Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão:05-03-2016 01 Executado por Cliente (2016-03-25 23:31:52) Executando a partir de C:\Users\Cliente\Downloads Microsoft Windows 7 Professional (X86) (2014-03-25 19:22:44) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-2997136290-654796359-1393769141-500 - Administrator - Disabled) Cliente (S-1-5-21-2997136290-654796359-1393769141-1000 - Administrator - Enabled) => C:\Users\Cliente Convidado (S-1-5-21-2997136290-654796359-1393769141-501 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AV: Baidu Antivirus (Enabled - Up to date) {10616E6C-0E20-8594-D377-A7D03F6128A6} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Baidu Antivirus (Enabled - Up to date) {AB008F88-281A-8A1A-E9C7-9CA244E6621B} AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.3) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated) Advanced System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.13591 - Systweak Software) <==== ATENÇÃO avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software) Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 4.4.4.71380 - Baidu, Inc.) BoBrowser (HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\BoBrowser) (Version: 36.0.1985.142 - BoBrowser) <==== ATENÇÃO Body Text Feathering (HKLM\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATENÇÃO BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ATENÇÃO Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version: - Alactro LLC) <==== ATENÇÃO CCE+SABER - v1.0 (HKLM\...\{D445A7B9-69A8-4860-95B9-BB957281D9A0}_is1) (Version: - CCE+SABER) Chromium (HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Chromium) (Version: 46.0.2461.0 - Chromium) comowin_otut_20160325 version 1.0 (HKLM\...\comowin_otut_20160325_is1) (Version: 1.0 - azec) DNS Unlocker (HKLM\...\DNSUnlocker.ns) (Version: - ) <==== ATENÇÃO Dropbox (HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.) GamesDesktop 020.002030047 (HKLM\...\gmsd_br_002030047_is1) (Version: - GAMESDESKTOP) <==== ATENÇÃO Greener Web (HKLM\...\Greener Web) (Version: 2014.06.12.140946 - Greener Web) <==== ATENÇÃO groover (HKLM\...\{0B4D9AF2-D703-4ECD-8E9C-95A355C944F5}) (Version: 2.0.0.477 - groover) Hostify version 1.1 (HKLM\...\Hostify_is1) (Version: 1.1 - Wizzlabs) Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation) istartsurf uninstall (HKLM\...\istartsurf uninstall) (Version: - istartsurf) <==== ATENÇÃO Java 7 Update 79 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217079FF}) (Version: 7.0.790 - Oracle) Java(TM) 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.) Java(TM) SE Development Kit 6 Update 20 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160200}) (Version: 1.6.0.200 - Sun Microsystems, Inc.) JavaFX(TM) 1.3 SDK (HKLM\...\{5aa47dba-b584-4d47-a626-76e53f010300}) (Version: 1.3.0 - Sun Microsystems, Inc.) K-Lite Codec Pack 4.8.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.8.0 - ) LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.101 - LSI Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Music Chow (HKLM\...\{4EF29379-4068-42AC-AB24-745CED5FADFE}) (Version: 1.0.2 - Breakthru Limited) NewExt (HKLM\...\{629529fb-edaf-4033-89cc-5ef7b43f021a}) (Version: 1.0 - NewExt) RegClean-Pro (HKLM\...\RegClean-Pro_is1) (Version: 6.21 - sys tweak) <==== ATENÇÃO Reimage Protector (HKLM\...\Reimage Protector) (Version: - Reimage) <==== ATENÇÃO Satellite Comma (HKLM\...\SoftwareUpdater) (Version: 1.0.0.0 - Satellite Comma) <==== ATENÇÃO seekmx (HKLM\...\seekmx) (Version: - Navigation) Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATENÇÃO sunnyday version 1.1 (HKLM\...\sunnyday_is1) (Version: 1.1 - sunnyday) The Desktop Weather 1.2 (HKLM\...\WeatherTool) (Version: 1.2.2.10256 - ShenZhen Enode Techology co,.Ltd) <==== ATENÇÃO Tools Update Platform (HKLM\...\{6A128791-4857-4484-9BB2-71D4C1257200}) (Version: 1.1.0.15707 - Beijing Zhihuimen Techology co,.Ltd) <==== ATENÇÃO VIVO INTERNET (HKLM\...