Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 16-04-2017 Executado por Usuario (16-04-2017 12:24:38) Executando a partir de C:\Users\Usuario\Downloads Microsoft Windows 7 Ultimate (X86) (2011-12-14 17:00:33) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-955063874-2782673793-527263387-500 - Administrator - Disabled) Convidado (S-1-5-21-955063874-2782673793-527263387-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-955063874-2782673793-527263387-1002 - Limited - Enabled) Usuario (S-1-5-21-955063874-2782673793-527263387-1000 - Administrator - Enabled) => C:\Users\Usuario ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp) aTube Catcher versão 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software) Common Desktop Agent (Version: 1.52.0 - OEM) Hidden Conectividade Social (HKLM\...\Conectividade Social) (Version: - ) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) EFD Contribuições 2.0.11 (HKLM\...\EFD Contribuições 2.0.11) (Version: 1.0.0.0 - SERPRO) EFD Contribuições 2.0.12 (HKLM\...\EFD Contribuições 2.0.12) (Version: 1.0.0.0 - SERPRO) Ferramenta de Carregamento do Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - ) GBBD Caixa Economica Federal (HKLM\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.12.0.2 - ) Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.) Google Update Helper (Version: 1.3.23.0 - SaveSense) Hidden <==== ATENÇÃO Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden GRRF Eletrônica (HKLM\...\GRRF Eletrônica) (Version: - ) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation) IRPF2008 Windows - Declaração de Ajuste Anual (HKLM\...\IRPF2008 Windows - Declaração de Ajuste Anual) (Version: - ) IRPF2009 - Declaração de Ajuste Anual e Final de Espólio (HKLM\...\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio) (Version: - ) IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2011) (Version: 1.2 - Receita Federal do Brasil) IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2012) (Version: 1.0 - Receita Federal do Brasil) IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2013) (Version: 1.0 - Receita Federal do Brasil) IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2014) (Version: 1.0 - Receita Federal do Brasil) IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2015) (Version: 1.2 - Receita Federal do Brasil) IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\IRPF2016) (Version: 1.2 - Receita Federal do Brasil) IRPF2017 (HKLM\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil) ITR2011 (HKLM\...\ITR2011) (Version: - ) Java 8 Update 101 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation) K-Lite Codec Pack 8.0.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.0.0 - ) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 52.0.2 (x86 pt-BR) (HKLM\...\Mozilla Firefox 52.0.2 (x86 pt-BR)) (Version: 52.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1046}) (Version: 7.02.6445 - Nero AG) Pacote de Driver do Windows - Perto S.A. Perifericos para Automacao (PERTO38U) SmartCardReader (04/10/2007 1.1.5.6) (HKLM\...\608D1FA1C8C461081A6695F228B2DC54B0BFD5E8) (Version: 04/10/2007 1.1.5.6 - Perto S.A. Perifericos para Automacao) Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) PhotoScape (HKLM\...\PhotoScape) (Version: - ) Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.6 - Nikon) QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) Receitanet (HKLM\...\ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5) (Version: 1.07 - Serpro - Serviço Federal de Processamento de Dados) SafeZone Stable 3.55.2393.596 (Version: 3.55.2393.596 - Avast Software) Hidden Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.00.47.00 - Samsung Electronics Co., Ltd.) Samsung ML-1610 Series (HKLM\...\Samsung ML-1610 Series) (Version: - Samsung Electronics CO.,LTD) Samsung ML-1860 Series (HKLM\...\Samsung ML-1860 Series) (Version: - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.) SEFIP 8.40 (HKLM\...\SEFIP 8.40) (Version: - ) Spotify (HKU\S-1-5-21-955063874-2782673793-527263387-1000\...\Spotify) (Version: 1.0.52.725.g943b26a8 - Spotify AB) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.14484 - TeamViewer) VIMICRO USB PC Camera (HKLM\...