Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:05-03-2016 01 Executado por Renee (2016-04-01 22:13:47) Executando a partir de C:\Users\Renee\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2015-03-30 00:13:43) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-3490166764-1889719786-4269277187-500 - Administrator - Disabled) Convidado (S-1-5-21-3490166764-1889719786-4269277187-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3490166764-1889719786-4269277187-1003 - Limited - Enabled) Renee (S-1-5-21-3490166764-1889719786-4269277187-1000 - Administrator - Enabled) => C:\Users\Renee ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.15) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated) Advanced Calendar 2.0.0.11189 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11189 - MEIXIAN XIE) <==== ATENÇÃO AnySend (HKLM-x32\...\ASPackage) (Version: - CMI Limited) <==== ATENÇÃO Avira (HKLM-x32\...\{8467e01f-0496-42ce-b247-88ef205b4880}) (Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.40.29239 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG) CGS17_Setup_x64 (Version: 17.1 - Corel Corporation) Hidden comoBoss version 1.1 (HKLM-x32\...\comoBoss_is1) (Version: 1.1 - aze) CorelDRAW Graphics Suite X7 - BR (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation) Desktop-play 000.015020285 (HKLM-x32\...\dply_en_015020285_is1) (Version: - DESKTOPPLAY) <==== ATENÇÃO DNS Unlocker (HKLM-x32\...\DNSUnlocker.ns) (Version: - ) <==== ATENÇÃO Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.62.000 - SEIKO EPSON CORPORATION) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden groover (HKLM-x32\...\{06922F68-05A6-44B1-bD60-ADA708EA8D03}) (Version: 2.0.0.477 - groover) hohosearch Uninstall (HKLM-x32\...\Uninstall epf1) (Version: - ) Hostify version 1.1 (HKLM-x32\...\Hostify_is1) (Version: 1.1 - Wizzlabs) HP Deskjet 1000 J110 series Ajuda (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard) HP Deskjet 1000 J110 series Estudo de aprimoramento de produtos (HKLM\...\{7B98C121-8254-4393-8833-D79E572DE715}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 1000 J110 series Software básico do dispositivo (HKLM\...\{E3B463AE-4069-4736-B803-1C416E6E88D8}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.12.1498 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{90F00673-A276-4A58-B675-B426D39D1E09}) (Version: 15.3.0.0398 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) KokoMoss version 1.1 (HKLM-x32\...\KokoMoss_is1) (Version: 1.1 - aze) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Navegaki 2.1 (HKLM-x32\...\Navegaki) (Version: 2.1 - Navegaki) NewExt (HKLM\...\{629529fb-edaf-4033-89cc-5ef7b43f021a}) (Version: 1.0 - NewExt) Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.62.907.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.) Selection Tools (HKU\S-1-5-21-3490166764-1889719786-4269277187-1000\...\Selection Tools) (Version: - WTools) <==== ATENÇÃO shopperz (HKLM-x32\...\{4DCC2D74-A82F-485F-8C8C-1D3E3FC80985}) (Version: 2.0.0.480 - shopperz) <==== ATENÇÃO Software Intel® PROSet/Wireless WiFi (HKLM\...\{ECE5B218-A086-4E18-A362-D11181681457}) (Version: 15.03.1000.1637 - Intel Corporation) sunnyday version 1.1 (HKLM-x32\...\sunnyday_is1) (Version: 1.1 - sunnyday) TTWiFi 1.0.0.1 (HKLM-x32\...\ttwifi) (Version: 1.0.0.1 - ) Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia) WindApp (HKU\S-1-5-21-3490166764-1889719786-4269277187-1000\...\WindApp) (Version: - Store) <==== ATENÇÃO WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) WizzWifiHotspot version 1.0 (HKLM-x32\...\Wizzwifihotspot_is1) (Version: 1.0 - Wizzlabs) yoursearching uninstall (HKLM-x32\...