Publicité
Publicité
Commentaire : http://www.cjoint.com/c/EJwnVDlJhaJ
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Douglas (2015-10-22 11:42:31)
Running from C:\Users\Douglas\Desktop
Windows 10 Pro (X64) (2015-08-25 23:57:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-890970014-2690237760-3640080772-500 - Administrator - Disabled)
Convidado (S-1-5-21-890970014-2690237760-3640080772-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-890970014-2690237760-3640080772-503 - Limited - Disabled)
Douglas (S-1-5-21-890970014-2690237760-3640080772-1001 - Administrator - Enabled) => C:\Users\Douglas
HomeGroupUser$ (S-1-5-21-890970014-2690237760-3640080772-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.)
Advanced Calendar 1.3 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 1.3.1.10384 - MEIXIAN XIE)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Baidu PC Faster (HKLM-x32\...\Baidu PC Faster 5.1.0.0) (Version: 5.1.3.126764 - Baidu, Inc.) <==== ATTENTION
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.2.0.151 - Bitdefender)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: - )
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: - )
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: - )
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DriverEasy 4.9.5 (HKLM\...\DriverEasy_is1) (Version: 4.9.5.0 - Easeware)
ETAP 12.6.0 (HKLM-x32\...\InstallShield_{1499B359-8984-4978-BC90-045C09042076}) (Version: 12.6.0 - ETAP)
ETAP License Manager 12.6.0 x64 (HKLM\...\{7C7B4EAF-66C6-46A1-9D85-237DD7E6E1A2}) (Version: - )
ETAP License Manager 12.6.0 x64 (HKLM-x32\...\InstallShield_{7C7B4EAF-66C6-46A1-9D85-237DD7E6E1A2}) (Version: 12.6.0 - Operation Technology Inc.)
F4100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
FastoPlayer version 1.0 (HKLM-x32\...\FastoPlayer_is1) (Version: 1.0 - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.64 - Google Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.16) (Version: 9.16 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
ITR2015 - Declaração do Imposto sobre a Propriedade Territorial Rural (HKLM-x32\...\ITR2015) (Version: 1.0 - Receita Federal do Brasil)
Klavaro-1.9.7 (HKLM-x32\...\Klavaro_is1) (Version: - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.0.0 - PandoraTV)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional 2016 - pt-br (HKLM\...\ProfessionalRetail - pt-br) (Version: 16.0.4229.1024 - Microsoft Corporation)
Microsoft Office Professional 2016 - pt-pt (HKLM\...\ProfessionalRetail - pt-pt) (Version: 16.0.4229.1024 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Plano de Negócio (HKLM-x32\...\{D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}) (Version: 2.0.4 - SEBRAE)
PowerWorld Simulator 18 Education/Evaluation Edition (HKLM-x32\...\PowerWorld Simulator 18 Education/Evaluation Edition) (Version: 18 - PowerWorld Corporation)
PowerWorld Simulator 18 Education/Evaluation Edition (x32 Version: 18 - PowerWorld Corporation) Hidden
RamBooster (HKLM-x32\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
TeXstudio 2.9.4 (HKLM-x32\...\TeXstudio_is1) (Version: 2.9.4 - Benito van der Zander)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Wifi HotSpot 1.0 (HKLM-x32\...\Wifi HotSpot_is1) (Version: - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-890970014-2690237760-3640080772-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-890970014-2690237760-3640080772-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
==================== Restore Points =========================
20-10-2015 20:06:50 Installed RamBooster
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-08-25 21:02 - 2015-08-30 21:05 - 00001265 ____N C:\WINDOWS\system32\Drivers\etc\hosts
128.199.121.125 sknisaadp.com
128.199.121.125 onhax.net
127.0.0.2 www.onhax.net
128.199.121.125 do2dear.net
128.199.121.125 cloudanna.com
128.199.121.125 www.fullstuff.net
128.199.121.125 www.masterkreatif.com
128.199.121.125 keyscity.net
128.199.121.125 piratecity.net
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {001779D0-39EA-4EED-8D86-BD3DA2D00624} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {09D17054-E222-49A2-937F-CEF46EDE4667} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {0A558AC2-F591-4477-9B7A-701A0A73C028} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {171D9538-2FD0-4AF5-880D-3AD34C51FC81} - System32\Tasks\{2ECCCA94-1A8D-4B8A-BFA2-C1631C4D4E51} => pcalua.exe -a C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {1EBC7292-ACDD-4A5B-BBB3-6F336FA31198} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION
Task: {7B467D33-5A75-47E7-AD6A-E030D5909A4A} - System32\Tasks\Baidu PC Faster Update => C:\Program Files (x86)\PC Faster\5.1.0.0\Updater.exe [2015-05-07] (Baidu, Inc.)
