Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 28-06-2016 Executado por Admin (2016-06-29 13:29:45) Executando a partir de C:\Users\Admin\Desktop Microsoft Windows 7 Professional (X86) (2014-08-08 00:43:07) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Admin (S-1-5-21-4156198900-4181324601-1252614729-1000 - Administrator - Enabled) => C:\Users\Admin Administrador (S-1-5-21-4156198900-4181324601-1252614729-500 - Administrator - Disabled) Convidado (S-1-5-21-4156198900-4181324601-1252614729-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-4156198900-4181324601-1252614729-1002 - Limited - Enabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated) Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated) Advanced Calendar 2.0.0.11380 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11380 - MEIXIAN XIE) <==== ATENÇÃO Advanced-System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1) (Version: 2.1.1000.14138 - Systweak Software) <==== ATENÇÃO Atheros Client Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Baidu Antivirus (HKLM\...\Baidu Antivirus) (Version: 5.6.3.186847 - Baidu, Inc.) Baidu Browser (HKLM\...\Spark) (Version: 43.23 Preview - Baidu Inc.) Buzzdock (HKLM\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version: - Alactro LLC) <==== ATENÇÃO CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) Digital More (HKLM\...\Digital More) (Version: 2.0.5584.37129 - Digital More) <==== ATENÇÃO Dominó Master 3.3.1 (HKLM\...\Dominó Master_is1) (Version: - RkSoft Softwares) Donkey Kong Country 3: Dixie Kong's Double Trouble! (HKLM\...\Donkey Kong Country 3: Dixie Kong's Double Trouble!_is1) (Version: - GameFabrique) Download & Install Packages (HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\...\Download & Install Packages) (Version: - ) <==== ATENÇÃO Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Google Chrome (HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden LiveUpdateWPP (HKLM\...\LiveUpdateWPP) (Version: - Anti-phishing database updater for Web Protector Plus. This service keeps your computer updated with the newest database of known Internet threats.) <==== ATENÇÃO Max HD versão 3.2 (HKLM\...\{D8EBC18C-B610-452D-A8CC-2250CBD28EDB}_is1) (Version: 3.2 - Max Company) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21046}) (Version: 7.03.1357 - Nero AG) PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2) (Version: - ) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.) PriceFountain (HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\...\EsteemsTemporalities) (Version: - ) <==== ATENÇÃO Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek) Safe Web (HKLM\...\SafeWeb) (Version: 2.7.45 - Acute Angle Solutions Ltd) Salus (HKLM\...\Salus) (Version: 2.02.11.0 - Salus) <==== ATENÇÃO Skype™ 7.22 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.) Softonic Assistant (HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\...\SoftonicAssistant) (Version: 0.2.3 - Softonic International S.A.) <==== ATENÇÃO Tuneup Pro (HKLM\...\Tuneup Pro_is1) (Version: 1.08 - tuneuppro.com) Unity Web Player (HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\...\UnityWebPlayer) (Version: 5.0.2f1 - Unity Technologies ApS) Update for PriceFountain (HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\...\{00D82B89-4DF7-AABF-60A1-2C9A98372E83}) (Version: - Update for PriceFountain) <==== ATENÇÃO Update for PriceFountain (HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\...\Price Fountain) (Version: - Update for PriceFountain) <==== ATENÇÃO WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.5\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Admin\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-4156198900-4181324601-1252614729-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {00CB9191-097B-4921-89CF-6ED504A776A4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd) Task: {0501291B-3224-42D7-A0A9-49FEED70681C} - System32\Tasks\Voo Update => C:\Users\Admin\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO Task: {16264937-F85E-4158-A056-EE5F765CA965} - System32\Tasks\Price Fountain => C:\Users\Admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO Task: {1D72DDFD-AF3D-4E0A-B54D-11AC70E8C3F6} - System32\Tasks\{83D2B398-3A88-4664-8573-A09A4E17773A} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs <==== ATENÇÃO