Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:05-03-2016 01 Executado por Filipi (2016-04-03 18:31:19) Executando a partir de C:\Users\Filipi\Downloads Windows 7 Professional Service Pack 1 (X64) (2015-06-08 23:57:05) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1856853219-287126514-1282777642-500 - Administrator - Disabled) Convidado (S-1-5-21-1856853219-287126514-1282777642-501 - Limited - Disabled) Filipi (S-1-5-21-1856853219-287126514-1282777642-1000 - Administrator - Enabled) => C:\Users\Filipi HomeGroupUser$ (S-1-5-21-1856853219-287126514-1282777642-1002 - Limited - Enabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Chromium (HKU\S-1-5-21-1856853219-287126514-1282777642-1000\...\Chromium) (Version: 50.0.2632.0 - Chromium) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MixVideoPlayer (HKLM-x32\...\MixVideoPlayer) (Version: v1.0.0.25 - SoftForce LLC) <==== ATENÇÃO Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATENÇÃO SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== ATENÇÃO Spotify (HKU\S-1-5-21-1856853219-287126514-1282777642-1000\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.112 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATENÇÃO ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {197F2A80-17C8-4D36-885C-07C51857901C} - System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} => C:\Program Files (x86)\baidu\update\baidujp_update.exe Task: {22AE5792-5EDC-4BE2-B660-762897AD9603} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {2D701AD9-62A6-4A86-9A8D-BADED610DD6D} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe Task: {34292A1A-D599-435D-8BEE-7B9E3D16515C} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATENÇÃO Task: {3A3A8656-2EE8-4FC7-A4DA-7F914D7558E6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo) Task: {462E5FE7-EDD1-43C2-8FD8-18276D2ED284} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer) <==== ATENÇÃO Task: {554105EA-8013-414B-97C9-51D10215B931} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {5577C06D-928F-4FE2-A5F9-DCC893C7215D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATENÇÃO Task: {57482FB5-535B-4370-9CCC-E6856D50965E} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-09] () Task: {581997D8-304E-4D87-8F9C-BD019C703A9D} - System32\Tasks\PFExe => C:\Users\Filipi\AppData\Local\PriceFountain\pricefountain.exe <==== ATENÇÃO Task: {597AAC1B-7602-463E-BB45-BFC63A3C715F} - System32\Tasks\MaxComputerCleaner_Start => C:\Program Files (x86)\Max Computer Cleaner\MaxComputerCleaner.exe <==== ATENÇÃO Task: {5F9322A8-6B02-41DE-AC71-ACBFF3664C0A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {60617CCA-56E0-47CF-928B-4A2A445B4FE4} - System32\Tasks\FilipiVamoosesMisnamingV2 => Rundll32.exe VolutedRevelers.dll,main 7 1 <==== ATENÇÃO Task: {6BBF3D32-381C-4B73-ABF6-576A6223BD4C} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer) <==== ATENÇÃO Task: {79026395-9555-4A59-8686-CDF1152C53E6} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{ef868b54-e28c-76e1-ef86-68b54e282d53}\priceless_p_soft_partner.exe [2014-06-15] () <==== ATENÇÃO Task: {7D7E52AB-2608-4035-B066-993C58D5930C} - System32\Tasks\DNSWILLISTON => dnswilliston.exe <==== ATENÇÃO Task: {803D7166-97D5-40BB-8FD0-6062E113696F} - System32\Tasks\Price Fountain => C:\Users\Filipi\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO Task: {8563E348-16C2-4E4E-B658-E1D1779403B0} - System32\Tasks\{8E8DB8B1-D1F6-4D4F-81D3-A7FA1E37C2BB} => pcalua.exe -a C:\Users\Filipi\AppData\Roaming\istartpageing\UninstallManager.exe -c -ptid=cmi Task: {9D8C1C3F-F133-4A83-B1BB-05330C8DF7A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-01] (Google Inc.) Task: {9E54F149-BC9A-440A-B3B4-9D52B95534ED} - System32\Tasks\{071979D2-51C7-252C-CAE6-68EE1F372507} => C:\Users\Filipi\AppData\Local\{40027~1\UNINST~1.EXE [2013-04-20] () Task: {9F41319C-7338-4E07-9172-475922BB1E23} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe Task: {9F7E8007-3078-458F-984A-E644054ED959} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATENÇÃO Task: {ACD2450F-9209-4502-9141-59AA43ABD277} - System32\Tasks\Vipaqh => C:\PROGRA~1\Fioom\Dejawhti.bat Task: {CC88CD1B-4726-475B-A2D9-B9B0752F4F10} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATENÇÃO Task: {D0011443-C940-4D6F-A151-00C8656A0916} - System32\Tasks\MixVideoPlayer Update => C:\Program Files (x86)\MixVideoPlayer\mixUpdater.exe [2015-08-06] () <==== ATENÇÃO Task: {D09B78F9-7F03-44D3-8B9D-54D0C7A67F95} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-15] () Task: {D2BC167E-E707-448F-9DFF-21510C18EFC6} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Filipi\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-14] () <==== ATENÇÃO Task: {E0AB8FD6-D41A-4EAB-A0B4-3BAAE8E831A9} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Filipi\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATENÇÃO Task: {E34CA122-C390-4810-98CE-3D70E9FED5C0} - System32\Tasks\Pritc => C:\Users\Filipi\AppData\Local\Temp\is-R4GP1.tmp\print.exe [2016-03-03] (VLOME) <==== ATENÇÃO Task: {F643F4BB-96DF-4408-8CBB-3E72835BCC98} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe [2016-03-29] () Task: {FACB61CA-6949-4AAF-87AC-16FA6A3F135C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-01] (Google Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATENÇÃO Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATENÇÃO Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATENÇÃO Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{ef868b54-e28c-76e1-ef86-68b54e282d53}\priceless_p_soft_partner.exe <==== ATENÇÃO Task: C:\Windows\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Filipi\AppData\Local\Temp\630C.exe <==== ATENÇÃO Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d18c016fcefd20.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Filipi\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO Task: C:\Windows\Tasks\{071979D2-51C7-252C-CAE6-68EE1F372507}.job => C:\Users\Filipi\AppData\Local\{40027~1\UNINST~1.EXE Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Filipi\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe—-RunCheckUpdate C:\Users\Filipi\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATENÇÃO ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Filipi\Desktop\Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1439738575&z=94aa6698f51f7e7b5d0f21fg7z0c1t9m4c8bbz6b7o&from=cmi&uid=SAMSUNGXHM500JI_S2NVJ56B606538 ShortcutWithArgument: C:\Users\Filipi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1439738575&z=94aa6698f51f7e7b5d0f21fg7z0c1t9m4c8bbz6b7o&from=cmi&uid=SAMSUNGXHM500JI_S2NVJ56B606538 ==================== Módulos Carregados (Whitelisted) ============== 2016-03-31 07:36 - 2016-03-31 07:36 - 03587000 _____ () C:\ProgramData\System32\SafeGuard64.dll 2015-09-29 00:48 - 2015-09-24 09:25 - 00185800 _____ () C:\Users\Filipi\AppData\Local\Crsoft\crsvc.exe 2016-04-03 00:22 - 2016-04-03 00:22 - 00284160 _____ () C:\Program Files (x86)\000A6122-1434406204-8010-FFFF-F46D04DEBFAC\knsp5EDB.tmp 2016-03-29 09:03 - 2016-03-29 09:03 - 00174408 _____ () C:\Users\Filipi\AppData\Roaming\Inuql\Inuql.exe 2016-03-29 09:03 - 2016-03-29 09:03 - 00670536 _____ () C:\Users\Filipi\AppData\Roaming\Inuql\Iciva.dll 2015-06-15 19:09 - 2015-06-12 07:58 - 00173848 _____ () C:\Users\Filipi\AppData\Roaming\NetService\netservice.exe 2016-03-21 11:57 - 2016-03-21 11:57 - 00111616 _____ () C:\Users\Filipi\AppData\Local\Apps\2.0\abril.exe 2016-03-29 09:03 - 2016-03-29 09:03 - 00146248 _____ () C:\Users\Filipi\AppData\Roaming\Inuql\Iciva.exe 2016-03-29 09:03 - 2016-03-29 09:03 - 00115528 _____ () C:\Users\Filipi\AppData\Roaming\Inuql\Cugvoqyed.exe 2016-03-31 07:42 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Filipi\AppData\Roaming\WinNetSvc\WinNetSvc.exe 2016-03-31 07:42 - 2016-03-15 03:40 - 04984448 _____ () C:\Users\Filipi\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe 2015-06-15 19:10 - 2015-06-15 19:10 - 00219136 _____ () C:\Users\Filipi\AppData\Roaming\000A6122-1434406204-8010-FFFF-F46D04DEBFAC\jnsuB20F.tmp 2016-04-03 18:15 - 2016-04-03 18:15 - 00610280 _____ () c:\users\filipi\appdata\local\temp\31563\setup.exe 2016-04-03 16:14 - 2016-04-03 16:14 - 00099840 _____ () C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe 2016-03-30 08:54 - 2016-03-30 08:54 - 00059904 _____ () C:\Program Files (x86)\sunnyday\otutnetwork.exe 2015-06-12 05:49 - 2015-06-12 05:49 - 01448264 _____ () C:\Windows\System32\cpuminer-gw64.exe 2016-03-30 08:54 - 2016-03-30 08:54 - 04050432 _____ () C:\Program Files\SpaceSoundPro\idsccom_DYC.exe 2016-03-30 08:54 - 2016-03-30 08:55 - 04050432 _____ () C:\Program Files (x86)\sunnyday\wincom_OF9.exe 2016-03-30 09:02 - 2016-03-30 09:03 - 04050432 _____ () C:\Program Files (x86)\Max Driver Updater\idsccom_34T.exe 2016-03-30 11:59 - 2016-03-30 12:01 - 04050432 _____ () C:\Program Files (x86)\Hostify\idsccom_4B8.exe 2016-03-30 12:00 - 2016-02-09 12:30 - 02036224 _____ () C:\ProgramData\WindowsMsg\osmsg.exe 2016-04-01 07:18 - 2016-04-01 07:18 - 02023424 _____ () C:\Users\Filipi\AppData\Roaming\AdobeARM.exe 2015-08-07 07:20 - 2015-08-07 07:20 - 00122536 _____ () C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe 2016-04-03 18:19 - 2016-04-03 18:19 - 00708096 _____ () C:\Users\Filipi\AppData\Local\Temp\is-UVUM2.tmp\MediaDownloader.tmp 2015-09-29 01:13 - 2015-08-06 00:47 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll 2015-09-29 01:13 - 2015-07-15 02:58 - 00065688 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll 2016-03-31 07:36 - 2016-03-31 07:36 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll 2016-03-29 09:03 - 2016-03-29 09:03 - 00261960 _____ () C:\Users\Filipi\AppData\Roaming\Inuql\Cugvoqyed.dll 2016-04-02 11:46 - 2016-04-02 11:46 - 00367104 _____ () C:\Users\Filipi\AppData\Local\VamoosesMisnaming\VolutedRevelers.dll 2016-03-31 07:42 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Filipi\AppData\Roaming\WinNetSvc\Interface.dll 2016-03-31 07:42 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Filipi\AppData\Roaming\WMPNetworkAcSvc\Interface.dll 2016-04-01 07:41 - 2016-04-01 07:41 - 47503472 _____ () C:\Users\Filipi\AppData\Roaming\Spotify\libcef.dll 2016-04-01 07:32 - 2016-03-27 04:58 - 17545880 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll 2015-06-15 20:31 - 2015-06-15 20:31 - 00818176 _____ () C:\Program Files (x86)\PrriceMinus\1Z6yUuxjkrrGSe.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Users\Filipi\Local Settings:init [1625323] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-04-02 11:52 - 00002644 ____A C:\Windows\system32\Drivers\etc\hosts 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us Existem ainda 19 mais linhas. ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1856853219-287126514-1282777642-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está desabilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{44B9F646-F0EC-4A66-85E9-66A664599CDB}] => (Allow) C:\Users\Filipi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CE02EE37-EF85-4BF3-A1E2-16E4710F7AFB}] => (Allow) C:\Users\Filipi\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B5B0B2BA-1424-4265-914F-3C7799DFF1A8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{7EFF606D-C9DE-4DEB-B403-3D9638EFC6F8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{15E0F9DB-A3DC-42CC-8C7E-E04A06A11A5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{282440F2-8EE4-471F-8270-AC394126F18F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D28F5901-AFAF-480A-8EC2-E8E20E496652}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{08CACA02-5323-4341-9F46-C5438ED2811B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{F3EE841B-047E-4677-BB81-9978E86D4DA2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{29484029-019E-4A3B-8368-2674270B81B2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{FFECDDF8-58CC-4C1F-92B0-B469F609A5C9}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [TCP Query User{74B23E4F-DE7D-4694-9A1C-FFCC06D6620B}C:\program files (x86)\jfilemanager\jfilemanager.exe] => (Block) C:\program files (x86)\jfilemanager\jfilemanager.exe FirewallRules: [UDP Query User{1FB70F70-69B0-40ED-A857-D3AA3C592602}C:\program files (x86)\jfilemanager\jfilemanager.exe] => (Block) C:\program files (x86)\jfilemanager\jfilemanager.exe FirewallRules: [{6EE46F74-C3E4-4494-BD4D-7BF8F8B2267F}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe FirewallRules: [{4F3339B0-44AE-4D98-8294-8C13CBB33346}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe FirewallRules: [{9C27C7D6-A1E8-48FF-8F37-B518B36A4695}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{BDF647E5-78E9-4F7E-A061-69384E8A49F3}C:\users\filipi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\filipi\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{0186113B-4EB7-4298-8FF4-5E7A852C2E76}C:\users\filipi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\filipi\appdata\roaming\spotify\spotify.exe FirewallRules: [{CFD6C3B5-A8E9-49A7-B7F8-3319282BDCB1}] => (Allow) C:\Users\Filipi\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [TCP Query User{7196EDC4-660D-42FD-9C97-98FF8D8028CA}C:\users\filipi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\filipi\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{51F9C37E-640C-4214-93F0-9DBD6BCE2BA3}C:\users\filipi\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\filipi\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{B95EB6B2-D3A5-4FEB-A8D4-03930A90570D}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe FirewallRules: [UDP Query User{6403FDCF-46E5-4890-B656-CF85E9F0FEAD}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe ==================== Pontos de Restauração ========================= 17-03-2016 11:09:03 Windows Update 30-03-2016 08:41:50 Windows Update 30-03-2016 12:03:04 Uniblue SpeedUpMyPC installation 30-03-2016 12:11:08 Uniblue DriverScanner installation 31-03-2016 07:23:50 Windows Update 31-03-2016 07:34:15 Windows Update 31-03-2016 09:49:08 Windows Update 31-03-2016 15:26:09 Uniblue DriverScanner installation 01-04-2016 07:17:30 Windows Update 01-04-2016 07:17:30 Windows Update 02-04-2016 11:45:28 Uniblue DriverScanner installation 03-04-2016 15:50:17 Windows Update 03-04-2016 18:01:32 Uniblue DriverScanner installation ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Controlador Ethernet Description: Controlador Ethernet Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Controlador de barramento SM Description: Controlador de barramento SM Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Adaptador de Miniporta WiFi Virtual da Microsoft Description: Adaptador de Miniporta WiFi Virtual da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Unknown Device Description: Unknown Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Controlador de comunicação PCI simples Description: Controlador de comunicação PCI simples Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (04/03/2016 06:19:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: coin-miner-1.exe, versão: 0.0.0.0, carimbo de hora: 0x56c4a070 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7bafa Código de exceção: 0x0eedfade Deslocamento com falha: 0x0000b727 Identificação do processo com falha: 0x1798 Hora de início do aplicativo com falha: 0xcoin-miner-1.exe0 Caminho do aplicativo com falha: coin-miner-1.exe1 FCaminho do módulo de falhas: coin-miner-1.exe2 Identificação do Relatório: coin-miner-1.exe3 Error: (04/03/2016 06:11:20 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa FRST64.exe versão 5.3.2016.1 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 16f4 Hora de Início: 01d18ded3a634ee1 Hora de Término: 41 Caminho do Aplicativo: C:\Users\Filipi\Downloads\FRST64.exe Id do Relatório: 85d42175-f9e0-11e5-8f81-a4da2a340771 Error: (04/03/2016 06:05:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: setup.tmp.tmp, versão: 51.52.0.0, carimbo de hora: 0x2a425e19 Nome do módulo de falhas: SafeGuard32.