\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}) (Version: 1.00.000 - ) Warsaw 1.15.1.61 32 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.15.1.61 - GAS Tecnologia) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) Windows Live Sync (HKLM\...\{2DF215E0-BD3C-4C98-8616-AFEF09747285}) (Version: 14.0.8117.416 - Microsoft Corporation) WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.135\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.99\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.57\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.79\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.145\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.123\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.153\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.149\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.165\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.115\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.5\psuser.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{FB451ACC-65B5-456a-A84E-6F9B8B75B077}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-955063874-2782673793-527263387-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.111\psuser.dll => Nenhum Arquivo ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0650A7FD-712D-4E6C-BAE6-A4C633484567} - System32\Tasks\{E5B5B891-D402-4DA5-B559-1B5E525975AF} => pcalua.exe -a C:\Users\Usuario\Downloads\IRPF2011win32v1.2.exe -d C:\Users\Usuario\Downloads Task: {0740D39F-3B8D-4E5F-8E83-C7331827A5B4} - System32\Tasks\{80307DA7-F6F0-4DCD-BE17-1DF79FF5954B} => pcalua.exe -a E:\Setup.exe -d E:\ Task: {0F909CFF-8AB1-4DDD-98C7-78E1A58C9177} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {23687882-24E6-4103-B854-CAE3E83D00E6} - System32\Tasks\{9550A4E5-78F6-4BAF-B3A8-CB2EEE3CF4BA} => pcalua.exe -a C:\Users\Usuario\AppData\Local\Temp\jre-8u91-windows-au.exe -d C:\Windows\system32 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATENÇÃO Task: {3E30164D-B2EF-4E11-AB27-5E37DF7B807B} - System32\Tasks\{7F9E559F-D61D-4F1A-9FF2-E294FDE48E99} => pcalua.exe -a F:\dma_2012(2).exe -d F:\ Task: {403BEABE-66C1-4E66-ABE5-D9286A37AF9B} - System32\Tasks\{1645D9B5-AFF0-4F1A-8F2D-7F0E8E8E71D1} => pcalua.exe -a "C:\Users\Usuario\Downloads\B2CAppSetup (3).exe" -d C:\Users\Usuario\Downloads Task: {596ECCFC-ECCA-4605-B9A7-07C8B7D49533} - System32\Tasks\{DD03810E-4AED-4595-BB7E-008103337402} => pcalua.exe -a "C:\Users\Usuario\Downloads\B2CAppSetup (2).exe" -d C:\Users\Usuario\Downloads Task: {74B2EEB1-B045-4840-AEF6-6C721ED71888} - System32\Tasks\{D58B7950-7784-42D6-9259-0DFFB0082AEC} => C:\Users\Usuario\Downloads\avast_free_antivirus_setup_online.exe [2016-06-30] (AVAST Software) Task: {7CD333A0-5ECA-4A21-8796-73A6321E3113} - System32\Tasks\{55FC62CA-31C6-4EBE-8B05-E5D2D1ED33BD} => pcalua.exe -a "C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q23CM11X\dma_2012.exe" -d C:\Users\Usuario\Desktop Task: {877A30FA-924F-4EB3-8673-87999F851AD7} - System32\Tasks\Avast Emergency Update => D:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-03] (AVAST Software) Task: {887C3D26-780B-4D8B-A075-A9BB40822B3C} - System32\Tasks\{B1717881-08B7-484D-BABE-FCEDEF08D2B7} => pcalua.exe -a C:\Users\Usuario\Downloads\DCTFMensalV3.2.exe -d C:\Users\Usuario\Downloads Task: {A51ED93C-5853-4CB3-82E6-03819A279D0E} - System32\Tasks\{6689FF90-B608-4B2D-AC74-4A40B3BE1836} => pcalua.exe -a C:\Users\Usuario\Downloads\B2CAppSetup.exe -d C:\Users\Usuario\Downloads Task: {AE7E01DB-C85A-4C02-9BAC-83D0AF435DE8} - System32\Tasks\{5FC518A1-04A3-4CA2-9B9C-B87707B55287} => pcalua.exe -a C:\Users\Usuario\Downloads\dma_2012.exe -d C:\Users\Usuario\Downloads Task: {C60E3682-A805-48D8-87E0-223B403EAED8} - System32\Tasks\{46D960A5-7CD3-4F32-9993-1D8ACF91879B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/pt/abandoninstall?source=lightinstaller&page=tsMain Task: {D33AEBF4-AE95-4204-AA9E-2EBE05356F19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-13] (Adobe Systems Incorporated) Task: {E445E1E7-2ECB-4F3D-98CE-41B978475033} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {E5CB8174-5CBE-49D1-B499-AFDD76385F01} - \ClickMeInUpdate -> Nenhum Arquivo <==== ATENÇÃO Task: {EBA65C4B-9C67-4B2F-8624-A5693B2E7A43} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated) Task: {ED16D907-70DA-414E-B2B8-06C3110EE7AF} - System32\Tasks\{5F4EBE6D-7FEC-4AD8-9F5D-A373081BE8E2} => pcalua.exe -a "G:\J RAMOS\GRRF_INSTALADOR_2_0_4(1).EXE" -d "G:\J RAMOS" Task: {F1C9E3E8-7FA5-4985-B63E-982FE5967C0F} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software) Task: {F94D9A75-2C11-43E3-9E70-1E4D10A774AD} - \ClickMeInUpdateLogin -> Nenhum Arquivo <==== ATENÇÃO Task: {FCC7BBDB-3E22-4BE5-A1F7-22BEE753CBFA} - System32\Tasks\SafeZone scheduled Autoupdate 1469397519 => D:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software) Task: {FF53A2B0-0CEE-4787-A417-43097D897BDE} - System32\Tasks\{FC40985A-7EFF-4F26-9B9E-6811C9F0C48D} => pcalua.exe -a E:\setup.exe -d E:\ Task: {FFD1ED8D-8281-4280-A753-5913528C2D14} - System32\Tasks\{6E607468-0AF5-449C-977B-4F0A18DFFC32} => pcalua.exe -a "C:\Users\Usuario\Downloads\SweetImSetup (1).exe" -d C:\Users\Usuario\Downloads (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2017-04-03 17:41 - 2017-04-03 17:41 - 00170216 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-04-03 17:42 - 2017-04-03 17:42 - 00176480 _____ () D:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-04-16 08:07 - 2017-04-16 08:07 - 05917184 _____ () D:\Program Files\AVAST Software\Avast\defs\17041600\algo.dll 2017-04-03 17:42 - 2017-04-03 17:42 - 00653520 _____ () D:\Program Files\AVAST Software\Avast\ffl2.dll 2017-04-03 17:41 - 2017-04-03 17:41 - 00230632 _____ () D:\Program Files\AVAST Software\Avast\streamback.dll 2011-08-31 11:13 - 2011-08-31 11:13 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2011-12-24 20:47 - 2007-01-02 22:32 - 00520192 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2010-11-26 22:17 - 2010-11-26 22:17 - 00331264 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2016-07-24 18:29 - 2016-07-24 18:29 - 48936448 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll 2017-04-03 17:41 - 2017-04-03 17:41 - 00293936 _____ () D:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2012-01-10 12:26 - 2009-11-05 07:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll 2012-08-08 08:02 - 2010-07-29 09:43 - 00026624 _____ () C:\Windows\System32\ssb6mlm.dll 2011-12-24 20:44 - 2007-01-03 12:57 - 00022723 _____ () C:\Windows\System32\sugs1l3.dll 2011-12-14 14:28 - 2011-04-20 00:56 - 00083240 _____ () C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe 2017-04-03 17:41 - 2017-04-03 17:41 - 00134920 _____ () d:\Program Files\AVAST Software\Avast\vaarclient.dll 2017-04-03 17:41 - 2017-04-03 17:41 - 00230632 _____ () d:\Program Files\AVAST Software\Avast\StreamBack.dll 2017-03-29 19:12 - 2017-03-28 23:04 - 02187096 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libglesv2.dll 2017-03-29 19:12 - 2017-03-28 23:04 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8] AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32] AlternateDataStreams: C:\Windows\System32:7CDCC812_Bb.gbp [2] AlternateDataStreams: C:\Windows\System32:7CDCC812_Cef.gbp [2] AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [569] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-955063874-2782673793-527263387-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-955063874-2782673793-527263387-1000\...\bb.com.br -> hxxps://seg.bb.com.br IE trusted site: HKU\S-1-5-21-955063874-2782673793-527263387-1000\...\caixa.gov.br -> hxxps://cmt.caixa.gov.br IE trusted site: HKU\S-1-5-21-955063874-2782673793-527263387-1000\...\caixa.gov.br -> hxxp://cmt.caixa.gov.