Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:31-12-2015
Executado por Thiago (2016-01-04 21:08:56)
Executando a partir de C:\Users\Thiago\Desktop
Windows 10 Pro (X64) (2015-12-05 05:45:08)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-1713420583-1435638475-2300282280-500 - Administrator - Disabled)
Convidado (S-1-5-21-1713420583-1435638475-2300282280-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1713420583-1435638475-2300282280-503 - Limited - Disabled)
Thiago (S-1-5-21-1713420583-1435638475-2300282280-1001 - Administrator - Enabled) => C:\Users\Thiago
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
Firebird 2.5.2.26539 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26539 - Firebird Project)
Flickr Uploadr for Windows (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\FlickrUploadrWindows) (Version: 0.9.96.258 - Flickr)
FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F58E2607-024E-4E05-8016-6948B24D40F8}) (Version: 12.0.30.219 - Hewlett-Packard Company)
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Sistema Gerencial Integrado 1.14.46.6 (HKLM-x32\...\Sistema Gerencial Integrado_is1) (Version: - Realtec Sistemas Ltda)
Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft)
Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Thiago\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {13C908C1-045E-46D0-887D-F965411E07C5} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic
Task: {26946583-DB17-41FB-ACFC-ACA9D9EB7537} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-23] (Microsoft Corporation)
Task: {2F827CD7-D1F9-418D-A88E-7BA9B277AAAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {45C8B5F3-3517-453E-8FD6-14D87E353C02} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {466CD80D-276B-4595-B088-2C27602B7E5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {6BA9F7DC-E82D-4FC3-8A0B-6A2EE0F926B8} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic
Task: {6F294698-C4F6-4333-BDF8-F9DA32148EFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {6FFBA5A3-081D-4D38-8CDD-3DD9722E3992} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9E1034BA-CC12-4B66-B225-36CBEA18E25C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {BDE7556C-471A-40C1-95B9-2A49F1138818} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {C30DB7F4-276C-44E5-B245-5BD2C2C34EF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-10] (AVAST Software)
Task: {D142D48B-D1EB-49C4-BD3C-BBB065B11AD5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D97BD0FC-7CDD-4ABB-A70C-E7189C61B44F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {DC03315C-C524-425F-9AC3-C8F4A3C80D6C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {E68B23CF-BDB3-4E6E-9CDB-452102A8B5AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E92CB2A1-D5E7-485D-8CFD-615CA23C0253} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-10-16] ()
Task: {FD1D4F49-B3D4-4995-B1C2-A7F44B61A42B} - System32\Tasks\Format Factory => C:\Users\Thiago\AppData\Local\Temp\is-B4M1L.tmp\prsetup.exe <==== ATENÇÃO
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
==================== Módulos Carregados (Whitelisted) ==============
2015-10-30 05:18 - 2015-10-30 05:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-05 04:10 - 2015-12-05 04:10 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-05 04:10 - 2015-12-05 04:10 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-12 21:11 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-11-12 21:11 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-12-17 19:06 - 2015-12-07 02:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 19:06 - 2015-12-07 02:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-17 19:06 - 2015-12-07 01:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-17 19:06 - 2015-12-07 01:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-17 19:06 - 2015-12-07 01:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-17 19:06 - 2015-12-07 01:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-10 12:51 - 2015-11-10 12:51 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-23 08:29 - 2015-12-23 08:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-10 12:43 - 2015-11-10 22:39 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2015-12-30 16:43 - 2015-12-30 16:43 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-23 08:29 - 2015-12-23 08:37 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-23 08:29 - 2015-12-23 08:37 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 16:31 - 2015-11-19 16:32 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-03 18:51 - 2016-01-03 18:51 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010301\algo.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-04 18:40 - 2016-01-04 18:40 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010401\algo.dll
2015-12-23 08:29 - 2015-12-23 08:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-23 08:29 - 2015-12-23 08:50 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-16 17:36 - 2015-12-11 01:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 17:36 - 2015-12-11 01:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\WINDOWS\System32:6ECF6A10_Uni.gbp
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2015-07-10 09:04 - 2016-01-04 18:37 - 00002022 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
Existem ainda 4 mais linhas.
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
(Atualmente não há nenhuma correção automática para esta seção.)
