Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 02-07-2016 Executado por Thiago (2016-07-07 18:57:06) Executando a partir de C:\Users\Thiago\Desktop Windows 10 Pro Versão 1511 (X64) (2015-12-05 05:45:08) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1713420583-1435638475-2300282280-500 - Administrator - Disabled) Convidado (S-1-5-21-1713420583-1435638475-2300282280-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1713420583-1435638475-2300282280-503 - Limited - Disabled) Thiago (S-1-5-21-1713420583-1435638475-2300282280-1001 - Administrator - Enabled) => C:\Users\Thiago ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) CD Recovery Toolbox Free 2.2 (HKLM-x32\...\CD Recovery Toolbox Free_is1) (Version: - Recovery Toolbox, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.) DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - ) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Firebird 2.5.2.26539 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26539 - Firebird Project) Flickr Uploadr for Windows (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\FlickrUploadrWindows) (Version: 1.0.1.292 - Flickr) FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time) Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{F58E2607-024E-4E05-8016-6948B24D40F8}) (Version: 12.4.18.7 - Hewlett-Packard Company) hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - ) Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Max Impressão 1.0 (HKLM-x32\...\Max Impressão) (Version: 1.0 - Maxprint ) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Saraiva Reader ALPHA_7RC11b169 (HKLM-x32\...\8505-5699-0960-8592) (Version: ALPHA_7RC11b169 - Saraiva e Siciliano S.A.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Sistema Gerencial Integrado 1.14.53.30 (HKLM-x32\...\Sistema Gerencial Integrado_is1) (Version: - Realtec Sistemas Ltda) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.103 - Skype Technologies S.A.) Spotify (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\Spotify) (Version: 1.0.32.96.g3c8a06e6 - Spotify AB) Sweet Home 3D version 5.2 (HKLM\...\Sweet Home 3D_is1) (Version: 5.2 - eTeks) Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3115033) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{F258B6E3-BF41-4FEE-BE45-D7518C3B7FC1}) (Version: - Microsoft) Warsaw 1.12.3.5 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.3.5 - GAS Tecnologia) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Thiago\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {2F827CD7-D1F9-418D-A88E-7BA9B277AAAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.) Task: {33D8D52F-70A8-48ED-AC83-693DE0E3E9C7} - System32\Tasks\HPCeeScheduleForThiago => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {45C8B5F3-3517-453E-8FD6-14D87E353C02} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {466CD80D-276B-4595-B088-2C27602B7E5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.) Task: {4EAE335D-0767-4F5D-80BD-A064CB8EC18D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.) Task: {6F294698-C4F6-4333-BDF8-F9DA32148EFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard) Task: {6FFBA5A3-081D-4D38-8CDD-3DD9722E3992} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {76FCB9B3-C709-486C-9943-BD855CA2575F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-30] (AVAST Software) Task: {78C4C03D-FFAC-4CF9-BFA4-F19932087D0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {A17B33FA-6E91-4864-83EC-8C550F8C449B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {BDE7556C-471A-40C1-95B9-2A49F1138818} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {C3BCAEFA-A73E-44BF-A5E3-C920A854E3D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {D142D48B-D1EB-49C4-BD3C-BBB065B11AD5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {D97BD0FC-7CDD-4ABB-A70C-E7189C61B44F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company) Task: {DB828A19-673A-46FD-A28A-F5F914C5B61B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.) Task: {DFA984FD-A535-458D-8603-76B392B88153} - System32\Tasks\SafeZone scheduled Autoupdate 1463157514 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {E0EB6E01-7FD7-49F7-92B8-379E195E975A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForThiago.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2015-11-12 20:11 - 2012-08-31 14:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2015-11-12 20:11 - 2012-08-31 14:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2015-11-12 20:11 - 2012-08-31 14:03 - 03034112 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100su.dll 2015-11-12 20:11 - 2012-08-31 14:02 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1100GC.dll 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-14 18:54 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-14 18:54 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-12-17 18:06 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-12 16:55 - 2016-04-23 01:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-06-15 19:19 - 2016-05-28 00:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-15 19:18 - 2016-05-28 00:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-15 19:19 - 2016-05-28 00:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-15 19:19 - 2016-05-28 00:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-10 11:51 - 2015-11-10 11:51 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2016-03-11 17:31 - 2016-03-11 17:31 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll 2016-06-15 21:38 - 2016-06-15 21:39 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-06-15 21:38 - 2016-06-15 21:39 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-15 21:38 - 2016-06-15 21:39 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-03-04 11:07 - 2016-03-04 11:09 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-05-13 11:30 - 2016-05-13 11:30 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-05-13 11:30 - 2016-05-13 11:30 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-30 17:22 - 2016-06-30 17:22 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\16063000\algo.dll 2016-05-13 11:30 - 2016-05-13 11:30 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2016-05-13 11:30 - 2016-05-13 11:30 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-06-30 21:32 - 2016-06-30 21:32 - 02997760 _____ () C:\Program Files\AVAST Software\Avast\defs\16063002\algo.dll 2016-05-13 11:31 - 2016-05-13 11:31 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-06-19 17:03 - 2016-06-15 06:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-19 17:03 - 2016-06-15 06:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2294] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com -> www.google.com IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com.br -> www.google.