Task: {2833A71B-C9F1-41B0-B98C-FE5FC0FC6B14} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATENÇÃO Task: {347661C8-FE45-4A7A-9438-52E785B9DFEA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000UA => C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.) Task: {3660DD24-2732-4F57-B9F9-49A4B333CD4D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000Core => C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-13] (Facebook Inc.) Task: {3BB77237-A2AE-4AA4-A664-369A66A84498} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATENÇÃO Task: {42EEE3F7-BF95-437D-B0AE-2FC75C43B758} - System32\Tasks\{337F9C91-A315-465A-B5F1-57FC0F65D856} => pcalua.exe -a C:\Users\Admin\Downloads\UstreamProducer-2.0.2.exe -d C:\Users\Admin\Downloads Task: {4460263D-57A2-4137-B0AD-3B2CC679E045} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.) Task: {54FB341C-DA6B-49E7-8777-7BB9B086F627} - System32\Tasks\Tuneup Pro_UPDATES => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-10-29] (Tuneup Pro) Task: {71EE5DA4-0CDF-4AB9-B609-E278D77AE804} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== ATENÇÃO Task: {875774DC-CBD6-4D1E-9F8A-CF3FD3ED1DB3} - System32\Tasks\AdminEsteemsTemporalitiesV2 => Rundll32.exe UnopenedCornstalks.dll,main 7 1 <==== ATENÇÃO Task: {8DD451E4-20CF-4AAB-992B-528E30AFED8B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-02] (Google Inc.) Task: {966899BA-7C1C-40EA-BA7F-161260937EE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.) Task: {98AB32B8-70D8-4EB6-803A-12C72FCCF3C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-21] (Google Inc.) Task: {A2C2598D-ECC0-4AC1-81C0-F446AFD00C4C} - System32\Tasks\Tuneup Pro_DEFAULT => C:\Program Files\Tuneup Pro\TuneupPro.exe [2014-10-29] (Tuneup Pro) Task: {B4DF4406-3D93-40C0-9EA9-4C48EC20B673} - System32\Tasks\Baidu Antivirus Update => C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BavUpdater.exe [2015-08-04] (Baidu, Inc.) <==== ATENÇÃO Task: {D3EDA57F-9177-490F-B4C6-AC054E58A65D} - System32\Tasks\SparkUpdater => C:\Program Files\baidu\Baidu Browser\SparkUpdate.exe [2016-01-15] (Baidu.com, Inc.) Task: {D7DC84D2-E7C5-443F-A7AE-1CB0453EB7DE} - System32\Tasks\{00D82B89-4DF7-AABF-60A1-2C9A98372E83} => C:\Users\Admin\AppData\Roaming\{00D82~1\updater.exe [2013-05-02] () <==== ATENÇÃO Task: {EF7EAC37-96D7-455C-9072-F1EF0214350F} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATENÇÃO Task: {F9FF7E83-EFE5-4F6C-9EFC-479C562ADA8A} - System32\Tasks\{7D209498-AF15-4D64-9CB4-504EEFA4DC55} => pcalua.exe -a C:\PROGRA~1\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000Core.job => C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000UA.job => C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4156198900-4181324601-1252614729-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO Task: C:\Windows\Tasks\Tuneup Pro_DEFAULT.job => C:\Program Files\Tuneup Pro\TuneupPro.exe Task: C:\Windows\Tasks\Tuneup Pro_UPDATES.job => C:\Program Files\Tuneup Pro\TuneupPro.exe Task: C:\Windows\Tasks\Voo Update.job => C:\Users\Admin\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATENÇÃO Task: C:\Windows\Tasks\{00D82B89-4DF7-AABF-60A1-2C9A98372E83}.job => C:\Users\Admin\AppData\Roaming\{00D82~1\updater.exe <==== ATENÇÃO ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) Shortcut: C:\Users\Admin\Desktop\Google.lnk -> hxxp://www.google.comJC:\Program Files\baidu\Baidu Browser\resource\application\Image\google.ico? (Nenhum Arquivo) Shortcut: C:\Users\Public\Desktop\Facebook.lnk -> hxxp://www.facebook.comLC:\Program Files\baidu\Baidu Browser\resource\application\Image\facebook.ico? (Nenhum Arquivo) Shortcut: C:\Users\Public\Desktop\Google.lnk -> hxxp://www.google.comJC:\Program Files\baidu\Baidu Browser\resource\application\Image\google.ico? (Nenhum Arquivo) ==================== Módulos Carregados (Whitelisted) ============== 2016-05-10 09:23 - 2016-06-29 10:07 - 00536168 _____ () C:\Windows\vonetframeHelp.dll 2016-05-19 06:06 - 2016-05-19 06:06 - 00128624 _____ () C:\Program Files\CalendarTool\2.0.0.11380\CalendarEntry.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00298480 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\HipsLogger.dll 2015-08-04 08:51 - 2015-07-14 01:09 - 00176112 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\dark.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00540656 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\sqlite.