Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 17.03.2019
Executado por allan (14-04-2019 19:02:07)
Executando a partir de \\fs01\Inst\UTILITÁRIOS\Farbar Recovery Scan Tool
Windows 10 Pro Versão 1809 17763.404 (X64) (2019-04-04 15:54:24)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-793522881-2596598788-1063315974-500 - Administrator - Enabled) => C:\Users\Administrador
Convidado (S-1-5-21-793522881-2596598788-1063315974-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-793522881-2596598788-1063315974-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-793522881-2596598788-1063315974-504 - Limited - Disabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.118 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.0.2 - philandro Software GmbH)
Assistente de Conexão do Microsoft Online Services (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Atualizações da NVIDIA 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Brother HL-5350DN (HKLM-x32\...\{141BABA5-EE9B-46F4-A151-0DB48C116A14}) (Version: 1.00 - Brother)
Bullzip PDF Printer 11.9.0.2735 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.9.0.2735 - Bullzip)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
CertiPlugin 1.1.0.2 (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}}_is1) (Version: 1.1.0.2 - Certisign)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dexpot (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\Dexpot) (Version: 1.6.14 - Dexpot GbR)
ESET Endpoint Antivirus (HKLM\...\{E7E9B29C-1A4D-4EB8-8AB9-0AA579C984F1}) (Version: 7.0.2073.1 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}) (Version: 6.5.522.0 - ESET, spol. s r.o.)
eToken PKI Client 5.1 SP1 (HKLM\...\{BC5C2BEB-87AF-4636-9184-CA10C3C740B8}) (Version: 5.1.66.0 - Aladdin Knowledge Systems Ltd.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.1.16828 - Foxit Software Inc.)
FREEping (HKLM-x32\...\{D85480F4-F0BD-4F42-B936-4480E852EF9C}) (Version: - )
Galeria de Fotos (HKLM-x32\...\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP OfficeJet Pro 8710 Software básico do dispositivo (HKLM\...\{D3A14422-56F7-464D-988B-DF1D2040E2B8}) (Version: 38.1.1881.57490 - HP Inc.)
hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (HKLM-x32\...\{BF2198EB-503D-4E0B-89FB-509AADD6D545}) (Version: 001.001.05164 - Hewlett-Packard) Hidden
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.0 - Receita Federal do Brasil)
ISIS Driver - KODAK i900 (HKLM-x32\...\{BA6A2EB5-AA67-40e2-A719-A5ABBDCFC965}) (Version: 1.0.2679 - EMC Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
KODAK SCANMATE i900 Scanner (HKLM-x32\...\KODAK SCANMATE i900 Scanner) (Version: 4.0 - Kodak Alaris Inc.)
KODAK SCANMATE i900 Series - Smart Touch (HKLM-x32\...\{755F9FAC-075D-42D1-8144-3EE9D4218177}) (Version: 1.8.39.209 - Kodak Alaris Inc.)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft CAPICOM 2.1.0.2 SDK (HKLM-x32\...\{2FF43F5D-5729-4E02-A548-310E30A5F29B}) (Version: 2.1.0.2 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edição 2003 (HKLM-x32\...\{90110416-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft Office Standard 2019 - pt-br (HKLM\...\Standard2019Retail - pt-br) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server 2012 (x64) (HKLM\...\{33BF1AA4-1FAE-4CC4-B979-B344C13AAEC9}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{C05F4139-CB6B-4272-A0BF-861FEB667F27}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
NetTime (HKLM-x32\...\NetTime_is1) (Version: - Mark Griffiths)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Painel de controle da NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
psqlODBC (HKLM-x32\...\{4ADF3CE1-3B73-49E9-903C-166DEC8AB99F}) (Version: 09.06.0310 - PostgreSQL Global Development Group)
psqlODBC_x64 (HKLM\...\{6904A5EA-ADD1-4DEC-9B21-B32F03972631}) (Version: 09.06.0310 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
ScanSnap Manager (HKLM-x32\...\{A78558D7-57C5-4E1B-9299-3D1AFD7DA1BC}) (Version: 6.3.21.1.1 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.3L21 - PFU)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Skype versão 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer)
Tempo de Execução do Microsoft Report Viewer 2012 (HKLM-x32\...\{A20D0B8F-8D06-42C3-A289-DD1DCE532E21}) (Version: 11.1.3452.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
VMware Remote Console (HKLM-x32\...\{EB035E03-98BC-402E-AF8A-5E61097B1004}) (Version: 10.0.4 - VMware, Inc.)
