Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 18-11-2016
Executado por Cristina (18-11-2016 22:40:16)
Executando a partir de C:\Users\Cristina\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2015-07-19 20:23:13)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-1455526487-581654163-2976102132-500 - Administrator - Disabled)
Convidado (S-1-5-21-1455526487-581654163-2976102132-501 - Limited - Disabled)
Cristina (S-1-5-21-1455526487-581654163-2976102132-1000 - Administrator - Enabled) => C:\Users\Cristina

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-1455526487-581654163-2976102132-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Ad-Aware Web Companion (Version: 2.0.1025.2130 - Lavasoft) Hidden
Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Arquivo do WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Body Text Feathering (HKLM\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== ATENÇÃO
cleaner 1.0.1 (HKLM\...\cleaner) (Version:  - cleaner)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
DeVeDe (HKLM\...\{D1BCDFB2-D631-4AD5-9CA1-B86E01E1AC62}) (Version: 3.17.1 - MajorSilence)
FormatFactory 3.7.0.0 (HKLM\...\FormatFactory) (Version: 3.7.0.0 - Format Factory)
gamesdesktop version 1.1 (HKLM\...\gamesdesktop_is1) (Version: 1.1 - gamesdesktop) <==== ATENÇÃO
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.8.0 - Gramblr Team)
Hola™ 1.18.524 - Better Internet (HKLM\...\Hola) (Version: 1.18.524 - Hola Networks Ltd.) <==== ATENÇÃO
KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 4.1.1.5 - PandoraTV)
LavasoftTcpService (Version: 2.3.4.7 - Lavasoft) Hidden
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
MaohaWiFi (HKLM\...\MaohaAP) (Version: 1.0.8.8 - 深圳市猫哈网络科技发展有限公司) <==== ATENÇÃO
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 49.0.1 (x86 pt-BR)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Mp3tag v2.75 (HKLM\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
Nero 8 Essentials (HKLM\...\{7FD7FB8C-2C75-4A8E-A236-EB23C5CD1046}) (Version: 8.3.582 - Nero AG)
OtherSearch (HKLM\...\OtherSearch) (Version: 3.0.4.2 - Theudobald Yanko) <==== ATENÇÃO
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PicosmosTools 1.0.1.0 (HKLM\...\PicosmosTools) (Version: 1.0.1.0 - Free Time)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
shopperz (HKLM\...\{0A8F1140-0E5B-4795-8E2B-3BB4C939FD35}) (Version: 2.0.0.480 - shopperz) <==== ATENÇÃO
Spotify (HKU\S-1-5-21-1455526487-581654163-2976102132-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
sunnyday version 1.1 (HKLM\...\sunnyday_is1) (Version: 1.1 - sunnyday) <==== ATENÇÃO
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUSR_{7BDD179E-C954-438B-937D-EB411B701EAB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127934) 32-Bit Edition (HKLM\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUSR_{561D6567-A41D-407F-957C-39EEA3AB2D73}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127934) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{561D6567-A41D-407F-957C-39EEA3AB2D73}) (Version:  - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VirtualDJ 8 (HKLM\...\{A8EB77B7-2A7B-46F8-BF9D-9EE1F95A9A2E}) (Version: 8.0.2523.0 - Atomix Productions)
Web Companion (HKLM\...\{88B10E3E-8911-4FAC-8663-CCF6E33C58B3}_WebCompanion) (Version: 2.0.1025.2130 - Lavasoft)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-1455526487-581654163-2976102132-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\Cristina\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATENÇÃO
CustomCLSID: HKU\S-1-5-21-1455526487-581654163-2976102132-1000_Classes\CLSID\{E6CA27A3-C7E9-959D-201B-C2561585645C}\InprocServer32 -> não caminho do arquivo