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x568382a8 Código de exceção: 0xc0000005 Deslocamento com falha: 0x70f842c3 Identificação do processo com falha: 0x1978 Hora de início do aplicativo com falha: 0xsetup.tmp.tmp0 Caminho do aplicativo com falha: setup.tmp.tmp1 FCaminho do módulo de falhas: setup.tmp.tmp2 Identificação do Relatório: setup.tmp.tmp3 Error: (04/03/2016 05:37:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: coin-miner-1.exe, versão: 0.0.0.0, carimbo de hora: 0x56c4a070 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7601.17514, carimbo de hora: 0x4ce7bafa Código de exceção: 0x0eedfade Deslocamento com falha: 0x0000b727 Identificação do processo com falha: 0x5a4 Hora de início do aplicativo com falha: 0xcoin-miner-1.exe0 Caminho do aplicativo com falha: coin-miner-1.exe1 FCaminho do módulo de falhas: coin-miner-1.exe2 Identificação do Relatório: coin-miner-1.exe3 Error: (04/03/2016 04:48:59 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3. Sintaxe XMl inválida. Error: (04/03/2016 03:56:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: DiagTrackRunner.exe, versão: 10.0.10041.0, carimbo de hora: 0x5503b990 Nome do módulo de falhas: diagtrack.dll, versão: 10.0.10033.0, carimbo de hora: 0x54f65c93 Código de exceção: 0xc0000005 Deslocamento com falha: 0x0000000000031388 Identificação do processo com falha: 0x3914 Hora de início do aplicativo com falha: 0xDiagTrackRunner.exe0 Caminho do aplicativo com falha: DiagTrackRunner.exe1 FCaminho do módulo de falhas: DiagTrackRunner.exe2 Identificação do Relatório: DiagTrackRunner.exe3 Error: (04/03/2016 03:48:58 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3. Sintaxe XMl inválida. Error: (04/03/2016 02:33:24 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3. Sintaxe XMl inválida. Error: (04/03/2016 01:33:24 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3. Sintaxe XMl inválida. Error: (04/03/2016 12:33:24 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Falha na geração de contexto de ativação para "1". Erro no arquivo de manifesto ou de diretiva 2", na linha 3. Sintaxe XMl inválida. Erros de Sistema: ============= Error: (04/03/2016 06:16:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço MPC Core Protect Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/03/2016 06:15:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Uuvomfh devido ao seguinte erro: %%2 Error: (04/03/2016 06:14:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço UPCleaner SVC devido ao seguinte erro: %%2 Error: (04/03/2016 05:55:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço MPC Core Protect Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/03/2016 05:54:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Uuvomfh devido ao seguinte erro: %%2 Error: (04/03/2016 05:53:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço UPCleaner SVC devido ao seguinte erro: %%2 Error: (04/03/2016 05:25:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço MPC Core Protect Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/03/2016 05:23:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Uuvomfh devido ao seguinte erro: %%2 Error: (04/03/2016 05:23:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço UPCleaner SVC devido ao seguinte erro: %%2 Error: (04/03/2016 05:22:25 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: O serviço Windows Update não foi desligado corretamente após receber um controle de pré-desligamento. CodeIntegrity: =================================== Date: 2015-06-15 19:43:47.114 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:43:42.267 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:43:42.259 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:43:01.912 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:43:01.904 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:42:50.866 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:42:50.866 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:41:53.918 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:41:53.913 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-06-15 19:41:53.878 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BubbleSound\BubbleSound.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz Percentagem de memória em uso: 74% RAM física total: 6050.22 MB RAM física disponível: 1568.51 MB Virtual Total: 12098.64 MB Virtual disponível: 7860.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:367.85 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D67402F1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================