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B88B61C-68CE-4CD8-B60B-8526767481BE}] => (Allow) LPort=3050
FirewallRules: [{E38C3E7F-6304-4A2B-9BEC-B3C21D9F13E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C88719B4-A3A2-429D-95EA-AA3073ED6922}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB14FC76-748A-4987-8A04-8F35E224AE78}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{060D0F0C-ABEC-4558-A09A-BC20AA340BF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5C80D829-9C4A-45D8-88B5-7948B4FD3475}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{E7715E64-E832-4FBD-8C42-2F8C4D3DB47C}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{B14BDFEE-1D06-4ADC-84D4-497D0811AB31}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D7EF084F-F5E2-4F60-8969-E3BE87DBEA65}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6FD9BAB7-5D84-45E1-B548-4DFFDD229DDB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{06466EFF-4A63-4434-AC09-9AAFE3BE7E30}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{938481C3-78D6-4FC7-9FCF-FA449D4FB8DF}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe
FirewallRules: [TCP Query User{626B287A-61AE-4F96-BC99-1393E34B6849}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe
FirewallRules: [{FA4FBFA6-47EF-4B6A-B1CB-DE3B206EC572}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7DF736D4-E196-4364-A620-CE9C1A2EF482}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7264999-9745-4F52-A4F3-CAC022C770A0}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DC4B1EB-BF19-4A0A-A7F5-13122A7FE847}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33131F99-8277-489B-95EB-212BEED6C4EA}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F27C7E5F-238E-4CAC-9274-AE760CFCB332}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37B81A12-E863-4A09-A89E-A86E85112009}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{75EC6ED2-9844-471F-96E4-D13F347FF717}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
==================== Pontos de Restauração =========================
20-12-2015 07:04:58 Ponto de Verificação Agendado
23-12-2015 07:06:53 Windows Update
23-12-2015 07:08:33 Windows Update
30-12-2015 07:22:54 Windows Update
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (01/04/2016 06:47:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/04/2016 06:31:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Explorer.EXE, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d4c0
Nome do módulo com falha: twinui.appcore.dll, versão: 10.0.10586.11, carimbo de data/hora: 0x56457778
Código de exceção: 0x80270233
Deslocamento da falha: 0x0000000000166be4
ID do processo com falha: 0x7d8
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
Caminho do módulo com falha: Explorer.EXE2
ID do Relatório: Explorer.EXE3
Nome completo do pacote com falha: Explorer.EXE4
ID do aplicativo relativo ao pacote com falha: Explorer.EXE5
Error: (01/03/2016 09:19:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: utorrentie.exe, versão: 1.0.0.41372, carimbo de data/hora: 0x564b8ce9
Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.10586.0, carimbo de data/hora: 0x5632da1c
Código de exceção: 0x4000001f
Deslocamento da falha: 0x001382e2
ID do processo com falha: 0xbdc
Hora de início do aplicativo com falha: 0xutorrentie.exe0
Caminho do aplicativo com falha: utorrentie.exe1
Caminho do módulo com falha: utorrentie.exe2
ID do Relatório: utorrentie.exe3
Nome completo do pacote com falha: utorrentie.exe4
ID do aplicativo relativo ao pacote com falha: utorrentie.exe5
Error: (01/03/2016 08:32:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EN4KEM9)
Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (01/03/2016 07:52:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EN4KEM9)
Description: Falha na ativação do aplicativo Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Erros de Sistema:
=============
Error: (01/04/2016 07:18:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (01/04/2016 06:42:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Otimização de Entrega suspenso ao iniciar.
Error: (01/04/2016 06:42:07 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
Error: (01/04/2016 06:34:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EN4KEM9)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (01/04/2016 06:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_1cb672f5 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (01/04/2016 06:34:47 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (01/04/2016 06:34:12 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: O seguinte serviço tem parado repetidamente de responder às solicitações de controle de serviço: Agente de Eventos do Sistema
Contate o fornecedor do serviço ou o administrador do sistema para saber se deve desativar este serviço até que o problema seja identificado.
nTalvez seja necessário reiniciar o computador no modo de segurança para desabilitar o serviço.
Error: (01/04/2016 06:33:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço SystemEventsBroker.
Error: (01/04/2016 06:33:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço BrokerInfrastructure.