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {143A343A-2CA9-4165-B2C2-32DB5BE186D0} - System32\Tasks\{8E712FAB-60F1-4453-A5AB-92355A9158DB} => pcalua.exe -a "C:\Program Files\WinRAR\WinRAR.exe" -d C:\Users\Cristina\Downloads -c "C:\Users\Cristina\Downloads\CADAUMNSUASADA.rar"
Task: {3B00AD63-5EC5-4BA5-B7F3-C6BB224A1B5E} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] ()
Task: {3C5DF79E-BAB7-47A6-BD68-DC3B9F334299} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files\Youtube AdBlock\W5wA4Na.exe <==== ATENÇÃO
Task: {44A1793F-5C45-4C60-934C-3AB9D12EF2BD} - System32\Tasks\UpdateTask => C:\Users\Cristina\AppData\Local\{759A4~1\UNINST~1.EXE
Task: {5466F259-FD22-407B-9065-8634E41887DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {640DCA01-6E42-4549-8AE1-03F4B3D9E173} - System32\Tasks\{097C74BA-BA37-49BC-B46E-276E60877F4C} => pcalua.exe -a "C:\Program Files\GreatMaker\MaohaWiFi\Uninstall.exe"
Task: {94BB3847-E427-4873-8B96-5D2552DEDEA0} - System32\Tasks\updengine => C:\Program Files\OtherSearch\updengine.exe [2016-11-17] () <==== ATENÇÃO
Task: {9856AD13-74D7-466D-A0E5-B582F8396130} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files\Youtube AdBlock\W5wA4Na.exe <==== ATENÇÃO
Task: {A1AA6F54-FA83-45D8-AD35-93DE8028C21A} - System32\Tasks\Kupiynohoing Cache => C:\Program Files\Nernapyclermocult\nerlether.exe [2016-11-18] (Glarysoft Ltd)
Task: {A7FF74A1-AE26-4F77-8207-0AB337AED126} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C98A6D9F-97FE-4060-BB9B-B1E77DCAD1DE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C99B2C10-6C1D-474A-8E08-9BB17431FC77} - System32\Tasks\{3D62DB2E-A8F1-4484-89AC-D4BF64B6C9D8} => pcalua.exe -a D:\browser.exe -d D:\
Task: {CC6F5A21-7F1E-412B-991D-78F60EF3DE66} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-29] (Tencent) <==== ATENÇÃO
Task: {DB1CCB27-3C62-4946-BCED-71DC1125A6E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {DBE3625A-4646-448A-9183-C628D0EE08F9} - System32\Tasks\{7AB16E8D-3C71-4543-900F-B12531BD640D} => pcalua.exe -a "C:\Program Files\WinRAR\uninstall.exe"
Task: {F0D215B4-03AD-4AAD-B8B4-7F97F9263E8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-07-25] (Google Inc.)
Task: {FC0EA0E7-78B8-49BE-89D3-63E80D8A6DDD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\Cristina\AppData\Local\{759A4~1\UNINST~1.EXE

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

WMI_ActiveScriptEventConsumer_ASEC: <===== ATENÇÃO

Shortcut: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki/
Shortcut: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com/

ShortcutWithArgument: C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\Cristina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk -> C:\Users\Cristina\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) ->  --load-extension="C:\Users\Cristina\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\Cristina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\Cristina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/

