 02:01:31 Windows Update 11-02-2016 21:46:39 Windows Update 15-02-2016 15:45:07 Windows Update 16-02-2016 02:00:18 Windows Update 16-02-2016 03:09:17 Installed Microsoft Office Word MUI (English) 2010 22-02-2016 01:32:00 Windows Update 23-02-2016 19:08:50 Microsoft Visual Studio Tools for Applications 2012 26-02-2016 03:00:20 Windows Update 01-03-2016 22:46:39 Windows Update 09-03-2016 03:00:31 Windows Update 25-03-2016 22:35:43 Ponto de Verificação Agendado 28-03-2016 20:15:17 Removed Cisco EAP-FAST Module 28-03-2016 20:32:54 Removed Cisco EAP-FAST Module 28-03-2016 20:33:20 Removed Cisco LEAP Module ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Controlador de comunicação PCI simples Description: Controlador de comunicação PCI simples Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (03/29/2016 12:15:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:42 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:15:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Error: (03/29/2016 12:14:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado. Erros de Sistema: ============= Error: (03/29/2016 12:07:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço 5ae1268131800b4d1ce002023b024b60 foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (03/29/2016 12:07:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Jyahut devido ao seguinte erro: %%2 Error: (03/28/2016 11:18:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço 5ae1268131800b4d1ce002023b024b60 foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (03/28/2016 11:18:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Jyahut devido ao seguinte erro: %%2 Error: (03/28/2016 10:58:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço 5ae1268131800b4d1ce002023b024b60 foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (03/28/2016 10:57:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Jyahut devido ao seguinte erro: %%2 Error: (03/28/2016 10:41:22 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (03/28/2016 10:24:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Microsoft .NET Framework NGEN v4.0.30319_X86. Error: (03/28/2016 10:21:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço 5ae1268131800b4d1ce002023b024b60 foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (03/28/2016 10:21:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Jyahut devido ao seguinte erro: %%2 CodeIntegrity: =================================== Date: 2016-03-28 20:56:28.311 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:56:28.225 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:53.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:53.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:47.823 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:47.695 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:41.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:40.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:37.273 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-28 20:55:37.113 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentagem de memória em uso: 40% RAM física total: 6055.12 MB RAM física disponível: 3574.63 MB Virtual Total: 12108.44 MB Virtual disponível: 9017.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:660.14 GB) NTFS ==================== MBR & Tabela de Partições ================== ==================== Fim de Addition.txt ============================