Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 31-08-2016 Executado por Ivan (06-09-2016 23:30:04) Executando a partir de C:\Users\Ivan\Desktop Windows 10 Home Versão 1511 (X64) (2015-11-26 14:34:30) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1793361252-1642306814-3946400002-500 - Administrator - Disabled) Ana (S-1-5-21-1793361252-1642306814-3946400002-1004 - Limited - Enabled) => C:\Users\Ana Convidado (S-1-5-21-1793361252-1642306814-3946400002-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1793361252-1642306814-3946400002-503 - Limited - Disabled) Ivan (S-1-5-21-1793361252-1642306814-3946400002-1000 - Administrator - Enabled) => C:\Users\Ivan ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.19.164 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden AzureTools.Notifications.VwdExpress (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden BurnAware Free 6.4 (HKLM-x32\...\BurnAware Free_is1) (Version: - Burnaware) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) Claro 3G (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper) Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project) GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - ) Gerenciador de Downloads (HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\a54e16f5d00985b6) (Version: 0.9.3.123 - Level Up! Gerenciador) GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation) IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - ) IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - ) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM-x32\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation) Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation) K-Lite Codec Pack 10.0.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.0 - ) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Web - ENU (HKLM-x32\...\{3e544097-53d1-4252-98a6-93cc12a6d487}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation) Microsoft Web Platform Installer 4.6 (HKLM\...\{16C7D2AD-20CA-491E-80BC-8607A9AACED9}) (Version: 4.0.40719.0 - Microsoft Corporation) Módulo de Proteção - Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.12.1.2 - ) Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc) Mozilla Firefox 48.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 pt-BR)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) MySQL Connector C++ 1.1.6 (HKLM\...\{80EE5F65-5553-47A1-B6A9-8BF3211D21A3}) (Version: 1.1.6 - Oracle and/or its affiliates) MySQL Connector J (HKLM-x32\...\{8A9B23F6-9C1D-4DB2-8254-EAB70EF4325B}) (Version: 5.1.36 - Oracle Corporation) MySQL Connector Net 6.9.6 (HKLM-x32\...\{71458704-E552-4A3E-8BFA-4F61C1F70724}) (Version: 6.9.6 - Oracle) MySQL Connector/C 6.1 (HKLM\...\{ABC3A516-54E3-414B-B501-762E7FB2F9D5}) (Version: 6.1.6 - Oracle Corporation) MySQL Connector/ODBC 5.3 (HKLM\...\{A1991404-2634-47E1-BC45-8F3B5014B1D1}) (Version: 5.3.4 - Oracle Corporation) MySQL Documents 5.6 (HKLM-x32\...\{39E12863-FE9F-4F26-B0B7-946882D8490C}) (Version: 5.6.26 - Oracle Corporation) MySQL Examples and Samples 5.6 (HKLM-x32\...\{D7C94327-B568-45D9-9EBA-E2167D2EE6F7}) (Version: 5.6.26 - Oracle Corporation) MySQL Fabric 1.5.4 & MySQL Utilities 1.5.4 (HKLM-x32\...\{1F7D4F80-DF56-48DD-9FC5-220720F7517C}) (Version: 1.5.4 - Oracle Corporation) MySQL For Excel 1.3.4 (HKLM-x32\...\{A0352E65-6E78-48B3-B6D6-B3208E663249}) (Version: 1.3.4 - Oracle) MySQL for Visual Studio 1.2.3 (HKLM-x32\...\{EF7630BF-DC4E-4493-9C0F-5B0A739390EF}) (Version: 1.2.3 - Oracle) MySQL Installer for Windows - Community (HKLM-x32\...\{3BA103F3-9F80-468F-A4D0-52ED5709B871}) (Version: 1.4.11.0 - Oracle Corporation) MySQL Notifier 1.1.6 (HKLM-x32\...\{CB76A6E9-B184-461D-A8BE-7D0D73199545}) (Version: 1.1.6 - Oracle) MySQL Server 5.6 (HKLM\...\{F9D015C6-E9AE-455D-8DDA-BE8B77F3004E}) (Version: 5.6.26 - Oracle Corporation) MySQL Workbench 6.3 CE (HKLM\...\{40AFAA5A-72EE-45A7-B8D2-CC7E08C9370B}) (Version: 6.3.4 - Oracle Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Paltalk Messenger 11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.646.17836 - AVM Software Inc.) PHP Manager 1.2 for IIS 7 (HKLM\...\{E851486F-1FE2-44F0-85ED-F969088A68EE}) (Version: 1.2.0 - ) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Receitanet (HKLM-x32\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft) Shadow Era Launcher 1.02 (HKLM-x32\...\{69EE23BB-4A14-4631-B2B3-B14748F56FF7}_is1) (Version: 1.02 - Wulven Game Studios) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.) Smart Switch (x32 Version: 4.1.16034.4 - Samsung Electronics Co., Ltd.) