Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 02-12-2016 Executado por Imprimak (03-12-2016 12:59:26) Executando a partir de C:\Users\Imprimak\Downloads Windows 7 Professional Service Pack 1 (X64) (2015-07-20 04:06:58) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-802947663-2367206658-4263064168-500 - Administrator - Disabled) Convidado (S-1-5-21-802947663-2367206658-4263064168-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-802947663-2367206658-4263064168-1002 - Limited - Enabled) Imprimak (S-1-5-21-802947663-2367206658-4263064168-1000 - Administrator - Enabled) => C:\Users\Imprimak ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.159 - Adobe Systems, Inc.) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) BitComet 1.40 (HKLM-x32\...\BitComet) (Version: 1.40 - CometNetwork) CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform) Corel Graphics - Windows Shell Extension (HKLM\...\_{340C451C-F2FD-4309-B259-580FD5E44025}) (Version: 18.1.0.661 - Corel Corporation) Corel Graphics - Windows Shell Extension (Version: 18.1.661 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit Keys (Version: 18.1.661 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.0.707 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 (x32 Version: 15.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - BR (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Capture (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Common (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Connect (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - CS (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - CT (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Custom Data (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - CZ (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - DE (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Draw (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - EN (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - ES (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Filters (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Font Manager (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - FR (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IPM (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IPM Content (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IT (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - JP (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - NL (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - PHOTO-PAINT (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - PL (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Redist (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - RU (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Setup Files (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - VBA (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - VideoBrowser (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Workspaces (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Writing Tools (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 (64-Bit) (HKLM\...\_{4B3FC55D-E999-4BEC-AF29-1091E574961F}) (Version: 18.0.0.448 - Corel Corporation) CorelDRAW Graphics Suite X8 (Version: 18.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 -TR (x64) (Version: 18.0 - Corel Corporation) Hidden CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.0.0.486 - Corel Corporation) CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\{879FC63D-310A-3526-B4F4-D7139F94D7A6}) (Version: 54.0.2840.99 - Google, Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation) IPM_Installer (Version: 2.1 - Your Company Name) Hidden Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation) KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.138 - PandoraTV) Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation) Microsoft .NET Framework 4.6 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.00081 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation) Mimaki 1394 Driver (Version: - Mimaki Engineering Co., Ltd.) Hidden Mimaki 1394 Driver (x32 Version: - Mimaki Engineering Co., Ltd.) Hidden Mimaki Device Driver (HKLM-x32\...\{505C3072-A5F1-4901-B074-3CB176ABD046}) (Version: 3.40 - Mimaki Engineering Co.,Ltd.) Mimaki Device Driver (Version: - Mimaki Engineering Co., Ltd.) Hidden Mimaki Device Driver (x32 Version: - Mimaki Engineering Co., Ltd.) Hidden Mimaki FineCut for CorelDRAW (HKLM-x32\...\Mimaki FineCut for CorelDRAW) (Version: - Mimaki Engineering Co,.Ltd) Mimaki FineCut for CorelDRAW(64-bit) (HKLM\...\Mimaki FineCut for CorelDRAW(64-bit)) (Version: - Mimaki Engineering Co,.Ltd) Mimaki USB Driver (Version: - Mimaki Engineering Co., Ltd.) Hidden Mimaki USB Driver (x32 Version: - Mimaki Engineering Co., Ltd.) Hidden Mimaki USB2.0 Driver (Version: - Mimaki Engineering Co., Ltd.) Hidden Mimaki USB2.0 Driver (x32 Version: - Mimaki Engineering Co., Ltd.) Hidden Mozilla Firefox 39.