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2016-04-09 20:04 - 00000865 ____N C:\Windows\system32\Drivers\etc\hosts 0.0.0.1 mssplus.mcafee.com ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-955063874-2782673793-527263387-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 209.239.112.213 - 69.64.54.93 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Firewall do Windows está desabilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{FEFE5212-7FE1-4D05-A924-C1EEBEB6A46D}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{8BFE14C9-37B8-4C3C-994C-3A6D0AE72B37}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{5DFED6E7-3784-417F-8ACA-1E5718546A05}] => (Allow) svchost.exe FirewallRules: [{2DEEB73E-66F7-4627-93D1-1BE40C532AA3}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{57525BA7-7311-4ACE-91D2-A27C7D4B97E0}] => (Allow) C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe FirewallRules: [{B156EECC-00B7-4804-A15B-BBAD624F2515}] => (Allow) C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe FirewallRules: [{78D0E329-4A68-4555-ADD4-426F16CBC59D}] => (Allow) C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe FirewallRules: [{2E91A180-F766-4258-9A25-F06D55C5A655}] => (Allow) C:\Program Files\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe FirewallRules: [TCP Query User{5D7E1593-E9AC-4CFB-BCDC-D8BF3703C70A}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{7B6892C0-33D4-43DC-91D2-DAC1269D26C7}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe FirewallRules: [{6D2FEF2A-048D-4544-84FB-4ABE3C84BCE4}] => (Allow) C:\Windows\System32\msiexec.exe FirewallRules: [{6334EACA-ADFE-4A26-B90D-40DF653BFA7E}] => (Allow) C:\Windows\System32\msiexec.exe FirewallRules: [{52236750-B3C9-4A0B-96ED-16E18914F8D8}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{DB55A4A1-A329-4190-B0AD-9380BAF9A2B9}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer.exe FirewallRules: [{817576F3-28FA-425E-AA4F-6B152139B72A}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [{17BF7652-FEE1-4767-A30B-7D8CC80C70D7}] => (Allow) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe FirewallRules: [TCP Query User{A7476EC2-3670-452E-9396-5B53B30CBECC}C:\program files\dsnet corp\atube catcher 2.0\yct.exe] => (Allow) C:\program files\dsnet corp\atube catcher 2.0\yct.exe FirewallRules: [UDP Query User{385145AA-A6CE-4575-87A5-BD8D2248DC08}C:\program files\dsnet corp\atube catcher 2.0\yct.exe] => (Allow) C:\program files\dsnet corp\atube catcher 2.0\yct.exe FirewallRules: [{CDADE79D-145E-4DDA-ACBC-2BE78AD541E6}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{6FD95B84-6AEA-42EA-9342-FDE9B3D08C5D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{D3CE851F-A862-47F3-9669-33D1F4202AC8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{A6CAFDEB-4182-4990-A2EA-E4C082B9A1F8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{9C38B3C4-B8EA-4A77-97C8-F81FE5F89B29}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{2BEC77E7-CCE6-470F-B2D4-83A54D40C96A}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{725260DF-655A-428C-8BFE-5987010455FB}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{DF4CFAF1-DDD0-40E7-B229-FF4AE76CECED}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{EDDC757C-FB6F-4DE0-8693-799EB8D0D83B}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{863AFCD5-764D-4250-9649-409EBD43BEB4}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [TCP Query User{4CC9022F-2547-43D4-A539-B8BBD71ED362}C:\program files\java\jre7\launch4j-tmp\irpf2013.exe] => (Allow) C:\program files\java\jre7\launch4j-tmp\irpf2013.exe FirewallRules: [UDP Query User{BEB77C67-55DC-403C-A47F-57DBD152DF1F}C:\program files\java\jre7\launch4j-tmp\irpf2013.exe] => (Allow) C:\program files\java\jre7\launch4j-tmp\irpf2013.exe FirewallRules: [TCP Query User{82A660F5-6214-4DF3-856E-247BF7B31CD8}C:\program files\dsnet corp\atube catcher 2.0\yct.exe] => (Allow) C:\program files\dsnet corp\atube catcher 2.0\yct.exe FirewallRules: [UDP Query User{E4F57F92-4484-4D50-A5E1-9C4CD25C5C69}C:\program files\dsnet corp\atube catcher 2.0\yct.exe] => (Allow) C:\program files\dsnet corp\atube catcher 2.0\yct.exe FirewallRules: [TCP Query User{E48C55A2-F746-4D77-BCC6-5C9CA7412D83}C:\program files\java\jre7\launch4j-tmp\irpf2013.exe] => (Allow) C:\program files\java\jre7\launch4j-tmp\irpf2013.exe FirewallRules: [UDP Query User{C0CDB2B1-7BBE-4DC0-B961-5B00588DDF6E}C:\program files\java\jre7\launch4j-tmp\irpf2013.exe] => (Allow) C:\program files\java\jre7\launch4j-tmp\irpf2013.exe FirewallRules: [TCP Query