Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
Ran by Casa (2016-02-15 19:52:51)
Running from C:\Users\Casa\Desktop
Microsoft Windows 7 Ultimate (X86) (2011-11-07 17:01:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3923423384-1465317235-2915663045-500 - Administrator - Disabled)
Casa (S-1-5-21-3923423384-1465317235-2915663045-1000 - Administrator - Enabled) => C:\Users\Casa
Convidado (S-1-5-21-3923423384-1465317235-2915663045-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASSISTAT - Statistical Assistance (HKLM\...\ASSISTAT - Statistical Assistance) (Version: - )
aTube Catcher versão 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avast Free Antivirus (HKLM\...\avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{CF0D492B-12F2-40B0-AF33-0F1BAA0BEF37}) (Version: 2.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
GBBD Caixa Economica Federal (HKLM\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.11.0.1 - )
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GunboundPS (HKLM\...\GunboundPS_is1) (Version: - Softnyx co.,ltd.)
HP Deskjet 2540 series Ajuda (HKLM\...\{70B5D5B2-8014-4C22-9963-361B1F07B81A}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 2540 series Software básico do dispositivo (HKLM\...\{831C1695-CF1D-4379-B432-89139C7159FB}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDRISI Selva (HKLM\...\IDRISI Selva) (Version: 17.00 - Clark Labs / Clark University)
IDRISI Selva (Version: 17.00 - Clark Labs / Clark University) Hidden
Java 8 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: GBBD Banco do Brasil - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Opera Stable 34.0.2036.36 (HKLM\...\Opera 34.0.2036.36) (Version: 34.0.2036.36 - Opera Software)
Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50709 - Microsoft Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
QGIS Lyon 2.12.2 Lyon (HKLM\...\QGIS Lyon) (Version: - QGIS Development Team)
QGIS Pisa 2.10.1 Pisa (HKLM\...\QGIS Pisa) (Version: - QGIS Development Team)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spring 5.2.2 Português_x64 (HKLM\...\Spring 5.2.2 Português_x64) (Version: - )
Spring 5.2.2 Português_x86 (HKLM\...\Spring 5.2.2 Português_x86) (Version: - )
Suporte para Aplicativos Apple (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TZip 1.0 (HKLM\...\TZip) (Version: 1.0 - TZip)
VideoCAM Look (HKLM\...\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}) (Version: 4.7.5.4 - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {001F8583-EB87-4C4A-82F1-6E9D9E320DF1} - System32\Tasks\{41FEE92B-7CB6-408C-85FA-00D992C20A14} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pt/abandoninstall?page=tsMain
Task: {09C4544B-94CB-4605-A826-80FF6A404797} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000UA => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0E0083AE-EE53-455D-8715-9D016AC3BAF3} - System32\Tasks\{FB9286B6-C798-4E17-B02E-995E2145DF8C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {102559E2-C90B-4BC0-8F23-03DBF85142B3} - System32\Tasks\{09AB0F3B-A2DA-454A-A9CB-B0A0AD092789} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111&LastError=404
Task: {141B7F2E-A26B-49EA-8CE1-4C9086B909E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000Core => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1822550F-6086-4ACA-84F8-20C7F6E2D854} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1A1C6D6F-2D44-4E6D-8A2D-5EAF3C43FF9A} - System32\Tasks\{39EBE72D-7668-4766-AB9A-FD016238A508} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {1B101577-E546-4702-B29D-86551C5833D8} - System32\Tasks\{9673AB67-AFD4-4A98-95CD-881222DD238B} => pcalua.exe -a C:\GitzWC\Season1\uninstall.exe
Task: {21564AFD-388B-4A24-8337-AD05589966AA} - System32\Tasks\{5F9214AA-71B3-462A-9202-30F1E67EC786} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {216DAA09-BB92-4887-83B1-26619D58CF4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {2E6F25F3-E440-41B1-BC7C-A7D7CFBFBF95} - System32\Tasks\{7C20DB9A-A79D-4A3E-A8CD-709EC9897F6B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {30E419CB-5652-4135-B6CD-DAE2BD3804BA} - System32\Tasks\Upibd => C:\PROGRA~1\SHOPPE~4\Faidti.bat
Task: {36D8CC13-BD75-4441-917C-3E6BB527B96E} - System32\Tasks\Opera scheduled Autoupdate 1452046037 => C:\Program Files\Opera\launcher.exe [2015-12-14] (Opera Software)
Task: {3CEF9B7A-C84A-4B86-B3F8-C3CD20008D6E} - System32\Tasks\{4081B0C1-5F61-40F6-B592-72E6A7B10545} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsBing
Task: {4A3887D3-1628-45C6-9B61-8AE4E74D4B3E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {4FD50E6B-AEA6-48C4-A1FA-B69C53A857A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {50AFDC79-F2F0-4874-B3C4-C1B2E34C2533} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-08] (Google Inc.)
