Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão:07-02-2016 Executado por Chico (2016-02-10 21:12:07) Executando a partir de C:\Users\Chico\Downloads Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-02-04 01:28:28) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-3512823458-1728082612-3736990733-500 - Administrator - Disabled) Chico (S-1-5-21-3512823458-1728082612-3736990733-1000 - Administrator - Enabled) => C:\Users\Chico Convidado (S-1-5-21-3512823458-1728082612-3736990733-501 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B} AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-3512823458-1728082612-3736990733-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.) BlueStacks App Player (HKLM\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.) Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden Java 8 Update 73 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation) Kaspersky Total Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab) Kaspersky Total Security (Version: 15.0.2.396 - Kaspersky Lab) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) MKV Player 2.1.21 (HKLM\...\MKV Player_is1) (Version: - ) MPC-HC 1.6.8 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team) Qualcomm Atheros Fast Reconnect (HKLM\...\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}) (Version: 1.0 - QualComm Atheros) TTWiFi 1.0.0.1 (HKLM\...\ttwifi) (Version: 1.0.0.1 - ) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {018EFEF2-B6CC-4259-8DB1-AE64C5571B83} - System32\Tasks\PPTAssistantNotifyTask_Chico => C:\Users\Chico\AppData\Local\PPTAssist\notify.exe Task: {208D03F2-8CB0-45A4-9AD5-F2EF7779307F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.) Task: {236A23FC-2B18-4B43-B699-82B41C7BA519} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-04] (Google Inc.) Task: {52CC4302-9072-40B5-901A-C326C6AC3D21} - System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} => C:\Program Files\baidu\update\baidujp_update.exe [2015-07-08] (Baidu) Task: {60448700-4C33-415F-8A56-18A20581EB4E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {6C410378-7DBC-42AC-832A-F4228D64739C} - System32\Tasks\ttwifi => C:\Program Files\ttwifi\tiantianwifi.exe [2016-02-09] (TTWIFI) Task: {833CA504-806A-498A-B64B-2B6870E8025B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {9369F62F-C42E-44E0-A0E7-AE5EEC19CDCA} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-09] () Task: {B8B9EA37-87D8-4089-95DD-EF94E161003E} - System32\Tasks\PPTAssistantUpdateTask_Chico => C:\Users\Chico\AppData\Local\PPTAssist\assistupdate.exe (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job => C:\Program Files\baidu\update\baidujp_update.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PPTAssistantNotifyTask_Chico.job => C:\Users\Chico\AppData\Local\PPTAssist\notify.exe Task: C:\Windows\Tasks\PPTAssistantUpdateTask_Chico.job => C:\Users\Chico\AppData\Local\PPTAssist\assistupdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\kpcengine.2.3.dll 2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2016-02-09 15:51 - 2016-02-09 12:30 - 02036224 _____ () C:\ProgramData\WindowsMsg\osmsg.exe 2016-02-10 09:57 - 2016-02-09 09:58 - 01632584 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.109\libglesv2.dll 2016-02-10 09:57 - 2016-02-09 09:58 - 00087880 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.109\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-14 00:04 - 2009-06-10 19:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3512823458-1728082612-3736990733-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chico\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 189.4.0.147 - 189.4.0.152 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{C7BD7DA6-9285-42AE-8F65-313BFFA4121B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{692312AD-9321-404F-98C2-C4D1F19E9F9B}] => (Allow) C:\Users\Chico\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{84394519-E2D8-42BE-9D09-4D56AC57614E}] => (Allow) C:\Users\Chico\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9A831E62-AE59-4FB7-879C-4A894D05D1A9}] => (Allow) C:\Users\Chico\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CA774CCB-338C-4B49-B764-AAC611467699}] => (Allow) C:\Users\Chico\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0A20F882-954F-4C3F-959D-3E4D92D3C065}] => (Allow) C:\Users\Chico\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{007BB2E3-82F7-4447-B0D6-5AAEE461A534}] => (Allow) C:\Users\Chico\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7B21E519-C1A6-4D22-BD9C-1009C464DA9A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 