Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:05-03-2016 01 Executado por Claudio (2016-04-04 12:03:02) Executando a partir de C:\Users\Claudio\Downloads Windows 10 Pro Versão 1511 (X64) (2016-02-04 06:07:36) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1747542895-3985366821-2164306022-500 - Administrator - Disabled) Claudio (S-1-5-21-1747542895-3985366821-2164306022-1000 - Administrator - Enabled) => C:\Users\Claudio Convidado (S-1-5-21-1747542895-3985366821-2164306022-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1747542895-3985366821-2164306022-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1747542895-3985366821-2164306022-1002 - Limited - Enabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-1747542895-3985366821-2164306022-1000\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.) Amazon Kindle (HKU\S-1-5-21-1747542895-3985366821-2164306022-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon) AMD Catalyst Install Manager (HKLM\...\{413A45D0-11A2-DA56-C459-9EF50D9260B1}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software) Cantabile Performer 2.0 (HKLM-x32\...\Cantabile Performer 2.0) (Version: - Topten Software) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Driver 1.3.1 (HKLM\...\{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}) (Version: 1.3.1 - OEM) Evernote v. 5.9.9 (HKLM-x32\...\{CC4235DA-F2CA-11E5-8B13-005056951CAD}) (Version: 5.9.9.9915 - Evernote Corp.) Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic) Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) IPM 1.9.4 (HKLM-x32\...\{AADF4228-0772-4D43-92EB-B245E3A17B00}) (Version: 1.9.4 - OEM) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.0 - Receita Federal do Brasil) Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.33.3 - JMicron Technology Corp.) JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.) K-Lite Mega Codec Pack 7.5.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.5.0 - ) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden OSD 1.15.11 (HKLM-x32\...\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}) (Version: 1.15.11 - OEM) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0212 - ) Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) SafeZone Stable 1.48.2066.95 (x32 Version: 1.48.2066.95 - Avast Software) Hidden SISRC 1.9.23 (HKLM-x32\...\{A80647E6-F461-4CCA-AD8F-9DF0B11727D1}_is1) (Version: - ECAD) SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.0 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Webcam 1.5.0 (HKLM-x32\...\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}) (Version: 1.5.0 - OEM) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: - ) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1747542895-3985366821-2164306022-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1A9DADCE-CE09-4447-BE89-89C3CC0122DE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {1D28B2E0-D659-464D-A118-FE1A15ACDA06} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {200B9DF5-05E5-420D-9857-B0FED07E2053} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.) Task: {2728FAF1-819F-454F-BE6D-793021AB8A83} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {2F062876-0359-4FEE-AB00-17F6CCE79F0F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Nenhum Arquivo <==== ATENÇÃO Task: {517F7467-8BCC-4299-8FFD-2273D2CE6170} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {67678553-E75D-4212-9648-99BD723A3EA0} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6ACF7AA2-0D12-4A7F-9844-AF3EEB1A98F9} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {6BB260AC-3E2B-4DA9-8D90-8123B55F16C6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {6EEBCAB9-16D4-49B4-8B19-1B765D394A10} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {746AE1EF-F65F-49EB-8B71-B4CE70C45011} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {77AEDFBA-8329-4E54-8E51-97EDA634FA39} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Nenhum Arquivo <==== ATENÇÃO Task: {78D3D37C-E968-4F85-A89C-170C08D86A64} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO Task: {79299960-6D77-45A5-A269-5CA7DD173A07} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {79B81BB6-E76C-46AC-88DD-3F01B5724D24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> Nenhum Arquivo <==== ATENÇÃO Task: {7A87F2A5-4611-470E-B702-E2D3D194FC26} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-04] (AVAST Software) Task: {82CEB5AA-6B1D-40E2-B679-7B9563A4545B} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe Task: {83104D58-7A43-43D8-82C2-1712987367E1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {89243E16-3AAE-4EBC-8241-88F543350D48} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {8F12AD18-A496-4AF1-A905-53CA05E44ACE} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-03-31] (Enigma Software Group USA, LLC.) Task: {9EC230D2-A28D-4578-85B5-E02547F4BF3E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO Task: {AD8F52D8-7411-4BEE-AEAE-F4E47B9636CE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {AF58A2D7-1048-40FE-8612-25CF7611E0D4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B08C9EBE-0BF1-4A6A-B1FD-D8378E46B929} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {B72721BB-AFD6-44A8-9A52-F586DC41DCFE} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B892B92E-EEE0-44DC-B572-5DF5140A1C18} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {BDE06E56-B3E7-4B12-98B5-7722A42C2468} - System32\Tasks\SafeZone scheduled Autoupdate 1458759625 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-08] (Avast Software) Task: {C0C535CC-A6D6-430B-90FF-5C86BDC2CCEA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {C192B5A2-4BA7-44B3-B489-E9AC1E3F4E94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {C3AAEB48-27E5-4116-9853-9E06A282E1CD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-23] (Google Inc.) Task: {C97C504A-1901-41BC-8997-90305126C3AD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO Task: {CF7EB57E-333B-41B6-B76F-35242047221D} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {D7F69500-9A8B-4385-89D3-D7AA45691F49} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {D9CA5FA3-D05F-4C0C-AE7B-081DD2BA8AC3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {DE95A160-B386-49AE-8986-E47FA75E5158} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {DF6A6DE0-61EC-4D9D-B503-F1F8191953BA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {E39DE9CE-C884-4A41-90AC-F75BA3F3BF16} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {E6A5E215-359E-43B1-AE12-8781B92A18B3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {E7C01295-4D3B-4F74-83E3-D3F8E877F324} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {E86EB434-23CA-486C-8830-B0312C50C373} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {E8826F4D-E8FA-4241-8DD2-B4B06EFEA0F7} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {F67E1674-6B63-41C4-BFAA-C5B91BE4BDB4} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459388594&a=1024132&src=sh&uuid=21e29d18-61bd-4639-8e24-a97f11029710" ShortcutWithArgument: C:\Users\Claudio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1459388594&a=1024132&src=sh&uuid=21e29d18-61bd-4639-8e24-a97f11029710" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.istartpageing.com/?type=sc&ts=1459401743&z=91bbbc1607d2a6aaf07683fg2z7wftbzde9g5qatbt&from=cmi&uid=ST500LM012XHN-M500MBB_S2SKJ5FC405477 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=1459401743&z=91bbbc1607d2a6aaf07683fg2z7wftbzde9g5qatbt&from=cmi&uid=ST500LM012XHN-M500MBB_S2SKJ5FC405477 ==================== Módulos Carregados (Whitelisted) ============== 2015-10-30 04:17 - 2015-10-30 04:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-05-29 06:29 - 2015-05-29 06:29 - 02178896 _____ () C:\Windows\System32\FspService.exe 2016-03-01 18:20 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-03-01 18:20 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-02-04 15:40 - 2016-02-04 15:45 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-04 02:25 - 2016-02-04 02:25 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-01 18:20 - 2016-02-23 05:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-02-04 02:24 - 2016-02-04 02:24 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-02-04 02:24 - 2016-02-04 02:24 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-04 02:24 - 2016-02-04 02:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-04 02:24 - 2016-02-04 02:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-03-11 17:31 - 2016-03-11 17:31 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll 2012-10-12 16:39 - 2012-10-12 16:39 - 02410496 _____ () C:\Program Files (x86)\OEM\IPM 1.9.4\IPM.exe 2012-12-20 13:45 - 2012-12-20 13:45 - 01868800 _____ () C:\Program Files (x86)\OEM\OSD 1.15.11\SunflowerOSD.exe 2016-02-04 03:27 - 2016-02-04 03:27 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-02-04 03:27 - 2016-02-04 03:27 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-04-02 22:10 - 2016-04-02 22:10 - 02850816 _____ () C:\Program Files\AVAST Software\Avast\defs\16040200\algo.dll 2016-02-04 03:27 - 2016-02-04 03:27 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-04-04 10:20 - 2016-04-04 10:20 - 02850816 _____ () C:\Program Files\AVAST Software\Avast\defs\16040400\algo.dll 2010-05-18 16:54 - 2010-05-18 16:54 - 00395776 _____ () C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll 2016-02-04 15:40 - 2016-02-04 15:45 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-02-04 15:40 - 2016-02-04 15:45 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2009-11-17 16:21 - 2009-11-17 16:21 - 00092160 _____ () C:\Program Files (x86)\OEM\IPM 1.9.4\SoilIO.dll 2012-10-12 16:39 - 2012-10-12 16:39 - 01582080 _____ () C:\Program Files (x86)\OEM\IPM 1.9.4\vista.dll 2016-02-04 03:27 - 2016-02-04 03:27 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-11-17 16:21 - 2009-11-17 16:21 - 00092160 _____ () C:\Program Files (x86)\OEM\OSD 1.15.11\SoilIO.dll 2011-09-01 10:59 - 2011-09-01 10:59 - 16246272 _____ () C:\Program Files (x86)\OEM\OSD 1.15.11\Media.dll 2016-03-30 18:17 - 2016-03-27 04:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll 2016-03-30 18:17 - 2016-03-27 04:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll 2016-03-25 15:36 - 2016-03-25 15:36 - 21120184 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll 2016-03-25 15:36 - 2016-03-25 15:36 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll 2016-03-25 15:36 - 2016-03-25 15:36 - 00439480 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2016-03-25 15:36 - 2016-03-25 15:36 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2016-03-25 15:35 - 2016-03-25 15:35 - 00988872 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll 2016-03-25 15:35 - 2016-03-25 15:35 - 00138952 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll 2016-03-25 15:35 - 2016-03-25 15:35 - 00195272 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Users\Claudio\Documents\Leoni - Manual de Sobrevivencia no Mundo Digital.pdf:SummaryInformation [71] AlternateDataStreams: C:\Users\Claudio\Documents\Leoni - Manual de Sobrevivencia no Mundo Digital.pdf:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-04-04 10:23 - 00001006 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1747542895-3985366821-2164306022-1000\Control Panel\Desktop\\Wallpaper -> c:\users\claudio\pictures\imagens\3. wallpapers\old_typewriter_2-wallpaper-2048x1536.jpg DNS Servers: 192.168.25.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1747542895-3985366821-2164306022-1000\...\StartupApproved\Run: => "Uninstall C:\Users\Claudio\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{91BAC6D8-0564-4D2B-854F-91335D30688E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{1F0A7EF5-BD9C-4615-AF83-5D5203EB7584}] => (Allow) LPort=2869 FirewallRules: [{69936D9F-6690-4604-B3C1-B7A0513EF183}] => (Allow) LPort=1900 FirewallRules: [{1A54B43E-0674-4399-9225-28AA7497B862}] => (Allow) C:\Users\Claudio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9C519403-3BFA-46D9-BEC5-2E865F95636F}] => (Allow) C:\Users\Claudio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8CF185A6-4E47-432B-BCA1-0E1A85935D39}] => (Allow) C:\Users\Claudio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A1576477-D938-4011-AFD7-63B12A578881}] => (Allow) C:\Users\Claudio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{90EB2365-9CB5-4CE5-881D-2D5DC8A0850D}] => (Allow) C:\Users\Claudio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{99D1FD88-8638-4109-9C56-1147596D7E64}] => (Allow) C:\Users\Claudio\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{07EA085E-5D2F-42A9-B7BE-65C9D7F27F48}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 22-03-2016 18:53:03 Windows Update 30-03-2016 12:00:06 Ponto de Verificação Agendado 31-03-2016 14:36:58 Removed SpyHunter 04-04-2016 10:35:37 Revo Uninstaller's restore point - VideoPad Video Editor ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (04/04/2016 10:45:25 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa revouninstaller.exe versão 1.8.3.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: bdc Hora de Início: 01d18e76c358975a Hora de Término: 4294967295 Caminho do Aplicativo: C:\Users\Claudio\Desktop\revouninstaller.exe ID do Relatório: 7a375cfc-fa6b-11e5-a57b-80ee734a4ba0 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (04/04/2016 10:35:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. . Error: (04/04/2016 10:20:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: svchost.exe_MapsBroker, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d7ba Nome do módulo com falha: MosHostCore.dll, versão: 10.0.10586.35, carimbo de data/hora: 0x566504b9 Código de exceção: 0x84000010 Deslocamento da falha: 0x0000000000020dc4 ID do processo com falha: 0xc0c Hora de início do aplicativo com falha: 0xsvchost.exe_MapsBroker0 Caminho do aplicativo com falha: svchost.exe_MapsBroker1 Caminho do módulo com falha: svchost.exe_MapsBroker2 ID do Relatório: svchost.exe_MapsBroker3 Nome completo do pacote com falha: svchost.exe_MapsBroker4 ID do aplicativo relativo ao pacote com falha: svchost.exe_MapsBroker5 Error: (04/02/2016 11:08:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: mpc-hc.exe, versão: 1.5.2.3447, carimbo de data/hora: 0x4e2997f9 Nome do módulo com falha: ntdll.dll, versão: 10.0.10586.122, carimbo de data/hora: 0x56cc16f5 Código de exceção: 0xc0000005 Deslocamento da falha: 0x00036bef ID do processo com falha: 0x1584 Hora de início do aplicativo com falha: 0xmpc-hc.exe0 Caminho do aplicativo com falha: mpc-hc.exe1 Caminho do módulo com falha: mpc-hc.exe2 ID do Relatório: mpc-hc.exe3 Nome completo do pacote com falha: mpc-hc.exe4 ID do aplicativo relativo ao pacote com falha: mpc-hc.exe5 Error: (04/01/2016 04:52:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Claudio-PC) Description: Falha na ativação do aplicativo Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2147023174. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (04/01/2016 04:52:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Claudio-PC) Description: Falha na ativação do aplicativo Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2147023174. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (04/01/2016 04:52:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Claudio-PC) Description: Falha na ativação do aplicativo Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2147023174. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (03/31/2016 08:13:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: Explorer.EXE, versão: 10.0.10586.104, carimbo de data/hora: 0x56aaffa0 Nome do módulo com falha: combase.dll, versão: 10.0.10586.103, carimbo de data/hora: 0x56a849ab Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000047ac0 ID do processo com falha: 0xb88 Hora de início do aplicativo com falha: 0xExplorer.EXE0 Caminho do aplicativo com falha: Explorer.EXE1 Caminho do módulo com falha: Explorer.EXE2 ID do Relatório: Explorer.EXE3 Nome completo do pacote com falha: Explorer.EXE4 ID do aplicativo relativo ao pacote com falha: Explorer.EXE5 Error: (03/31/2016 04:01:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: avastui.exe, versão: 11.1.2253.1675, carimbo de data/hora: 0x56f186f3 Nome do módulo com falha: ntdll.dll, versão: 10.0.10586.122, carimbo de data/hora: 0x56cc16f5 Código de exceção: 0xc0000005 Deslocamento da falha: 0x00036bef ID do processo com falha: 0x798 Hora de início do aplicativo com falha: 0xavastui.exe0 Caminho do aplicativo com falha: avastui.exe1 Caminho do módulo com falha: avastui.exe2 ID do Relatório: avastui.exe3 Nome completo do pacote com falha: avastui.exe4 ID do aplicativo relativo ao pacote com falha: avastui.exe5 Error: (03/31/2016 02:53:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa revouninstaller.exe versão 1.8.3.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 160c Hora de Início: 01d18b73ba8c64f8 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Users\Claudio\Desktop\revouninstaller.exe ID do Relatório: 7628e7e9-f769-11e5-a574-8ce1af5bdfa4 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (04/04/2016 10:20:58 AM) (Source: DCOM) (EventID: 10010) (User: Claudio-PC) Description: {08D9DFDF-C6F7-404A-A20F-66EEC0A609CD} Error: (04/04/2016 10:20:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço ggbugreport devido ao seguinte erro: %%2 Error: (04/04/2016 10:20:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Otimização de Entrega suspenso ao iniciar. Error: (04/04/2016 10:20:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Gerenciador de Mapas Baixados foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/04/2016 10:16:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço NetMsmqActivator devido ao seguinte erro: %%1053 Error: (04/04/2016 10:16:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço NetPipeActivator devido ao seguinte erro: %%1053 Error: (04/04/2016 10:16:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço NetMsmqActivator. Error: (04/04/2016 10:16:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço NetPipeActivator. Error: (04/04/2016 10:15:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço NetTcpActivator depende do serviço NetTcpPortSharing, mas não foi possível iniciá-lo devido ao seguinte erro: %%1058 Error: (04/04/2016 10:15:40 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento do sistema que ocorreu às 23:27:51 do dia ‎02/‎04/‎2016 não era esperado. CodeIntegrity: =================================== Date: 2016-04-01 00:54:26.826 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-31 17:40:14.425 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-31 15:36:20.244 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-31 15:36:13.340 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-03-22 19:11:26.090 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-18 12:12:33.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-03-18 11:53:05.099 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-03-18 11:53:04.957 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-03-18 11:53:04.759 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2016-03-18 11:53:04.261 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Pentium(R) CPU B950 @ 2.10GHz Percentagem de memória em uso: 49% RAM física total: 3984.16 MB RAM física disponível: 2018.25 MB Virtual Total: 8080.16 MB Virtual disponível: 5389.44 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:457.13 GB) (Free:83.26 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B30D2F08) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=8 GB) - (Type=27) Partition 3: (Not Active) - (Size=457.1 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ==================== Fim de Addition.txt ============================