User{91587CA0-7E83-4C76-920E-E6846C27D2D1}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe FirewallRules: [UDP Query User{831BA434-24F1-4308-B8F0-6B6B246ABEBF}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe FirewallRules: [{4E2042D9-9E87-4BD8-ADB5-7DE815908E54}] => (Allow) C:\Users\Usuario\Downloads\VideoPerformerSetup.exe FirewallRules: [{F2EE6DAC-6A50-4CE4-85A0-54296600384F}] => (Allow) C:\Users\Usuario\Downloads\VideoPerformerSetup.exe FirewallRules: [{381562E8-6C6C-4514-997A-BD1460BB9D63}] => (Allow) C:\Users\Usuario\AppData\Local\Temp\Video Performer63817.exe FirewallRules: [{65D68310-82BE-4381-8736-0D08C770E02B}] => (Allow) C:\Users\Usuario\AppData\Local\Temp\Video Performer63817.exe FirewallRules: [TCP Query User{DD116EDB-D376-4085-8116-FB0A7A67C0E5}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{60AEB3FC-81BB-4287-A3EB-20E4BB1A395F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{25972508-6655-41A3-8203-02C8DC95750A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{E95F347C-C9A6-4EA4-8726-3DA983D9DFD4}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{101C7A89-1CAC-4C45-93CF-8C61386089E1}C:\program files\java\jre1.8.0_31\launch4j-tmp\irpf2015.exe] => (Allow) C:\program files\java\jre1.8.0_31\launch4j-tmp\irpf2015.exe FirewallRules: [UDP Query User{C3B0D333-1406-4C9B-B28D-119C523F3037}C:\program files\java\jre1.8.0_31\launch4j-tmp\irpf2015.exe] => (Allow) C:\program files\java\jre1.8.0_31\launch4j-tmp\irpf2015.exe FirewallRules: [TCP Query User{386DA776-38D1-4B4F-90B8-9AAD5D286B6F}C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe FirewallRules: [UDP Query User{C356F20A-FADB-44DC-9C50-AA80898C15DE}C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe FirewallRules: [TCP Query User{332FBB75-257D-44F4-9CEE-EBC17F22E5AE}C:\program files\Java\jre1.8.0_51\bin\jp2launcher.exe] => (Allow) C:\program files\Java\jre1.8.0_51\bin\jp2launcher.exe FirewallRules: [UDP Query User{481224F7-B9DA-4650-BB2D-032B7882B818}C:\program files\Java\jre1.8.0_51\bin\jp2launcher.exe] => (Allow) C:\program files\Java\jre1.8.0_51\bin\jp2launcher.exe FirewallRules: [TCP Query User{E1997B36-7716-45CC-B048-D99E814F2C90}C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe FirewallRules: [UDP Query User{DE675200-E928-4DBD-9DAB-E8E2D2AE947F}C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\jp2launcher.exe FirewallRules: [{D6C9CE8B-82F9-4010-9613-0E5CFBC3F542}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [TCP Query User{F14CB03A-EC75-4F92-B59D-6B399A2C4DBB}C:\program files\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [UDP Query User{035AE0DD-8241-4324-8D39-8E577183C99F}C:\program files\java\jre1.8.0_66\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\jp2launcher.exe FirewallRules: [TCP Query User{B65D0EA8-D120-4562-86C7-2D71BFB34EBD}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usuario\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{826375B6-FB20-4306-969F-FC18DFB5DD85}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usuario\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{44B848C5-5221-48FE-BA01-A01F0C9D3DA9}C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe FirewallRules: [UDP Query User{E17B038E-3D15-4EE4-A525-B0EDACEAB739}C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_77\bin\jp2launcher.exe FirewallRules: [TCP Query User{F442B5B0-2825-48FD-9D8E-9D3DFDE74529}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\usuario\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{4206CE04-4E79-4519-836F-BE0746A8C544}C:\users\usuario\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\usuario\appdata\roaming\spotify\spotify.exe FirewallRules: [{7A949CEB-7C57-4661-AA24-B8E63605C0BE}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [TCP Query User{321D4527-3BE8-480F-8D4F-394C686E0A00}C:\program files\java\jre1.8.0_77\launch4j-tmp\irpf2016.exe] => (Allow) C:\program files\java\jre1.8.0_77\launch4j-tmp\irpf2016.exe FirewallRules: [UDP Query User{F772B379-84F1-46B6-968C-CB33283C0A21}C:\program files\java\jre1.8.0_77\launch4j-tmp\irpf2016.exe] => (Allow) C:\program files\java\jre1.8.0_77\launch4j-tmp\irpf2016.exe FirewallRules: [TCP Query