Task: {88DB67C1-0D29-414B-AC19-0641C7161AF5} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-08-02] (Easeware)
Task: {8D505AB0-4110-4CE4-AFEA-534785797AFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {BE21DB71-915E-4596-BDAF-61AC53BAE795} - System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exe [2015-06-17] ()
Task: {C7B8F01A-544C-411C-929E-C4173A76C65E} - System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe [2015-08-18] ()
Task: {D80C3EED-EEA5-41BA-910B-B8EDE22B90E7} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-890970014-2690237760-3640080772-1001
Task: {EC414529-15C6-4C1F-A3CB-B72B26F40FF4} - System32\Tasks\Baidu PC Faster Service => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [2015-05-07] (Baidu, Inc.)
Task: {F0F6CF84-98D3-4AF2-9110-64DD9943F821} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)
Task: {F5FCD1F0-292A-4493-BB9D-A7EE4884DC9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)
Task: {F8758E2A-3497-441E-9A79-0A6680C97DD1} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe [2014-12-29] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe
Task: C:\WINDOWS\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job => C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exep-RunCloudOPTClient C:\Program Files (x86)\CalendarTool\1.3.1.10384\CloudOPTClient\CloudOPTClient.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-10 11:55 - 2015-07-15 00:04 - 00032768 ____N () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-30 22:38 - 2015-04-22 17:55 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-08-30 22:38 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-08-30 22:39 - 2015-08-13 19:36 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-09-04 22:14 - 2015-09-04 22:14 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttpbr.mdl
2015-09-04 22:14 - 2015-09-04 22:14 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttpdsp.mdl
2015-09-04 22:14 - 2015-09-04 22:14 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttpph.mdl
2015-09-04 22:14 - 2015-09-04 22:14 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttprbl.mdl
2015-08-03 16:59 - 2015-08-03 16:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-08-19 13:44 - 2015-08-11 07:13 - 00413184 ____N () C:\WINDOWS\System32\diagtrack_win.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00133256 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe
2015-08-25 23:30 - 2015-09-09 23:33 - 00162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-01 14:36 - 2015-09-17 04:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00148616 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarEntry.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00933000 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\Calendar.exe
2015-10-01 14:36 - 2015-09-17 04:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 12:13 - 2014-05-01 12:13 - 00470016 _____ () C:\Users\Douglas\AppData\Local\MEGAsync\ShellExtX64.dll
2015-10-01 14:34 - 2015-09-17 03:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 14:36 - 2015-09-17 03:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 14:33 - 2015-09-17 03:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 14:34 - 2015-09-17 03:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:36 - 2015-09-17 03:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-07 21:14 - 2015-10-07 02:13 - 01908040 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.64\libglesv2.dll
2015-10-07 21:14 - 2015-10-07 02:13 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.64\libegl.dll
2015-10-15 23:06 - 2015-10-15 14:21 - 28860616 _____ () C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPTask.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPNet.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPDR.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00747144 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPKernel.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00327304 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPHelp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\WINDOWS\System32:6D277090_Cef.gbp
AlternateDataStreams: C:\Users\Douglas\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Douglas\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Todos os Usuários\regid.1991-06.com.microsoft:Win32App
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\caixa.gov.br -> imagem.caixa.gov.br