\VIVO INTERNET) (Version: 16.002.10.02.149 - Huawei Technologies Co.,Ltd) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) WIN (HKLM\...\win_en_77_is1) (Version: - ) <==== ATENÇÃO WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-2997136290-654796359-1393769141-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2997136290-654796359-1393769141-1000_Classes\CLSID\{19041B6B-8F97-4669-BA21-C17572737ED2}\localserver32 -> "C:\Users\Cliente\AppData\Local\BoBrowser\Application\36.0.1985.142\delegate_execute.exe" => Nenhum (a entrada de dados tem 7 mais caracteres). CustomCLSID: HKU\S-1-5-21-2997136290-654796359-1393769141-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Cliente\AppData\Local\Chromium\Application\46.0.2461.0\delegate_execute.exe (The Chromium Authors) <==== ATENÇÃO CustomCLSID: HKU\S-1-5-21-2997136290-654796359-1393769141-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2997136290-654796359-1393769141-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2997136290-654796359-1393769141-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2997136290-654796359-1393769141-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0040EC63-AC79-4E58-8CD6-264761FFD1AA} - System32\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => C:\Program Files\WeatherTool\1.2.2.10256\InstallHelper.exe [2015-06-14] () <==== ATENÇÃO Task: {06DBC2DF-B0DC-44F8-90B2-2C002DCF7A0B} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2015-07-02] () <==== ATENÇÃO Task: {074EB462-5D10-4EEA-8C00-FE99A68E1CDF} - System32\Tasks\Berkorn => C:\PROGRA~1\SHOPPE~1\Fyfem.bat Task: {2626313D-A75A-4733-ABEF-A2639FDEAAA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-21] (Adobe Systems Incorporated) Task: {33C82073-F794-4861-ADD7-9F3CF887463E} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Baidu Antivirus\BavUpdater.exe [2014-05-28] (Baidu, Inc.) Task: {33D82BEA-B4B4-4365-8281-70378110D82E} - System32\Tasks\DNS Monitoring => C:\Windows\system32\regsvr32.exe [2009-07-13] (Microsoft Corporation) Task: {357E800B-8E8E-4EB0-BDC6-37BC5D2849B6} - System32\Tasks\DNSWILLISTON => dnswilliston.exe <==== ATENÇÃO Task: {5ED2C54D-825A-427D-8F3E-2D75DCB28515} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-03-23] () Task: {6039C079-DE06-4D71-B236-58F97C68DC4F} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core => C:\Program Files\PhraseProfessor_1.10.0.21\Update\PhraseProfessorAutoUpdateClient.exe <==== ATENÇÃO Task: {610AB27A-4DF5-428E-B7CF-05DB12B96248} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-15] (Avast Software s.r.o.) Task: {6D8097EA-0F20-4BB6-8F2E-E69A03594312} - System32\Tasks\UpdateTask => C:\Users\Cliente\AppData\Local\{02433~1\UNINST~1.EXE [2015-07-31] () Task: {7EB796BC-F560-4D8D-8309-94979D306F90} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2015-07-02] () <==== ATENÇÃO Task: {8F766D31-879A-4EF2-8E25-40DF652A5099} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe [2015-07-02] () <==== ATENÇÃO Task: {90756012-6108-4000-A500-E2475E2786F5} - System32\Tasks\svchost => C:\Users\Cliente\AppData\Local\Temp\JF1JJ7OFD\HYBEL4BNG.exe [2016-03-24] (TZ) <==== ATENÇÃO Task: {95DC2A21-9088-4823-B440-B16DE075968D} - System32\Tasks\Advanced System Protector_startup Task: {AB04777C-427F-4382-BD29-53901EB3D659} - System32\Tasks\Seqcu => C:\PROGRA~1\FIIOIF~1\Mudwheb.bat Task: {AB93027D-ECD9-4C56-AC0A-BF1E211AC993} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATENÇÃO Task: {C2509D0F-FFC0-4CD7-9A42-6A9F9E09ACB5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-07-31] (AVAST Software) Task: {D0FFE6FD-2E86-43DA-8CD9-A59321F85AD0} - System32\Tasks\{0D080547-787E-0B04-0D11-78090E7A110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAA7ADsAIAAgADsAOwA7ADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUA (a entrada de dados tem 9396 mais caracteres). Task: {D6520117-A84F-4474-8BDE-FC5F4DB8CAF1} - System32\Tasks\Caalei => C:\PROGRA~1\Damhhbyf\Seozbhmi.bat Task: {DBA7D609-E42F-4C6D-A586-0A387AA27A66} - System32\Tasks\Niujrhbe => C:\Program Files\Dhuavesecoaddi\Noepzu.bat [2016-03-25] () Task: {DDEA00A5-7D00-4AE7-B4DF-C5CE371A8592} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update => C:\Program Files\PhraseProfessor_1.10.0.21\Update\PhraseProfessorAutoUpdateClient.exe <==== ATENÇÃO Task: {E2C68A4B-C9DD-4DBD-8F02-72A299504981} - System32\Tasks\Yahoo! Search Updater => Wscript.exe //B "C:\Users\Cliente\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\..