Warsaw 2.8.2.1 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.8.2.1 - GAS Tecnologia)
Web Companion (HKLM-x32\...\{0ac6dff3-0364-46d3-b688-1d92b8e554c6}) (Version: 4.3.1917.3743 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinSCP 5.15 (HKLM-x32\...\winscp3_is1) (Version: 5.15 - Martin Prikryl)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-57989841-117609710-1801674531-1338_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-57989841-117609710-1801674531-1338_Classes\CLSID\{04271989-C4D2-EA35-45E8-ED6854EA523C} -> [OneDrive - EXPRESSO FIGUEIREDO LTDA] => C:\Users\Allan\OneDrive - EXPRESSO FIGUEIREDO LTDA [2019-01-10 15:07]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Nenhum Arquivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Nenhum Arquivo
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Nenhum Arquivo
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2018-07-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2018-07-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Nenhum Arquivo
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Nenhum Arquivo
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2018-07-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0D5A100D-3509-45CF-B2E0-353AF9E4F925} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0FD79A6C-A9E4-4CD5-901F-93F49267BBAD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {20B2C245-7916-4EB7-8AB0-BA4F87323E9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2300D90C-AC15-4C7B-A39F-C372F4846EE0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2F4D57FD-1491-46AC-A63B-5D57C280F735} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {40F52138-59A4-4FAF-997F-117B58AD769B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {48578CFE-7F4B-423B-BAAC-30D40CC6716F} - System32\Tasks\TeamViewer\TeamViewer AD Connector => powershell.exe -NoProfile -NoLogo -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& { C:\Users\Allan\Desktop\TeamViewer_AD_Connector\TeamViewerADConnector\Invoke-Sync.ps1 -LogfileDirectory 'C:\Users\Allan\Desktop\TeamViewer_AD_Connector\TeamViewerADConnector'; exit $LastExitCode }"
Task: {64B2A3AF-BB09-41AB-92C5-C67E6AD1029A} - System32\Tasks\Dexpot\Dexpot Allan => C:\Program Files (x86)\Dexpot\dexpot.exe (Dexpot GbR -> Dexpot GbR)
Task: {6F8F47A7-0794-467B-9554-FAFE358AD738} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {98EDC6F5-BAE1-4F20-9CA9-8AF2D21590AA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9DF8C91F-701F-4FE4-A622-37E66D5371EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {BAFF57CE-2A6D-4D01-8016-951E2965F7A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EC11DB84-B9A5-421D-86AD-2B1DF06031CB} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {ECEB339D-C991-4800-8261-A386D0651BC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F5708E78-4060-457E-83EF-A5EDFDFE7E72} - System32\Tasks\AdobeGCInvoker-1.0-EF-allan => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
==================== Atalhos & WMI ========================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Google Agenda (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lgcomfcjgjijhbbfimpmiehfndbkimag
ShortcutWithArgument: C:\Users\Allan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Agenda.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lgcomfcjgjijhbbfimpmiehfndbkimag
ShortcutWithArgument: C:\Users\Allan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --incognito
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --incognito
==================== Módulos Carregados (Whitelisted) ==============
2019-03-06 09:13 - 2019-02-15 12:13 - 000221696 _____ (Bullzip) [Arquivo não assinado] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [Arquivo não assinado] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [Arquivo não assinado] C:\WINDOWS\System32\HPTcpMUI.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [Arquivo não assinado] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [Arquivo não assinado] C:\WINDOWS\System32\hptcpmib.dll
2018-01-04 12:40 - 2016-11-14 09:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [Arquivo não assinado] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [Arquivo não assinado] c:\windows\system32\hpzipm12.dll
2018-01-12 12:41 - 2010-11-19 01:38 - 000069632 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\bin\omtsreco.exe
2018-10-24 14:48 - 2012-05-12 01:27 - 000473088 _____ () [Arquivo não assinado] C:\Program Files (x86)\NetTime\NetTimeService.exe
2018-01-04 12:54 - 2015-08-30 15:05 - 000737984 _____ (@ByELDI -> @ByELDI) [Arquivo não assinado] C:\Program Files\KMSpico\Service_KMS.exe
2019-01-07 15:03 - 2019-01-07 15:03 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2019-01-07 15:03 - 2019-01-07 15:03 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2018-10-24 14:48 - 2012-05-12 09:28 - 000772096 _____ () [Arquivo não assinado] C:\Program Files (x86)\NetTime\NetTime.exe
