Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 15-03-2017 Executado por UESPI (20-03-2017 11:35:10) Executando a partir de C:\Users\UESPI\Desktop Microsoft Windows 10 Pro Versão 1607 (X86) (2016-10-21 12:19:12) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-3164482373-2533763942-121798206-500 - Administrator - Disabled) Convidado (S-1-5-21-3164482373-2533763942-121798206-501 - Limited - Disabled) DefaultAccount (S-1-5-21-3164482373-2533763942-121798206-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3164482373-2533763942-121798206-1008 - Limited - Enabled) UESPI (S-1-5-21-3164482373-2533763942-121798206-1000 - Administrator - Enabled) => C:\Users\UESPI ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Flash Player 24 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform) D1400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden D1400_Help (Version: 90.0.235.000 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden Dic Michaelis - UOL (HKLM\...\WDIC) (Version: - ) dj_sf_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden dj_sf_software (Version: 130.0.365.000 - Hewlett-Packard) Hidden dj_sf_software_req (Version: 130.0.365.000 - Hewlett-Packard) Hidden DriverEasy 4.7.9 (HKLM\...\DriverEasy_is1) (Version: 4.7.9.0 - Easeware) Estudo de aprimoramento de produto para HP Deskjet 4640 series (HKLM\...\{A67880CA-A07E-40A3-AAF0-FCC61D9F0699}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) Fix Print 3.7 (HKLM\...\{91C9FA89-44F6-4D7A-A006-25816412CCCC}_is1) (Version: - Nova Consultoria) Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet 4640 series Ajuda (HKLM\...\{21B407AE-2BA8-436B-A9B5-648D53BEA9BF}) (Version: 31.0.0 - Hewlett Packard) HP Deskjet 4640 series Software básico do dispositivo (HKLM\...\{42787A84-4A64-4E33-AFB9-0F576EFC881C}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) HP Deskjet Printer Driver Software 13.0 Rel. 1 (HKLM\...\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab) Kaspersky Security Scan (Version: 16.0.0.1344 - Kaspersky Lab) Hidden Kaspersky Software Updater (HKLM\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab) Kaspersky Software Updater (Version: 2.0.0.623 - Kaspersky Lab) Hidden K-Lite Mega Codec Pack 10.8.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.8.0 - ) Malwarebytes versão 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.7766.2060 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3164482373-2533763942-121798206-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Movavi Video Editor 12 (HKLM\...\Movavi Video Editor 12) (Version: 12.2.0 - Movavi) Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla) Office 16 Click-to-Run Extensibility Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) SafeZone Stable 3.55.2393.561 (Version: 3.55.2393.561 - Avast Software) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden WinRAR 5.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {010A9686-561D-4FBE-8C65-566529FD71DF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {0638A957-5E48-4B1F-9885-BD4CB01BAD38} - System32\Tasks\HPCustParticipation HP Deskjet 4640 series => C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.) Task: {0E14692B-8753-4BE6-A9A7-FF5607756C29} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {1029DBD1-77B8-40EF-B8F9-807100950D7C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {14E7110E-17DA-4B66-986A-DF6032125046} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO Task: {28B96FAD-4169-4874-B25B-DEB108D0EF3D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {2FAF4225-BB8D-41A0-9BF7-66D07F5690CE} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\UESPI\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {313BCAF0-580D-4751-B61D-9B96F321E69C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {31900194-E74E-4353-AA4C-7AA309D7D4AC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {370DF881-8FAA-4D41-8368-75C307CBA3AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {389E1255-5D46-47FF-92FB-B4F4C9723450} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {44C1D31F-28A4-4498-824D-0C49114421D6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {489943E4-B6F6-484A-A7A2-BE922F8CC5D9} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic Task: {4BB9D388-5E91-4B6D-86B1-835091BAC583} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) Task: {58D5FDAE-4CC1-4F04-A120-9EDD565050AB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {5D2E717F-D1EF-4CE5-AC0C-ACECE7FDC816} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO Task: {5E459A2E-1366-4091-A3BA-4C569ADC8F3C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-27] (AVAST Software) Task: {615FDF12-70CC-4061-BD56-B756639BB058} - System32\Tasks\SafeZone scheduled Autoupdate 1458810691 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software) Task: {62294CDF-7F68-4FC8-9E8F-4D8F3EACBD1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {6CA9D535-3C49-48C7-A06C-21791C41ED3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {6E0856F0-5C43-46FE-B4DA-E7C3C584FBC0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {6E7E4406-77BB-455A-9354-403CED5821F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {782F30D7-4AFE-4065-9783-1B6ABCC3CC11} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {7954C0F4-D6EC-4E4B-A882-21C53C68FB2E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {7B929BF9-8063-4E9E-B695-598E21A257EE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {7FEDDA7B-CD12-4844-AE91-2BE62DE54F65} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation) Task: {8098266E-20ED-4F86-9B58-A01D2060D47B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {862167D3-EAD3-4D87-8EF9-B7C54BA2E153} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {899C16CB-C67F-4BD2-B29B-BED64D3DF71A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {8B56438B-FDBE-4AD4-8A12-64042A57E705} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-19] (Microsoft Corporation) Task: {8E6E2FB9-BC56-48E5-B4E8-087F78843B87} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {94C9EDAE-0BDA-4FC9-8FAB-8ABD2D14C30B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {9A7D9C04-6279-498E-9136-A95AF5090DBE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {9BB87BFD-5DC0-4CB3-9206-3FAF80ADC909} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO Task: {9FE1A8AB-0271-47AF-B05C-057739A0D812} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-18] (Adobe Systems Incorporated) Task: {BAF54916-A389-4930-8E12-4CEA5A44B61C} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {BB57DFE7-AD9D-4DE2-9E30-2BC74E9D4340} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {BD9A2C9A-029B-49C8-974E-911C47890C37} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO Task: {BE46B3A6-A765-4DAD-B0FB-E22F69C94074} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {BEDF25C2-022B-4626-9B43-F9F32CDB8706} - System32\Tasks\R@1n-KMS\Office14ProPlus => wmic Task: {BF286E08-963C-418D-B164-3F857B2DC7C2} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic Task: {C7B6F3D2-D094-4190-A24A-F800F2CE5A34} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {C89410A7-1ECE-467C-A0A4-064B4B7597A2} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Nenhum Arquivo <==== ATENÇÃO Task: {CD104552-B261-4326-B801-2AE55D97B942} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {D2215B03-D1C3-4AC7-89B5-A02FD7BB2929} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-19] (AVAST Software) Task: {DE27902D-3C53-4553-801F-0376926664A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd) Task: {E54B9562-26B6-4DE4-87AE-DEC58766830E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {EA8BCC3E-95CE-4B73-836F-B96D2358061E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {F39C8943-92F5-4A88-8137-B925A2091EC3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F567291D-72E1-43E6-8858-53322F6A566F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {FA70D2DC-0623-4937-A4D2-B3A31F668D1E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2016-07-16 05:25 - 2016-07-16 05:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-03-15 08:12 - 2017-03-04 04:04 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2017-03-15 08:12 - 2017-03-04 04:04 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2017-03-15 08:11 - 2017-03-04 03:04 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 08:11 - 2017-03-04 02:58 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-25 09:16 - 2016-08-06 00:21 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-03-15 08:11 - 2017-03-04 02:58 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-03-15 08:11 - 2017-03-04 02:58 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-03-15 08:11 - 2017-03-04 03:00 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-03-19 10:50 - 2017-03-19 10:50 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-07-05 16:46 - 2016-07-05 16:46 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-03-19 10:49 - 2017-03-19 10:49 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2017-03-13 14:35 - 2017-03-13 14:45 - 00067072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2017-03-13 14:35 - 2017-03-13 14:45 - 00156672 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-03-13 14:35 - 2017-03-13 14:45 - 29441536 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x86__kzf8qxf38zg5c\SkyWrap.dll 2017-03-13 14:35 - 2017-03-13 14:45 - 01578984 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x86__kzf8qxf38zg5c\roottools.dll 2016-07-16 05:25 - 2016-07-16 05:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 08:14 - 2017-03-04 03:24 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\dblite.dll 2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll 2016-01-12 09:05 - 2016-07-11 12:00 - 00004608 _____ () C:\WINDOWS\KMS-R@1nHook.exe 2016-07-11 12:00 - 2016-07-11 12:00 - 00003584 _____ () C:\WINDOWS\KMS-R@1nHook.dll 2016-10-25 09:17 - 2016-09-15 14:42 - 02261856 