==================== Módulos Carregados (Whitelisted) ==============

2016-11-18 13:53 - 2016-11-18 13:53 - 00258560 _____ () C:\Users\Cristina\AppData\Roaming\Imywi\Movkix.dll
2016-11-18 13:55 - 2016-11-18 22:26 - 00353280 _____ () C:\Program Files\Ebukfijmijpe\Nufmeu.DLL
2014-05-01 12:15 - 2014-05-01 12:15 - 00463360 _____ () C:\Users\Cristina\AppData\Local\MEGAsync\ShellExtX32.dll
2015-07-22 03:00 - 2003-05-15 15:43 - 00119808 _____ () C:\Program Files\WinRAR\rarext.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00078656 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00184680 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00046920 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-06-08 15:13 - 2015-06-08 15:13 - 00073544 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00033136 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00015696 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00123736 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-06-08 15:11 - 2015-06-08 15:11 - 00039256 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-10-28 16:33 - 2016-10-28 16:33 - 00276480 _____ () c:\program files\wefashpluqitain\vrzrpr.dll
2016-11-14 22:42 - 2015-10-15 09:21 - 00163344 _____ () C:\Program Files\GreatMaker\MaohaWiFi\maohasubstat.dll
2016-11-14 22:42 - 2014-12-18 05:02 - 00261600 _____ () C:\Program Files\GreatMaker\MaohaWiFi\Updater\CheckUpdate.dll
2016-11-14 22:42 - 2016-05-31 06:51 - 00237088 _____ () C:\Program Files\GreatMaker\MaohaWiFi\tipsdll.dll
2016-11-14 22:42 - 2014-08-19 05:36 - 00206816 _____ () C:\Program Files\GreatMaker\MaohaWiFi\CrRpt.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00019816 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-06-08 15:12 - 2015-06-08 15:12 - 00012144 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-06-08 15:12 - 2015-06-08 15:12 - 00034664 _____ () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2016-11-02 09:54 - 2016-11-14 01:35 - 00208384 _____ () c:\programdata\winsapsvc\winsap.dll
2016-05-04 19:18 - 2016-11-17 12:15 - 07727696 _____ () C:\Program Files\Gramblr\gramblr.exe
2016-11-18 22:10 - 2016-11-18 22:10 - 00276480 _____ () c:\program files\nernapyclermocult\tnrcr.dll
2016-11-18 22:16 - 2016-11-18 22:16 - 00638464 _____ () C:\Program Files\03000200-1479514604-0500-0006-000700080009\knsbFA9E.tmpfs
2015-12-26 06:59 - 2015-12-26 06:59 - 00158720 _____ () C:\Users\Cristina\AppData\Local\03000200-1479507492-0500-0006-000700080009\qnsc5BFC.tmp
2016-11-18 22:21 - 2016-11-16 23:08 - 00282703 ____H () C:\Program Files\wanttoxiamen\Bind.exe
2016-11-18 22:21 - 2016-11-18 22:24 - 04213248 _____ () C:\Program Files\mpck\wincom_UL7.exe
2016-11-18 13:53 - 2016-11-18 13:53 - 00121344 _____ () C:\Users\Cristina\AppData\Roaming\KoymtPacetu\Wawjebt.exe
2016-11-18 13:54 - 2016-11-18 22:26 - 00218112 _____ () C:\Users\Cristina\AppData\Roaming\KoymtPacetu\Taepma.din
2016-11-18 13:53 - 2016-11-18 13:53 - 00170496 _____ () C:\Users\Cristina\AppData\Roaming\Imywi\Imywi.exe
2016-11-18 13:53 - 2016-11-18 13:53 - 00112128 _____ () C:\Users\Cristina\AppData\Roaming\Imywi\Movkix.exe
2016-11-18 13:55 - 2016-11-18 22:26 - 00265216 _____ () C:\Program Files\Ebukfijmijpe\Cudpilh.exe
2016-11-18 13:55 - 2016-11-18 22:26 - 00270336 _____ () C:\Program Files\Ebukfijmijpe\Reinaav.exe
2016-11-18 13:55 - 2016-11-18 22:26 - 01681920 _____ () C:\Program Files\Ebukfijmijpe\FueIzela.exe
2016-11-18 13:55 - 2016-11-18 22:26 - 00558592 _____ () C:\Program Files\Ebukfijmijpe\Owelo.exe
2016-11-18 13:55 - 2016-11-18 22:26 - 00722944 _____ () C:\Program Files\Ebukfijmijpe\Hijap.DLL
2016-11-18 13:55 - 2016-11-18 22:26 - 00328704 _____ () C:\Program Files\Ebukfijmijpe\Ueroa.DLL
2016-11-18 13:55 - 2016-11-18 22:26 - 00328192 _____ () C:\Program Files\Ebukfijmijpe\Sajomoat.DLL
2016-11-18 22:26 - 2016-11-18 22:27 - 00369664 _____ () C:\Program Files\YLNC30MHQH\YLNC30MHQ.exe
2016-11-18 22:26 - 2016-11-18 22:29 - 04213248 _____ () C:\Program Files\sunnyday\wincom_VPQ.exe
2016-11-18 22:29 - 2016-11-18 22:29 - 00325596 _____ () C:\Users\Cristina\AppData\Local\Temp\I64V4UDOD\shopperz.exe
2016-11-18 22:29 - 2016-11-18 22:29 - 00006656 _____ () C:\Users\Cristina\AppData\Local\Temp\nslE44C.tmp\nsExec.dll
2016-11-18 22:29 - 2016-11-18 22:29 - 00006656 _____ () C:\Users\Cristina\AppData\Local\Temp\nslE44C.tmp\nsE45D.tmp
2016-09-21 10:53 - 2016-09-21 10:53 - 00351232 _____ () C:\Users\Cristina\AppData\Local\Temp\nslE44C.tmp\preinstaller_win.exe
2016-11-18 22:29 - 2016-11-18 22:29 - 00709632 _____ () C:\Users\Cristina\AppData\Local\Temp\is-1MPKQ.tmp\19HHJU7FS.tmp
2016-11-18 22:29 - 2008-10-15 15:44 - 00205312 _____ () C:\Users\Cristina\AppData\Local\Temp\is-S01JH.tmp\itdownload.dll
2016-11-18 22:30 - 2016-11-18 22:30 - 00321536 _____ () C:\Users\Cristina\AppData\Local\Temp\sdfE8DD.exe
2016-11-18 22:30 - 2016-11-18 22:31 - 00369664 _____ () C:\Users\Cristina\AppData\Local\Temp\LPQ7I4P6NE.exe
2016-11-18 13:55 - 2016-11-18 22:26 - 00229888 _____ () C:\Program Files\Ebukfijmijpe\Bayqg.dll
2016-11-18 22:33 - 2016-11-18 22:33 - 00369664 _____ () C:\Users\Cristina\AppData\Local\Temp\O2KMF50GX\O2KMF50GX.exe