\yoursearching uninstall) (Version: - yoursearching) <==== ATENÇÃO ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0DA03497-0476-4AB3-8C4C-E3136AEB7683} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-12-11] (Realtek Semiconductor) Task: {0EDC8F46-7C14-472C-88DC-1250EA568CA5} - System32\Tasks\WindApp Update => C:\Users\Renee\AppData\Roaming\Store\WindApp\WindApp Update.exe [2016-02-11] (Nosibay) <==== ATENÇÃO Task: {12B21C24-73F5-48F4-80A3-884D638E1C08} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {1603FB83-DF8B-4182-A947-A90D3551018E} - System32\Tasks\{0F7D0D47-787D-0A7F-0C11-78097A78117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgACAAOwAgACAAOwA7ACAAIAAgADsAOwA7ACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUAZgBlAHIA (a entrada de dados tem 9416 mais caracteres). Task: {225989C9-A692-4FDC-8DAE-A57B4C4983E1} - System32\Tasks\{E78631C3-3CAA-4D6C-B84E-3B56B5956EB8} => pcalua.exe -a C:\Users\Renee\Downloads\SAMSUNG\Intel_Rapid_Storage_11.1.2.1003\iata_cd.exe -d C:\Users\Renee\Downloads\SAMSUNG\Intel_Rapid_Storage_11.1.2.1003 Task: {3A512623-4727-4B5C-835D-2ADC5CB9B4FE} - System32\Tasks\DNSWILLISTON => dnswilliston.exe <==== ATENÇÃO Task: {4AA01EA2-31ED-4886-86C6-A0F7ECAA9295} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.) Task: {5CEE720B-69A1-4ED1-AEC1-A3152E92D10D} - System32\Tasks\{524A0136-27BA-47F4-B714-82AD3BF01119} => pcalua.exe -a C:\Users\Renee\Downloads\SAMSUNG\QCA_WLAN_Driver_1.0.0.2\setup.exe -d C:\Users\Renee\Downloads\SAMSUNG\QCA_WLAN_Driver_1.0.0.2 Task: {6F034C36-7F78-4A90-A09C-4F597CAD6867} - System32\Tasks\{6528BD31-6DB4-4133-AEBF-5557FA6FC764} => pcalua.exe -a "C:\Users\Renee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z8FTZ19I\install_flashplayer17x32ax_gtbd_chrd_dn_aaa_aih[1].exe" -d C:\Users\Renee\Desktop Task: {815D3437-FD3C-4DA5-9478-EF79E437D37A} - System32\Tasks\MAXDriverUpdaterRunAtStartup => C:\Program Files (x86)\Max Driver Updater\maxdu.exe [2015-07-06] (csdimedia.com) <==== ATENÇÃO Task: {A06F7158-6288-4CE5-96A0-3805C4B5F4E1} - System32\Tasks\MAXDriverUpdater_UPDATES => C:\Program Files (x86)\Max Driver Updater\maxdu.exe [2015-07-06] (csdimedia.com) <==== ATENÇÃO Task: {A6FF93AC-5368-42DE-8C16-48D3E41CC47F} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe Task: {AABD86B2-529E-4513-9EC2-84475EEB053C} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) Task: {BD49E03F-1D8E-4726-BDB7-D414293BFBF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-30] (Google Inc.) Task: {C0EAEAEE-60A1-441E-8244-4E5E10966428} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe Task: {D0E668FF-66BB-4189-84DD-6CCB414786B2} - \WinTaske -> Nenhum Arquivo <==== ATENÇÃO Task: {D63904D9-E50F-488A-924E-357F0B896C63} - System32\Tasks\{88BEA36B-2D46-490C-A5C2-0CD36A60C062} => pcalua.exe -a C:\Users\Renee\Downloads\SAMSUNG\Intel_Bluetooth_High_Speed_Driver_15.0.0.74\Inst.exe -d C:\Users\Renee\Downloads\SAMSUNG\Intel_Bluetooth_High_Speed_Driver_15.0.0.74 Task: {D88FE329-2D2E-47FF-A6B5-4BF8D8458B64} - System32\Tasks\Selection Tools Update => C:\Users\Renee\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe [2016-03-14] (Nosibay) <==== ATENÇÃO Task: {E06CD7E9-5F39-4E2A-B871-5108174ED585} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-01] (Adobe Systems Incorporated) Task: {E22458B7-A280-4C97-A599-C88EC04B9407} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-12-11] (Realtek Semiconductor) Task: {F056B614-D6AC-4EBA-88A5-1BF9239A503B} - System32\Tasks\Mecob => C:\Program Files\Nognerxokjocmo\Avimkac.bat [2016-04-01] () Task: {F16D2F94-AD62-403F-ABBD-156A86E18D25} - System32\Tasks\svchost => C:\Users\Renee\AppData\Local\Temp\Y39VL1Y7W\HCGZSKHKV.exe <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\MAXDriverUpdater_UPDATES.job => C:\Program Files (x86)\Max Driver Updater\maxdu.exe <==== ATENÇÃO ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.searchtudo.com/pt/?uid={304565711b5a43f79ceba83c14827999}&r=nclbr02 ShortcutWithArgument: C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.searchtudo.com/pt/?uid={304565711b5a43f79ceba83c14827999}&r=nclbr02 ShortcutWithArgument: C:\Users\Renee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\Renee\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ ==================== Módulos Carregados (Whitelisted) ============== 2016-04-01 21:37 - 2016-04-01 21:37 - 03587000 _____ () C:\ProgramData\System32\SafeGuard64.dll 2015-03-30 21:58 - 2012-07-06 17:23 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2016-04-01 20:55 - 2016-04-01 21:27 - 00426848 _____ () C:\Program