Task: {524BAB3B-ED53-4279-9889-9440C3B571D3} - System32\Tasks\{938842AA-33E5-48E8-B75B-33D39C1D39F3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {543BC415-7A43-4415-B2C5-31CB975CF0EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {5E39F61B-17BB-463B-A3BC-11D15CEF051E} - System32\Tasks\{76ECB240-11A7-401F-8EF7-B0E73B0E576D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {60D2552D-D243-4036-A964-F7D0536ED984} - System32\Tasks\17F4DBEA-964E-40FF-8B80-1A38D237B359 => C:\Users\Casa\AppData\Local\17F4DBEA-964E-40FF-8B80-1A38D237B359\17F4DBEA-964E-40FF-8B80-1A38D237B359.exe <==== ATTENTION
Task: {629304D4-0673-406A-AE71-6139AAF61AA0} - System32\Tasks\{6F0E26FF-5AAC-4073-9AF6-4E9F273D66C2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {644E95C8-9C2A-4BBD-8D7E-DD05817E4022} - System32\Tasks\{5CC7850B-48FD-4A4A-AE6A-247E9447C1EC} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.117&LastError=404
Task: {78A14EB9-191E-4E3E-99CC-425D3DFB7834} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-23] (AVAST Software)
Task: {84D5F12E-7BF5-4C4B-97A0-5CE3F955177B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3923423384-1465317235-2915663045-1000
Task: {9B774C40-BC27-47CD-B142-C25630A306BF} - System32\Tasks\{921390F9-5ADF-4F83-8E24-44377E9EB120} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {A9B46BC4-20BC-48D1-93EE-3025EAC365A1} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Casa\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-14] () <==== ATTENTION
Task: {B6BFF532-8F6E-494B-A2A6-6C98E914880D} - System32\Tasks\{A60A6D91-5471-4FB7-AF63-8AF4BE201343} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pt/abandoninstall?page=tsMain
Task: {D281C9F9-C168-429C-9B4B-E545D2AFCBBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-08] (Google Inc.)
Task: {DA0B0613-EB4D-4981-9443-523B9C038AED} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-23] (AVAST Software)
Task: {DD2CE908-4FB5-44EB-B730-E73052A49D9D} - System32\Tasks\Felpu => C:\PROGRA~1\SHOPPE~2\Lujanib.bat
Task: {DDAA2ADD-290D-427E-B20B-C0CC68BDF4C8} - System32\Tasks\{A01B7A21-049F-4826-A0EC-DFD447B0795D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {DDB8592C-E576-43CC-86CD-497D73920B87} - System32\Tasks\{2AC48A57-1EC7-417D-AB03-C1AC933DD252} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000Core.job => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000UA.job => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Casa\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe-RunCheckUpdate C:\Users\Casa\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Casa\Desktop\QGIS Desktop 2.12.2.lnk -> C:\Program Files\QGIS Lyon\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGISLY~1\bin\qgis.bat
ShortcutWithArgument: C:\Users\Casa\Desktop\QGIS\SAGA GIS (2.1.2).lnk -> C:\Program Files\QGIS Lyon\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGISLY~1\bin\saga_gui.bat
ShortcutWithArgument: C:\Users\Casa\Desktop\JUNIOR\QGIS\SAGA GIS (2.1.2).lnk -> C:\Program Files\QGIS Pisa\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGISPI~1\bin\saga_gui.bat
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk -> C:\Program Files\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe () -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
==================== Loaded Modules (Whitelisted) ==============
2015-12-30 15:08 - 2015-12-30 15:08 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll
2015-12-23 14:00 - 2015-12-23 14:00 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-23 13:59 - 2015-12-23 13:59 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-28 12:19 - 2015-12-28 12:19 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122801\algo.dll
2015-12-23 14:00 - 2015-12-23 14:00 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-11-07 16:56 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-23 14:00 - 2015-12-23 14:00 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-08 17:25 - 2015-12-08 17:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files\Skype\Phone\ssScreenVVS2.dll
2016-02-12 17:26 - 2015-12-10 10:56 - 00193456 _____ () C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
2016-02-12 17:26 - 2015-12-08 11:12 - 00126896 _____ () C:\Program Files\SkypeUpdateEx\SkypeUpdate.dll
2016-01-23 17:40 - 2015-12-08 10:24 - 07142328 _____ () C:\Users\Casa\AppData\Roaming\XBox\XBLive.exe
2016-01-23 17:40 - 2015-11-30 10:08 - 00256440 _____ () C:\Users\Casa\AppData\Roaming\XBox\Xbox.Live.dll
2016-02-12 17:30 - 2016-02-09 09:58 - 16810824 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll
2016-01-08 01:59 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Casa\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2016-01-08 01:59 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Casa\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:E401E3DD_Bb.gbp
AlternateDataStreams: C:\Windows\System32:E401E3DD_Cef.gbp
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\Users\Casa\AppData\Roaming\Launcher__16211_il391044.exe:typelib
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ufadedatpa => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7778 more sites.
IE trusted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123simsen.com -> www.123simsen.com
There are 7778 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 00:04 - 2015-03-11 12:05 - 00444931 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15271 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.204.0.10 - 200.204.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Casa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartWeb.lnk => C:\Windows\pss\SmartWeb.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Casa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: gmsd_br_005010117 =>
MSCONFIG\startupreg: gmsd_br_005010135 =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_24058EE0A4650D25CD1906AC59992FC0 => "C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4129C1338700D7B1080DDB82359D2F0A => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightGate => C:\ProgramData\LightGate.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PlusService => C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1191AF98-9414-453B-A3E5-A61CCD19DF29}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{183478CA-0E05-4830-BC5A-10F85E6FECAF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BF115FE5-0732-49F2-8C42-8995BE7C892A}] => (Allow) LPort=2869
FirewallRules: [{A818E233-4164-4CFB-93BA-3DD90B00D572}] => (Allow) LPort=1900
FirewallRules: [{26D28B20-7D24-4F91-937D-3B840C6792AB}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8C53FC47-7B07-4944-9DF9-63A847A994C4}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{DC7E9AD8-1595-44FD-9B8A-378C1B577D10}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme
FirewallRules: [UDP Query User{503BBEA7-8837-4035-A137-765B7485F217}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme
FirewallRules: [{DEB08CBD-D701-40FD-A64A-11215F8252A6}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{FC7BC511-F0DB-4321-87EA-A2A8F816DE52}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B32600B5-B90B-4188-BAC1-68B7A754AE9A}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0E5F8EBD-4747-4127-A297-DA5F83822734}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{FA411D04-F9FA-445D-8844-2047FF0693DF}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{6E099FBA-3A17-4B4C-BBB3-25569BADC8D1}] => (Allow) LPort=7935
FirewallRules: [{A537C296-D0DE-4E22-9C2A-43BCD28EBBF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBC9CF1D-0F6B-46BA-B9C5-B3FD421E306F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{522B7EAD-EEBD-4542-85D8-0CFD563C3F74}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DFD551A6-3295-41A8-A65B-740B3743936A}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{23976883-89A5-43EF-8791-4255B6D9AD14}] => (Allow) LPort=5357
FirewallRules: [{02EA3129-901F-4AB3-8227-72ED64E64524}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{65D1D33D-09DC-490B-BA69-06E9BE8AB415}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B0ED7059-9F47-4F96-A2FE-F5B29EE13D34}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5048C4D2-2414-4333-9662-78D4E7004A7F}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{16FC21F3-1592-45C6-B6D2-26209A1C5A3B}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3F4B5283-54E7-479D-A690-297575428317}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FAF88793-E1C1-4FCA-8CF8-2348A8C94889}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1014D54D-832E-49CC-8DA8-1C85A5AF398C}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [UDP Query User{A437B5D9-6F15-4E94-8CBE-239F82978CBB}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [{2F7D8A3E-B67D-4551-883A-B7D62F85499D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-02-2016 17:00:50 Revo Uninstaller's restore point - iTunes
12-02-2016 17:13:17 Revo Uninstaller's restore point - Java 7 Update 55
12-02-2016 17:14:16 Removed Java 7 Update 55
12-02-2016 17:21:55 Revo Uninstaller's restore point - Java(TM) 6 Update 31
12-02-2016 17:23:33 Removed Java(TM) 6 Update 31
12-02-2016 17:35:07 Revo Uninstaller's restore point - Corel Graphics - Windows Shell Extension
12-02-2016 18:39:02 Revo Uninstaller's restore point - JavaFX 2.1.1
12-02-2016 18:40:49 Removido JavaFX 2.1.1
12-02-2016 18:55:39 Revo Uninstaller's restore point - Spybot - Search & Destroy
