Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão:07-06-2016 Executado por UESPI (2016-06-08 08:23:58) Executando a partir de C:\Users\UESPI\Desktop Microsoft Windows 10 Pro Versão 1511 (X86) (2015-12-24 19:51:22) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-613365655-2104278902-840499372-500 - Administrator - Disabled) Convidado (S-1-5-21-613365655-2104278902-840499372-501 - Limited - Disabled) DefaultAccount (S-1-5-21-613365655-2104278902-840499372-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-613365655-2104278902-840499372-1007 - Limited - Enabled) UESPI (S-1-5-21-613365655-2104278902-840499372-1000 - Administrator - Enabled) => C:\Users\UESPI ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.) Adobe Acrobat DC (HKLM\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) aTube Catcher versão 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avast Internet Security (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) Corel Graphics - Windows Shell Extension (HKLM\...\_{FD417077-C2FE-46DB-942A-228179B308D5}) (Version: 18.0.0.448 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 18.0.448 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - BR (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Capture (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Common (Version: 18.0.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Connect (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - CS (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - CT (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Custom Data (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - CZ (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - DE (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Draw (Version: 18.0.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - EN (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - ES (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Filters (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Font Manager (Version: 18.0.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - FR (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IPM (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IPM Content (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IT (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - JP (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - NL (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - PHOTO-PAINT (Version: 18.0.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - PL (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Redist (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - RU (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Setup Files (Version: 18.0.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - TR (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - VBA (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - VideoBrowser (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Workspaces (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Writing Tools (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 (HKLM\...\_{86F23E59-06B3-432A-9D16-B6A4DF379571}) (Version: 18.0.0.450 - Corel Corporation) CorelDRAW Graphics Suite X8 (Version: 18.0 - Corel Corporation) Hidden Dell System Detect (HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell) Dic Michaelis - UOL (HKLM\...\WDIC) (Version: - ) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) FormatFactory 3.7.0.0 (HKLM\...\FormatFactory) (Version: 3.7.0.0 - Format Factory) Ghostscript GPL 8.64 (Msi Setup) (HKLM\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.79 - Google Inc.) Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden IPM_Common_x86 (Version: 2.1 - Your Company Name) Hidden Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH) K-Lite Mega Codec Pack 11.9.6 (HKLM\...\KLiteCodecPack_is1) (Version: 11.9.6 - KLCP) Max Impressão 1.0 (HKLM\...\Max Impressão) (Version: 1.0 - Maxprint ) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.6868.2067 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 46.0.1 (x86 pt-BR)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Nero 7 Premium (HKLM\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11046}) (Version: 7.02.0936 - Nero AG) Office 16 Click-to-Run Extensibility Component (Version: 16.0.6828.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.6828.1019 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.6828.1019 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.) TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.56083 - TeamViewer) VSO ConvertXToDVD 6 (HKLM\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.29 - VSO Software) Warsaw 1.11.0.42826 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.0.42826 - GAS Tecnologia) WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies) WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ZHPFix 2015 (HKLM\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {03130FF0-DCB4-4191-BEA1-3510F10C2C09} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {10CC4D38-BA87-417F-A312-D55E0070BEF8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {1C2961CD-2075-4FF7-9BBA-B7255013E874} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1D67C27D-D747-4563-8FAE-A4A32D841AAB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-15] (Microsoft Corporation) Task: {2F98707C-B51C-4FF5-AF68-90BCBEC20715} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-10] (AVAST Software) Task: {304C63DB-E89B-4E1F-ADF0-94299465AAB3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {3846A8C1-1756-46E1-AD76-88D6CB6857D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd) Task: {3C2BCCD4-4064-4964-8907-73532C50DA78} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files\Corel\CUH\v2\CUH.exe [2016-02-26] (Corel Corporation) Task: {47D0937C-E791-446C-8A71-B6EB1B071992} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-02-19] () Task: {49485B23-C6AC-4C02-BBE5-EB4B95EF3386} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {5303766B-9811-4D6B-85A9-7AA4A12CC774} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {57CFF5EB-7516-444E-BD73-2041B05D77AC} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic Task: {58324586-E508-4271-B5D2-1B5B6D09AC6F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {61DDA0B0-DD26-4DA9-8578-BAE81415F750} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {65A41861-FE2E-4741-B70B-807BB1B8328E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {65B6B218-AD46-4D9E-9567-895FB58A8373} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {69BD309D-2E3B-4AEC-9418-843B43E31892} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated) Task: {6D95CE55-78DD-42A6-9BE5-DFA154C773C2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {73A1E7DC-8820-4143-8582-545F0BE42DA7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-12] (Microsoft Corporation) Task: {75DDCA2B-6DAA-4D89-BA44-0E22F0B333AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {7B152515-1CFF-411D-8D63-840F7D935B8B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7CED933C-B232-4F92-BC44-22A4C47F027C} - System32\Tasks\SafeZone scheduled Autoupdate 1450719106 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {7E2AE833-1F28-4AAA-9865-4A5FBEB6A050} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7EEA8134-9A85-4096-829B-EB039AAB8DB2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {892B8BF8-2DA3-4F9B-98D6-9C781DD9A835} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic Task: {8939522C-6AA0-4C38-A7DE-2F98723EB03F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-05-16] (Microsoft Corporation) Task: {A6E3F0D8-ABE9-4F5D-857F-48DEC418E1CC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {AF7D472D-A09B-4F0B-AE5C-75893DFA6ABD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B08DB436-3710-487C-A7E9-9A8E612BB81A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {B7B38D63-0263-4247-AD10-35BDEF0230E1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BDEF580C-0D61-4734-AA74-135C0D8EE182} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C0DABEF4-CF31-4A83-A118-E84D2E78CFA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-05-16] (Microsoft Corporation) Task: {C2D8D4EB-F30C-4407-B12E-1F4B45B0D4A0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {C80AE607-482A-4340-99D1-9F9DC5ABCE66} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CA4E4B89-DB97-45D0-9CD2-7A4CF80BE87A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D5E60CFC-8309-4977-B0BD-69DFD95BB8A6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DC0BB0B7-6305-40AB-8156-4EB0123F5F90} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E5DCE392-81B7-443A-AC2D-AE3A6DC10AF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-15] (Microsoft Corporation) Task: {E7EE506C-8604-47C4-9800-0B746877934A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {F324EB41-6703-42D8-AB0B-0934E20A97E9} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2016-05-10 08:25 - 2016-05-10 08:25 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-10 08:25 - 2016-05-10 08:25 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-06 08:23 - 2016-06-06 08:23 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060600\algo.dll 2016-05-10 08:25 - 2016-05-10 08:25 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-10 08:25 - 2016-05-10 08:25 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-06-08 08:11 - 2016-06-08 08:11 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\16060800\algo.dll 2015-10-17 11:50 - 2016-05-15 10:58 - 00343744 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-10-30 02:44 - 2015-10-30 02:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-12 16:12 - 2016-03-29 06:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-12 16:12 - 2016-03-29 06:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-24 16:25 - 2015-12-24 16:25 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-12 09:33 - 2016-04-23 01:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-12 09:33 - 2016-04-23 01:05 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-12 09:33 - 2016-04-23 00:58 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-12 09:34 - 2016-04-23 00:58 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-12 09:34 - 2016-04-23 01:01 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-12-15 09:07 - 2015-12-15 09:07 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-06-03 08:57 - 2016-06-01 03:50 - 01745560 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.79\libglesv2.dll 2016-06-03 08:57 - 2016-06-01 03:50 - 00091288 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.79\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8] AlternateDataStreams: C:\WINDOWS\System32:9F46B3A5_Bb.gbp [2] AlternateDataStreams: C:\WINDOWS\system32\drivers:GbpKmAp.lst [208] AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddreg32.sys:X5ZN8aGvT4 [674] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\bb.com.br -> aapj.bb.com.br IE trusted site: HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\gastecnologia.com.br -> cloud.gastecnologia.com.br ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2016-02-24 09:59 - 00000335 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 lmlicenses.wip4.adobe.com 127.0.0.1 lm.licenses.adobe.com 127.0.0.1 na1r.services.adobe.com 127.0.0.1 hlrcv.stage.adobe.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-613365655-2104278902-840499372-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run: => "VDownloader" HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-613365655-2104278902-840499372-1000\...