04-02-2016 00:12:38 Installed Qualcomm Atheros Fast Reconnect 04-02-2016 14:39:05 Backup do Windows 04-02-2016 16:56:49 Windows Update 05-02-2016 01:26:49 Windows Update 07-02-2016 04:03:46 Windows Update 09-02-2016 15:39:16 Windows Defender Checkpoint 09-02-2016 20:23:17 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Controlador Ethernet Description: Controlador Ethernet Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/10/2016 10:19:52 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile C:\Program Files\BlueStacks\HD-CreateSymlink.exe because of the following error: não é um aplicativo Win32 válido. (Exception from HRESULT: 0x800700C1). Error: (02/10/2016 09:42:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Falha dos Serviços de Criptografia ao inicializar o Catálogo do Banco de Dados. Erro do ESENT:-107. Error: (02/10/2016 09:42:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Falha dos Serviços de Criptografia ao inicializar o Catálogo do Banco de Dados. Erro do ESENT:-107. Error: (02/10/2016 09:42:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: ) Description: Falha dos Serviços de Criptografia ao inicializar o Catálogo do Banco de Dados. Erro do ESENT:-107. Error: (02/09/2016 04:25:07 PM) (Source: ESENT) (EventID: 215) (User: ) Description: WinMail (2724) WindowsMail0: O backup parou porque ele foi interrompido pelo cliente ou houve falha na conexão com o cliente. Error: (02/09/2016 03:39:16 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {cbfdffca-96b9-419b-ad7d-f5113fe25e05} Error: (02/07/2016 07:05:41 PM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: O backup não foi concluído devido a um erro ao gravar no local de backup D:\. Erro: O local de backup não foi encontrado ou não é válido. Examine as configurações de backup e verifique o local de backup. (0x81000006). Erros de Sistema: ============= Error: (02/10/2016 09:04:44 PM) (Source: cdrom) (EventID: 15) (User: ) Description: O dispositivo, \Device\CdRom0, não está pronto para acesso. Error: (02/10/2016 09:04:44 PM) (Source: atapi) (EventID: 11) (User: ) Description: O driver detectou um erro de controlador em \Device\Ide\IdePort1. Error: (02/10/2016 09:04:44 PM) (Source: cdrom) (EventID: 15) (User: ) Description: O dispositivo, \Device\CdRom0, não está pronto para acesso. Error: (02/10/2016 09:04:44 PM) (Source: cdrom) (EventID: 15) (User: ) Description: O dispositivo, \Device\CdRom0, não está pronto para acesso. Error: (02/10/2016 09:04:44 PM) (Source: cdrom) (EventID: 15) (User: ) Description: O dispositivo, \Device\CdRom0, não está pronto para acesso. Error: (02/10/2016 09:04:44 PM) (Source: cdrom) (EventID: 15) (User: ) Description: O dispositivo, \Device\CdRom0, não está pronto para acesso. Error: (02/10/2016 09:04:43 PM) (Source: cdrom) (EventID: 15) (User: ) Description: O dispositivo, \Device\CdRom0, não está pronto para acesso. Error: (02/10/2016 09:02:53 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Windows Search, mas essa ação falhou com o seguinte erro: %%1056 Error: (02/10/2016 09:02:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: A chamada ScRegSetValueExW falhou para DeleteFlag com o seguinte erro: %%5 Error: (02/10/2016 09:02:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: A chamada ScRegSetValueExW falhou para DeleteFlag com o seguinte erro: %%5 CodeIntegrity: =================================== Date: 2016-02-05 07:04:10.850 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.850 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.835 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.835 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.835 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.835 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-05 07:04:10.772 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Percentagem de memória em uso: 64% RAM física total: 1782.71 MB RAM física disponível: 630.94 MB Virtual Total: 3565.41 MB Virtual disponível: 2101.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:258 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)] ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: CF483400) Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================