2018-11-21 08:31 - 2017-05-23 13:59 - 000478208 _____ (Skillbrains) [Arquivo não assinado] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
2018-01-12 12:41 - 2010-11-27 16:21 - 001015808 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\OCI.dll
2019-04-04 12:47 - 2019-04-04 12:47 - 001101824 _____ (Microsoft Corporation) [Arquivo não assinado] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2018-01-12 12:41 - 2010-11-27 16:24 - 129593344 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\OraOCIEI11.dll
2018-01-12 12:41 - 2010-11-19 01:37 - 000050176 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\bin\omtsrecomsgus.dll
2019-01-14 07:50 - 2019-03-26 16:27 - 015257088 _____ (Node.js) [Arquivo não assinado] C:\Program Files (x86)\Microsoft\Skype for Desktop\node.dll
2018-11-21 08:31 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [Arquivo não assinado] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-11-21 08:31 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [Arquivo não assinado] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2019-01-14 07:50 - 2019-03-26 16:27 - 002901504 _____ () [Arquivo não assinado] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2019-01-14 07:50 - 2019-03-26 16:27 - 000015360 _____ () [Arquivo não assinado] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\localhost -> localhost
==================== Hosts Conteúdo: ===============================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2016-07-16 08:47 - 2019-04-13 11:49 - 000000836 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\app\allan\product\11.2.0\client_2;C:\app\allan\product\11.2.0\client_1;C:\app\allan\product\11.2.0\client_1\bin;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;;C:\Program Files (x86)\NTP\bin;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Aladdin\eToken\PKIClient\x32;C:\Program Files\Aladdin\eToken\PKIClient\x64;C:\Program Files (x86)\Kodak\Document Imaging\kds_i900\Smart Touch\
HKU\S-1-5-21-57989841-117609710-1801674531-1338\Control Panel\Desktop\\Wallpaper -> C:\Users\Allan\AppData\Local\Temp\BGInfo.bmp
DNS Servers: 10.0.0.100 - 10.0.0.109
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
Se uma entrada for incluída na fixlist, será removida.
HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "eTMonitor"
HKLM\...\StartupApproved\Run: => "BrStsWnd"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "BrStsWnd"
HKLM\...\StartupApproved\Run32: => "ScanSnap OnlineUpdate Watcher"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Smart Touch i900"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\StartupFolder: => "Enviar para o OneNote.lnk"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "HP OfficeJet Pro 8710 (NET)"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "Spark"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "com.deezer.deezer-desktop"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [{D73E964A-9713-458E-85FF-024F8D7C97F7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{E941D83B-3F9B-4970-B87A-C2B6A56753E8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{8A8D6EB0-7802-4C3B-995F-E0BF34D409D3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{379BB7C9-EDD2-4647-9E29-9F0A964CD650}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
==================== Pontos de Restauração =========================
04-04-2019 13:42:32 Windows Update
08-04-2019 09:07:22 Removed Backup and Sync from Google
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (04/14/2019 06:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 06:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Error: (04/14/2019 05:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 05:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Error: (04/14/2019 04:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 04:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Error: (04/14/2019 03:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 03:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Erros de Sistema:
=============
Error: (04/14/2019 05:53:51 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão padrão-computador não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{0358B920-0AC7-461F-98F4-58E32CD89148}
e APPID
{3EB3C877-1F16-487C-9050-104DBCD66683}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/14/2019 05:53:50 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão padrão-computador não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{0358B920-0AC7-461F-98F4-58E32CD89148}
e APPID
{3EB3C877-1F16-487C-9050-104DBCD66683}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:58:48 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:58:48 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:53:59 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: AUTORIDADE NT)
Description: 0 falhou.