\StartupApproved\Run: => "Lync" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{0CB99BF6-1E28-4AAA-B637-E756B279081F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{FA40BFFB-47F0-432E-85C5-0203C244A7E7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{F56D0A66-C783-4778-BEF3-728FC3F90C9E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{C576DF94-EB1F-462E-8503-82B3A00E992E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [UDP Query User{364CF854-C88B-4E46-907A-1522DCAE0EA0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [TCP Query User{6949B9ED-8D0C-4C1E-9E43-182A29989843}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{6B71AB3D-4A40-4A3D-8E36-E598C64A75A6}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{EEBB3D02-D40A-47B1-AB2D-2A8902F8473C}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{C89E16C3-4286-4951-B2A9-D036D3F4AAA6}] => (Allow) C:\Users\UESPI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F62D844D-E54B-46D8-A93D-0402D203E093}] => (Allow) C:\Users\UESPI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3CD9B1AE-4CEF-4EA8-A307-F785C18803CC}] => (Allow) C:\Users\UESPI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9540AB53-8E60-4338-88E0-C3CAB95CC0A3}] => (Allow) C:\Users\UESPI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{50B1BA1C-2FEF-41F7-B8B2-314113698866}] => (Allow) C:\Users\UESPI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6BB8A2DA-9A1C-4A01-9E60-64A36FF5E916}] => (Allow) C:\Users\UESPI\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{198C398B-58F9-4585-BEBD-E356C5A88C77}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{5C9E3886-4B73-4850-A965-8FCD3220FE00}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{B37D03AC-6719-489B-BCD6-A7CCF6CD4C5C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{2E7EC710-149C-42A1-AA91-636A59FEC7F4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{AB3707DB-4C5E-43BE-AF56-295CBC08D61A}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelDrw.exe FirewallRules: [{6718C6A5-7812-453F-8044-7DE68E863EA1}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs\CorelPP.exe FirewallRules: [{E57E3D4B-60C8-4970-A808-C91EFC1E7727}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{1F637A11-1FD4-4197-845D-BA873F07081A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe FirewallRules: [{9013A9AB-3694-4A58-8929-075B372736B3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{70275336-2E72-4EED-95D3-E9360DD99487}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{E12EE259-0A74-4CB1-8579-54DD8981ED50}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{BE882B68-8438-4B8A-B056-0424C7279280}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe ==================== Pontos de Restauração ========================= 20-05-2016 10:16:47 JRT Pre-Junkware Removal 30-05-2016 10:48:31 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (06/08/2016 08:09:41 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/08/2016 08:09:38 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/08/2016 08:09:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/08/2016 08:07:53 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=3 Error: (06/08/2016 08:07:53 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/07/2016 08:22:45 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: CompatTelRunner.exe, versão: 10.0.14275.1000, carimbo de data/hora: 0x56f0ef43 Nome do módulo com falha: invagent.dll, versão: 10.0.14275.1000, carimbo de data/hora: 0x56f0e905 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000303f1 ID do processo com falha: 0x102c Hora de início do aplicativo com falha: 0xCompatTelRunner.exe0 Caminho do aplicativo com falha: CompatTelRunner.exe1 Caminho do módulo com falha: CompatTelRunner.exe2 ID do Relatório: CompatTelRunner.exe3 Nome completo do pacote com falha: CompatTelRunner.exe4 ID do aplicativo relativo ao pacote com falha: CompatTelRunner.exe5 Error: (06/07/2016 08:11:56 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/07/2016 08:11:55 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2 Error: (06/07/2016 08:11:53 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (06/06/2016 10:22:44 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Erros de Sistema: ============= Error: (06/07/2016 11:29:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Host de Sincronização_b3aeab. Error: (06/07/2016 11:29:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_b3aeab foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (06/07/2016 08:49:11 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/07/2016 08:49:11 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/07/2016 08:49:11 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/07/2016 08:49:11 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/07/2016 08:49:11 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/07/2016 08:49:11 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/07/2016 08:49:11 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/07/2016 08:49:10 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC2) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}UESPI-PC2UESPIS-1-5-21-613365655-2104278902-840499372-1000LocalHost (Usando LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 CodeIntegrity: =================================== Date: 2016-06-01 08:46:27.054 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-25 09:59:46.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-18 14:52:20.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 08:31:14.710 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 08:30:19.775 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-16 08:10:53.015 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-12 11:33:48.217 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-09 09:35:16.358 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-04 08:38:48.733 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-20 09:37:27.869 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentagem de memória em uso: 83% RAM física total: 1979.61 MB RAM física disponível: 334.17 MB Virtual Total: 4178.18 MB Virtual disponível: 2003.16 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.47 GB) (Free:92.58 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: B0000000) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== Fim de Addition.txt ============================