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2016 06:35:57 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 06:08:42 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 06:03:23 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 05:58:36 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 05:56:45 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 02:05:11 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: O backup não foi concluído devido a um erro ao gravar no local de backup J:\. Erro: Não é possível encontrar a localização de cópia de segurança ou esta não é válida. Reveja as definições de cópia de segurança e verifique a localização de cópia de segurança. (0x81000006).
Error: (02/15/2016 01:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: SkypeC2CAutoUpdateSvc.exe, versão: 8.0.0.9103, carimbo de hora: 0x568f9008
Nome do módulo de falhas: SafeGuard32.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x568382a8
Código de exceção: 0xc0000005
Deslocamento com falha: 0x6e7b42c3
Identificação do processo com falha: 0x7e8
Hora de início do aplicativo com falha: 0xSkypeC2CAutoUpdateSvc.exe0
Caminho do aplicativo com falha: SkypeC2CAutoUpdateSvc.exe1
FCaminho do módulo de falhas: SkypeC2CAutoUpdateSvc.exe2
Identificação do Relatório: SkypeC2CAutoUpdateSvc.exe3
Error: (02/15/2016 01:55:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/14/2016 02:11:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/14/2016 01:55:49 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
System errors:
=============
Error: (02/15/2016 06:36:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço GoogleChromeUpService devido ao seguinte erro:
%%2
Error: (02/15/2016 06:34:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Windows Search, mas essa ação falhou com o seguinte erro:
%%1056
Error: (02/15/2016 06:34:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para DeleteFlag com o seguinte erro:
%%5
Error: (02/15/2016 06:34:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.
Error: (02/15/2016 06:34:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Xbox Live Network Manager Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Live ID Sign-in Assistant foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (02/15/2016 06:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço SkypeUpdateEx foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço scpVista foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço LightScribeService Direct Disc Labeling Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço GoogleChromeUpSvc foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
CodeIntegrity:
===================================
Date: 2014-12-01 19:41:48.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 18:42:04.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 17:53:34.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 14:17:09.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 14:10:06.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 14:01:17.157
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 13:54:00.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 12:58:13.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 12:19:05.320
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 11:39:05.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 2037.18 MB
Available physical RAM: 429.79 MB
Total Virtual: 4074.36 MB
Available Virtual: 2042.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:104.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Casa (2016-02-15 19:52:51)
Running from C:\Users\Casa\Desktop
Microsoft Windows 7 Ultimate (X86) (2011-11-07 17:01:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3923423384-1465317235-2915663045-500 - Administrator - Disabled)
Casa (S-1-5-21-3923423384-1465317235-2915663045-1000 - Administrator - Enabled) => C:\Users\Casa
Convidado (S-1-5-21-3923423384-1465317235-2915663045-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASSISTAT - Statistical Assistance (HKLM\...\ASSISTAT - Statistical Assistance) (Version: - )
aTube Catcher versão 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avast Free Antivirus (HKLM\...\avast) (Version: 11.1.2245 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{CF0D492B-12F2-40B0-AF33-0F1BAA0BEF37}) (Version: 2.28.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
GBBD Caixa Economica Federal (HKLM\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.11.0.1 - )
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Earth Pro (HKLM\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GunboundPS (HKLM\...\GunboundPS_is1) (Version: - Softnyx co.,ltd.)