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: lfsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Windchill ProductPoint Client Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "Baidu PC Faster 5.1.0.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\Run: => "Wifi HotSpot"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{97E676E9-BF3C-4ED2-8610-3FADCF00332E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9490A0B1-02F2-4C69-A4F6-5E2478AFF201}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F57880BF-78AB-4708-A445-292166A6AAFE}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{17FA0E86-690B-4F57-AAE6-0DB10D9DAA94}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{5D615EE0-6D9D-4301-AF16-F89514A89FB2}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{7FAF89C9-EFE8-48FB-BB10-411ACB2F45DA}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [{DD453ECF-AFE7-483C-96CE-2FF1142625F9}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74146608-E2CE-4F86-923A-622333AF0E18}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{55C40E02-BB99-4440-8B10-05CB9DCEC805}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D81B7831-BD0A-4027-90B7-BDD3D496C1C3}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3EA57EF7-8052-440E-A152-C3597B742687}] => (Allow) C:\Program Files (x86)\PC Faster\5.1.0.0\WifiHotspot.exe
FirewallRules: [{8811D901-7E96-4D49-8F71-B1AA4D9DF234}] => (Allow) C:\Program Files (x86)\PC Faster\5.1.0.0\WifiHotspot.exe
FirewallRules: [{D1157754-CA11-4ED8-B71D-8ADBF85E336F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B04C3FC6-361B-40E2-B261-83EF3DEF12DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FCDD929C-08F7-43F8-A986-280F5F8F8FE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DD15ABF9-815E-4969-AA80-B7D1F7AD86FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{88C53448-5190-4834-B23E-BA5474D14086}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{BE2BC817-2593-4528-90DF-96E3CE02E060}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{78D36D3B-5654-4F37-B8F4-80E6AA9C52F5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{F191E02C-2C91-4BF9-B658-6E00BE4F4678}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6EF079C2-F8CC-40E5-90F7-FA52D0AE3458}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{DEA66B48-A884-4D2C-8D94-E72B1FFBC25A}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{085CB501-75FF-4C59-A1FC-C62349C334AC}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{2CE989E5-16C5-41A2-B66C-1E9D389B9563}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7AD727FE-21A4-447C-B0A2-FC63E8461491}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{8C456431-0C7E-4A3E-8DAD-FC081F47E7B6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5885E42A-79F2-4979-967F-02D1FDDB0B66}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4D94E121-57B4-42DE-93E9-2DF9A72F6883}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{2C52AA69-9B62-4676-83F6-DE56F2703900}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{07F8BBF6-EBA4-4F84-AEAB-BBC9D5115D90}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{78CF2F84-E183-4047-AE68-B9B92131F50D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{2221010B-D94C-4861-A4C4-FECFA3468578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{23B5BB4C-4597-4ED6-95D0-11EDA9B572BB}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{EF9DA697-5141-49F4-8C6F-BA1C14CE55F2}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2015 06:54:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen com o erro: -2147023170. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 05:49:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa SearchUI.exe versão 10.0.10240.16515 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção.
ID do Processo: 1114
Hora de Início: 01d10c392b2aa0a1
Hora de Término: 4294967295
Caminho do Aplicativo: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
ID do Relatório: ce6ab063-782c-11e5-972a-000425602843
Nome completo do pacote com falha: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
ID do aplicativo relativo ao pacote com falha: CortanaUI
Error: (10/21/2015 05:49:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CASAROTTO)
Description: O pacote Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI foi terminado porque levou muito tempo para ser suspenso.