Files\Nognerxokjocmo\UcooRudvup.exe 2016-04-01 20:54 - 2016-04-01 20:54 - 00174432 _____ () C:\Users\Renee\AppData\Roaming\Ujiqfaumb\Ujiqfaumb.exe 2016-04-01 20:54 - 2016-04-01 20:54 - 00115552 _____ () C:\Users\Renee\AppData\Roaming\Ujiqfaumb\Jhwyyp.exe 2016-04-01 21:29 - 2016-04-01 21:29 - 00294912 _____ () C:\Program Files\NewExt\nssm.exe 2016-04-01 21:29 - 2016-04-01 21:30 - 07556203 _____ () C:\Program Files\NewExt\jsinjector.exe 2016-04-01 20:55 - 2016-04-01 21:27 - 00233824 _____ () C:\Program Files\Nognerxokjocmo\Savtanhe.exe 2015-12-25 05:42 - 2015-12-25 05:42 - 00141960 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe 2016-04-01 21:43 - 2016-04-01 21:43 - 00075776 _____ () C:\Windows\Temp\F55D.tmp 2016-04-01 20:54 - 2016-04-01 20:54 - 00670560 _____ () C:\Users\Renee\AppData\Roaming\Ujiqfaumb\Igiymeen.dll 2016-04-01 20:54 - 2016-04-01 20:54 - 00146272 _____ () C:\Users\Renee\AppData\Roaming\Ujiqfaumb\Igiymeen.exe 2016-04-01 21:37 - 2016-04-01 21:37 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll 2016-04-01 20:54 - 2016-04-01 20:54 - 00261984 _____ () C:\Users\Renee\AppData\Roaming\Ujiqfaumb\Jhwyyp.dll 2015-03-30 21:57 - 2012-07-06 17:24 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-12-25 05:42 - 2015-12-25 05:42 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll 2015-12-25 05:42 - 2015-12-25 05:42 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll 2015-12-25 05:41 - 2015-12-25 05:41 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll 2016-03-31 14:38 - 2016-03-04 15:51 - 00096768 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\chrome_elf.dll 2016-04-01 21:39 - 2016-03-04 15:51 - 00732160 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\chrome_elf_wk.dll 2016-03-31 14:38 - 2016-03-27 04:58 - 17545880 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll 2016-03-31 14:38 - 2016-03-27 04:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll 2016-03-31 14:38 - 2016-03-27 04:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:35F5ACE3_Bb.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1014] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-3490166764-1889719786-4269277187-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-3490166764-1889719786-4269277187-1000\...\bb.com.br -> hxxps://seg.bb.com.br ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-04-01 21:28 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3490166764-1889719786-4269277187-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Renee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 104.197.191.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{993986DB-68C0-44E7-903C-301A2E689A31}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{628527E2-39E0-485C-8005-87D4C98146E9}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{B00B9D06-41B1-403C-803E-6D840A8D84C8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{F9AE89AF-6861-429F-AAE8-87ECAB70160B}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe FirewallRules: [{5F2AA12B-BA99-449F-A07E-1139D52A0F2F}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{8EADB751-1463-41F5-B3B7-1AFDCE6A75A3}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe FirewallRules: [TCP Query User{0E009692-A19E-4D68-A93F-09EB20BFF889}C:\users\renee\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\renee\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{95F2CF8B-4F83-41EC-A4A4-644F3A0F6E37}C:\users\renee\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\renee\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{C2B39A57-23DF-4ADC-979F-1FA75DF45A39}C:\users\renee\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\renee\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{0B62262C-F87C-4010-A609-26DD61A348BD}C:\users\renee\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\renee\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{F00BF22C-48DD-4677-A1CE-E93414FD8A5E}C:\program files (x86)\gremote\gremoteserver.exe] => (Allow) C:\program files (x86)\gremote\gremoteserver.exe FirewallRules: [UDP Query User{450E58CF-F019-48AC-9F2D-23FE145E305A}C:\program