HP Deskjet 2540 series Ajuda (HKLM\...\{70B5D5B2-8014-4C22-9963-361B1F07B81A}) (Version: 30.0.0 - Hewlett Packard)
HP Deskjet 2540 series Software básico do dispositivo (HKLM\...\{831C1695-CF1D-4379-B432-89139C7159FB}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IDRISI Selva (HKLM\...\IDRISI Selva) (Version: 17.00 - Clark Labs / Clark University)
IDRISI Selva (Version: 17.00 - Clark Labs / Clark University) Hidden
Java 8 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 7.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Módulo de Segurança - Banco do Brasil (HKLM\...\{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1) (Version: GBBD Banco do Brasil - )
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Opera Stable 34.0.2036.36 (HKLM\...\Opera 34.0.2036.36) (Version: 34.0.2036.36 - Opera Software)
Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50709 - Microsoft Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
QGIS Lyon 2.12.2 Lyon (HKLM\...\QGIS Lyon) (Version: - QGIS Development Team)
QGIS Pisa 2.10.1 Pisa (HKLM\...\QGIS Pisa) (Version: - QGIS Development Team)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spring 5.2.2 Português_x64 (HKLM\...\Spring 5.2.2 Português_x64) (Version: - )
Spring 5.2.2 Português_x86 (HKLM\...\Spring 5.2.2 Português_x86) (Version: - )
Suporte para Aplicativos Apple (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TZip 1.0 (HKLM\...\TZip) (Version: 1.0 - TZip)
VideoCAM Look (HKLM\...\{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}) (Version: 4.7.5.4 - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {001F8583-EB87-4C4A-82F1-6E9D9E320DF1} - System32\Tasks\{41FEE92B-7CB6-408C-85FA-00D992C20A14} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pt/abandoninstall?page=tsMain
Task: {09C4544B-94CB-4605-A826-80FF6A404797} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000UA => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0E0083AE-EE53-455D-8715-9D016AC3BAF3} - System32\Tasks\{FB9286B6-C798-4E17-B02E-995E2145DF8C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {102559E2-C90B-4BC0-8F23-03DBF85142B3} - System32\Tasks\{09AB0F3B-A2DA-454A-A9CB-B0A0AD092789} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.111&LastError=404
Task: {141B7F2E-A26B-49EA-8CE1-4C9086B909E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000Core => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {1822550F-6086-4ACA-84F8-20C7F6E2D854} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1A1C6D6F-2D44-4E6D-8A2D-5EAF3C43FF9A} - System32\Tasks\{39EBE72D-7668-4766-AB9A-FD016238A508} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {1B101577-E546-4702-B29D-86551C5833D8} - System32\Tasks\{9673AB67-AFD4-4A98-95CD-881222DD238B} => pcalua.exe -a C:\GitzWC\Season1\uninstall.exe
Task: {21564AFD-388B-4A24-8337-AD05589966AA} - System32\Tasks\{5F9214AA-71B3-462A-9202-30F1E67EC786} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {216DAA09-BB92-4887-83B1-26619D58CF4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {2E6F25F3-E440-41B1-BC7C-A7D7CFBFBF95} - System32\Tasks\{7C20DB9A-A79D-4A3E-A8CD-709EC9897F6B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {30E419CB-5652-4135-B6CD-DAE2BD3804BA} - System32\Tasks\Upibd => C:\PROGRA~1\SHOPPE~4\Faidti.bat
Task: {36D8CC13-BD75-4441-917C-3E6BB527B96E} - System32\Tasks\Opera scheduled Autoupdate 1452046037 => C:\Program Files\Opera\launcher.exe [2015-12-14] (Opera Software)
Task: {3CEF9B7A-C84A-4B86-B3F8-C3CD20008D6E} - System32\Tasks\{4081B0C1-5F61-40F6-B592-72E6A7B10545} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsBing
Task: {4A3887D3-1628-45C6-9B61-8AE4E74D4B3E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-12] (Adobe Systems Incorporated)
Task: {4FD50E6B-AEA6-48C4-A1FA-B69C53A857A4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {50AFDC79-F2F0-4874-B3C4-C1B2E34C2533} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-08] (Google Inc.)