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00197944 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\TinyIPC32.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00370672 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\BNetOp.dll 2016-05-19 06:11 - 2016-05-19 06:11 - 00153200 _____ () C:\Program Files\CalendarTool\2.0.0.11380\CalendarServ.exe 2014-08-07 22:01 - 2009-08-03 02:35 - 00413936 _____ () c:\windows\system32\mirovirtual.dll 2016-05-19 06:06 - 2016-05-19 06:06 - 02249328 _____ () C:\Program Files\CalendarTool\2.0.0.11380\Calendar.exe 2015-08-04 08:51 - 2015-08-04 08:51 - 00167920 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_Hips_TipsCtl\HipsTipControl.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00277488 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Pulgin_Dark_DeleteFileTip.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00147952 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMAnalyzeHandler.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00158704 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMSupplementHandler.dll 2015-08-04 08:51 - 2015-08-04 08:51 - 00120304 _____ () C:\Program Files\Baidu Security\Baidu Antivirus\5.6.3.186847.0\Plugins\Plugin_User_Mon\HUMHandler\HUMUSBHandler.dll 2015-05-08 15:50 - 2015-05-08 15:50 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll 2016-06-06 15:02 - 2008-08-29 09:12 - 00932864 _____ () C:\Users\Admin\Desktop\Xpadder.exe 2007-01-24 17:22 - 2016-06-06 16:09 - 00594432 _____ () C:\Users\Admin\Desktop\super nintendo\zsnesw.exe 2015-01-08 22:57 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2015-01-08 22:57 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"="" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2009-06-10 18:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4156198900-4181324601-1252614729-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [TCP Query User{2311822C-D202-4B4A-8F9E-5CB905B6D137}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe FirewallRules: [UDP Query User{785996B5-AE33-4032-8863-BE67A0C17614}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe FirewallRules: [{8613D453-7043-4CE7-8617-FC034E8532C7}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{F014B3CB-54C8-4A25-94BC-ECE1069C6B92}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{BB7CF05D-9B68-4FD2-A1B7-80DBF7CC6752}] => (Allow) C:\Program Files\ManyCam\ManyCam.exe FirewallRules: [{BD4C0272-63BF-497B-B3BA-68625D4F8B80}] => (Allow) C:\Program Files\ManyCam\ManyCam.exe FirewallRules: [TCP Query User{3DF72EFA-FC6A-410D-AE80-CFBD768BE288}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe FirewallRules: [UDP Query User{B20E9CF9-7CE1-490A-9BC9-E6AC4B14E11B}C:\program files\ares\ares.exe] => (Allow) C:\program files\ares\ares.exe FirewallRules: [{1B66063A-5144-4D29-981A-DE6A3CB67028}] => (Allow) C:\Users\Admin\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{EB81A748-5E2B-45DE-AE43-AF8B3EA15438}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{8E032EC0-8F1C-478C-A763-7CB07B46BACB}] => (Allow) C:\Program Files\baidu\Spark\Spark.exe FirewallRules: [{C4AAE2FC-76E9-49F8-83EE-0A0666716445}] => (Allow) C:\Program Files\baidu\Spark\Spark.exe FirewallRules: [{57474B68-D7D7-46B6-A07E-C72107EC5FFA}] => (Allow) C:\Program Files\baidu\Spark\bdtray.exe FirewallRules: [{322E5420-6D89-41AD-8A34-33E3F304F546}] => (Allow) C:\Program Files\baidu\Spark\bdtray.exe FirewallRules: [{EFAE1532-A8BE-4913-97B1-C73576175D89}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{314D7AA0-AF9D-4622-8D7E-4CBA36973728}C:\windows\temp\db14.exe] => (Block) C:\windows\temp\db14.exe FirewallRules: [UDP Query User{E9A0DD38-2B8F-453E-9043-F7FA76D71375}C:\windows\temp\db14.exe] => (Block) C:\windows\temp\db14.exe FirewallRules: [TCP Query User{18B67CEC-9797-4F98-9521-6D11EC0D6385}C:\windows\temp\db15.exe] => (Block) C:\windows\temp\db15.exe FirewallRules: [UDP Query User{EB479EED-3A3F-4DAB-A42F-E60037A7A474}C:\windows\temp\db15.exe] => (Block) C:\windows\temp\db15.exe FirewallRules: [{B8760D6A-BF5C-4C3A-99A6-3893AAD94BAC}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{D22D17D2-1B89-46AE-9729-89D1EA325754}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe FirewallRules: [{4C59D5A8-FEA6-446D-A1A3-974BC430E387}] => (Allow) C:\Program