Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:22-05-2016 01 Executado por X (2016-05-23 00:29:53) Executando a partir de C:\Users\X\Desktop Windows 10 Pro Versão 1511 (X64) (2016-01-20 07:28:46) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-2252849729-668298971-1092156944-500 - Administrator - Disabled) Convidado (S-1-5-21-2252849729-668298971-1092156944-501 - Limited - Disabled) DefaultAccount (S-1-5-21-2252849729-668298971-1092156944-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2252849729-668298971-1092156944-1002 - Limited - Enabled) X (S-1-5-21-2252849729-668298971-1092156944-1001 - Administrator - Enabled) => C:\Users\X ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.) Aplicativo Itaú (HKLM-x32\...\{15D01D1F-8428-4CED-9783-BBE86AAA3B30}) (Version: 1.0.62 - Banco Itaú) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Applian FLV Player (HKLM-x32\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{bfb60b68-92b8-481b-b416-7e05b4ea01c9}) (Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.61.18979 - Avira Operations GmbH & Co. KG) Hidden CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP) C-Media Card Reader Driver USB2.0 (HKLM\...\C-Media Card Reader Driver USB2.0) (Version: - ) C-Media USB2.0 Card Reader (HKLM-x32\...\C-Media USB2.0 Card Reader) (Version: - ) CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dicionário eletrônico Houaiss 3.0 (HKLM-x32\...\Dicionário eletrônico Houaiss da língua portuguesa_is1) (Version: - Editora Objetiva) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.) FormatFactory 3.7.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.0.0 - Format Factory) Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.54 - Google Inc.) Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - ) HP Deskjet 3510 series Ajuda (HKLM-x32\...\{949C49A5-91B7-40D2-AF9A-15681454074A}) (Version: 28.0.0 - Hewlett Packard) HP Deskjet 3510 series Estudo de aprimoramento de produtos (HKLM\...\{D85356C0-39B4-4C88-B4B9-07EFBC58D09B}) (Version: 28.0.989.0 - Hewlett-Packard Co.) HP Deskjet 3510 series Software básico do dispositivo (HKLM\...\{7788938A-3BF8-4038-A3C2-2629C69ED1FF}) (Version: 28.0.989.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Instalação do DivX (HKLM-x32\...\DivX Setup) (Version: 2.7.0.77 - DivX, LLC) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) K-Lite Mega Codec Pack 10.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.7.5 - ) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.) LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation) LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft VC90 CRT + OMP (HKLM-x32\...\{0F931735-0098-4FF6-A49D-17882A294F51}) (Version: 1.0.0.0 - ZJMedia Ltd.) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden Motorola MMCP Drivers Installation 1.0.3 (HKLM\...\{98308D2E-57F7-4F76-9D85-CB00810426B5}) (Version: 1.0.3 - Motorola Inc.) Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 41.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 pt-BR)) (Version: 41.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MV RegClean 5.9 (HKLM-x32\...\MV RegClean 5.9_is1) (Version: - ) MV RegClean 6.9.1 (HKLM-x32\...\MV RegClean 6.9.1_is1) (Version: - ) My Lockbox 2.0 (HKLM\...\My Lockbox_is1) (Version: 2.0 - ) PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.1.0.9134 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.) Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony) Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden Warsaw 1.11.0.42826 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-2252849729-668298971-1092156944-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\X\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-2252849729-668298971-1092156944-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\X\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-2252849729-668298971-1092156944-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\X\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {000B9D88-47D6-4127-A6B8-F9BF7B6F4033} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {01CD9472-8362-4900-86D8-48900E4520A1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {16CF4697-6262-43E6-8762-6786CBF4E5A5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2252849729-668298971-1092156944-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {1706DAAC-49F9-45F6-B3B5-849B53D4C800} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {1E3B90FF-01E8-428E-A497-465F9232AB38} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {28E13971-5725-4D7C-8FAD-8AEC866B6377} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO Task: {2ACD7E54-55EE-49E4-A9D5-A61107BB34B6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation) Task: {317ED0FD-5587-4FF7-B1F4-EE366AC85CCA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {34955C60-7589-423A-BE70-A5212F34C31E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {399D2265-6BE2-45F2-B6AD-6F65885CAFCD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO Task: {420EAB6C-BEA6-4BE0-B334-47423731B3FF} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe Task: {42A1F912-4366-4E6F-A80D-ECE5A15AB121} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] () Task: {46B8B759-2A14-4A50-BC27-2F4FD4A72E1F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {47F3EC68-1615-46E4-9966-B22906DC82FC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO Task: {490D7AD0-78AF-43F6-B73A-63604FCE08B0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {51E642A1-FAC7-4120-AE33-22F08799C84F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2252849729-668298971-1092156944-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe Task: {549E22D1-AD24-49E0-A3DE-EF9C38DD8F99} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {56B62AEB-7A85-4301-9365-1952F93256B3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {57B06AE1-5A94-42C6-A92C-54ED94ED7E07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {63A8B04A-74E4-4384-8623-365C8A1905A3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {6580DA33-CCA3-40E5-9862-2C4EBBC30911} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {67DCAB43-2FF5-491D-A348-017647B6723E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {6C47ABF4-9899-45F8-AD46-3C2ADA42506C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {6F3662EF-58DA-444C-B239-009F58A13D0E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2252849729-668298971-1092156944-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.) Task: {7856893E-73FD-4F8C-BCE4-35040A263F20} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2252849729-668298971-1092156944-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe Task: {7BE12DCE-F365-4A2D-8CCE-FB538F639EFA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {7C7DAB6C-51C3-4CAE-8F5C-965082D6DFEC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {81F49F63-746A-4A3C-A95C-2C52C047C20F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO Task: {862A65A0-F0D4-45F4-ABB3-A9FABC5EAF20} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {874268D4-390C-451B-877E-7789263E6914} - System32\Tasks\{8E7134AE-F0F4-4229-B42A-46423B0E6897} => pcalua.exe -a C:\Users\X\Downloads\avira_ptbr_av_40677320_e33t791tlkq1rplbr8md_wd.exe -d C:\Users\X\Downloads Task: {87551B7A-647C-4B03-BE0D-242BE9521327} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {8E0B5331-8BD1-42A1-BC18-B60C90C01815} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {8F0FBE2E-3E6D-4A88-A1E4-AE255608A722} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {A2C69A17-9A86-4D2D-821E-024D2AEB6C5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {A90C98CC-211B-43B1-90A1-189FB25EE74E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {B46F62C6-ABAC-4579-8BD0-7088A39B2B29} - System32\Tasks\{79248468-F9A1-4318-899C-4AD6E699BFA6} => Chrome.exe hxxp://g.msn.com/1ewptbr70/SettingsTermUse Task: {B8254D43-9F30-40E1-8944-319EE0802899} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {BE1B635C-C644-46F8-821A-C1C643D48752} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {BF805A39-3D4D-4471-A659-1D64133CA1EC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {C1187C8A-629D-47A8-A5B5-F36108BD6DA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {CDD6B3A0-8B5A-45F7-A74E-AE1B2964B02B} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-09-23] () Task: {D86F6A4A-9C8A-41F2-949E-18B9E2AC405F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {E0248856-E8BD-433A-A304-A6CEC5097C1F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {E69AFD62-C88A-44BD-902D-B541F4EC1EEF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {EE0C7143-50C3-4498-8799-611752DBD61E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {EE704968-C035-4A85-A0DF-BA209925D34E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {F2594ABB-3625-4EAB-A8E1-A30B5FF3E4CC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {F3D6128D-3B70-4AFA-A76D-0FF00A1D535C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {F400CBB5-957B-4624-8661-6E6C7C92D1C7} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-05-08] (Hewlett-Packard Co.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-06-17 03:25 - 2015-06-17 03:25 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2016-04-12 20:58 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-12 20:58 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-25 22:23 - 2016-04-25 22:23 - 00959176 _____ () C:\Users\X\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll 2016-01-20 04:32 - 2016-01-20 04:32 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-11 17:51 - 2016-04-23 01:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-11 17:51 - 2016-04-23 01:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-11 17:51 - 2016-04-23 00:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-11 17:51 - 2016-04-23 00:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-11 17:51 - 2016-04-23 01:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-09-23 18:42 - 2007-01-16 03:55 - 00480256 _____ () C:\WINDOWS\CmUCREye_x64.exe 2016-04-19 21:51 - 2016-04-19 21:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-01-21 13:14 - 2016-01-21 13:14 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-12-14 21:55 - 2015-12-14 21:55 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2014-04-07 11:31 - 2014-04-07 11:31 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll 2015-06-17 03:24 - 2015-06-17 03:24 - 00037528 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll 2016-04-25 22:23 - 2016-04-25 22:23 - 00679624 _____ () C:\Users\X\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll 2015-07-01 17:35 - 2015-07-01 17:35 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2015-07-01 17:35 - 2015-07-01 17:35 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2016-05-22 22:05 - 2016-05-22 22:05 - 00098816 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32api.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00110080 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\pywintypes27.dll 2016-05-22 22:05 - 2016-05-22 22:05 - 00364544 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\pythoncom27.dll 2016-05-22 22:05 - 2016-05-22 22:05 - 00320512 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32com.shell.shell.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00776704 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_hashlib.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 01176576 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._core_.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00806400 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._gdi_.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00816128 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._windows_.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 01067008 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._controls_.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00733184 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._misc_.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00682496 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\pysqlite2._sqlite.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00088064 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_ctypes.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00119808 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32file.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00108544 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32security.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00007168 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\hashobjs_ext.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00017920 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\thumbnails_ext.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00088064 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\usb_ext.