Nome do GPO: Default Domain Policy
Caminho do Sistema de Arquivos do GPO : \\EF.LOCAL\sysvol\EF.LOCAL\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine
Nome do Script: net time \\ef.local /set /y
Error: (04/13/2019 11:44:59 AM) (Source: DCOM) (EventID: 10016) (User: EF)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
ao usuário EF\allan SID (S-1-5-21-57989841-117609710-1801674531-1338) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:30:06 AM) (Source: DCOM) (EventID: 10000) (User: EF)
Description: Não é possível iniciar o servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro:
"0"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (04/13/2019 11:20:19 AM) (Source: DCOM) (EventID: 10016) (User: EF)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
ao usuário EF\allan SID (S-1-5-21-57989841-117609710-1801674531-1338) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Windows Defender:
===================================
Date: 2019-04-04 12:56:02.226
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Severidade: Médio
Categoria: Ferramenta
Caminho: file:_C:\Program Files\KMSpico\AutoPico.exe
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Sistema
Usuário: AUTORIDADE NT\SISTEMA
Nome do Processo: C:\Program Files\KMSpico\Service_KMS.exe
Versão da Assinatura: AV: 1.259.1394.0, AS: 1.259.1394.0, NIS: 1.259.1394.0
Versão do Mecanismo: AM: 1.1.14405.2, NIS: 1.1.14405.2
Date: 2019-04-04 12:56:02.224
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nome: HackTool:Win32/AutoKMS
ID: 2147685180
Severidade: Médio
Categoria: Ferramenta
Caminho: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Sistema
Usuário: AUTORIDADE NT\SISTEMA
Nome do Processo: Unknown
Versão da Assinatura: AV: 1.259.1394.0, AS: 1.259.1394.0, NIS: 1.259.1394.0
Versão do Mecanismo: AM: 1.1.14405.2, NIS: 1.1.14405.2
CodeIntegrity:
===================================
Date: 2019-04-13 11:56:01.806
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:56:01.799
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:56:01.786
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:56:01.778
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.912
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.906
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.894
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.886
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentagem de memória em uso: 56%
RAM física total: 8053.39 MB
RAM física disponível: 3526.08 MB
Virtual Total: 11893.39 MB
Virtual disponível: 6917.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.18 GB) (Free:103.8 GB) NTFS
Drive e: (HD_DADOS) (Fixed) (Total:297.87 GB) (Free:297.68 GB) NTFS
\\?\Volume{772d0f8d-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{772d0f8d-0000-0000-0000-f0aa37000000}\ () (Fixed) (Total:0.9 GB) (Free:0.34 GB) NTFS
\\?\Volume{cc47e7e6-fb47-4b28-9967-e966ffc6ee13}\ () (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 772D0F8D)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9D487CE8)
Partition: GPT.
==================== Fim de Addition.txt ============================
Executado por allan (14-04-2019 19:02:07)
Executando a partir de \\fs01\Inst\UTILITÁRIOS\Farbar Recovery Scan Tool
Windows 10 Pro Versão 1809 17763.404 (X64) (2019-04-04 15:54:24)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-793522881-2596598788-1063315974-500 - Administrator - Enabled) => C:\Users\Administrador
Convidado (S-1-5-21-793522881-2596598788-1063315974-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-793522881-2596598788-1063315974-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-793522881-2596598788-1063315974-504 - Limited - Disabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.118 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.118 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.0.2 - philandro Software GmbH)
Assistente de Conexão do Microsoft Online Services (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Atualizações da NVIDIA 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Brother HL-5350DN (HKLM-x32\...\{141BABA5-EE9B-46F4-A151-0DB48C116A14}) (Version: 1.00 - Brother)
Bullzip PDF Printer 11.9.0.2735 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.9.0.2735 - Bullzip)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
CertiPlugin 1.1.0.2 (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\{E74B2E92-1570-41FB-AB75-1A618DD3FCE3}}_is1) (Version: 1.1.0.2 - Certisign)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dexpot (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\Dexpot) (Version: 1.6.14 - Dexpot GbR)
ESET Endpoint Antivirus (HKLM\...\{E7E9B29C-1A4D-4EB8-8AB9-0AA579C984F1}) (Version: 7.0.2073.1 - ESET, spol. s r.o.)