Task: {524BAB3B-ED53-4279-9889-9440C3B571D3} - System32\Tasks\{938842AA-33E5-48E8-B75B-33D39C1D39F3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {543BC415-7A43-4415-B2C5-31CB975CF0EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {5E39F61B-17BB-463B-A3BC-11D15CEF051E} - System32\Tasks\{76ECB240-11A7-401F-8EF7-B0E73B0E576D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {60D2552D-D243-4036-A964-F7D0536ED984} - System32\Tasks\17F4DBEA-964E-40FF-8B80-1A38D237B359 => C:\Users\Casa\AppData\Local\17F4DBEA-964E-40FF-8B80-1A38D237B359\17F4DBEA-964E-40FF-8B80-1A38D237B359.exe <==== ATTENTION
Task: {629304D4-0673-406A-AE71-6139AAF61AA0} - System32\Tasks\{6F0E26FF-5AAC-4073-9AF6-4E9F273D66C2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {644E95C8-9C2A-4BBD-8D7E-DD05817E4022} - System32\Tasks\{5CC7850B-48FD-4A4A-AE6A-247E9447C1EC} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.117&LastError=404
Task: {78A14EB9-191E-4E3E-99CC-425D3DFB7834} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-23] (AVAST Software)
Task: {84D5F12E-7BF5-4C4B-97A0-5CE3F955177B} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3923423384-1465317235-2915663045-1000
Task: {9B774C40-BC27-47CD-B142-C25630A306BF} - System32\Tasks\{921390F9-5ADF-4F83-8E24-44377E9EB120} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {A9B46BC4-20BC-48D1-93EE-3025EAC365A1} - System32\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935} => C:\Users\Casa\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe [2015-05-14] () <==== ATTENTION
Task: {B6BFF532-8F6E-494B-A2A6-6C98E914880D} - System32\Tasks\{A60A6D91-5471-4FB7-AF63-8AF4BE201343} => Chrome.exe hxxp://ui.skype.com/ui/0/6.21.0.104/pt/abandoninstall?page=tsMain
Task: {D281C9F9-C168-429C-9B4B-E545D2AFCBBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-01-08] (Google Inc.)
Task: {DA0B0613-EB4D-4981-9443-523B9C038AED} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-23] (AVAST Software)
Task: {DD2CE908-4FB5-44EB-B730-E73052A49D9D} - System32\Tasks\Felpu => C:\PROGRA~1\SHOPPE~2\Lujanib.bat
Task: {DDAA2ADD-290D-427E-B20B-C0CC68BDF4C8} - System32\Tasks\{A01B7A21-049F-4826-A0EC-DFD447B0795D} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
Task: {DDB8592C-E576-43CC-86CD-497D73920B87} - System32\Tasks\{2AC48A57-1EC7-417D-AB03-C1AC933DD252} => Chrome.exe hxxp://ui.skype.com/ui/0/6.9.0.106/pt/abandoninstall?page=tsMain
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000Core.job => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3923423384-1465317235-2915663045-1000UA.job => C:\Users\Casa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job => C:\Users\Casa\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe-RunCheckUpdate C:\Users\Casa\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Casa\Desktop\QGIS Desktop 2.12.2.lnk -> C:\Program Files\QGIS Lyon\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGISLY~1\bin\qgis.bat
ShortcutWithArgument: C:\Users\Casa\Desktop\QGIS\SAGA GIS (2.1.2).lnk -> C:\Program Files\QGIS Lyon\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGISLY~1\bin\saga_gui.bat
ShortcutWithArgument: C:\Users\Casa\Desktop\JUNIOR\QGIS\SAGA GIS (2.1.2).lnk -> C:\Program Files\QGIS Pisa\bin\nircmd.exe (NirSoft) -> exec hide C:\PROGRA~1\QGISPI~1\bin\saga_gui.bat
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\Users\Casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk -> C:\Program Files\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe () -> hxxp://www.yeabests.cc/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.searchtudo.com/pt/?uid={4e2cae62e3b7481cbc6bf791fcac812a}&r=eg
==================== Loaded Modules (Whitelisted) ==============
2015-12-30 15:08 - 2015-12-30 15:08 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll
2015-12-23 14:00 - 2015-12-23 14:00 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-23 13:59 - 2015-12-23 13:59 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-28 12:19 - 2015-12-28 12:19 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122801\algo.dll
2015-12-23 14:00 - 2015-12-23 14:00 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2011-11-07 16:56 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-23 14:00 - 2015-12-23 14:00 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-08 17:25 - 2015-12-08 17:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files\Skype\Phone\ssScreenVVS2.dll
2016-02-12 17:26 - 2015-12-10 10:56 - 00193456 _____ () C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
2016-02-12 17:26 - 2015-12-08 11:12 - 00126896 _____ () C:\Program Files\SkypeUpdateEx\SkypeUpdate.dll
2016-01-23 17:40 - 2015-12-08 10:24 - 07142328 _____ () C:\Users\Casa\AppData\Roaming\XBox\XBLive.exe