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.b.br -> www.itau.b.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2015-07-10 08:04 - 2016-03-20 15:23 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\StartupApproved\Run: => "OneDrive" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2B88B61C-68CE-4CD8-B60B-8526767481BE}] => (Allow) LPort=3050 FirewallRules: [{E38C3E7F-6304-4A2B-9BEC-B3C21D9F13E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C88719B4-A3A2-429D-95EA-AA3073ED6922}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{EB14FC76-748A-4987-8A04-8F35E224AE78}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{060D0F0C-ABEC-4558-A09A-BC20AA340BF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{B14BDFEE-1D06-4ADC-84D4-497D0811AB31}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D7EF084F-F5E2-4F60-8969-E3BE87DBEA65}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{6FD9BAB7-5D84-45E1-B548-4DFFDD229DDB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{06466EFF-4A63-4434-AC09-9AAFE3BE7E30}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{FA4FBFA6-47EF-4B6A-B1CB-DE3B206EC572}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7DF736D4-E196-4364-A620-CE9C1A2EF482}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C7264999-9745-4F52-A4F3-CAC022C770A0}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2DC4B1EB-BF19-4A0A-A7F5-13122A7FE847}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{33131F99-8277-489B-95EB-212BEED6C4EA}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F27C7E5F-238E-4CAC-9274-AE760CFCB332}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{75EC6ED2-9844-471F-96E4-D13F347FF717}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{5D9082CC-1733-489E-B692-9D7430089DAC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{256EED7C-D3C0-4764-A84E-BD0C91624419}] => (Allow) LPort=2869 FirewallRules: [{0FD3EA3B-F7D5-469A-8795-0A77AD8CFF64}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{3BF09BF2-3442-45D9-9AEA-EF78CE788913}C:\users\thiago\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thiago\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{7DDC34B1-A15F-4E24-B2B8-E43D0F9B65BF}C:\users\thiago\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thiago\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{035FCBB9-CBE6-4B0F-94CB-782A1E996A22}C:\users\thiago\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thiago\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{AA2CAC3B-CD49-46C9-B815-AC2E757B70A3}C:\users\thiago\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thiago\appdata\roaming\spotify\spotify.exe FirewallRules: [{D5CA0AB6-3096-466B-BD50-EF780B9B2916}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{47C7473F-7E65-42BF-96B8-1AA9A5CE3EED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 19-06-2016 16:55:21 ASU_MSI_TRAN 29-06-2016 18:51:14 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (07/06/2016 06:28:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent Error: (07/06/2016 06:26:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x803F7001 Argumento de linha de comando: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent Error: (07/06/2016 04:46:37 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (07/06/2016 04:38:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=7 Error: (07/06/2016 04:37:55 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (07/05/2016 06:01:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=TimerEvent Error: (07/05/2016 05:55:37 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004C003 Argumento de linha de comando: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent Error: (07/05/2016 05:55:37 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Falha na aquisição da Licença de Usuário Final. hr=0xC004C003 Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c Error: (07/05/2016 05:55:37 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: Detalhes da falha na aquisição de licença. hr=0xC004C003 Error: (07/05/2016 05:55:33 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Falha na aquisição da Licença de Usuário Final. hr=0xC004C003 Sku Id=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c Erros de Sistema: ============= Error: (07/07/2016 08:26:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Host de Sincronização_2bd182c1. Error: (07/07/2016 08:26:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Armazenamento de Dados de Usuário_2bd182c1. Error: (07/07/2016 08:26:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Acesso a Dados de Usuário_2bd182c1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (07/07/2016 08:26:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Armazenamento de Dados de Usuário_2bd182c1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (07/07/2016 08:26:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Dados de Contato_2bd182c1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (07/07/2016 08:26:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_2bd182c1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (07/07/2016 08:26:12 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (07/07/2016 08:12:49 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EN4KEM9) Description: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Error: (07/07/2016 12:43:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Host de Sincronização_2543837c. Error: (07/07/2016 12:43:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Armazenamento de Dados de Usuário_2543837c. CodeIntegrity: =================================== Date: 2016-07-06 18:27:42.226 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-06 18:26:32.172 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-06 18:22:13.129 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-06 18:20:37.186 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-05 18:00:45.295 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-05 17:55:22.958 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-20 19:38:08.786 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-06-20 18:38:08.028 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-06-16 23:05:45.085 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-16 18:41:21.089 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentagem de memória em uso: 68% RAM física total: 4003.89 MB RAM física disponível: 1248.98 MB Virtual Total: 4746.18 MB Virtual disponível: 1377.22 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.15 GB) (Free:281.96 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2A36747C) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.1 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================