Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 19-06-2016 Executado por Usuario (2016-06-18 19:45:22) Executando a partir de C:\Users\Usuario\Desktop\at Microsoft Windows 7 Professional (X86) (2014-03-27 13:00:58) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1384300965-3790935411-767046383-500 - Administrator - Disabled) Convidado (S-1-5-21-1384300965-3790935411-767046383-501 - Limited - Disabled) Usuario (S-1-5-21-1384300965-3790935411-767046383-1000 - Administrator - Enabled) => C:\Users\Usuario ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-1384300965-3790935411-767046383-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 7-Zip 9.21beta (HKLM\...\7-Zip) (Version: - ) Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.9.1328 - DsNET Corp) Avast Free Antivirus (HKLM\...\avast) (Version: 11.2.2262 - AVAST Software) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform) Common (Version: 14.1.0.150 - Corel Corporation) Hidden CyberLink PowerDVD 10 (HKLM\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2325.51 - CyberLink Corp.) DeviceIO (Version: 14.1.0.150 - Corel Corporation) Hidden FormatFactory 3.6.0.0 (HKLM\...\FormatFactory) (Version: 3.6.0.0 - Format Factory) Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden HP Deskjet 2050 J510 series Ajuda (HKLM\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.61.61 - Hewlett Packard) HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos (HKLM\...\{D63C6E54-882C-478B-91AB-53D1E89C80BA}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2050 J510 series Software básico do dispositivo (HKLM\...\{6A653EE1-F8B9-4885-BB4A-E9D9481F626C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife) HP Support Assistant (HKLM\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM\...\{CAF5FFBA-8F3B-409C-9126-74DF66A036DF}) (Version: 12.4.18.7 - Hewlett-Packard Company) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden Intel Driver Update Utility (HKLM\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation) IP Camera Adapter (HKLM\...\{6D140BFF-7CC5-4BFE-AD6D-47035FFE5F14}) (Version: 2.0.0.0 - Pavel Khlebovich) Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) K-Lite Mega Codec Pack 3.5.0 (HKLM\...\KLiteCodecPack_is1) (Version: 3.5.0 - ) Mario Forever 3.0 (HKLM\...\Mario Forever) (Version: 3.0 - Buziol Games) Max Remote versão 2.3 (HKLM\...\{996228C5-A910-42C1-80E3-1E47CEDF7E18}_is1) (Version: 2.3 - Bit Units Studio) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office com Clique para Executar 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Starter 2010 - Português (Brasil) (HKLM\...\{90140011-0066-0416-0000-0000000FF1CE}) (Version: 14.0.7130.5000 - Microsoft Corporation) Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Premium (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1046}) (Version: 7.02.6445 - Nero AG) Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50709 - Microsoft Corporation) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) PCSX2 - Playstation 2 Emulator (HKLM\...\pcsx2) (Version: - ) PhotoScape (HKLM\...\PhotoScape) (Version: - ) PureHD (Version: 14.1.0.150 - Corel Corporation) Hidden Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.) RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain) RPG Maker VX Ace versão 1.00 (HKLM\...\{B6763A84-161D-40CD-BF0B-7FF4BB001ECF}_is1) (Version: 1.00 - ) SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Setup (Version: 14.1.0.150 - Corel Corporation) Hidden Share (Version: 17.0.0.249 - Corel Corporation) Hidden Software de dispositivo do Chipset Intel® (Version: 10.0.13 - Intel(R) Corporation) Hidden SpyHunter (HKLM\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - ) Unity Web Player (HKU\S-1-5-21-1384300965-3790935411-767046383-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) USB Vibration Joystick (BM) (HKLM\...\{61A994FF-D39B-4937-9DB9-87EC4FF1B31F}) (Version: 1.00.0000 - ShanWan) VIO (Version: 14.1.0.150 - Corel Corporation) Hidden VSClassic (Version: 17.0.0.249 - Corel Corporation) Hidden VSPro (Version: 17.0.0.249 - Corel Corporation) Hidden Zuma Deluxe RA (HKLM\...\Zuma Deluxe RA) (Version: - ) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1384300965-3790935411-767046383-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0E295727-1EEB-4548-B36B-B8EC63C41B09} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-11-09] (Oracle Corporation) Task: {116489D2-E24D-48EA-9555-291B691B0C59} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.) Task: {145E03DC-3343-4F91-A752-208A87450E45} - System32\Tasks\Alrlaimaeofe => C:\ProgramData\Alrlaimaeofe\1.0.4.1\illuwuas.exe Task: {22B758A8-B6CD-4760-8898-2143C09F02B6} - System32\Tasks\HPCeeScheduleForUsuario => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {244065FA-43FF-41F8-891F-625AE54EC039} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATENÇÃO Task: {33523A2F-B59F-4BB7-9042-4B4DDC5A9C43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {3B8C6AD4-6951-46F1-938C-6E6330F1F8C0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software) Task: {3BC25EBA-400D-4E13-89CD-BC3950A286E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {40B55500-3952-4CBA-98F7-8C77D2B8B432} - System32\Tasks\{C9EBC163-A9F9-48CA-BA5B-273CEF9A8926} => pcalua.exe -a C:\Users\Usuario\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=pcm <==== ATENÇÃO Task: {4715703E-4DF4-4B7F-8894-7E3A134FAFD7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {4E829696-49A3-4A63-9784-E71678DC611D} - System32\Tasks\Driver Booster SkipUAC (Usuario) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe Task: {5D3498ED-F0AD-4E77-BA52-EB7AD58DC86F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {5F3A6593-B3F9-42A9-95CB-359203BE8642} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: {76B22B3B-E65C-43F3-A5AB-BE2E9FE6B0A0} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe <==== ATENÇÃO Task: {9680705D-57E6-45B2-B68A-04AE112B3855} - System32\Tasks\DriverToolkit Autorun => C:\Program Files\DriverToolkit\DriverToolkit.exe Task: {A3272E83-779D-49F6-A72C-46FCAC276891} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.) Task: {AAE98B3C-333D-45FB-939C-68954E6C0E16} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2010-06-28] (Enigma Software Group USA, LLC.) Task: {B53E279F-940D-4594-9502-C1470D413839} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated) Task: {C5C08D46-363D-4AF6-A33F-AF448E428CF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard) Task: {C6EA3A58-4F23-4FB5-A513-F493E46A0495} - System32\Tasks\SafeZone scheduled Autoupdate 1458730341 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {C96DB350-322B-4F1D-9B02-A290C46F947E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {D24EB972-C8A4-4957-84A4-B82496708A5C} - System32\Tasks\Programa de atualização online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17] (Adobe Systems Incorporated) Task: {D56BF97E-6011-4B08-B5DB-29CD08FED841} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-03] (AVAST Software) Task: {D757DFFB-6F61-45D1-945B-6B88B49DEFD6} - System32\Tasks\Uninstaller_SkipUac_Usuario => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe Task: {E0C671FF-1163-435B-AD84-F3A64FE4EB24} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2010-06-28] (Enigma Software Group USA, LLC.) Task: {E5B8A8D8-51FD-42DE-A55B-7AACA070B781} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd) Task: {E8546271-6EE0-4655-BE32-9C716ADE55D1} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files\DriverToolkit\DriverToolkit.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForUsuario.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2016-06-03 13:06 - 2016-06-03 13:06 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-06-03 13:06 - 2016-06-03 13:06 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-18 14:20 - 2016-06-18 14:20 - 02936320 _____ () C:\Program Files\AVAST Software\Avast\defs\16061801\algo.dll 2016-06-03 13:06 - 2016-06-03 13:06 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-06-03 13:06 - 2016-06-03 13:06 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2010-07-04 18:32 - 2010-07-04 18:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll 2010-07-04 16:51 - 2010-07-04 16:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe 2016-01-20 11:08 - 2016-01-20 11:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-11-16 13:55 - 2015-11-16 13:55 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll 2015-08-19 16:18 - 2015-07-16 05:53 - 00383640 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe 2015-08-19 16:18 - 2015-07-16 05:59 - 00660632 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll 2015-08-19 16:18 - 2015-07-16 05:56 - 00108696 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll 2015-08-19 16:18 - 2015-07-16 05:56 - 00024728 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll 2015-08-19 16:18 - 2015-07-16 05:57 - 00194200 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll 2015-08-19 16:18 - 2015-07-16 05:58 - 00151192 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll 2015-08-19 16:18 - 2015-07-16 05:57 - 00051864 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll 2015-08-19 16:18 - 2015-07-16 05:55 - 00031896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Windows\System32:DCCE9227_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [212] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1384300965-3790935411-767046383-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2016-06-18 19:10 - 00000931 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.googleapis.com 127.0.0.1 clients4.google.com 54.225.95.126 hjjjegfhiceggepdokloeepnhlfnedkk ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1384300965-3790935411-767046383-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 189.7.48.66 - 189.7.48.61 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup MSCONFIG\startupreg: Baixar Musicas Gratis => C:\Program Files\Baixar Musicas Gratis\Baixar Musicas Gratis.exe MSCONFIG\startupreg: Baixar Musicas Gratis Service => C:\Program Files\Baixar Musicas Gratis\Baixar Musicas GratisService.exe MSCONFIG\startupreg: ContentAgent => C:\Users\Usuario\AppData\Local\ContentAgent.