2016-01-23 17:40 - 2015-11-30 10:08 - 00256440 _____ () C:\Users\Casa\AppData\Roaming\XBox\Xbox.Live.dll
2016-02-12 17:30 - 2016-02-09 09:58 - 16810824 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll
2016-01-08 01:59 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Casa\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2016-01-08 01:59 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Casa\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:E401E3DD_Bb.gbp
AlternateDataStreams: C:\Windows\System32:E401E3DD_Cef.gbp
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\Users\Casa\AppData\Roaming\Launcher__16211_il391044.exe:typelib
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\drmkaud => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ufadedatpa => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7778 more sites.
IE trusted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\...\123simsen.com -> www.123simsen.com
There are 7778 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 00:04 - 2015-03-11 12:05 - 00444931 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15271 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3923423384-1465317235-2915663045-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.204.0.10 - 200.204.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Casa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartWeb.lnk => C:\Windows\pss\SmartWeb.lnk.Startup
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\Casa\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: gmsd_br_005010117 =>
MSCONFIG\startupreg: gmsd_br_005010135 =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_24058EE0A4650D25CD1906AC59992FC0 => "C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe" --no-startup-window
MSCONFIG\startupreg: GoogleChromeAutoLaunch_4129C1338700D7B1080DDB82359D2F0A => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightGate => C:\ProgramData\LightGate.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PlusService => C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1191AF98-9414-453B-A3E5-A61CCD19DF29}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{183478CA-0E05-4830-BC5A-10F85E6FECAF}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BF115FE5-0732-49F2-8C42-8995BE7C892A}] => (Allow) LPort=2869
FirewallRules: [{A818E233-4164-4CFB-93BA-3DD90B00D572}] => (Allow) LPort=1900
FirewallRules: [{26D28B20-7D24-4F91-937D-3B840C6792AB}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8C53FC47-7B07-4944-9DF9-63A847A994C4}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{DC7E9AD8-1595-44FD-9B8A-378C1B577D10}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme
FirewallRules: [UDP Query User{503BBEA7-8837-4035-A137-765B7485F217}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme
FirewallRules: [{DEB08CBD-D701-40FD-A64A-11215F8252A6}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{FC7BC511-F0DB-4321-87EA-A2A8F816DE52}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{B32600B5-B90B-4188-BAC1-68B7A754AE9A}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{0E5F8EBD-4747-4127-A297-DA5F83822734}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{FA411D04-F9FA-445D-8844-2047FF0693DF}] => (Allow) C:\Program Files\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{6E099FBA-3A17-4B4C-BBB3-25569BADC8D1}] => (Allow) LPort=7935
FirewallRules: [{A537C296-D0DE-4E22-9C2A-43BCD28EBBF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBC9CF1D-0F6B-46BA-B9C5-B3FD421E306F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{522B7EAD-EEBD-4542-85D8-0CFD563C3F74}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DFD551A6-3295-41A8-A65B-740B3743936A}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{23976883-89A5-43EF-8791-4255B6D9AD14}] => (Allow) LPort=5357
FirewallRules: [{02EA3129-901F-4AB3-8227-72ED64E64524}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{65D1D33D-09DC-490B-BA69-06E9BE8AB415}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B0ED7059-9F47-4F96-A2FE-F5B29EE13D34}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5048C4D2-2414-4333-9662-78D4E7004A7F}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{16FC21F3-1592-45C6-B6D2-26209A1C5A3B}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3F4B5283-54E7-479D-A690-297575428317}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FAF88793-E1C1-4FCA-8CF8-2348A8C94889}] => (Allow) C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1014D54D-832E-49CC-8DA8-1C85A5AF398C}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [UDP Query User{A437B5D9-6F15-4E94-8CBE-239F82978CBB}C:\programdata\microsoft\network\dsq\network\sysnetwk.exe] => (Block) C:\programdata\microsoft\network\dsq\network\sysnetwk.exe