ESET Remote Administrator Agent (HKLM\...\{41F12F70-5FA9-43F5-94F4-53B54EB4EEC4}) (Version: 6.5.522.0 - ESET, spol. s r.o.)
eToken PKI Client 5.1 SP1 (HKLM\...\{BC5C2BEB-87AF-4636-9184-CA10C3C740B8}) (Version: 5.1.66.0 - Aladdin Knowledge Systems Ltd.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.4.1.16828 - Foxit Software Inc.)
FREEping (HKLM-x32\...\{D85480F4-F0BD-4F42-B936-4480E852EF9C}) (Version: - )
Galeria de Fotos (HKLM-x32\...\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 73.0.3683.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP OfficeJet Pro 8710 Software básico do dispositivo (HKLM\...\{D3A14422-56F7-464D-988B-DF1D2040E2B8}) (Version: 38.1.1881.57490 - HP Inc.)
hpbDSService (HKLM-x32\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (HKLM-x32\...\{BF2198EB-503D-4E0B-89FB-509AADD6D545}) (Version: 001.001.05164 - Hewlett-Packard) Hidden
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.0 - Receita Federal do Brasil)
ISIS Driver - KODAK i900 (HKLM-x32\...\{BA6A2EB5-AA67-40e2-A719-A5ABBDCFC965}) (Version: 1.0.2679 - EMC Corporation)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
KODAK SCANMATE i900 Scanner (HKLM-x32\...\KODAK SCANMATE i900 Scanner) (Version: 4.0 - Kodak Alaris Inc.)
KODAK SCANMATE i900 Series - Smart Touch (HKLM-x32\...\{755F9FAC-075D-42D1-8144-3EE9D4218177}) (Version: 1.8.39.209 - Kodak Alaris Inc.)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft CAPICOM 2.1.0.2 SDK (HKLM-x32\...\{2FF43F5D-5729-4E02-A548-310E30A5F29B}) (Version: 2.1.0.2 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edição 2003 (HKLM-x32\...\{90110416-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft Office Standard 2019 - pt-br (HKLM\...\Standard2019Retail - pt-br) (Version: 16.0.11425.20204 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft System CLR Types para SQL Server 2012 (x64) (HKLM\...\{33BF1AA4-1FAE-4CC4-B979-B344C13AAEC9}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{C05F4139-CB6B-4272-A0BF-861FEB667F27}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
NetTime (HKLM-x32\...\NetTime_is1) (Version: - Mark Griffiths)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.6.6 - Notepad++ Team)
NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.11425.20204 - Microsoft Corporation) Hidden
Painel de controle da NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
psqlODBC (HKLM-x32\...\{4ADF3CE1-3B73-49E9-903C-166DEC8AB99F}) (Version: 09.06.0310 - PostgreSQL Global Development Group)
psqlODBC_x64 (HKLM\...\{6904A5EA-ADD1-4DEC-9B21-B32F03972631}) (Version: 09.06.0310 - PostgreSQL Global Development Group)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
ScanSnap Manager (HKLM-x32\...\{A78558D7-57C5-4E1B-9299-3D1AFD7DA1BC}) (Version: 6.3.21.1.1 - PFU) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V6.3L21 - PFU)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.125 - NVIDIA Corporation) Hidden
Skype versão 8.42 (HKLM-x32\...\Skype_is1) (Version: 8.42 - Skype Technologies S.A.)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 14 (HKLM-x32\...\TeamViewer) (Version: 14.2.2558 - TeamViewer)
Tempo de Execução do Microsoft Report Viewer 2012 (HKLM-x32\...\{A20D0B8F-8D06-42C3-A289-DD1DCE532E21}) (Version: 11.1.3452.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{FBA3961B-D1DF-493C-BC1F-E67D3B832895}) (Version: 2.56.0.0 - Microsoft Corporation)
VMware Remote Console (HKLM-x32\...\{EB035E03-98BC-402E-AF8A-5E61097B1004}) (Version: 10.0.4 - VMware, Inc.)