User{5A414BEC-85D5-453A-89FD-D8F57DB6945A}C:\program files\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\jp2launcher.exe FirewallRules: [UDP Query User{C7A4C853-BEDF-46FE-BD99-22D620893CCD}C:\program files\java\jre1.8.0_91\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\jp2launcher.exe FirewallRules: [TCP Query User{F86C41DB-6AE5-466F-A060-41EC5AA90E6D}C:\users\usuario\appdata\local\temp\java\sysusuario-pc.exe] => (Allow) C:\users\usuario\appdata\local\temp\java\sysusuario-pc.exe FirewallRules: [UDP Query User{9B6D4959-0CB1-4BF4-828B-F4D5FB500DE4}C:\users\usuario\appdata\local\temp\java\sysusuario-pc.exe] => (Allow) C:\users\usuario\appdata\local\temp\java\sysusuario-pc.exe FirewallRules: [{7705CDC7-B1AF-409C-AC3F-99B029C19AAB}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe FirewallRules: [{A582A2A8-2F80-4011-B8EB-855A18BFC9D0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{D7D41F1D-A582-4E87-88D9-5228E5328DB4}] => (Allow) D:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe FirewallRules: [{5C13FD46-08D2-4BF6-A886-AD6DCEB1228F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{1309D393-5616-4E87-B1A0-D743D2115382}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Pontos de Restauração ========================= 06-11-2016 02:01:59 Ponto de Verificação Agendado 23-11-2016 07:34:42 Ponto de Verificação Agendado 22-01-2017 18:07:26 Instalação de Pacote de Driver de Dispositivo: Diebold Network Monitor Serviço de Rede 22-01-2017 18:11:18 Backup do Windows 06-02-2017 16:18:09 Backup do Windows 12-02-2017 17:53:48 Removeu League of Legends 28-02-2017 20:12:44 Ponto de Verificação Agendado 01-03-2017 09:00:08 Backup do Windows 13-03-2017 14:11:18 Ponto de Verificação Agendado 27-03-2017 15:20:22 Ponto de Verificação Agendado 03-04-2017 17:42:09 Backup do Windows 09-04-2017 17:59:56 Removido Assistente de Conexão do Windows Live 09-04-2017 18:11:14 Configurado PowerDVD 09-04-2017 18:11:33 Removed Bluetooth Win7 Suite. ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Warsaw - Driver (PP) Description: Warsaw - Driver (PP) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddpp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Warsaw - Driver (PRM) Description: Warsaw - Driver (PRM) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: wsddprm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teredo Tunneling Pseudo-Interface Description: Adaptador de Túnel Teredo da Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (04/16/2017 12:23:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: SYSUSUARIO-PC.exe, versão: 0.0.0.0, carimbo de hora: 0x577a9370 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdaae Código de exceção: 0xe053534f Deslocamento com falha: 0x00009617 Identificação do processo com falha: 0x%9 Hora de início do aplicativo com falha: 0xSYSUSUARIO-PC.exe0 Caminho do aplicativo com falha: SYSUSUARIO-PC.exe1 FCaminho do módulo de falhas: SYSUSUARIO-PC.exe2 Identificação do Relatório: SYSUSUARIO-PC.exe3 Error: (04/16/2017 09:26:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: SYSUSUARIO-PC.exe, versão: 0.0.0.0, carimbo de hora: 0x577a9370 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdaae Código de exceção: 0xe053534f Deslocamento com falha: 0x00009617 Identificação do processo com falha: 0x%9 Hora de início do aplicativo com falha: 0xSYSUSUARIO-PC.exe0 Caminho do aplicativo com falha: SYSUSUARIO-PC.exe1 FCaminho do módulo de falhas: SYSUSUARIO-PC.exe2 Identificação do Relatório: SYSUSUARIO-PC.exe3 Error: (04/13/2017 04:53:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: SYSUSUARIO-PC.exe, versão: 0.0.0.0, carimbo de hora: 0x577a9370 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdaae Código de exceção: 0xe053534f Deslocamento com falha: 0x00009617 Identificação do processo com falha: 0x%9 Hora de início do aplicativo com falha: 0xSYSUSUARIO-PC.exe0 Caminho do aplicativo com falha: SYSUSUARIO-PC.exe1 FCaminho do módulo de falhas: SYSUSUARIO-PC.exe2 Identificação do Relatório: SYSUSUARIO-PC.exe3 Error: (04/10/2017 10:20:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: SYSUSUARIO-PC.exe, versão: 