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH) Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL) Unity Web Player (HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{7BDD179E-C954-438B-937D-EB411B701EAB}) (Version: - Microsoft) VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.3 - VMware, Inc) VMware Player (Version: 6.0.3 - VMware, Inc.) Hidden Warsaw 1.9.0.10533 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.9.0.10533 - GAS Tecnologia) wc3270 3.3.9ga12 (HKLM-x32\...\wc3270_is1) (Version: - Paul Mattes) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Ivan\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {01D57A2E-D727-4424-8797-95EFED78F596} - System32\Tasks\{A89F789C-846C-41F6-944A-800668A6424C} => pcalua.exe -a "C:\Arquivos de Programas RFB\IRPF2015\IRPF2015.exe" -d "C:\Arquivos de Programas RFB\IRPF2015" Task: {06B9EE25-2C6B-47B8-84ED-7099A460B6FD} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {14BE1C41-212D-46E0-8BB4-DA309E8DFB0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {196900B9-AC17-48EB-96B7-A03ADCA1A3EC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {1AD5D07F-C685-46B7-9BEE-9B4C2CC0FCBA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO Task: {211986DB-DBA1-47A3-A248-3C08B1C8F9E4} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => Task: {21A2416A-3C53-41B6-A44E-5DD6705E3C29} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2015-08-19] (Oracle Corporation) Task: {286C5235-7D5E-4075-B139-D0C5900B5E6B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {2CEAA31A-63A9-4810-ADA3-B42767B1F840} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {3151711A-756C-4C10-8505-F75B9F50E2AB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {343AF021-5BEA-488E-8547-40E73649E9F4} - System32\Tasks\MySQLNotifierTask => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySQLNotifier.exe [2014-09-03] (Oracle Corporation) Task: {37CCA156-CC0D-4A2B-B906-BCE5A050920E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {3BF8C3FB-EE15-4052-8E0E-49B347050DA8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {4B7643DD-C6B7-4EA0-AE84-D821BF531611} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {4C23293E-BECB-4C89-BD8E-4DB3F37B47E0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {555C686F-2601-43DB-B092-ECA12D5F65B6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {5796F8F3-07C5-4AEC-A827-972B8C26D94A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {60896297-F226-4319-8F74-503ACA3928A7} - System32\Tasks\{DFAF1978-31D7-4441-8CAD-C747513E1BB4} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/pt/go/help.faq.installer?source=lightinstaller&LastError=1618 Task: {63615E2A-9705-416E-B859-A82152D4A5DE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {6380E8FF-851D-48F0-8FBE-80CA2836EB6C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {64177631-9678-436D-8C50-14930D90CC9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation) Task: {6A335224-665E-4436-8C52-633885F9F08B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {6D03D49A-0512-409A-B6E6-D6C35223B6A3} - System32\Tasks\{3B20EE6C-E0E6-4A2D-BDDD-183D79447EE2} => pcalua.exe -a "C:\Program Files (x86)\Mobile Partner\uninst.exe" Task: {6D24B6EA-06C2-41EC-BF1C-E0AA5C050E0B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {6E424A6C-AAEC-408A-9005-9B727AFF2FFA} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {708B1E1F-BBF2-4DBD-91C4-DCE91F01AD40} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {76116F33-800A-47BD-B968-BC53564B7703} - System32\Tasks\{132E324D-F56D-43AB-B8A1-5DB1F4D6648C} => pcalua.exe -a "C:\Program Files\iGBPCEFsf.exe" -d "C:\Program Files" Task: {7962E69E-DFFF-4ABC-9747-967B7D8A7150} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {7A17D296-A89B-4001-930B-DA6F48D6101E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {7EFC2C90-FE6B-43D1-9CFE-DFC2AB09854B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {7F5ED2B7-E379-44F1-B5ED-8164F040A58B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {85160301-7DD4-4F44-B566-42E05CB94885} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {8A63A62D-6AE1-4C2F-B429-6B64A95EEA33} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {8B305C2B-E3C7-4E33-A073-056157D35FBC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {8E3DF4D6-35C7-42C4-A3B4-1F684D2D4764} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {914B79C5-0A34-4B16-B476-6BCA78790BFA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO Task: {A2B9D029-7243-4168-80F8-4FEF011677DE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-25] (Microsoft Corporation) Task: {A67B39FE-7A95-4F3A-A9DE-2B1524264471} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {B01B22AF-89D2-44CF-83AD-A4FE8277FE93} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B21BE69D-B70C-4B49-91C9-946EF67E1F71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {C518C286-2630-4166-A47B-D6D58D7B902A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO Task: {C5AE579C-D16F-4C70-8051-93CE929A85FC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {D64E77D4-FC21-4E8F-9505-09C015DE279F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {D6ED6D94-BF7B-4655-B654-2F9EDA9BD8F9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {DABC9D1C-059F-4CBB-8C82-6E9BC86551F3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {DB27A538-4B02-4950-A7A4-0E67F316E0AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {E7B98416-A630-459A-A306-538A746F5551} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {F076E734-D422-44CE-B162-28B69E0D4E1B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {F7AD33B4-05E3-4613-81BA-8A83F3A054BD} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F8D3449A-7DFA-47A9-8127-34ACE6DF7983} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) Shortcut: C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Local\Microsoft\Windows\GameExplorer\{CCB6F9C9-1B87-4BC4-A2B5-B355204370E3}\SupportTasks\1\Suporte.lnk -> hxxp://www.strategyfirst.com/en/support/ Shortcut: C:\Users\Ivan\Desktop\Backup ivan\CASA\Desktop\backup\Users\ivansc\AppData\Local\Microsoft\Windows\GameExplorer\{CCB6F9C9-1B87-4BC4-A2B5-B355204370E3}\SupportTasks\0\Página inicial.lnk -> hxxp://www.warriorkingsbattles.com/ ShortcutWithArgument: C:\Users\Ivan\Desktop\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 6" ==================== Módulos Carregados (Whitelisted) ============== 2015-07-15 00:13 - 2015-07-15 00:13 - 13061632 _____ () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-13 17:44 - 2016-07-01 01:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-13 17:44 - 2016-07-01 01:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-22 12:04 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-13 17:45 - 2016-07-01 00:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-04-18 22:31 - 2016-04-19 00:45 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-07-13 17:44 - 2016-07-01 00:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-13 17:44 - 2016-07-01 00:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-13 17:44 - 2016-07-01 00:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-13 17:44 - 2016-07-01 00:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-09-22 18:02 - 2013-04-25 12:55 - 10870528 _____ () C:\Program Files (x86)\Claro 3G\UIMain.exe 2014-09-22 18:02 - 2013-04-25 12:55 - 00680192 _____ () C:\Program Files (x86)\Claro 3G\CMUpdater.exe 2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll 2016-04-18 22:31 - 2016-04-19 00:45 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-18 22:31 - 2016-04-19 00:45 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-09-22 18:02 - 2012-09-24 16:01 - 01177424 _____ () C:\Program Files (x86)\Claro 3G\WAITINGFORM.DLL 2014-09-22 18:02 - 2013-04-25 12:54 - 01180928 _____ () C:\Program Files (x86)\Claro 3G\DLL_NETCARD_R.DLL 2014-09-22 18:02 - 2010-12-10 12:42 - 00238928 _____ () C:\Program Files (x86)\Claro 3G\UICommonDlg.dll 2014-09-22 18:02 - 2010-12-10 12:42 - 00349520 _____ () C:\Program Files (x86)\Claro 3G\UISkin.dll 2014-09-22 18:02 - 2010-12-10 12:42 - 00165712 _____ () C:\Program Files (x86)\Claro 3G\BIXml.dll 2014-09-22 18:02 - 2010-12-10 12:42 - 00617808 _____ () C:\Program Files (x86)\Claro 3G\UpdateAgent.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\bancoreal.com.br -> hxxp://www.bancoreal.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\bancosantander.com.br -> hxxp://www.bancosantander.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\bancosantander.com.br -> hxxps://www.bancosantander.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\realsecureweb.com.br -> hxxps://www.realsecureweb.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santander.com.br -> hxxp://www.santander.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santander.com.br -> www.santander.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santanderempresarial.com.br -> hxxp://www.santanderempresarial.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santanderempresarial.com.br -> www.santanderempresarial.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santandernet.com.br -> hxxps://www.santandernet.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santandernet.com.br -> www.santandernet.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santandernetibe.com.br -> hxxps://www.santandernetibe.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\santandernetibe.com.br -> www.santandernetibe.com.br IE trusted site: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\secureweb.com.br -> hxxps://www.secureweb.com.br IE trusted site: HKU\User-4\...\bancoreal.com.br -> hxxp://www.bancoreal.com.br IE trusted site: HKU\User-4\...\bancosantander.com.br -> hxxp://www.bancosantander.com.br IE trusted site: HKU\User-4\...