Warsaw 2.8.2.1 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.8.2.1 - GAS Tecnologia)
Web Companion (HKLM-x32\...\{0ac6dff3-0364-46d3-b688-1d92b8e554c6}) (Version: 4.3.1917.3743 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WinSCP 5.15 (HKLM-x32\...\winscp3_is1) (Version: 5.15 - Martin Prikryl)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-57989841-117609710-1801674531-1338_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-57989841-117609710-1801674531-1338_Classes\CLSID\{04271989-C4D2-EA35-45E8-ED6854EA523C} -> [OneDrive - EXPRESSO FIGUEIREDO LTDA] => C:\Users\Allan\OneDrive - EXPRESSO FIGUEIREDO LTDA [2019-01-10 15:07]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Nenhum Arquivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Nenhum Arquivo
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Nenhum Arquivo
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2018-07-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2018-07-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Nenhum Arquivo
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> Nenhum Arquivo
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Endpoint Antivirus\shellExt.dll [2018-07-13] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0D5A100D-3509-45CF-B2E0-353AF9E4F925} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {0FD79A6C-A9E4-4CD5-901F-93F49267BBAD} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {20B2C245-7916-4EB7-8AB0-BA4F87323E9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2300D90C-AC15-4C7B-A39F-C372F4846EE0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {2F4D57FD-1491-46AC-A63B-5D57C280F735} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {40F52138-59A4-4FAF-997F-117B58AD769B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {48578CFE-7F4B-423B-BAAC-30D40CC6716F} - System32\Tasks\TeamViewer\TeamViewer AD Connector => powershell.exe -NoProfile -NoLogo -NonInteractive -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& { C:\Users\Allan\Desktop\TeamViewer_AD_Connector\TeamViewerADConnector\Invoke-Sync.ps1 -LogfileDirectory 'C:\Users\Allan\Desktop\TeamViewer_AD_Connector\TeamViewerADConnector'; exit $LastExitCode }"
Task: {64B2A3AF-BB09-41AB-92C5-C67E6AD1029A} - System32\Tasks\Dexpot\Dexpot Allan => C:\Program Files (x86)\Dexpot\dexpot.exe (Dexpot GbR -> Dexpot GbR)
Task: {6F8F47A7-0794-467B-9554-FAFE358AD738} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {98EDC6F5-BAE1-4F20-9CA9-8AF2D21590AA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {9DF8C91F-701F-4FE4-A622-37E66D5371EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {BAFF57CE-2A6D-4D01-8016-951E2965F7A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {EC11DB84-B9A5-421D-86AD-2B1DF06031CB} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {ECEB339D-C991-4800-8261-A386D0651BC5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F5708E78-4060-457E-83EF-A5EDFDFE7E72} - System32\Tasks\AdobeGCInvoker-1.0-EF-allan => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (Adobe Systems Incorporated -> Adobe Systems, Incorporated)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
==================== Atalhos & WMI ========================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Google Agenda (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lgcomfcjgjijhbbfimpmiehfndbkimag
ShortcutWithArgument: C:\Users\Allan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Agenda.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=lgcomfcjgjijhbbfimpmiehfndbkimag
ShortcutWithArgument: C:\Users\Allan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --incognito
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --incognito
==================== Módulos Carregados (Whitelisted) ==============
2019-03-06 09:13 - 2019-02-15 12:13 - 000221696 _____ (Bullzip) [Arquivo não assinado] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [Arquivo não assinado] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [Arquivo não assinado] C:\WINDOWS\System32\HPTcpMUI.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [Arquivo não assinado] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [Arquivo não assinado] C:\WINDOWS\System32\hptcpmib.dll
2018-01-04 12:40 - 2016-11-14 09:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000071680 _____ (Hewlett-Packard) [Arquivo não assinado] c:\windows\system32\hpzinw12.dll
2010-08-06 10:15 - 2010-08-06 10:15 - 000089600 _____ (Hewlett-Packard) [Arquivo não assinado] c:\windows\system32\hpzipm12.dll
2018-01-12 12:41 - 2010-11-19 01:38 - 000069632 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\bin\omtsreco.exe
2018-10-24 14:48 - 2012-05-12 01:27 - 000473088 _____ () [Arquivo não assinado] C:\Program Files (x86)\NetTime\NetTimeService.exe