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: uTorrent => "C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{002B3C14-5103-4911-A50E-844D2FE42F6B}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{FF6A3EEF-E126-4CE3-A023-C4D41447210B}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [TCP Query User{7D830D7F-744A-4150-A8D1-04AF508D3031}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [UDP Query User{9235A5BE-9F61-457A-9300-7EA71982AC9B}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [{FC182514-66EB-44D7-B6B4-8D603214DEF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{841FC196-B254-4019-9730-08FB6E1D9BEA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{81EA3BAB-F4EF-45C9-A761-EEE6599AF2BE}] => (Allow) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{92EFC784-B244-4E04-BCF6-B71429FACD0B}C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe] => (Block) C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe FirewallRules: [UDP Query User{C8922D15-6F9D-4998-9604-953B7D078B66}C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe] => (Block) C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe FirewallRules: [TCP Query User{8DFFE017-39BF-4E2A-9477-A35860B654C4}C:\program files\max remote server\archives\jre\bin\javaw.exe] => (Allow) C:\program files\max remote server\archives\jre\bin\javaw.exe FirewallRules: [UDP Query User{47F21373-F28B-4875-91A4-BF37A210E5C6}C:\program files\max remote server\archives\jre\bin\javaw.exe] => (Allow) C:\program files\max remote server\archives\jre\bin\javaw.exe FirewallRules: [{063454D9-03F9-4A2D-AE61-814147A13D4E}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{857D83DB-5E6A-4C7C-A222-4BA665637005}] => (Allow) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{4DD06BE7-4F37-4443-BA4A-D3C865D261D8}C:\users\usuario\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\usuario\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [UDP Query User{0DFECB3D-6389-4C00-BEE0-B842EBA043CE}C:\users\usuario\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Allow) C:\users\usuario\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe FirewallRules: [{95672040-B43A-42BE-8858-AEBA11EC8C5C}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe FirewallRules: [{BF18BFBA-0816-4F53-B72A-6A338D9A0A72}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{6C0000FA-07BF-4602-B315-D825790B4027}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [TCP Query User{B3648C62-2DC7-4FEC-8D89-2DD35F39C8E9}C:\users\usuario\desktop\ygo\ygopro-1.033.7-v2-percy\ygopro_vs.exe] => (Allow) C:\users\usuario\desktop\ygo\ygopro-1.033.7-v2-percy\ygopro_vs.exe FirewallRules: [UDP Query User{6C34F9AA-2938-4C0B-8E4E-C5342EE4363E}C:\users\usuario\desktop\ygo\ygopro-1.033.7-v2-percy\ygopro_vs.exe] => (Allow) C:\users\usuario\desktop\ygo\ygopro-1.033.7-v2-percy\ygopro_vs.exe FirewallRules: [{3D986AB4-0293-40C2-B900-26C2848430C5}] => (Allow) C:\Windows\Temp\7zS59B4\HPDiagnosticCoreUI.exe FirewallRules: [{F7E01BDE-F781-4C8F-8345-D2C08DB0684A}] => (Allow) C:\Windows\Temp\7zS59B4\HPDiagnosticCoreUI.exe FirewallRules: [{4056AD70-27A2-4F44-BF4E-0BCA9A215F02}] => (Allow) C:\Windows\Temp\7zS5BC2\HPDiagnosticCoreUI.exe FirewallRules: [{18074BE3-23D1-4BF5-8B31-2A7BA74C94A8}] => (Allow) C:\Windows\Temp\7zS5BC2\HPDiagnosticCoreUI.exe FirewallRules: [TCP Query User{E5775648-2C47-4F19-A5AD-4A4C6B71BCA2}C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe] => (Allow) C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe FirewallRules: [UDP Query User{4658D555-569F-43C2-B19B-5A8DD71D7946}C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe] => (Allow) C:\users\usuario\downloads\max remote\archives\jre\bin\javaw.exe FirewallRules: [{C173E08F-569E-4E0A-BF8B-42967F1CEED0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 09-06-2016 17:17:24 Windows Update 13-06-2016 17:17:34 Windows Update 15-06-2016 03:00:30 Windows Update 18-06-2016 17:37:36 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 18-06-2016 17:48:30 Windows Update 18-06-2016 18:03:43 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 18-06-2016 18:56:23 Windows Update 18-06-2016 19:21:34 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: badriver Description: badriver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: badriver Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: mosfilterdrv Description: mosfilterdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mosfilterdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Adaptador