files (x86)\gremote\gremoteserver.exe] => (Allow) C:\program files (x86)\gremote\gremoteserver.exe FirewallRules: [{73F4CE6C-A000-4E27-A625-B3A6E7F4369E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{3C92FF11-950E-49AB-9386-7F0AE702B527}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{A997FC0D-FFEF-4AB3-8A2D-4DCB79862697}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{D6757546-C2EA-4C43-95B4-27F5D4D40B84}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{5B6457AF-2312-4431-9435-194E6CB86812}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{E10B5186-339D-45A0-855E-5FACF826C4F1}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{7A448340-9AB3-4230-BE3B-681E2F2334D4}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{F1A237B8-010D-4BA5-A17C-5FC303E27B5A}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{78161E73-5514-470F-9B23-F6EF56414758}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E3F81F1D-2F82-4247-A006-E84F4B00F811}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe FirewallRules: [{03E7A020-8BE8-4E29-938A-FAE84CBD0926}] => (Allow) C:\Program Files\NewExt\jsinjector.exe FirewallRules: [{F6EC7B6B-7254-4D61-A735-D9AFEC6DB256}] => (Allow) C:\Users\Renee\AppData\Local\Chromium\Application\chrome.exe ==================== Pontos de Restauração ========================= 03-03-2016 13:33:30 Ponto de Verificação Agendado 12-03-2016 03:00:04 Ponto de Verificação Agendado 20-03-2016 11:05:05 Ponto de Verificação Agendado 31-03-2016 14:30:14 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (04/01/2016 10:04:01 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:03:48 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:03:38 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:01:58 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:01:48 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:01:38 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:01:27 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:01:16 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:01:06 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Error: (04/01/2016 10:00:56 PM) (Source: ESENT) (EventID: 490) (User: ) Description: DllHost (5200) WebCacheLocal: Falha ao tentar abrir o arquivo "C:\Users\Renee\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8). Erros de Sistema: ============= Error: (04/01/2016 09:57:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Live Socket foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/01/2016 09:57:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Reservation Plastic foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/01/2016 09:57:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Double Spaced Print-head foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/01/2016 09:57:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Xbox Live Network Manager Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/01/2016 09:57:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Nognerxokjocmo Updater foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/01/2016 09:57:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Wuvsunl devido ao seguinte erro: %%1053 Error: (04/01/2016 09:57:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Wuvsunl. Error: (04/01/2016 09:57:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Wuvsunl foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 600 milissegundos: Reiniciar o serviço. Error: (04/01/2016 09:46:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço MPC Core Protect Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/01/2016 09:43:57 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: O serviço MPC Core Protect Service está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz Percentagem de memória em uso: 64% RAM física total: 3797.54 MB RAM física disponível: 1353.32 MB Virtual Total: 7593.26 MB Virtual disponível: 4681.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:418.96 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FAD31A3E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================