Error: (01/04/2016 06:32:50 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
CodeIntegrity:
===================================
Date: 2015-12-31 09:06:48.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-30 07:25:12.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-23 10:04:41.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-23 07:22:51.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-23 06:59:14.138
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-12 09:21:25.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 03:39:20.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 03:37:48.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 03:17:39.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentagem de memória em uso: 55%
RAM física total: 4003.89 MB
RAM física disponível: 1797.79 MB
Virtual Total: 4707.89 MB
Virtual disponível: 2392.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.15 GB) (Free:303.65 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2A36747C)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.1 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt ============================
Executado por Thiago (2016-01-04 21:08:56)
Executando a partir de C:\Users\Thiago\Desktop
Windows 10 Pro (X64) (2015-12-05 05:45:08)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-1713420583-1435638475-2300282280-500 - Administrator - Disabled)
Convidado (S-1-5-21-1713420583-1435638475-2300282280-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1713420583-1435638475-2300282280-503 - Limited - Disabled)
Thiago (S-1-5-21-1713420583-1435638475-2300282280-1001 - Administrator - Enabled) => C:\Users\Thiago
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
Firebird 2.5.2.26539 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26539 - Firebird Project)
Flickr Uploadr for Windows (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\FlickrUploadrWindows) (Version: 0.9.96.258 - Flickr)
FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F58E2607-024E-4E05-8016-6948B24D40F8}) (Version: 12.0.30.219 - Hewlett-Packard Company)
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Sistema Gerencial Integrado 1.14.46.6 (HKLM-x32\...\Sistema Gerencial Integrado_is1) (Version: - Realtec Sistemas Ltda)
Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft)
Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Thiago\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {13C908C1-045E-46D0-887D-F965411E07C5} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic
Task: {26946583-DB17-41FB-ACFC-ACA9D9EB7537} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-23] (Microsoft Corporation)
Task: {2F827CD7-D1F9-418D-A88E-7BA9B277AAAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {45C8B5F3-3517-453E-8FD6-14D87E353C02} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {466CD80D-276B-4595-B088-2C27602B7E5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.)
Task: {6BA9F7DC-E82D-4FC3-8A0B-6A2EE0F926B8} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic
Task: {6F294698-C4F6-4333-BDF8-F9DA32148EFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {6FFBA5A3-081D-4D38-8CDD-3DD9722E3992} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9E1034BA-CC12-4B66-B225-36CBEA18E25C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {BDE7556C-471A-40C1-95B9-2A49F1138818} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {C30DB7F4-276C-44E5-B245-5BD2C2C34EF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-10] (AVAST Software)
Task: {D142D48B-D1EB-49C4-BD3C-BBB065B11AD5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D97BD0FC-7CDD-4ABB-A70C-E7189C61B44F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {DC03315C-C524-425F-9AC3-C8F4A3C80D6C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {E68B23CF-BDB3-4E6E-9CDB-452102A8B5AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E92CB2A1-D5E7-485D-8CFD-615CA23C0253} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-10-16] ()
Task: {FD1D4F49-B3D4-4995-B1C2-A7F44B61A42B} - System32\Tasks\Format Factory => C:\Users\Thiago\AppData\Local\Temp\is-B4M1L.tmp\prsetup.exe <==== ATENÇÃO
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
==================== Módulos Carregados (Whitelisted) ==============
2015-10-30 05:18 - 2015-10-30 05:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-05 04:10 - 2015-12-05 04:10 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-05 04:10 - 2015-12-05 04:10 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-12 21:11 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-11-12 21:11 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-12-17 19:06 - 2015-12-07 02:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 19:06 - 2015-12-07 02:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-17 19:06 - 2015-12-07 01:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-17 19:06 - 2015-12-07 01:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-17 19:06 - 2015-12-07 01:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-17 19:06 - 2015-12-07 01:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-10 12:51 - 2015-11-10 12:51 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-23 08:29 - 2015-12-23 08:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-11-10 12:43 - 2015-11-10 22:39 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2015-12-30 16:43 - 2015-12-30 16:43 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-23 08:29 - 2015-12-23 08:37 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-23 08:29 - 2015-12-23 08:37 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 16:31 - 2015-11-19 16:32 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-03 18:51 - 2016-01-03 18:51 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010301\algo.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-04 18:40 - 2016-01-04 18:40 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010401\algo.dll
2015-12-23 08:29 - 2015-12-23 08:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-23 08:29 - 2015-12-23 08:50 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-11-10 13:19 - 2015-11-10 13:19 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-16 17:36 - 2015-12-11 01:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 17:36 - 2015-12-11 01:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\WINDOWS\System32:6ECF6A10_Uni.gbp
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2015-07-10 09:04 - 2016-01-04 18:37 - 00002022 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
Existem ainda 4 mais linhas.
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
(Atualmente não há nenhuma correção automática para esta seção.)