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pt-BR)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla) Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Panda Security URL Filtering (HKLM-x32\...\Panda Security URL Filtering) (Version: 2.0.3.4 - Panda Security) Printer Control (HKLM-x32\...\{47B47133-B66E-4C33-B6A2-C408295CBD43}) (Version: 1.0.0.0 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.) Sumitomo 3M 1394 Driver (Version: - Sumitomo 3M Limited) Hidden Sumitomo 3M 1394 Driver (x32 Version: - Sumitomo 3M Limited) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) Warsaw 1.12.3.5 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.3.5 - GAS Tecnologia) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {3523675D-3CC3-48D4-9882-FAA1A01B79AA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-16] (AVAST Software) Task: {4149E5E5-3117-40D9-A650-B77E88578185} - System32\Tasks\R@1n-KMS\Office14ProPlus => wmic [Argument = path OfficeSoftwareProtectionProduct where (ID="6f327760-8c5c-417c-9b61-836a98287e0c") call Activate] Task: {4B658BDE-459A-4741-8540-A6A6FF84FACB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2015-07-20] () Task: {746E017E-6522-4CF1-BD9E-52447F3421BB} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2016-02-26] (Corel Corporation) Task: {92A129CC-437A-433B-9D59-4DDE5C4E3D91} - \{995A67D6-A075-4DAB-B8C3-2D2CD3ED161F} -> Nenhum Arquivo <==== ATENÇÃO Task: {944BB1FB-424F-4C91-92BB-2539033E44B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-20] (Adobe Systems Incorporated) Task: {96B36838-1360-4AD1-9BB9-9B02C3C0F52A} - \GoogleUpdateTaskMachineCore -> Nenhum Arquivo <==== ATENÇÃO Task: {C993606F-BC8E-4E4F-983C-2DE2E5181EE1} - \GoogleUpdateTaskMachineUA -> Nenhum Arquivo <==== ATENÇÃO Task: {DF31D57F-C641-4B96-9185-23A74C823D01} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {E32AD1D8-ACC6-4B31-9758-C871D1028FB1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-09-15] (AVAST Software) Task: {F8309EEA-2DB5-44DC-9936-09E62D31D54E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd) Task: {FEF0E2EA-900A-4CDD-9BBA-EEC24B2816A9} - \Format Factory -> Nenhum Arquivo <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Imprimak\Desktop\desktop outubro 2016\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4" ShortcutWithArgument: C:\Users\Imprimak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4" ==================== Módulos Carregados (Whitelisted) ============== 2016-12-03 08:07 - 2016-12-03 08:07 - 00026112 _____ () C:\Windows\KMS-R@1n.exe 2016-12-03 08:07 - 2016-12-03 08:07 - 00004608 _____ () C:\Windows\KMS-R@1nhook.exe 2016-12-03 08:07 - 2016-12-03 08:07 - 00003584 _____ () C:\Windows\KMS-QADhook.dll 2016-09-16 12:30 - 2016-09-16 12:30 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-12-01 08:08 - 2016-12-01 08:08 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16120100\algo.dll 2016-09-16 12:30 - 2016-09-16 12:30 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-09-16 12:30 - 2016-09-16 12:30 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-07-20 02:59 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2016-09-08 14:27 - 2016-09-06 13:00 - 05197312 _____ () C:\Users\Imprimak\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2016-09-08 14:27 - 2016-09-06 13:00 - 00147456 _____ () C:\Users\Imprimak\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:AD9E5318_Uni.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-802947663-2367206658-4263064168-1000\...\google.com -> www.google.com IE trusted site: HKU\S-1-5-21-802947663-2367206658-4263064168-1000\...\google.com.br -> www.google.com.br IE trusted site: HKU\S-1-5-21-802947663-2367206658-4263064168-1000\...\itau.b.br -> www.itau.b.br IE trusted site: HKU\S-1-5-21-802947663-2367206658-4263064168-1000\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-802947663-2367206658-4263064168-1000\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-802947663-2367206658-4263064168-1000\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br IE trusted site: HKU\S-1-5-21-802947663-2367206658-4263064168-1000\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-14 00:34 - 2016-06-13 09:02 - 00000957 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-802947663-2367206658-4263064168-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Imprimak\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 187.2.216.34 - 187.2.216.39 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == MSCONFIG\startupreg: BitComet => "C:\Program Files (x86)\BitComet\BitComet.exe" /tray MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{54C68F5C-9168-4E35-9306-BF050BD06F36}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BF9F1AA4-F0F1-4FF3-B435-3074CBFA2770}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6BD237F3-1441-4077-B67F-CF33D92C3529}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{52AA786A-E58D-42B6-BA0E-B55E07A44B35}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{EE315E6E-FD36-4857-8EE0-586F021EFF0A}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{74E20A0E-1DAA-4DFB-A99C-203FC9E542F0}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{220640E6-D29C-4486-BC0E-53ED7B123B2E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{F05FEC11-4FE9-4996-8858-101B6D46F67C}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => C:\program files (x86)\freetime\formatfactory\formatfactory.exe FirewallRules: [UDP Query User{5A602A3F-49B0-4843-A577-188AADC3C129}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => C:\program files (x86)\freetime\formatfactory\formatfactory.exe FirewallRules: [{2F8C0B91-32C2-4E83-A6E3-A26A6153F37C}] => C:\Program Files (x86)\BitComet\BitComet.exe FirewallRules: [{EC165727-959D-4350-9DB8-381D8CCEE684}] => C:\Program Files (x86)\BitComet\BitComet.exe FirewallRules: [{3994AA72-9B34-4F61-8996-0B954C354928}] => C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [TCP Query User{2A363505-7140-4B45-B77D-BEFE2619ADA3}C:\program files (x86)\printer control\bin\controlpanelapp.exe] => C:\program files (x86)\printer control\bin\controlpanelapp.exe FirewallRules: [UDP Query User{73B09037-EACA-43A1-81E6-F6146EAD00BB}C:\program files (x86)\printer control\bin\controlpanelapp.exe] => C:\program files (x86)\printer control\bin\controlpanelapp.exe FirewallRules: [TCP Query User{2D15E816-BE59-4778-9622-64A9686E0EDD}C:\program files (x86)\bitcomet\bitcomet.exe] => C:\program files (x86)\bitcomet\bitcomet.exe FirewallRules: [UDP Query User{9C483302-81AD-4DB2-9DED-8B0DD8288441}C:\program files (x86)\bitcomet\bitcomet.exe] => C:\program files (x86)\bitcomet\bitcomet.exe FirewallRules: [{E352F79E-A602-459F-B9C9-FBFC9C360FA5}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{6B95DDFF-5DB9-4B44-88C3-FE438E8394DD}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\CorelDrw.exe FirewallRules: [{1BB19665-8707-43E5-95A2-E3EDB6181D57}] => c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\CorelPP.exe FirewallRules: [{65F4DBE6-7A8B-4958-A594-D593B193BAAC}] => C:\Windows\KMS-R@1n.exe FirewallRules: [{345A1591-2AF3-4B5B-B190-105291E505EA}] => C:\Windows\KMS-R@1n.exe FirewallRules: [TCP Query User{7B62111E-2F60-4A9B-BF1D-FC4766E9E362}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe FirewallRules: [UDP Query User{3263E6B4-38EF-4F8D-9BE6-82A583E90620}C:\xampp\apache\bin\httpd.exe] => C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{3C4F9C73-323D-41BD-B3B9-D16CBFF3D7C8}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{CA78A9B8-ECAA-4E67-804C-B35994A5CA69}C:\xampp\mysql\bin\mysqld.exe] => C:\xampp\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{018EC32E-BF3B-4DD5-991D-2AAAF74ED142}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{B8042551-F356-4B43-90E7-43EB4C5D3A0F}C:\xampp\filezillaftp\filezillaserver.exe] => C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{C4BE3497-D122-4EF7-BA0F-3B22759DBE38}C:\xampp\mercurymail\mercury.exe] => C:\xampp\mercurymail\mercury.exe FirewallRules: [UDP Query User{0A9A1D28-9F50-4AC8-80EB-74DC2E78978C}C:\xampp\mercurymail\mercury.exe] => C:\xampp\mercurymail\mercury.exe FirewallRules: [TCP Query User{E1A98FF0-9658-4EF0-A40A-1C5811BAAC8C}C:\program files\java\jdk1.8.0_51\bin\java.exe] => C:\program files\java\jdk1.8.0_51\bin\java.exe FirewallRules: [UDP Query User{2B86A3E7-3F0D-42A5-9E3A-F7F35FC3D6A5}C:\program files\java\jdk1.8.0_51\bin\java.exe] => C:\program files\java\jdk1.8.0_51\bin\java.exe ==================== Pontos de Restauração ========================= 29-11-2016 20:38:28 ASU_MSI_TRAN 30-11-2016 08:21:17 ASU_MSI_TRAN 30-11-2016 08:25:41 ASU_MSI_TRAN 30-11-2016 13:32:30 ASU_MSI_TRAN 30-11-2016 16:34:44 ASU_MSI_TRAN 01-12-2016 08:19:10 ASU_MSI_TRAN 02-12-2016 08:16:12 ASU_MSI_TRAN 02-12-2016 12:51:46 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 02-12-2016 12:58:23 Instalado FineCut8 for CorelDRAW(64-bit) Ver8.6.1 Upgrade 02-12-2016 12:58:53 Instalado FineCut8 for CorelDRAW(64-bit) Ver8.6.1 Upgrade 02-12-2016 13:03:37 Microsoft Visual C++ vNext Redistributable (x64) - 14.10.24629 02-12-2016 13:03:55 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 02-12-2016 13:06:32 Windows Update 02-12-2016 13:37:23 Microsoft Visual C++ vNext Redistributable (x64) - 14.10.24629 02-12-2016 14:08:22 ASU_MSI_TRAN 02-12-2016 14:09:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 02-12-2016 14:34:09 Microsoft Visual C++ vNext Redistributable (x64) - 14.10.24629 03-12-2016 08:02:50 ASU_MSI_TRAN 03-12-2016 08:07:31 Re-Loader by R@1n 03-12-2016 11:46:49 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 03-12-2016 