\bancosantander.com.br -> hxxps://www.bancosantander.com.br IE trusted site: HKU\User-4\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\User-4\...\realsecureweb.com.br -> hxxps://www.realsecureweb.com.br IE trusted site: HKU\User-4\...\santander.com.br -> hxxp://www.santander.com.br IE trusted site: HKU\User-4\...\santanderempresarial.com.br -> hxxp://www.santanderempresarial.com.br IE trusted site: HKU\User-4\...\santandernet.com.br -> hxxps://www.santandernet.com.br IE trusted site: HKU\User-4\...\santandernetibe.com.br -> hxxps://www.santandernetibe.com.br IE trusted site: HKU\User-4\...\secureweb.com.br -> hxxps://www.secureweb.com.br IE trusted site: HKU\User-5\...\bancoreal.com.br -> hxxp://www.bancoreal.com.br IE trusted site: HKU\User-5\...\bancosantander.com.br -> hxxp://www.bancosantander.com.br IE trusted site: HKU\User-5\...\bancosantander.com.br -> hxxps://www.bancosantander.com.br IE trusted site: HKU\User-5\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\User-5\...\realsecureweb.com.br -> hxxps://www.realsecureweb.com.br IE trusted site: HKU\User-5\...\santander.com.br -> hxxp://www.santander.com.br IE trusted site: HKU\User-5\...\santanderempresarial.com.br -> hxxp://www.santanderempresarial.com.br IE trusted site: HKU\User-5\...\santandernet.com.br -> hxxps://www.santandernet.com.br IE trusted site: HKU\User-5\...\santandernetibe.com.br -> hxxps://www.santandernetibe.com.br IE trusted site: HKU\User-5\...\secureweb.com.br -> hxxps://www.secureweb.com.br ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-09-01 12:27 - 00002022 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com Existem ainda 4 mais linhas. ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\User-4\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg HKU\User-5\Control Panel\Desktop\\Wallpaper -> C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\User-6\Control Panel\Desktop\\Wallpaper -> HKU\User-7\Control Panel\Desktop\\Wallpaper -> DNS Servers: 200.169.117.221 - 200.169.117.222 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) MSCONFIG\startupfolder: C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup HKLM\...\StartupApproved\Run32: => "avgnt" HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\StartupApproved\StartupFolder: => "PalTalk.lnk" HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_C76D497934B1A0EE0E3BF23C3F10F9A7" HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\StartupApproved\Run: => "MySQL Notifier" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{740EBEE1-94E3-4F8D-9187-F46539E1CC6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E1F7BD42-7CC4-4105-B951-05B99FCE2344}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{644CEC67-4834-4D09-90BB-8068B196FECB}] => (Block) C:\program files (x86)\eclipse-sdk-4-2-1-win32-x86_64\eclipse\eclipse.exe FirewallRules: [{35EC8EDD-A749-452A-B40A-A4E851C10864}] => (Block) C:\program files (x86)\eclipse-sdk-4-2-1-win32-x86_64\eclipse\eclipse.exe FirewallRules: [UDP Query User{50950C22-6928-4AFD-A394-8B6DFE72B063}C:\program files (x86)\eclipse-sdk-4-2-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse-sdk-4-2-1-win32-x86_64\eclipse\eclipse.exe FirewallRules: [TCP Query User{F0BFEFE3-C68E-4D5C-84DF-FF93D13532AB}C:\program files (x86)\eclipse-sdk-4-2-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\program files (x86)\eclipse-sdk-4-2-1-win32-x86_64\eclipse\eclipse.exe FirewallRules: [{18A3FC7C-F42F-4A47-85A0-F0D166CF5D19}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{92E62D73-F3F4-4F82-B296-6C926A63A5DC}] => (Allow) LPort=3306 FirewallRules: [UDP Query User{341B29CB-F830-44EC-8CAF-45FF1D7B5772}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{3F0170D4-B642-46D1-B9CB-3D628078FD8F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{B423ECA4-6D65-4348-94BF-CF10F3B55632}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{7736D09C-21AD-4AB4-85CB-2DB6D0888294}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [UDP Query User{34F04954-3F08-432C-8C55-AF5A50CEB8AD}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [TCP Query User{AF813AFC-52FD-41B6-AD46-2AE7558693F3}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_1feaa37cbf125788\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{7371C823-E1AF-4E41-B76E-EEEE81AD1BF7}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{36F3AB7D-C0FF-42BA-A699-3F92BD859365}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [UDP Query User{940752C4-EA29-403C-ACBF-C6C5563F9B67}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [TCP Query User{3EA8CBCB-96E6-40D3-92A6-43D116758E13}C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => (Block) C:\users\ivan\appdata\local\apps\2.0\cpz0xokz.3mo\a6d9hvnm.x8c\leve..tion_4f84b7a5873ddfc9_0000.0009_025a6ac6eaeb9448\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [UDP Query