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B88B61C-68CE-4CD8-B60B-8526767481BE}] => (Allow) LPort=3050
FirewallRules: [{E38C3E7F-6304-4A2B-9BEC-B3C21D9F13E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C88719B4-A3A2-429D-95EA-AA3073ED6922}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB14FC76-748A-4987-8A04-8F35E224AE78}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{060D0F0C-ABEC-4558-A09A-BC20AA340BF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5C80D829-9C4A-45D8-88B5-7948B4FD3475}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{E7715E64-E832-4FBD-8C42-2F8C4D3DB47C}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{B14BDFEE-1D06-4ADC-84D4-497D0811AB31}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D7EF084F-F5E2-4F60-8969-E3BE87DBEA65}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6FD9BAB7-5D84-45E1-B548-4DFFDD229DDB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{06466EFF-4A63-4434-AC09-9AAFE3BE7E30}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{938481C3-78D6-4FC7-9FCF-FA449D4FB8DF}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe
FirewallRules: [TCP Query User{626B287A-61AE-4F96-BC99-1393E34B6849}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe
FirewallRules: [{FA4FBFA6-47EF-4B6A-B1CB-DE3B206EC572}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7DF736D4-E196-4364-A620-CE9C1A2EF482}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C7264999-9745-4F52-A4F3-CAC022C770A0}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DC4B1EB-BF19-4A0A-A7F5-13122A7FE847}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33131F99-8277-489B-95EB-212BEED6C4EA}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F27C7E5F-238E-4CAC-9274-AE760CFCB332}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{37B81A12-E863-4A09-A89E-A86E85112009}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{75EC6ED2-9844-471F-96E4-D13F347FF717}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
==================== Pontos de Restauração =========================
20-12-2015 07:04:58 Ponto de Verificação Agendado
23-12-2015 07:06:53 Windows Update
23-12-2015 07:08:33 Windows Update
30-12-2015 07:22:54 Windows Update
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (01/04/2016 06:47:59 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/04/2016 06:31:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Explorer.EXE, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d4c0
Nome do módulo com falha: twinui.appcore.dll, versão: 10.0.10586.11, carimbo de data/hora: 0x56457778
Código de exceção: 0x80270233
Deslocamento da falha: 0x0000000000166be4
ID do processo com falha: 0x7d8
Hora de início do aplicativo com falha: 0xExplorer.EXE0
Caminho do aplicativo com falha: Explorer.EXE1
Caminho do módulo com falha: Explorer.EXE2
ID do Relatório: Explorer.EXE3
Nome completo do pacote com falha: Explorer.EXE4
ID do aplicativo relativo ao pacote com falha: Explorer.EXE5
Error: (01/03/2016 09:19:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: utorrentie.exe, versão: 1.0.0.41372, carimbo de data/hora: 0x564b8ce9
Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.10586.0, carimbo de data/hora: 0x5632da1c
Código de exceção: 0x4000001f
Deslocamento da falha: 0x001382e2
ID do processo com falha: 0xbdc
Hora de início do aplicativo com falha: 0xutorrentie.exe0
Caminho do aplicativo com falha: utorrentie.exe1
Caminho do módulo com falha: utorrentie.exe2
ID do Relatório: utorrentie.exe3
Nome completo do pacote com falha: utorrentie.exe4
ID do aplicativo relativo ao pacote com falha: utorrentie.exe5
Error: (01/03/2016 08:32:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EN4KEM9)
Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (01/03/2016 07:52:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EN4KEM9)
Description: Falha na ativação do aplicativo Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Erros de Sistema:
=============
Error: (01/04/2016 07:18:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (01/04/2016 06:42:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Otimização de Entrega suspenso ao iniciar.
Error: (01/04/2016 06:42:07 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {4991D34B-80A1-4291-83B6-3328366B9097}
Error: (01/04/2016 06:34:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EN4KEM9)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (01/04/2016 06:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_1cb672f5 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.
Error: (01/04/2016 06:34:47 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
Error: (01/04/2016 06:34:12 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: O seguinte serviço tem parado repetidamente de responder às solicitações de controle de serviço: Agente de Eventos do Sistema
Contate o fornecedor do serviço ou o administrador do sistema para saber se deve desativar este serviço até que o problema seja identificado.
nTalvez seja necessário reiniciar o computador no modo de segurança para desabilitar o serviço.
Error: (01/04/2016 06:33:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço SystemEventsBroker.
Error: (01/04/2016 06:33:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço BrokerInfrastructure.
Error: (01/04/2016 06:32:50 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível
CodeIntegrity:
===================================
Date: 2015-12-31 09:06:48.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-30 07:25:12.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-23 10:04:41.039
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-23 07:22:51.271
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-23 06:59:14.138
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-12 09:21:25.776
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 03:39:20.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 03:37:48.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-05 03:17:39.897
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentagem de memória em uso: 55%
RAM física total: 4003.89 MB
RAM física disponível: 1797.79 MB
Virtual Total: 4707.89 MB
Virtual disponível: 2392.16 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:698.15 GB) (Free:303.65 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2A36747C)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.1 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt ============================