11:47:14 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 03-12-2016 11:50:39 ASU_MSI_TRAN 03-12-2016 12:06:27 ASU_MSI_TRAN ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: WIBU-BOX/RU Description: WIBU-BOX/RU Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Controlador de barramento SM Description: Controlador de barramento SM Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (12/03/2016 11:55:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/03/2016 11:39:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/03/2016 07:51:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (12/02/2016 04:34:57 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: ) Description: Failed to Release Mutex Error ID = Returned Error 1 Error: (12/02/2016 04:34:57 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: ) Description: Failed to Release Mutex Error ID = Returned Error 288 Error: (12/02/2016 04:34:57 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: ) Description: Failed to Release Mutex Error ID = Returned Error 1 Error: (12/02/2016 04:34:57 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: ) Description: Failed to Release Mutex Error ID = Returned Error 288 Error: (12/02/2016 04:34:57 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: ) Description: Failed to Release Mutex Error ID = Returned Error 1 Error: (12/02/2016 04:34:57 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: ) Description: Failed to Release Mutex Error ID = Returned Error 288 Error: (12/02/2016 04:34:57 PM) (Source: Protexis Licensing Service) (EventID: 49) (User: ) Description: Failed to Release Mutex Error ID = Returned Error 1 Erros de Sistema: ============= Error: (12/03/2016 12:52:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/03/2016 11:52:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/03/2016 10:52:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 4 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/03/2016 09:52:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 3 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/03/2016 08:52:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/03/2016 07:52:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/03/2016 07:51:12 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 19:26:34 às ‎02/‎12/‎2016 não era esperado. Error: (12/02/2016 07:05:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 6 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/02/2016 06:05:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 5 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (12/02/2016 05:05:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 4 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2016-12-02 13:21:11.201 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Imprimak\Downloads\aida64extreme580\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-12-02 13:21:11.184 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Imprimak\Downloads\aida64extreme580\kerneld.x64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-21 10:42:27.126 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-21 10:42:27.126 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\aswHdsKe.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-14 08:56:14.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-14 08:56:14.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-14 08:56:14.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\pskmad.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-14 08:56:14.588 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-14 08:56:14.588 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system. Date: 2016-09-14 08:56:14.588 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Panda Security\Panda Security Protection\Drivers\W10\PSBoot.sys because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentagem de memória em uso: 36% RAM física total: 12158.67 MB RAM física disponível: 7768.48 MB Virtual Total: 24315.54 MB Virtual disponível: 19527.06 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:523.17 GB) (Free:267.12 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)] Drive d: (FCCDv82_FCAIIv82) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS Drive e: (Novo volume) (Fixed) (Total:408.34 GB) (Free:407.72 GB) NTFS Drive f: (Bassini - HD Externo) (Fixed) (Total:465.76 GB) (Free:113.16 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 0004EADD) Partition 1: (Active) - (Size=915.8 GB) - (Type=83) Partition 2: (Not Active) - (Size=15.7 GB) - (Type=05) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 40158B3F) Partition 1: (Active) - (Size=523.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=408.3 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 465.8 GB) (Disk ID: D3D16269) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================