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)


==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine => ""="service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-1455526487-581654163-2976102132-1000\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1455526487-581654163-2976102132-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1455526487-581654163-2976102132-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-14 00:04 - 2016-11-18 22:24 - 00001370 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-1455526487-581654163-2976102132-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{F2485DF7-947A-4C44-A1CF-D5EFC2D277CD}C:\users\cristina\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\cristina\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{F2CAA337-D7B9-40E5-96B3-BA2194060659}C:\users\cristina\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\cristina\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{0A6CE4F1-98D4-4ADD-9FEE-9AF7C1098C20}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{B909E77E-E335-43F2-997F-ADE870636AB5}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{E23184D1-7F79-4B98-9D53-92BA056271A0}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{4C5D8A78-F922-41B6-ADDE-C2F878AF2192}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{1179F6BD-634F-476A-A3F5-51E92B3476AB}] => (Allow) C:\Users\Cristina\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{3ABEAFF3-1424-4030-99C7-F49DCFF40B45}] => (Allow) C:\Users\Cristina\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [TCP Query User{62AF754A-B12E-4EAA-9DED-A55F6343A348}C:\users\cristina\downloads\ffinstonline.exe] => (Allow) C:\users\cristina\downloads\ffinstonline.exe
FirewallRules: [UDP Query User{1CF3B78D-7D84-4CA7-A278-8C80946B4ED0}C:\users\cristina\downloads\ffinstonline.exe] => (Allow) C:\users\cristina\downloads\ffinstonline.exe
FirewallRules: [TCP Query User{90797299-C48D-417E-85BD-0C99425F909B}C:\program files\formatfactory\ffmodules\package\pfinstonline.exe] => (Block) C:\program files\formatfactory\ffmodules\package\pfinstonline.exe
FirewallRules: [UDP Query User{F1A1B543-2EBB-4239-84E8-A7B504AE0B9F}C:\program files\formatfactory\ffmodules\package\pfinstonline.exe] => (Block) C:\program files\formatfactory\ffmodules\package\pfinstonline.exe
FirewallRules: [{88AFDF44-9A0F-4E44-B4FC-D3C82A79BB7F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6CEF2555-3A19-4BD8-BD31-CC6E3D6F23AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{055FF2A9-4939-41B5-8DF8-67A9AF57108B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{31764817-11A6-492C-ACD8-9CF1FC11D71A}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{A040EE3D-B86E-4022-8809-9012CDE26437}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{6F23B8BE-58C3-4841-89D7-D6CFF586FC7B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B70DDF8B-B675-4D3D-8315-5846FFCFB793}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FE51C903-600A-4770-8D7F-AADED42434A0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{DFA3691A-80CF-4447-8B3A-B79428F2F77F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D9259CF0-5392-40A3-9A81-56CD7A79D851}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{88567765-91BC-44A7-BC19-D0D6026E2388}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{45678DFE-F05F-4F8B-8C19-35C55E409B3F}C:\users\cristina\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\cristina\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8B990542-765C-4F67-B384-F3F8B9C06845}C:\users\cristina\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\cristina\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F811C5CD-EE7E-4DB1-B3E1-1584B54E33E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{009E7199-7FC1-44BF-ACC9-CC89C04C2CF7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A545D201-095F-45BE-A842-3B819ED7898D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5E2A8962-4649-47FC-8A2E-D0A0DC2F7662}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24A22850-0753-41B5-BE67-71E91631194A}] => (Allow) C:\Users\Cristina\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{F96E65D6-0FC0-45A8-A85B-E4BA4D54187E}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{BEDD88DA-1565-408B-BE25-5A5897C3AE4D}C:\program files\formatfactory\formatfactory.exe] => (Allow) C:\program files\formatfactory\formatfactory.exe
FirewallRules: [TCP Query User{20BF40EB-0AD2-4437-B11A-7E89EEC8FCE8}C:\users\cristina\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\cristina\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{0E93F067-A3DB-4313-9EE3-C9AA722C8144}C:\users\cristina\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\cristina\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{068DB383-F61A-42DA-81C3-65B425617246}C:\users\cristina\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\cristina\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{642521F1-ED09-4918-B7DF-52D3DEB54AC9}C:\users\cristina\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\cristina\appdata\roaming\spotify\spotify.exe
FirewallRules: [{3F0F1F54-CB93-4792-A48D-1590D491249D}] => (Allow) C:\Users\Cristina\AppData\Local\Temp\is-8L5V5.tmp\download\MiniThunderPlatform.exe
FirewallRules: [TCP Query User{FFC16C17-093E-49E6-9743-8033EE1B91C1}C:\program files\greatmaker\maohawifi\maohawifi.exe] => (Allow) C:\program files\greatmaker\maohawifi\maohawifi.exe
FirewallRules: [UDP Query User{B231E1F4-2CCB-47A5-91B2-8122D0B9B6FA}C:\program files\greatmaker\maohawifi\maohawifi.exe] => (Allow) C:\program files\greatmaker\maohawifi\maohawifi.exe
FirewallRules: [{01033B9B-8EF0-4EDD-92A3-59C3389CF1E4}] => (Allow) C:\Program Files\GreatMaker\MaohaWiFi\MaohaWiFi.exe
FirewallRules: [{6027B9EE-FAD8-4897-8BD5-F32934AFFDB5}] => (Allow) C:\Program Files\GreatMaker\MaohaWiFi\DrvUpdate.exe
FirewallRules: [{3E3B34AD-1841-4BE4-9F61-E77867EAE647}] => (Allow) C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe

==================== Pontos de Restauração =========================

11-11-2016 21:34:09 Ponto de Verificação Agendado
12-11-2016 15:42:35 Windows Update
15-11-2016 00:04:03 Windows Update
15-11-2016 15:23:47 LavasoftWeCompanion
15-11-2016 22:30:14 Windows Update
16-11-2016 12:43:44 Windows Update
18-11-2016 22:14:40 Removed MSXML 4.0 SP2 (KB954430)
18-11-2016 22:15:26 Removed MSXML 4.0 SP2 (KB973688)
18-11-2016 22:29:49 Removed Microsoft Silverlight

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (11/18/2016 10:10:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: KINCB.exe, versão: 2.1.1.3, carimbo de hora: 0x2a425e19
Nome do módulo de falhas: KINCB.exe, versão: 2.1.1.3, carimbo de hora: 0x2a425e19
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000f8e30
Identificação do processo com falha: 0x15a4
Hora de início do aplicativo com falha: 0x01d241f9104a3a9b
Caminho do aplicativo com falha: C:\Users\Cristina\AppData\Local\Temp\Rar$EX00.700\KINCB.exe
FCaminho do módulo de falhas: C:\Users\Cristina\AppData\Local\Temp\Rar$EX00.700\KINCB.exe
Identificação do Relatório: 8638e6c6-adec-11e6-9736-c89cdc40a2bc

Error: (11/18/2016 07:37:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa uTorrent.exe versão 3.4.8.42576 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 768

Hora de Início: 01d241ce2912bec0

Hora de Término: 65

Caminho do Aplicativo: C:\Users\Cristina\AppData\Roaming\uTorrent\uTorrent.exe

Id do Relatório: 26558375-add7-11e6-9736-c89cdc40a2bc

Error: (11/18/2016 05:03:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 04:21:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/18/2016 04:13:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2016 03:20:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/17/2016 12:22:56 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/17/2016 12:14:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 01:11:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 12:49:49 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


Erros de Sistema:
=============
Error: (11/18/2016 10:11:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço Qovchgroserge está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (11/18/2016 09:27:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Conectividade do Windows para Gramblr. foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 500 milissegundos: Reiniciar o serviço.

Error: (11/18/2016 09:27:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Conectividade do Windows para Gramblr. terminou com o erro: 
Função incorreta.

Error: (11/18/2016 05:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço The Calendar Service devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (11/18/2016 05:01:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Border Photo Album devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (11/18/2016 05:01:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Archer terminou com o erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (11/18/2016 04:11:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço The Calendar Service devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (11/18/2016 04:11:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Border Photo Album devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (11/18/2016 04:11:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Archer terminou com o erro: 
O sistema não pode encontrar o arquivo especificado.

Error: (11/17/2016 03:18:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço The Calendar Service devido ao seguinte erro: 
O sistema não pode encontrar o arquivo especificado.


==================== Informações da Memória =========================== 

Processador: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentagem de memória em uso: 56%
RAM física total: 3261.24 MB
RAM física disponível: 1421.36 MB
Virtual Total: 6518.75 MB
Virtual disponível: 4249.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:646.61 GB) NTFS

==================== MBR & Tabela de Partições ==================

==================== Fim de Addition.txt ============================