Error: (10/21/2015 03:13:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.XboxIdentityProvider_cw5n1h2txyewy!Microsoft.XboxIdentityProvider com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 03:12:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.XboxIdentityProvider_cw5n1h2txyewy!Microsoft.XboxIdentityProvider com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 02:42:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 02:40:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2147024865. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 02:40:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 01:28:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 01:26:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CASAROTTO)
Description: O pacote Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI foi terminado porque levou muito tempo para ser suspenso.
System errors:
=============
Error: (10/22/2015 08:57:50 AM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/22/2015 08:53:48 AM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/22/2015 12:36:27 AM) (Source: DCOM) (EventID: 10010) (User: CASAROTTO)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contato_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:01:51 AM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/21/2015 11:01:50 PM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/21/2015 10:08:28 PM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 64%
Total physical RAM: 3818.9 MB
Available physical RAM: 1368.44 MB
Total Virtual: 5897.67 MB
Available Virtual: 2612.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.3 GB) (Free:21.89 GB) NTFS
Drive d: () (Fixed) (Total:347.66 GB) (Free:52.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9DD9C7F7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=469 MB) - (Type=27)
Partition 4: (Not Active) - (Size=347.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Douglas (2015-10-22 11:42:31)
Running from C:\Users\Douglas\Desktop
Windows 10 Pro (X64) (2015-08-25 23:57:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-890970014-2690237760-3640080772-500 - Administrator - Disabled)
Convidado (S-1-5-21-890970014-2690237760-3640080772-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-890970014-2690237760-3640080772-503 - Limited - Disabled)
Douglas (S-1-5-21-890970014-2690237760-3640080772-1001 - Administrator - Enabled) => C:\Users\Douglas
HomeGroupUser$ (S-1-5-21-890970014-2690237760-3640080772-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\uTorrent) (Version: 3.4.2.38397 - BitTorrent Inc.)
Advanced Calendar 1.3 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 1.3.1.10384 - MEIXIAN XIE)
AIDA64 Extreme v5.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.30 - FinalWire Ltd.)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Baidu PC Faster (HKLM-x32\...\Baidu PC Faster 5.1.0.0) (Version: 5.1.3.126764 - Baidu, Inc.) <==== ATTENTION
Bitdefender Antivirus Plus 2015 (HKLM\...\Bitdefender) (Version: 19.2.0.151 - Bitdefender)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: - )
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: - )
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: - )
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DJ_AIO_NS_LP_DocCD (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DriverEasy 4.9.5 (HKLM\...\DriverEasy_is1) (Version: 4.9.5.0 - Easeware)
ETAP 12.6.0 (HKLM-x32\...\InstallShield_{1499B359-8984-4978-BC90-045C09042076}) (Version: 12.6.0 - ETAP)
ETAP License Manager 12.6.0 x64 (HKLM\...\{7C7B4EAF-66C6-46A1-9D85-237DD7E6E1A2}) (Version: - )
ETAP License Manager 12.6.0 x64 (HKLM-x32\...\InstallShield_{7C7B4EAF-66C6-46A1-9D85-237DD7E6E1A2}) (Version: 12.6.0 - Operation Technology Inc.)