2018-01-04 12:54 - 2015-08-30 15:05 - 000737984 _____ (@ByELDI -> @ByELDI) [Arquivo não assinado] C:\Program Files\KMSpico\Service_KMS.exe
2019-01-07 15:03 - 2019-01-07 15:03 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2019-01-07 15:03 - 2019-01-07 15:03 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Office16\c2r64.dll
2018-10-24 14:48 - 2012-05-12 09:28 - 000772096 _____ () [Arquivo não assinado] C:\Program Files (x86)\NetTime\NetTime.exe
2018-11-21 08:31 - 2017-05-23 13:59 - 000478208 _____ (Skillbrains) [Arquivo não assinado] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
2018-01-12 12:41 - 2010-11-27 16:21 - 001015808 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\OCI.dll
2019-04-04 12:47 - 2019-04-04 12:47 - 001101824 _____ (Microsoft Corporation) [Arquivo não assinado] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
2018-01-12 12:41 - 2010-11-27 16:24 - 129593344 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\OraOCIEI11.dll
2018-01-12 12:41 - 2010-11-19 01:37 - 000050176 _____ (Oracle Corporation) [Arquivo não assinado] C:\app\allan\product\11.2.0\client_1\bin\omtsrecomsgus.dll
2019-01-14 07:50 - 2019-03-26 16:27 - 015257088 _____ (Node.js) [Arquivo não assinado] C:\Program Files (x86)\Microsoft\Skype for Desktop\node.dll
2018-11-21 08:31 - 2017-05-23 13:59 - 000494080 _____ (Skillbrains) [Arquivo não assinado] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.dll
2018-11-21 08:31 - 2017-05-23 13:59 - 000256000 _____ (Skillbrains) [Arquivo não assinado] C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\uploader.dll
2019-01-14 07:50 - 2019-03-26 16:27 - 002901504 _____ () [Arquivo não assinado] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2019-01-14 07:50 - 2019-03-26 16:27 - 000015360 _____ () [Arquivo não assinado] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\localhost -> localhost
==================== Hosts Conteúdo: ===============================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2016-07-16 08:47 - 2019-04-13 11:49 - 000000836 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\app\allan\product\11.2.0\client_2;C:\app\allan\product\11.2.0\client_1;C:\app\allan\product\11.2.0\client_1\bin;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;;C:\Program Files (x86)\NTP\bin;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Aladdin\eToken\PKIClient\x32;C:\Program Files\Aladdin\eToken\PKIClient\x64;C:\Program Files (x86)\Kodak\Document Imaging\kds_i900\Smart Touch\
HKU\S-1-5-21-57989841-117609710-1801674531-1338\Control Panel\Desktop\\Wallpaper -> C:\Users\Allan\AppData\Local\Temp\BGInfo.bmp
DNS Servers: 10.0.0.100 - 10.0.0.109
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
Se uma entrada for incluída na fixlist, será removida.
HKLM\...\StartupApproved\StartupFolder: => "ScanSnap Manager.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "eTMonitor"
HKLM\...\StartupApproved\Run: => "BrStsWnd"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "BrStsWnd"
HKLM\...\StartupApproved\Run32: => "ScanSnap OnlineUpdate Watcher"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Smart Touch i900"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\StartupFolder: => "Enviar para o OneNote.lnk"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "HP OfficeJet Pro 8710 (NET)"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "Spark"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "com.deezer.deezer-desktop"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-57989841-117609710-1801674531-1338\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [{D73E964A-9713-458E-85FF-024F8D7C97F7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{E941D83B-3F9B-4970-B87A-C2B6A56753E8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{8A8D6EB0-7802-4C3B-995F-E0BF34D409D3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
FirewallRules: [{379BB7C9-EDD2-4647-9E29-9F0A964CD650}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> )
==================== Pontos de Restauração =========================
04-04-2019 13:42:32 Windows Update
08-04-2019 09:07:22 Removed Backup and Sync from Google
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (04/14/2019 06:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 06:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Error: (04/14/2019 05:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 05:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Error: (04/14/2019 04:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 04:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Error: (04/14/2019 03:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EF)
Description: O Windows não pode localizar o perfil local e está fazendo seu logon com um perfil temporário. As alterações que você fizer nesse perfil serão perdidas quando você fizer logoff.