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2016-07-16 05:26 - 2016-07-16 14:34 - 01486688 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2017-03-20 09:58 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3164482373-2533763942-121798206-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" HKU\S-1-5-21-3164482373-2533763942-121798206-1000\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808 FirewallRules: [{7D415798-B752-43DE-9EB7-B05441C999AE}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{F26BF705-AF1E-4A46-BCF8-07F6DF3FF68E}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{63E21BE5-2067-4DB6-A790-79F60236A962}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{F4D33423-E6EC-494B-9CD3-BB927AFE7838}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\FaxApplications.exe FirewallRules: [{B162C4A7-ABB0-4D03-9D43-2D9272D1B742}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\DigitalWizards.exe FirewallRules: [{40D83508-9179-4BA3-BBCC-C321A86ABBC5}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\bin\SendAFax.exe FirewallRules: [{7A9FE89A-4AA3-4A56-9A0B-49B94BC40539}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\Bin\DeviceSetup.exe FirewallRules: [{89B62A17-0FAA-410B-80C1-FE7DA090C109}] => (Allow) LPort=5357 FirewallRules: [{2794CE8E-A78F-479F-83BA-607849B07030}] => (Allow) C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{311C72DC-F1F6-4C5E-A8D5-3242A6A2CC46}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{0ACEA397-6605-4F85-AB88-4BCDEC5F376A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{1940A2C9-3868-4B98-9393-78321E4F2266}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{6A5CB60B-EC41-428F-9416-E1F1C7C4478A}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{9923906A-945F-4759-A4F7-876A7F383E5E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{FC0987A4-7778-4203-9244-C644E3076812}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{924AA4C4-8764-4801-BCAC-EDC41CDC82B5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{3DE9A683-4F1C-4740-B74B-B211F9010291}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{F5B1D0F8-6739-480B-8CDE-E1C4AFBFC868}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{07E25C8F-E0CB-4F5D-B368-4CF2267C9B8A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{B9D38A6E-3B36-4859-A74C-456866449A93}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{245AE136-1C5F-420E-9D06-6CDCBF058B5D}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe FirewallRules: [{C2B40E9D-A15E-4A40-9AAC-7506CAA922C5}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [{A2D8FA71-CA2C-4C4C-9C44-EDC30DF9D558}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{23880783-282D-4C85-B016-6459635F9EBC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{45328635-628E-4187-B60C-CB478DC59116}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{B552002D-74A5-499C-9A2D-361573DA8CC5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{3F3BAEFA-0794-4542-8F4D-CCF500D24212}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{CD08EDF4-5212-47C1-9D0A-BA4BE4165F15}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{1E53E442-E657-431A-8E08-C4253E5C3294}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{AEFC7F6C-0B3A-4D71-A1A2-F8F1B6CC87FF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{D82FFE92-A62C-4836-B9B5-DCB5FBE7A155}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{CFF9AB15-D579-4FEB-8679-8177A0297B56}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{50AA04E4-2FE1-4337-8A9A-DEDE8B3EBFF5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe ==================== Pontos de Restauração ========================= 02-03-2017 08:32:58 Ponto de Verificação Agendado 10-03-2017 10:25:51 Ponto de Verificação Agendado 15-03-2017 08:18:15 Windows Update 15-03-2017 08:19:09 Windows Update 20-03-2017 09:52:49 Windows Update 20-03-2017 11:27:27 JRT Pre-Junkware Removal ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (03/20/2017 11:27:40 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. . Error: (03/20/2017 11:25:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: mbamtray.exe, versão: 3.0.0.912, carimbo de data/hora: 0x58811d74 Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x5849a177 Código de exceção: 0xc0000005 Deslocamento da falha: 0x001948c7 ID do processo com falha: 0x12f4 Hora de início do aplicativo com falha: 0x01d2a185c19b1105 Caminho do aplicativo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID do Relatório: 778c2a02-6f26-4498-ba0f-ec44ae094584 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (03/20/2017 11:03:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: mbamtray.exe, versão: 3.0.0.912, carimbo de data/hora: 0x58811d74 Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x5849a177 Código de exceção: 0xc0000005 Deslocamento da falha: 0x001948c7 ID do processo com falha: 0x1778 Hora de início do aplicativo com falha: 0x01d2a182cbb0d597 Caminho do aplicativo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID do Relatório: e103cdb6-2e4e-4b8e-8dda-7605978ed0a7 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (03/20/2017 11:02:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: mbamtray.exe, versão: 3.0.0.912, carimbo de data/hora: 0x58811d74 Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x5849a177 Código de exceção: 0xc0000005 Deslocamento da falha: 0x001948c7 ID do processo com falha: 0x10e0 Hora de início do aplicativo com falha: 0x01d2a182a6b86c08 Caminho do aplicativo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID do Relatório: bfd19c07-7e62-4506-a3e3-a56c16ef664c Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (03/20/2017 09:53:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. . Error: (03/20/2017 09:41:05 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Erro ao atualizar o status para SECURITY_PRODUCT_STATE_ON (erro %3). Error: (03/20/2017 09:41:05 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Erro ao atualizar o status para SECURITY_PRODUCT_STATE_ON (erro %3). Error: (03/20/2017 09:39:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: mbamtray.exe, versão: 3.0.0.912, carimbo de data/hora: 0x58811d74 Nome do módulo com falha: Qt5Core.dll, versão: 5.6.2.0, carimbo de data/hora: 0x5849a177 Código de exceção: 0xc0000005 Deslocamento da falha: 0x001948c7 ID do processo com falha: 0x1174 Hora de início do aplicativo com falha: 0x01d2a176f42b1644 Caminho do aplicativo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll ID do Relatório: 3208045e-d241-4587-9539-1b9ad405a34d Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (03/20/2017 09:30:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UESPI-PC1) Description: Falha na ativação do aplicativo windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (03/20/2017 08:19:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: UESPI-PC1) Description: Falha na ativação do aplicativo windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel com o erro: -2147023170. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Erros de Sistema: ============= Error: (03/20/2017 11:28:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Serviço KSU foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (03/20/2017 11:28:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Serviço do Kaspersky Security Scan foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (03/20/2017 11:25:27 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (03/20/2017 11:25:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço NetPipeActivator devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (03/20/2017 11:25:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço NetPipeActivator. Error: (03/20/2017 11:24:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço NetTcpActivator depende do serviço NetTcpPortSharing, mas não foi possível iniciá-lo devido ao seguinte erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Error: (03/20/2017 11:24:54 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC1) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Iniciar para o aplicativo de Servidor COM com CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} e APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} ao usuário UESPI-PC1\UESPI SID (S-1-5-21-3164482373-2533763942-121798206-1000) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (03/20/2017 11:24:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço KMS-R@1n devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (03/20/2017 11:24:46 AM) (Source: DCOM) (EventID: 10016) (User: UESPI-PC1) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Iniciar para o aplicativo de Servidor COM com CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} e APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} ao usuário UESPI-PC1\UESPI SID (S-1-5-21-3164482373-2533763942-121798206-1000) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (03/20/2017 11:24:43 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: O serviço HomeGroupListener terminou com o seguinte erro específico de serviço: %%2147944153 = O mapeador de pontos de extremidade não possui mais pontos de extremidade disponíveis. CodeIntegrity: =================================== Date: 2017-01-27 11:17:45.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2017-01-27 11:17:44.752 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-14 19:47:42.802 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. Date: 2016-12-14 19:47:42.646 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentagem de memória em uso: 52% RAM física total: 1979.61 MB RAM física disponível: 950.14 MB Virtual Total: 3963.61 MB Virtual disponível: 2717.02 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.47 GB) (Free:92.17 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: B0000000) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ==================== Fim de Addition.txt ============================