F4100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
FastoPlayer version 1.0 (HKLM-x32\...\FastoPlayer_is1) (Version: 1.0 - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.64 - Google Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.16) (Version: 9.16 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet All-In-One Software (HKLM\...\{2CB8566A-8EA6-417A-BAB1-1B10A88C79BB}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
ITR2015 - Declaração do Imposto sobre a Propriedade Territorial Rural (HKLM-x32\...\ITR2015) (Version: 1.0 - Receita Federal do Brasil)
Klavaro-1.9.7 (HKLM-x32\...\Klavaro_is1) (Version: - )
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.0.0 - PandoraTV)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Mathcad PDSi viewable support (x32 Version: 9.0.0 - Adobe Systems) Hidden
MATLAB R2015a (HKLM\...\Matlab R2015a) (Version: 8.5 - MathWorks)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional 2016 - pt-br (HKLM\...\ProfessionalRetail - pt-br) (Version: 16.0.4229.1024 - Microsoft Corporation)
Microsoft Office Professional 2016 - pt-pt (HKLM\...\ProfessionalRetail - pt-pt) (Version: 16.0.4229.1024 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Plano de Negócio (HKLM-x32\...\{D233EC4A-EF4B-4CCA-AE37-7994A3E1A483}) (Version: 2.0.4 - SEBRAE)
PowerWorld Simulator 18 Education/Evaluation Edition (HKLM-x32\...\PowerWorld Simulator 18 Education/Evaluation Edition) (Version: 18 - PowerWorld Corporation)
PowerWorld Simulator 18 Education/Evaluation Edition (x32 Version: 18 - PowerWorld Corporation) Hidden
RamBooster (HKLM-x32\...\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}) (Version: 2.0 - RamBooster) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
TeXstudio 2.9.4 (HKLM-x32\...\TeXstudio_is1) (Version: 2.9.4 - Benito van der Zander)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Wifi HotSpot 1.0 (HKLM-x32\...\Wifi HotSpot_is1) (Version: - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-890970014-2690237760-3640080772-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-890970014-2690237760-3640080772-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Douglas\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
==================== Restore Points =========================
20-10-2015 20:06:50 Installed RamBooster
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-08-25 21:02 - 2015-08-30 21:05 - 00001265 ____N C:\WINDOWS\system32\Drivers\etc\hosts
128.199.121.125 sknisaadp.com
128.199.121.125 onhax.net
127.0.0.2 www.onhax.net
128.199.121.125 do2dear.net
128.199.121.125 cloudanna.com
128.199.121.125 www.fullstuff.net
128.199.121.125 www.masterkreatif.com
128.199.121.125 keyscity.net
128.199.121.125 piratecity.net
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {001779D0-39EA-4EED-8D86-BD3DA2D00624} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {09D17054-E222-49A2-937F-CEF46EDE4667} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-25] (Google Inc.)
Task: {0A558AC2-F591-4477-9B7A-701A0A73C028} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {171D9538-2FD0-4AF5-880D-3AD34C51FC81} - System32\Tasks\{2ECCCA94-1A8D-4B8A-BFA2-C1631C4D4E51} => pcalua.exe -a C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {1EBC7292-ACDD-4A5B-BBB3-6F336FA31198} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Duplicaterecord.js" <==== ATTENTION
Task: {7B467D33-5A75-47E7-AD6A-E030D5909A4A} - System32\Tasks\Baidu PC Faster Update => C:\Program Files (x86)\PC Faster\5.1.0.0\Updater.exe [2015-05-07] (Baidu, Inc.)
Task: {88DB67C1-0D29-414B-AC19-0641C7161AF5} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2015-08-02] (Easeware)
Task: {8D505AB0-4110-4CE4-AFEA-534785797AFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {BE21DB71-915E-4596-BDAF-61AC53BAE795} - System32\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F} => C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exe [2015-06-17] ()
Task: {C7B8F01A-544C-411C-929E-C4173A76C65E} - System32\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200} => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe [2015-08-18] ()
Task: {D80C3EED-EEA5-41BA-910B-B8EDE22B90E7} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-890970014-2690237760-3640080772-1001
Task: {EC414529-15C6-4C1F-A3CB-B72B26F40FF4} - System32\Tasks\Baidu PC Faster Service => C:\Program Files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe [2015-05-07] (Baidu, Inc.)