Files\baidu\Baidu Browser\Spark.exe FirewallRules: [{53924572-E5EE-44DF-BA82-9A5007C73A3B}] => (Allow) C:\Program Files\baidu\Baidu Browser\Spark.exe FirewallRules: [{BD8152EC-48C9-4D59-B9E9-A09C3BF6DD15}] => (Allow) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 29-05-2016 20:09:21 Backup do Windows 05-06-2016 19:00:15 Backup do Windows 07-06-2016 19:20:00 Windows Defender Checkpoint 12-06-2016 19:30:55 Backup do Windows 13-06-2016 07:34:37 Windows Update 19-06-2016 19:41:14 Backup do Windows 26-06-2016 20:04:56 Backup do Windows 29-06-2016 09:58:12 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 29-06-2016 13:07:43 DirectX instalado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: ccnfd_1_10_0_4 Description: ccnfd_1_10_0_4 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ccnfd_1_10_0_4 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ccnfd_1_10_0_5 Description: ccnfd_1_10_0_5 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ccnfd_1_10_0_5 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: badriver Description: badriver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: badriver Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Adaptador de Túnel Teredo da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: wpnfd_1_10_0_5 Description: wpnfd_1_10_0_5 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wpnfd_1_10_0_5 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (06/29/2016 01:26:34 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Error: (06/29/2016 01:22:32 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Error: (06/29/2016 01:18:30 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Error: (06/29/2016 01:14:19 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Error: (06/29/2016 01:10:17 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Error: (06/29/2016 01:07:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Parâmetro incorreto. . Error: (06/29/2016 01:07:43 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {353b141d-4d4f-4fb0-955a-089b390e6707} Error: (06/29/2016 01:06:07 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Error: (06/29/2016 01:02:06 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Error: (06/29/2016 12:58:04 PM) (Source: Windows Search Service) (EventID: 3100) (User: ) Description: Não foi possível inicializar o processo de host do filtro. Encerrando. Detalhes: Esta operação foi retornada porque o tempo limite expirou. (HRESULT : 0x800705b4) (0x800705b4) Erros de Sistema: ============= Error: (06/29/2016 10:43:56 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/29/2016 10:43:55 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/29/2016 10:12:05 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/29/2016 10:12:05 AM) (Source: ipnathlp) (EventID: 31004) (User: ) Description: 0 Error: (06/29/2016 10:09:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (60000 milissegundos) ao aguardar a conexão do serviço Microsoft .NET Framework NGEN v4.0.30319_X86. Error: (06/29/2016 10:07:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: badriver ccnfd_1_10_0_4 ccnfd_1_10_0_5 wpnfd_1_10_0_5 Error: (06/29/2016 10:07:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Update Mgr DigitalMore devido ao seguinte erro: %%2 = O sistema não pode encontrar o arquivo especificado. Error: (06/29/2016 10:07:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Service Mgr DigitalMore devido ao seguinte erro: %%2 = O sistema não pode encontrar o arquivo especificado. Error: (06/29/2016 10:07:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço rcores devido ao seguinte erro: %%2 = O sistema não pode encontrar o arquivo especificado. Error: (06/29/2016 10:06:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (60000 milissegundos) ao aguardar a conexão do serviço Microsoft .NET Framework NGEN v4.0.30319_X86. ==================== Informações da Memória =========================== Processador: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz Percentagem de memória em uso: 67% RAM física total: 2008.61 MB RAM física disponível: 643.55 MB Virtual Total: 4017.22 MB Virtual disponível: 2381.67 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.79 GB) (Free:188.35 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 48CED053) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================