de Túnel Teredo da Microsoft Description: Adaptador de Túnel Teredo da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HWiNFO32/64 Kernel Driver Description: HWiNFO32/64 Kernel Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HWiNFO32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: cashnbackdrv Description: cashnbackdrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: cashnbackdrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (06/18/2016 07:18:05 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Somente informações. (Patch task for {90140011-0066-0416-0000-0000000FF1CE}): DownloadLatest Failed: Status do HTTP 403: o cliente não tem direitos de acesso suficientes ao objeto do servidor solicitado. Error: (06/18/2016 07:16:45 PM) (Source: HP Active Health) (EventID: 401) (User: ) Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Error: (06/18/2016 07:14:21 PM) (Source: HP Active Health) (EventID: 1100) (User: ) Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Referência de objeto não definida para uma instância de um objeto. em HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) em HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (06/18/2016 07:14:08 PM) (Source: HP Active Health) (EventID: 1101) (User: ) Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Error: (06/18/2016 07:14:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa helppane.exe versão 6.1.7600.16385 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 139c Hora de Início: 01d1c9aeac127b99 Hora de Término: 0 Caminho do Aplicativo: C:\Windows\helppane.exe Id do Relatório: f153a43a-35a1-11e6-badb-0ceee6f97b39 Error: (06/18/2016 07:09:00 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Falha de ativação da licença do Windows. Erro 0x80070005. Error: (06/18/2016 05:40:29 PM) (Source: CVHSVC) (EventID: 100) (User: ) Description: Somente informações. (Patch task for {90140011-0066-0416-0000-0000000FF1CE}): DownloadLatest Failed: Status do HTTP 403: o cliente não tem direitos de acesso suficientes ao objeto do servidor solicitado. Error: (06/18/2016 05:36:19 PM) (Source: HP Active Health) (EventID: 401) (User: ) Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Error: (06/18/2016 05:36:06 PM) (Source: HP Active Health) (EventID: 1100) (User: ) Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Referência de objeto não definida para uma instância de um objeto. em HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector) em HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj) Error: (06/18/2016 05:36:05 PM) (Source: HP Active Health) (EventID: 1101) (User: ) Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe] Erros de Sistema: ============= Error: (06/18/2016 07:23:38 PM) (Source: Disk) (EventID: 7) (User: ) Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso. Error: (06/18/2016 07:23:35 PM) (Source: Disk) (EventID: 7) (User: ) Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso. Error: (06/18/2016 07:15:13 PM) (Source: DCOM) (EventID: 10001) (User: ) Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (06/18/2016 07:11:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x800700b7: Atualização do Windows 7 (KB976422). Error: (06/18/2016 07:09:26 PM) (Source: Microsoft-Windows-FunctionDiscoveryHost) (EventID: 1000) (User: AUTORIDADE NT) Description: Falha ao registrar o provedor WSDiscoveryProvider com o seguinte erro: 2147942526. Error: (06/18/2016 07:09:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço Provedor do Grupo Doméstico depende do serviço Publicação de Recursos de Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro: %%126 = Não foi possível encontrar o módulo especificado. Error: (06/18/2016 07:09:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Publicação de Recursos de Descoberta de Função terminou com o erro: %%126 = Não foi possível encontrar o módulo especificado. Error: (06/18/2016 07:08:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: badriver cashnbackdrv HWiNFO32 mosfilterdrv Error: (06/18/2016 07:07:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço VBoxAsw Support Driver devido ao seguinte erro: %%3 = O sistema não pode encontrar o caminho especificado. Error: (06/18/2016 07:07:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE devido ao seguinte erro: %%1053 = O serviço não respondeu à requisição de início ou controle em tempo hábil. ==================== Informações da Memória =========================== Processador: Intel(R) Celeron(R) CPU E3300 @ 2.50GHz Percentagem de memória em uso: 89% RAM física total: 2037.18 MB RAM física disponível: 216.66 MB Virtual Total: 4074.36 MB Virtual disponível: 2278.05 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.43 GB) (Free:6.91 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 0000B17D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================