Task: {F0F6CF84-98D3-4AF2-9110-64DD9943F821} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)
Task: {F5FCD1F0-292A-4493-BB9D-A7EE4884DC9D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-09-09] (Microsoft Corporation)
Task: {F8758E2A-3497-441E-9A79-0A6680C97DD1} - System32\Tasks\MATLAB R2015a Startup Accelerator => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe [2014-12-29] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2015a Startup Accelerator.job => C:\Program Files\MATLAB\R2015a\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job => C:\ProgramData\ToolsUpdatePlatform\CallBackInstall.exe
Task: C:\WINDOWS\Tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job => C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exep-RunCloudOPTClient C:\Program Files (x86)\CalendarTool\1.3.1.10384\CloudOPTClient\CloudOPTClient.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-10 11:55 - 2015-07-15 00:04 - 00032768 ____N () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-30 22:38 - 2015-04-22 17:55 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-08-30 22:38 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-08-30 22:39 - 2015-08-13 19:36 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-09-04 22:14 - 2015-09-04 22:14 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttpbr.mdl
2015-09-04 22:14 - 2015-09-04 22:14 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttpdsp.mdl
2015-09-04 22:14 - 2015-09-04 22:14 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttpph.mdl
2015-09-04 22:14 - 2015-09-04 22:14 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_003\ashttprbl.mdl
2015-08-03 16:59 - 2015-08-03 16:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-08-19 13:44 - 2015-08-11 07:13 - 00413184 ____N () C:\WINDOWS\System32\diagtrack_win.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00133256 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarServ.exe
2015-08-25 23:30 - 2015-09-09 23:33 - 00162880 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-01 14:36 - 2015-09-17 04:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00148616 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\CalendarEntry.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00933000 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\Calendar.exe
2015-10-01 14:36 - 2015-09-17 04:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 12:13 - 2014-05-01 12:13 - 00470016 _____ () C:\Users\Douglas\AppData\Local\MEGAsync\ShellExtX64.dll
2015-10-01 14:34 - 2015-09-17 03:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 14:36 - 2015-09-17 03:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 14:33 - 2015-09-17 03:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 14:34 - 2015-09-17 03:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 14:36 - 2015-09-17 03:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-07 21:14 - 2015-10-07 02:13 - 01908040 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.64\libglesv2.dll
2015-10-07 21:14 - 2015-10-07 02:13 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.64\libegl.dll
2015-10-15 23:06 - 2015-10-15 14:21 - 28860616 _____ () C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPTask.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPNet.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPDR.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00747144 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPKernel.dll
2015-06-17 07:20 - 2015-06-17 07:20 - 00327304 _____ () C:\Program Files (x86)\CalendarTool\1.3.1.10384\EVPHelp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\WINDOWS\System32:6D277090_Cef.gbp
AlternateDataStreams: C:\Users\Douglas\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Douglas\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Todos os Usuários\regid.1991-06.com.microsoft:Win32App
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\caixa.gov.br -> imagem.caixa.gov.br
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: lfsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "Windchill ProductPoint Client Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "Baidu PC Faster 5.1.0.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-890970014-2690237760-3640080772-1001\...\StartupApproved\Run: => "Wifi HotSpot"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{97E676E9-BF3C-4ED2-8610-3FADCF00332E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9490A0B1-02F2-4C69-A4F6-5E2478AFF201}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{F57880BF-78AB-4708-A445-292166A6AAFE}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{17FA0E86-690B-4F57-AAE6-0DB10D9DAA94}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{5D615EE0-6D9D-4301-AF16-F89514A89FB2}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [UDP Query User{7FAF89C9-EFE8-48FB-BB10-411ACB2F45DA}C:\program files\matlab\r2015a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015a\bin\win64\matlab.exe
FirewallRules: [{DD453ECF-AFE7-483C-96CE-2FF1142625F9}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{74146608-E2CE-4F86-923A-622333AF0E18}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{55C40E02-BB99-4440-8B10-05CB9DCEC805}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D81B7831-BD0A-4027-90B7-BDD3D496C1C3}] => (Allow) C:\Users\Douglas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3EA57EF7-8052-440E-A152-C3597B742687}] => (Allow) C:\Program Files (x86)\PC Faster\5.1.0.0\WifiHotspot.exe