Error: (04/14/2019 03:26:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EF)
Description: O Windows fez o backup deste perfil de usuário. O Windows tentará usar automaticamente esse perfil na próxima vez em que o usuário fizer logon.
Erros de Sistema:
=============
Error: (04/14/2019 05:53:51 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão padrão-computador não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{0358B920-0AC7-461F-98F4-58E32CD89148}
e APPID
{3EB3C877-1F16-487C-9050-104DBCD66683}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/14/2019 05:53:50 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão padrão-computador não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{0358B920-0AC7-461F-98F4-58E32CD89148}
e APPID
{3EB3C877-1F16-487C-9050-104DBCD66683}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:58:48 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:58:48 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
e APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:53:59 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: AUTORIDADE NT)
Description: 0 falhou.
Nome do GPO: Default Domain Policy
Caminho do Sistema de Arquivos do GPO : \\EF.LOCAL\sysvol\EF.LOCAL\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine
Nome do Script: net time \\ef.local /set /y
Error: (04/13/2019 11:44:59 AM) (Source: DCOM) (EventID: 10016) (User: EF)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
ao usuário EF\allan SID (S-1-5-21-57989841-117609710-1801674531-1338) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (04/13/2019 11:30:06 AM) (Source: DCOM) (EventID: 10000) (User: EF)
Description: Não é possível iniciar o servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro:
"0"
Aconteceu ao iniciar este comando:
C:\WINDOWS\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (04/13/2019 11:20:19 AM) (Source: DCOM) (EventID: 10016) (User: EF)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
e APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
ao usuário EF\allan SID (S-1-5-21-57989841-117609710-1801674531-1338) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Windows Defender:
===================================
Date: 2019-04-04 12:56:02.226
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Nome: HackTool:MSIL/AutoKMS
ID: 2147711767
Severidade: Médio
Categoria: Ferramenta
Caminho: file:_C:\Program Files\KMSpico\AutoPico.exe
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Sistema
Usuário: AUTORIDADE NT\SISTEMA
Nome do Processo: C:\Program Files\KMSpico\Service_KMS.exe
Versão da Assinatura: AV: 1.259.1394.0, AS: 1.259.1394.0, NIS: 1.259.1394.0
Versão do Mecanismo: AM: 1.1.14405.2, NIS: 1.1.14405.2
Date: 2019-04-04 12:56:02.224
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nome: HackTool:Win32/AutoKMS
ID: 2147685180
Severidade: Médio
Categoria: Ferramenta
Caminho: file:_C:\Program Files\KMSpico\scripts\Install_Service.cmd
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Sistema
Usuário: AUTORIDADE NT\SISTEMA
Nome do Processo: Unknown
Versão da Assinatura: AV: 1.259.1394.0, AS: 1.259.1394.0, NIS: 1.259.1394.0
Versão do Mecanismo: AM: 1.1.14405.2, NIS: 1.1.14405.2
CodeIntegrity:
===================================
Date: 2019-04-13 11:56:01.806
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:56:01.799
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:56:01.786
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:56:01.778
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.912
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.906
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.894
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2019-04-13 11:55:55.886
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET Endpoint Antivirus\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentagem de memória em uso: 56%
RAM física total: 8053.39 MB
RAM física disponível: 3526.08 MB
Virtual Total: 11893.39 MB
Virtual disponível: 6917.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:222.18 GB) (Free:103.8 GB) NTFS
Drive e: (HD_DADOS) (Fixed) (Total:297.87 GB) (Free:297.68 GB) NTFS
\\?\Volume{772d0f8d-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{772d0f8d-0000-0000-0000-f0aa37000000}\ () (Fixed) (Total:0.9 GB) (Free:0.34 GB) NTFS
\\?\Volume{cc47e7e6-fb47-4b28-9967-e966ffc6ee13}\ () (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 772D0F8D)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919 MB) - (Type=27)
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 9D487CE8)
Partition: GPT.
==================== Fim de Addition.txt ============================