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00167936 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32gui.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00018432 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32event.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00046080 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_socket.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 01208320 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_ssl.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00128512 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_elementtree.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00127488 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\pyexpat.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00012288 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\common.time34.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00038912 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32inet.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00036864 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_psutil_windows.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00525208 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\windows._lib_cacheinvalidation.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00011264 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32crypt.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00077312 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._html2.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00027136 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_multiprocessing.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00020480 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\_yappi.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00035840 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32process.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00686080 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\unicodedata.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00078848 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._animate.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00123392 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\wx._wizard.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00024064 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32pipe.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00010240 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\select.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00025600 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32pdh.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00017408 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32profile.pyd 2016-05-22 22:05 - 2016-05-22 22:05 - 00022528 ____R () C:\Users\X\AppData\Local\Temp\_MEI46362\win32ts.pyd 2016-04-19 21:51 - 2016-04-19 21:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 21:51 - 2016-04-19 21:53 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\WINDOWS\System32:D50FAAED_Bb.gbp [2] AlternateDataStreams: C:\WINDOWS\System32:D50FAAED_Cef.gbp [2] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-2252849729-668298971-1092156944-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-2252849729-668298971-1092156944-1001\...\bb.com.br -> aapj.bb.com.br IE trusted site: HKU\S-1-5-21-2252849729-668298971-1092156944-1001\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-2252849729-668298971-1092156944-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-2252849729-668298971-1092156944-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-05-20 23:13 - 00000698 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-2252849729-668298971-1092156944-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\X\Pictures\Wallpapers\golden_compass-wallpaper-1600x900.jpg DNS Servers: 200.204.0.10 - 200.204.0.138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup MSCONFIG\startupreg: Cmiboot => C:\Windows\cmiboot.exe MSCONFIG\startupreg: CorelDRAW Graphics Suite 11b => C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=091514 serial=DR12WEX-1504397-KTY lang=BP MSCONFIG\startupreg: RealDownloader => MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "Cmiboot" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{1C449159-C404-4328-BEE0-FD6643AF9FEC}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe FirewallRules: [{468B3DE6-F9E3-43C5-A68C-9B5B323AAB97}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{4FEC30B2-8D46-4F7B-9903-A2D77D183736}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{8809DECB-CD3E-4417-8C48-CD98522CF5E6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{F785F4C2-1DBE-47B2-82B5-FB4BFFBDEE05}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D7337E96-A907-4AC8-B2AC-CF2EED435D3E}] => (Allow) LPort=2869 FirewallRules: [{ED8EB17D-7263-41F6-9AA9-5529482F2437}] => (Allow) LPort=1900 FirewallRules: [{B5B51C59-F639-48E0-AF97-3644D6EF11FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{609AE43C-D337-4022-98FC-3BEB6EE6BA85}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{856D327B-3FAE-48CB-B1CD-664A46543656}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe FirewallRules: [UDP Query User{01D8902E-F810-48C1-8836-0107BFBE0722}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\freetime\formatfactory\formatfactory.exe FirewallRules: [TCP Query User{ABBF8431-BAFB-4444-85D4-4089B6B01E29}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [UDP Query User{08D3AC45-4CD5-4B1E-9110-46730F9000BC}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe FirewallRules: [{EEBD32FF-C29F-4B1E-9E67-5AF9D25D5EB1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D4F8C081-AC14-46FF-BE4B-983A40DB1B96}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe FirewallRules: [{2ADE645F-E323-4261-A142-B1A003DB4FCD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{04801A2C-880B-43CD-A8D7-C400BB469ADC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe FirewallRules: [{C72B9ED7-A0AA-4AC5-BAF1-BD0DA8EFF3E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E831D8CD-DA0E-446F-A4C8-2125DA58EAF3}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe ==================== Pontos de Restauração ========================= 06-05-2016 07:23:21 Windows Update 11-05-2016 17:53:06 Windows Update 20-05-2016 16:03:58 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (05/20/2016 11:22:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: MsMpEng.exe, versão: 4.9.10586.0, carimbo de data/hora: 0x5632d908 Nome do módulo com falha: mpsvc.dll, versão: 4.9.10586.0, carimbo de data/hora: 0x5632d360 Código de exceção: 0xc0000005 Deslocamento da falha: 0x00000000000188f4 ID do processo com falha: 0x8e8 Hora de início do aplicativo com falha: 0xMsMpEng.exe0 Caminho do aplicativo com falha: MsMpEng.exe1 Caminho do módulo com falha: MsMpEng.exe2 ID do Relatório: MsMpEng.exe3 Nome completo do pacote com falha: MsMpEng.exe4 ID do aplicativo relativo ao pacote com falha: MsMpEng.exe5 Error: (05/20/2016 11:01:35 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (05/20/2016 10:48:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: X-PC) Description: O pacote Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy+CortanaUI foi terminado porque levou muito tempo para ser suspenso. Error: (05/20/2016 10:22:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: X-PC) Description: Falha na ativação do aplicativo windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy:microsoft.windows.immersivecontrolpanel com o erro: -2144927149. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (05/20/2016 10:20:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: X-PC) Description: Falha na ativação do aplicativo Microsoft.Getstarted_3.5.11.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca com o erro: -2144927149. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (05/20/2016 10:19:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: svchost.exe, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d7ba Nome do módulo com falha: ESENT.dll, versão: 10.0.10586.212, carimbo de data/hora: 0x56fa1686 Código de exceção: 0xc0000602 Deslocamento da falha: 0x000000000022885f ID do processo com falha: 0x8a0 Hora de início do aplicativo com falha: 0xsvchost.exe0 Caminho do aplicativo com falha: svchost.exe1 Caminho do módulo com falha: svchost.exe2 ID do Relatório: svchost.exe3 Nome completo do pacote com falha: svchost.exe4 ID do aplicativo relativo ao pacote com falha: svchost.exe5 Error: (05/20/2016 10:19:02 PM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2208) Terminando o processo devido à falha não recuperável: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) Error: (05/20/2016 09:21:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: plugin-container.exe, versão: 46.0.1.5966, carimbo de data/hora: 0x572818c9 Nome do módulo com falha: mozglue.dll, versão: 46.0.1.5966, carimbo de data/hora: 0x572808c3 Código de exceção: 0x80000003 Deslocamento da falha: 0x0000efdc ID do processo com falha: 0x1d1c Hora de início do aplicativo com falha: 0xplugin-container.exe0 Caminho do aplicativo com falha: plugin-container.exe1 Caminho do módulo com falha: plugin-container.exe2 ID do Relatório: plugin-container.exe3 Nome completo do pacote com falha: plugin-container.exe4 ID do aplicativo relativo ao pacote com falha: plugin-container.exe5 Error: (05/20/2016 08:53:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: svchost.exe, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d7ba Nome do módulo com falha: ESENT.dll, versão: 10.0.10586.212, carimbo de data/hora: 0x56fa1686 Código de exceção: 0xc0000602 Deslocamento da falha: 0x000000000022885f ID do processo com falha: 0x92c Hora de início do aplicativo com falha: 0xsvchost.exe0 Caminho do aplicativo com falha: svchost.exe1 Caminho do módulo com falha: svchost.exe2 ID do Relatório: svchost.exe3 Nome completo do pacote com falha: svchost.exe4 ID do aplicativo relativo ao pacote com falha: svchost.exe5 Error: (05/20/2016 08:53:39 PM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2348) Terminando o processo devido à falha não recuperável: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) Erros de Sistema: ============= Error: (05/22/2016 10:06:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: %%2 Error: (05/22/2016 10:06:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: %%2 Error: (05/22/2016 10:06:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: %%2 Error: (05/22/2016 10:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço Avira Mail Protection depende do serviço Avira Real-Time Protection, mas não foi possível iniciá-lo devido ao seguinte erro: %%1070 Error: (05/22/2016 10:06:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço Avira Web Protection depende do serviço Avira Real-Time Protection, mas não foi possível iniciá-lo devido ao seguinte erro: %%1070 Error: (05/22/2016 10:06:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Avira Real-Time Protection suspenso ao iniciar. Error: (05/22/2016 10:06:13 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Avira Real-Time Protection suspenso ao iniciar. Error: (05/22/2016 10:04:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço NetMsmqActivator devido ao seguinte erro: %%1053 Error: (05/22/2016 10:04:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço NetMsmqActivator. Error: (05/22/2016 10:04:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço NetPipeActivator devido ao seguinte erro: %%1053 CodeIntegrity: =================================== Date: 2016-05-22 22:09:28.313 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-22 22:09:28.190 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-21 21:41:09.337 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\PROGRAM FILES\Diebold\Warsaw\WSLBDHM64.DLL that did not meet the Store signing level requirements. Date: 2016-05-20 23:22:20.978 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-20 23:21:46.974 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-20 23:21:46.545 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-20 23:13:41.152 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-20 23:13:41.122 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-20 23:13:41.080 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-05-20 23:13:41.052 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz Percentagem de memória em uso: 58% RAM física total: 4086.18 MB RAM física disponível: 1700.02 MB Virtual Total: 8182.18 MB Virtual disponível: 4677.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.54 GB) (Free:149.79 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 33C4C7C9) Partition 1: (Active) - (Size=110 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=297.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== Fim de Addition.txt ============================