FirewallRules: [{8811D901-7E96-4D49-8F71-B1AA4D9DF234}] => (Allow) C:\Program Files (x86)\PC Faster\5.1.0.0\WifiHotspot.exe
FirewallRules: [{D1157754-CA11-4ED8-B71D-8ADBF85E336F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B04C3FC6-361B-40E2-B261-83EF3DEF12DD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FCDD929C-08F7-43F8-A986-280F5F8F8FE3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DD15ABF9-815E-4969-AA80-B7D1F7AD86FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{88C53448-5190-4834-B23E-BA5474D14086}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{BE2BC817-2593-4528-90DF-96E3CE02E060}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{78D36D3B-5654-4F37-B8F4-80E6AA9C52F5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{F191E02C-2C91-4BF9-B658-6E00BE4F4678}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6EF079C2-F8CC-40E5-90F7-FA52D0AE3458}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{DEA66B48-A884-4D2C-8D94-E72B1FFBC25A}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{085CB501-75FF-4C59-A1FC-C62349C334AC}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{2CE989E5-16C5-41A2-B66C-1E9D389B9563}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7AD727FE-21A4-447C-B0A2-FC63E8461491}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{8C456431-0C7E-4A3E-8DAD-FC081F47E7B6}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5885E42A-79F2-4979-967F-02D1FDDB0B66}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{4D94E121-57B4-42DE-93E9-2DF9A72F6883}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{2C52AA69-9B62-4676-83F6-DE56F2703900}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{07F8BBF6-EBA4-4F84-AEAB-BBC9D5115D90}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{78CF2F84-E183-4047-AE68-B9B92131F50D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{2221010B-D94C-4861-A4C4-FECFA3468578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{23B5BB4C-4597-4ED6-95D0-11EDA9B572BB}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{EF9DA697-5141-49F4-8C6F-BA1C14CE55F2}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/21/2015 06:54:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen com o erro: -2147023170. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 05:49:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa SearchUI.exe versão 10.0.10240.16515 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção.
ID do Processo: 1114
Hora de Início: 01d10c392b2aa0a1
Hora de Término: 4294967295
Caminho do Aplicativo: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
ID do Relatório: ce6ab063-782c-11e5-972a-000425602843
Nome completo do pacote com falha: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
ID do aplicativo relativo ao pacote com falha: CortanaUI
Error: (10/21/2015 05:49:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CASAROTTO)
Description: O pacote Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI foi terminado porque levou muito tempo para ser suspenso.
Error: (10/21/2015 03:13:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.XboxIdentityProvider_cw5n1h2txyewy!Microsoft.XboxIdentityProvider com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 03:12:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.XboxIdentityProvider_cw5n1h2txyewy!Microsoft.XboxIdentityProvider com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 02:42:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 02:40:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2147024865. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 02:40:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 01:28:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASAROTTO)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/21/2015 01:26:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CASAROTTO)
Description: O pacote Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI foi terminado porque levou muito tempo para ser suspenso.
System errors:
=============
Error: (10/22/2015 08:57:50 AM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/22/2015 08:53:48 AM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/22/2015 12:36:27 AM) (Source: DCOM) (EventID: 10010) (User: CASAROTTO)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contato_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:36:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (10/22/2015 12:01:51 AM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/21/2015 11:01:50 PM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
Error: (10/21/2015 10:08:28 PM) (Source: DCOM) (EventID: 10029) (User: CASAROTTO)
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 64%
Total physical RAM: 3818.9 MB
Available physical RAM: 1368.44 MB
Total Virtual: 5897.67 MB
Available Virtual: 2612.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:117.3 GB) (Free:21.89 GB) NTFS
Drive d: () (Fixed) (Total:347.66 GB) (Free:52.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9DD9C7F7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=469 MB) - (Type=27)
Partition 4: (Not Active) - (Size=347.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================