FirewallRules: [{2F7D8A3E-B67D-4551-883A-B7D62F85499D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
12-02-2016 17:00:50 Revo Uninstaller's restore point - iTunes
12-02-2016 17:13:17 Revo Uninstaller's restore point - Java 7 Update 55
12-02-2016 17:14:16 Removed Java 7 Update 55
12-02-2016 17:21:55 Revo Uninstaller's restore point - Java(TM) 6 Update 31
12-02-2016 17:23:33 Removed Java(TM) 6 Update 31
12-02-2016 17:35:07 Revo Uninstaller's restore point - Corel Graphics - Windows Shell Extension
12-02-2016 18:39:02 Revo Uninstaller's restore point - JavaFX 2.1.1
12-02-2016 18:40:49 Removido JavaFX 2.1.1
12-02-2016 18:55:39 Revo Uninstaller's restore point - Spybot - Search & Destroy
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2016 06:35:57 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 06:08:42 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 06:03:23 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 05:58:36 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 05:56:45 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/15/2016 02:05:11 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: O backup não foi concluído devido a um erro ao gravar no local de backup J:\. Erro: Não é possível encontrar a localização de cópia de segurança ou esta não é válida. Reveja as definições de cópia de segurança e verifique a localização de cópia de segurança. (0x81000006).
Error: (02/15/2016 01:56:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: SkypeC2CAutoUpdateSvc.exe, versão: 8.0.0.9103, carimbo de hora: 0x568f9008
Nome do módulo de falhas: SafeGuard32.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x568382a8
Código de exceção: 0xc0000005
Deslocamento com falha: 0x6e7b42c3
Identificação do processo com falha: 0x7e8
Hora de início do aplicativo com falha: 0xSkypeC2CAutoUpdateSvc.exe0
Caminho do aplicativo com falha: SkypeC2CAutoUpdateSvc.exe1
FCaminho do módulo de falhas: SkypeC2CAutoUpdateSvc.exe2
Identificação do Relatório: SkypeC2CAutoUpdateSvc.exe3
Error: (02/15/2016 01:55:07 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/14/2016 02:11:03 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
Error: (02/14/2016 01:55:49 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Falha de ativação da licença do Windows. Erro 0x80070005.
System errors:
=============
Error: (02/15/2016 06:36:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço GoogleChromeUpService devido ao seguinte erro:
%%2
Error: (02/15/2016 06:34:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Windows Search, mas essa ação falhou com o seguinte erro:
%%1056
Error: (02/15/2016 06:34:31 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para DeleteFlag com o seguinte erro:
%%5
Error: (02/15/2016 06:34:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço.
Error: (02/15/2016 06:34:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Xbox Live Network Manager Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Live ID Sign-in Assistant foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (02/15/2016 06:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço SkypeUpdateEx foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço scpVista foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço LightScribeService Direct Disc Labeling Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (02/15/2016 06:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço GoogleChromeUpSvc foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
CodeIntegrity:
===================================
Date: 2014-12-01 19:41:48.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 18:42:04.340
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 17:53:34.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 14:17:09.295
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 14:10:06.797
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 14:01:17.157
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 13:54:00.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 12:58:13.818
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 12:19:05.320
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-12-01 11:39:05.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\GbPlugin\gbpinj.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 78%
Total physical RAM: 2037.18 MB
Available physical RAM: 429.79 MB
Total Virtual: 4074.36 MB
Available Virtual: 2042.04 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:104.17 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================