\updt.js" <==== ATENÇÃO Task: {EDC9BDEE-81F2-4DBE-86D2-3FB2318A903A} - System32\Tasks\{F500B50B-C55A-4268-A937-443681E85DA0} => pcalua.exe -a "C:\Program Files\Common Files\Zumtone\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Zumtone\uninstall.dat" -a uninstallme 7B32CEB8-6A74-4466-A13C-67E7D71D541A DeviceId=7b10ff92-7a6b-3ae2-fb4c-ae28311d007f BarcodeId=51107003 ChannelId=3 DistributerName=APSFClickMeIn Task: {F6F755CA-1F1E-487B-9751-D332CD27492E} - System32\Tasks\ToolsUpdatePlatform_ScheduledTask => C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe [2015-06-04] () <==== ATENÇÃO Task: {FC8D9BBA-1CCD-4653-B67F-1B5570E5C2A0} - System32\Tasks\ttwifi => C:\Program Files\ttwifi\tiantianwifi.exe (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATENÇÃO Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATENÇÃO Task: C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job => C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe <==== ATENÇÃO Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\Cliente\AppData\Local\{02433~1\UNINST~1.EXE Task: C:\Windows\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job => C:\Program Files\WeatherTool\1.2.2.10256\InstallHelper.exei-RunCloudOPTClient C:\Program Files\WeatherTool\1.2.2.10256\CloudOPTClient\CloudOPTClient.exe <==== ATENÇÃO ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) Shortcut: C:\Users\Cliente\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e9a3d4bd15569db7\Google Chrome.lnk -> C:\Users\Cliente\AppData\Local\Temp\Rar$EXa0.642\Chrome-bin\chrome.exe (Google Inc.) ==================== Módulos Carregados (Whitelisted) ============== 2015-01-08 15:12 - 2015-01-08 15:12 - 02095104 _____ () C:\Program Files\BubbleSound\BubbleSound.dll 2014-06-12 15:26 - 2014-05-28 07:56 - 00208744 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\BavDllFilter.dll 2014-06-12 15:26 - 2014-05-28 07:54 - 00541032 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\sqlite.dll 2016-03-24 23:30 - 2016-03-24 23:23 - 00952320 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe 2016-01-31 19:01 - 2016-01-31 19:01 - 00254464 _____ () C:\Program Files\03000200-1453137062-0500-0006-000700080009\knss3390.tmp 2016-03-24 22:09 - 2016-03-24 22:09 - 00125784 _____ () C:\Users\Cliente\AppData\Roaming\DhicedOenovf\Oruuu.exe 2016-03-24 22:09 - 2016-03-24 23:54 - 00183640 _____ () C:\Users\Cliente\AppData\Roaming\DhicedOenovf\Guhar.din 2016-03-24 22:09 - 2016-03-24 22:09 - 00174424 _____ () C:\Users\Cliente\AppData\Roaming\Eoticu\Eoticu.exe 2016-03-24 09:13 - 2016-03-24 09:13 - 00174448 _____ () C:\Users\Cliente\AppData\Roaming\Lecleebn\Lecleebn.exe 2010-11-16 10:37 - 2010-11-16 10:37 - 00264704 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe 2016-03-24 23:46 - 2016-03-24 23:46 - 00294912 _____ () C:\Program Files\NewExt\nssm.exe 2014-11-14 14:29 - 2016-01-10 17:19 - 00128200 _____ () C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe 2015-07-31 18:00 - 2015-07-08 22:26 - 00173088 _____ () C:\Users\Cliente\AppData\Roaming\NetService\netservice.exe 2016-01-18 14:13 - 2016-01-18 14:13 - 00225792 _____ () C:\Users\Cliente\AppData\Local\03000200-1453129980-0500-0006-000700080009\snskAEF6.tmp 2016-03-24 23:46 - 2016-03-24 23:53 - 07556203 _____ () C:\Program Files\NewExt\jsinjector.exe 2015-06-14 23:19 - 2015-06-14 23:19 - 00143848 _____ () C:\Program Files\WeatherTool\1.2.2.10256\WeatherService.exe 2015-06-14 23:19 - 2015-06-14 23:19 - 00543720 _____ () C:\Program Files\WeatherTool\1.2.2.10256\EVPTask.dll 2015-06-14 23:19 - 2015-06-14 23:19 - 00407016 _____ () C:\Program Files\WeatherTool\1.2.2.10256\EVPNet.dll 2015-06-14 23:19 - 2015-06-14 23:19 - 00429032 _____ () C:\Program Files\WeatherTool\1.2.2.10256\EVPDR.dll 2016-01-10 17:04 - 2015-12-16 06:21 - 04845408 _____ () C:\Users\Cliente\AppData\Roaming\WinNetSvc\WinNetSvc.exe 2016-01-10 17:04 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Cliente\AppData\Roaming\WinNetSvc\Interface.dll 2016-03-24 22:53 - 2016-03-15 03:40 - 04984448 _____ () C:\Users\Cliente\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe 2016-03-24 22:53 - 2015-11-28 06:45 - 00083456 _____ () C:\Users\Cliente\AppData\Roaming\WMPNetworkAcSvc\Interface.dll 2016-01-18 14:11 - 2016-01-18 14:11 - 00416256 _____ () C:\Program Files\03000200-1453137062-0500-0006-000700080009\hnse5ADE.tmp 2016-01-18 14:11 - 2016-01-18 14:11 - 00307712 _____ () C:\Program Files\03000200-1453137062-0500-0006-000700080009\jnst2A79.tmp 2016-03-24 09:13 - 2016-03-24 09:13 - 00262000 _____ () C:\Users\Cliente\AppData\Roaming\Lecleebn\Cevjhe.dll 2016-03-24 22:09 - 2016-03-24 22:09 - 00261976 _____ () C:\Users\Cliente\AppData\Roaming\Eoticu\Lonrh.dll 2016-03-25 20:11 - 2016-03-25 20:11 - 00261992 _____ () C:\Users\Cliente\AppData\Roaming\Pejjatmej\Utyrkegzau.dll 2016-01-10 17:25 - 2015-07-02 13:14 - 08732952 _____ () C:\Program Files\RegClean Pro\RegCleanPro.exe 2015-06-04 05:52 - 2015-06-04 05:52 - 00576456 _____ () C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe 2016-03-24 22:09 - 2016-03-24 22:09 - 00115544 _____ () C:\Users\Cliente\AppData\Roaming\Eoticu\Lonrh.exe 2016-03-24 09:13 - 2016-03-24 09:13 - 00115568 _____ () C:\Users\Cliente\AppData\Roaming\Lecleebn\Cevjhe.exe 2016-03-25 20:12 - 2016-03-25 23:11 - 00295272 _____ () C:\Program Files\Dhuavesecoaddi\Ponuec.DLL 2016-01-18 14:30 - 2016-01-18 10:37 - 03274928 _____ () C:\Users\Cliente\AppData\Local\gmsd_br_005010211\upgmsd_br_005010211.exe 2015-07-31 17:59 - 2015-07-31 18:32 - 03976848 _____ () C:\Program Files\gmsd_br_002030047\gmsd_br_002030047.exe 2016-01-11 16:52 - 2016-01-11 10:09 - 03973296 _____ () C:\Program Files\rec_br_164\rec_br_164.exe 2016-01-18 14:30 - 2016-01-18 10:37 - 03954352 _____ () C:\Program Files\gmsd_br_005010211\gmsd_br_005010211.exe 2016-03-24 22:28 - 2016-03-24 10:30 - 04054192 _____ () C:\Program Files\mbot_en_037050277\mbot_en_037050277.exe 2016-03-24 22:42 - 2016-03-22 13:53 - 03965616 _____ () C:\Program Files\rec_en_235\rec_en_235.exe 2016-03-25 21:50 - 2016-03-02 10:49 - 01888256 _____ () C:\ProgramData\Windows Update\tmp\msiql.exe 2016-03-25 20:12 - 2016-03-25 23:11 - 00250216 _____ () C:\Program Files\Dhuavesecoaddi\Ecedobu.DLL 2016-03-25 20:12 - 2016-03-25 23:11 - 00297472 _____ () C:\Program Files\Dhuavesecoaddi\Utaoubz.DLL 2016-03-25 20:12 - 2016-03-25 23:11 - 00610664 _____ () C:\Program Files\Dhuavesecoaddi\Gavonewf.DLL 2016-03-24 23:25 - 2016-03-23 14:49 - 02036736 _____ () C:\ProgramData\WindowsMsg\osmsg.exe 2016-03-24 21:58 - 2015-12-11 00:54 - 01583432 _____ () C:\Users\Cliente\AppData\Local\Temp\Rar$EXa0.642\Chrome-bin\47.0.2526.106\libglesv2.dll 2016-03-24 21:58 - 2015-12-11 00:54 - 00081224 _____ () C:\Users\Cliente\AppData\Local\Temp\Rar$EXa0.642\Chrome-bin\47.0.2526.106\libegl.dll 2016-03-24 23:54 - 2016-03-23 15:21 - 04055256 _____ () C:\Program Files\win_en_77\win_en_77.exe 2016-03-25 20:11 - 2016-03-25 20:11 - 00125800 _____ () C:\Users\Cliente\AppData\Roaming\SeexaiAvo\Acewpoen.exe 2016-03-25 20:11 - 2016-03-25 23:11 - 00183656 _____ () C:\Users\Cliente\AppData\Roaming\SeexaiAvo\Bacdagig.din 2016-03-25 20:11 - 2016-03-25 20:11 - 00174440 _____ () C:\Users\Cliente\AppData\Roaming\Pejjatmej\Pejjatmej.exe 2016-03-25 20:11 - 2016-03-25 20:11 - 00115560 _____ () C:\Users\Cliente\AppData\Roaming\Pejjatmej\Utyrkegzau.exe 2016-03-25 20:12 - 2016-03-25 23:11 - 00169832 _____ () C:\Program Files\Dhuavesecoaddi\Nusdoy.exe 2016-03-25 20:12 - 2016-03-25 23:11 - 00235880 _____ () C:\Program Files\Dhuavesecoaddi\Bueyrxud.exe 2016-03-25 20:12 - 2016-03-25 23:11 - 00411648 _____ () C:\Program Files\Dhuavesecoaddi\Iesumbo.exe 2016-03-25 20:12 - 2016-03-25 23:11 - 00428904 _____ () C:\Program Files\Dhuavesecoaddi\KalMatkys.exe 2016-03-01 09:39 - 2016-03-01 09:39 - 00513536 _____ () C:\Program Files\DNS Unlocker\DnsMonitoring.dll 2016-03-25 23:08 - 2016-03-01 09:45 - 00677888 _____ () C:\Program Files\DNS Unlocker\dnswilliston.exe ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"="" ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2016-01-18 14:09 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-2997136290-654796359-1393769141-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 82.163.143.177 - 82.163.142.179 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{91EEE2F8-A491-46C9-8804-65F0999B42F5}] => (Allow) C:\Users\Cliente\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A388962B-D7B5-47CB-8A69-C64C775E7AD2}] => (Allow) C:\Users\Cliente\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{BCB72AFC-0CA0-4322-A7BC-5856F3913CBA}] => (Allow) C:\Program Files\Greener Web\bin\GreenerWeb.BRT.Helper.exe FirewallRules: [{F6F7A6F8-9D4A-4A2E-BA08-7EA7A3DCBFB3}] => (Allow) C:\Program Files\Greener Web\bin\GreenerWeb.BRT.Helper.exe FirewallRules: [{5AAF39E7-D693-41C0-A92B-E7A0E1F6EFCA}] => (Allow) C:\Program Files\Greener Web\bin\GreenerWeb.BRT.Helper.exe FirewallRules: [{1A2B98EF-33B7-42EC-B540-4F26C9675A9B}] => (Allow) C:\Program Files\Greener Web\bin\GreenerWeb.BRT.Helper.exe FirewallRules: [{48C49A57-E8F0-483A-9B30-45FD6BDE1046}] => (Allow) C:\Users\Cliente\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{BE2E4F08-B7FC-4D1E-9508-3BBDFFD117EC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{8B9ECA7F-1C08-47E5-B286-0FDB9C527F7C}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{C0CD9B9A-A928-483E-9BC3-4443576BB7FF}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{CFF616BA-1648-416E-9789-F3C014A81C6E}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{C0E4C6E4-AE02-4907-96F0-C423D1351422}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{2CE932BA-0103-4AED-8291-35EAB478E02D}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{AB25F87C-70A0-4515-AAAE-053728E6FCDD}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{490302CE-A46F-4AB1-9078-7F07A5EE38ED}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{F71A6513-D87C-4F82-AE64-FAF1C534D694}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{72FCA96E-06F5-43D1-97A8-C53B5A7B64B1}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{881C6B7A-9B82-4AF7-8D90-F997223E2F68}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{936747EB-9F31-4892-8914-B124D6FD9610}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{648A05EB-E8C3-4596-AF70-8256766D8A99}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{58115CA5-3446-4489-84C1-A5A51C26BFEC}] => (Allow) C:\Program Files\NewExt\jsinjector.exe ==================== Pontos de Restauração ========================= 10-01-2016 17:29:59 Installed Java 7 Update 79 10-01-2016 18:53:52 Installed Java(TM) 6 Update 20 10-01-2016 18:55:01 Installed Java(TM) SE Development Kit 6 Update 20 10-01-2016 18:58:18 Installed JavaFX(TM) 1.3 SDK 11-01-2016 16:02:14 Backup do Windows 14-01-2016 13:36:52 Operação de restauração 14-01-2016 13:54:52 Instalador de Módulos do Windows 18-01-2016 14:14:37 Backup do Windows 27-01-2016 17:29:59 Backup do Windows 31-01-2016 12:40:51 Backup do Windows 24-03-2016 22:57:41 Removed Skype™ 6.2 25-03-2016 12:13:53 Operação de restauração 25-03-2016 20:50:07 Removido Claro 3G 25-03-2016 20:53:36 Removed Music Chow. 25-03-2016 22:48:43 Instalador de Módulos do Windows 25-03-2016 23:04:56 Removed Music Chow. ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: ppfd_vt_1_10_0_21 Description: ppfd_vt_1_10_0_21 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ppfd_vt_1_10_0_21 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Adaptador de Túnel Teredo da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (03/25/2016 10:58:20 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:20 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:20 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:20 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:20 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:20 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:14 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:14 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:14 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Error: (03/25/2016 10:58:14 PM) (Source: ESENT) (EventID: 412) (User: ) Description: wuaueng.dll (1052) SUS20ClientDataStore: Não é possível ler o cabeçalho do arquivo de log C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Erro -546. Erros de Sistema: ============= Error: (03/25/2016 10:54:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: aswSnx ppfd_vt_1_10_0_21 Error: (03/25/2016 10:54:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Reimage Real Time Protector devido ao seguinte erro: %%2 Error: (03/25/2016 10:54:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Fiswihao devido ao seguinte erro: %%2 Error: (03/25/2016 10:54:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço avast! Antivirus depende do serviço aswMonFlt, mas não foi possível iniciá-lo devido ao seguinte erro: %%193 Error: (03/25/2016 10:53:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço aswMonFlt devido ao seguinte erro: %%193 Error: (03/25/2016 10:53:59 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 22:51:49 às ‎25/‎03/‎2016 não era esperado. Error: (03/25/2016 10:52:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Central de Segurança foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 300000 milissegundos: Reiniciar o serviço. Error: (03/25/2016 10:52:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Auxiliar NetBIOS TCP/IP foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 100 milissegundos: Reiniciar o serviço. Error: (03/25/2016 10:52:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Log de Eventos do Windows foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (03/25/2016 10:52:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Cliente DHCP foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 300000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2016-03-25 23:19:43.719 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-03-25 22:53:50.680 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 22:53:50.680 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 22:40:48.006 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 22:40:47.991 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 21:40:12.819 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 21:40:12.819 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 21:30:08.443 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 21:30:08.428 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-25 20:27:47.382 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswsnx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Informações da Memória =========================== Processador: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz Percentagem de memória em uso: 91% RAM física total: 2013.18 MB RAM física disponível: 176.37 MB Virtual Total: 4026.35 MB Virtual disponível: 857.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:252.56 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)] ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F13842CC) Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================