User{B263243F-8ED1-4188-8A1B-5434E6C6ACDA}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{6F27820B-54DF-4641-9F30-902AAD0BE97C}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{A0ED3BA6-9F8A-453F-BBB3-B7C599C3FE62}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [TCP Query User{1B7ED2FD-D801-4AE8-85D9-D68BBE043EE7}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [{DD22D721-A34D-476A-8F69-D094C08FADBC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{7F7C1768-CBF4-4D67-B32A-5132C73B9415}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{24BC3941-B637-4F21-B9FF-43DC1F16B01D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{3D3D20BB-CD69-4C88-9F87-CEEE610EE2F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{E95EE1D5-EA99-47AB-B04C-6CB8A7AD4FE5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{ED3BD995-8A85-4DD6-A0C7-37B01B3A0962}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 25-08-2016 00:17:18 Windows Update 25-08-2016 00:18:38 Windows Update 04-09-2016 19:07:08 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (09/06/2016 11:21:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 11:21:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 10:41:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 10:39:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 10:39:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 10:38:02 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa UIMain.exe versão 1.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 1fc4 Hora de Início: 01d20881f672afaa Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files (x86)\Claro 3G\UIMain.exe ID do Relatório: b5a83bc6-749b-11e6-ae65-00158307c667 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/06/2016 10:36:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 10:21:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 09:36:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (09/06/2016 09:21:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IVAN-PC) Description: Falha na ativação do aplicativo microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Erros de Sistema: ============= Error: (09/06/2016 12:18:41 PM) (Source: DCOM) (EventID: 10010) (User: IVAN-PC) Description: O servidor App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca não se registrou no DCOM dentro do tempo limite necessário. Error: (09/05/2016 11:32:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Acesso a Dados de Usuário_51019bc foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/05/2016 11:32:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Armazenamento de Dados de Usuário_51019bc foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/05/2016 11:32:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Dados de Contato_51019bc foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/05/2016 11:32:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_51019bc foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/04/2016 11:02:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Acesso a Dados de Usuário_4954678 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/04/2016 11:02:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Armazenamento de Dados de Usuário_4954678 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/04/2016 11:02:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Dados de Contato_4954678 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/04/2016 11:02:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_4954678 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (09/04/2016 01:41:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Acesso a Dados de Usuário_30da4d7 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2016-09-04 19:19:52.764 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 23:40:00.272 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 12:16:33.863 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 22:06:10.552 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 20:38:48.915 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-16 20:16:14.635 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-28 11:47:28.058 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 22:50:20.198 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-27 21:47:58.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-19 22:26:33.168 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentagem de memória em uso: 54% RAM física total: 4086.18 MB RAM física disponível: 1863.62 MB Virtual Total: 8182.18 MB Virtual disponível: 5372.98 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.22 GB) (Free:328.72 GB) NTFS Drive g: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CB93B4AD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== Fim de Addition.txt ============================