0.0.0.0, carimbo de hora: 0x577a9370 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdaae Código de exceção: 0xe053534f Deslocamento com falha: 0x00009617 Identificação do processo com falha: 0x%9 Hora de início do aplicativo com falha: 0xSYSUSUARIO-PC.exe0 Caminho do aplicativo com falha: SYSUSUARIO-PC.exe1 FCaminho do módulo de falhas: SYSUSUARIO-PC.exe2 Identificação do Relatório: SYSUSUARIO-PC.exe3 Error: (04/09/2017 06:11:14 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {b1f0cc4f-e188-474b-810d-1cf5235ce427} Error: (04/09/2017 01:57:20 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: SYSUSUARIO-PC.exe, versão: 0.0.0.0, carimbo de hora: 0x577a9370 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdaae Código de exceção: 0xe053534f Deslocamento com falha: 0x00009617 Identificação do processo com falha: 0x%9 Hora de início do aplicativo com falha: 0xSYSUSUARIO-PC.exe0 Caminho do aplicativo com falha: SYSUSUARIO-PC.exe1 FCaminho do módulo de falhas: SYSUSUARIO-PC.exe2 Identificação do Relatório: SYSUSUARIO-PC.exe3 Error: (04/07/2017 01:05:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa chrome.exe versão 57.0.2987.133 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: f2c Hora de Início: 01d2afb604364762 Hora de Término: 6 Caminho do Aplicativo: C:\Program Files\Google\Chrome\Application\chrome.exe Id do Relatório: 01c49807-1bac-11e7-8943-1078d2b9d31a Error: (04/07/2017 10:17:46 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={AC48E77E-8465-470A-A0F5-46BC01A6F642}: o usuário Usuario-PC\Usuario discou uma conexão de nome DSTech que falhou. O código do erro retornado na falha é 651. Error: (04/07/2017 09:35:31 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Falha na geração de contexto de ativação para "d:\program files\avast software\Avast\x64\gaming_hook.exe". Assembly dependente Avast.VC140.CRT,processorArchitecture="amd64",publicKeyToken="fcc99ee6193ebbca",type="win32",version="14.0.23918.0" não pôde ser localizado. Use o arquivo sxstrace.exe para obter um diagnóstico detalhado. Error: (04/07/2017 09:12:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: SYSUSUARIO-PC.exe, versão: 0.0.0.0, carimbo de hora: 0x577a9370 Nome do módulo de falhas: KERNELBASE.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bdaae Código de exceção: 0xe053534f Deslocamento com falha: 0x00009617 Identificação do processo com falha: 0x%9 Hora de início do aplicativo com falha: 0xSYSUSUARIO-PC.exe0 Caminho do aplicativo com falha: SYSUSUARIO-PC.exe1 FCaminho do módulo de falhas: SYSUSUARIO-PC.exe2 Identificação do Relatório: SYSUSUARIO-PC.exe3 Erros de Sistema: ============= Error: (04/16/2017 12:13:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (04/16/2017 11:56:05 AM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi recebido: 46. Error: (04/16/2017 11:54:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Serviço LM devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (04/16/2017 11:52:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (04/16/2017 11:52:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: gbpddreg Error: (04/16/2017 11:52:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço DgiVecp devido ao seguinte erro: O sistema não pode encontrar o dispositivo especificado. Error: (04/16/2017 11:52:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço ClickMeIn Connectivity devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (04/16/2017 11:50:57 AM) (Source: DCOM) (EventID: 10000) (User: ) Description: Não é possível iniciar o servidor DCOM: {C3D84F57-9904-4F7D-8D79-1D72DAD51ADC}. O erro: "2" Aconteceu ao iniciar este comando: "C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe" -Embedding Error: (04/16/2017 11:50:51 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: O computador foi reinicializado após uma verificação de erro. Essa verificação foi: 0x00000124 (0x00000000, 0x85ca901c, 0xb2000000, 0x84000402). Um despejo de memória foi salvo em: C:\Windows\MEMORY.DMP. Id de Relatório: 041617-24148-01. Error: (04/16/2017 11:50:50 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 11:40:42 às ‎16/‎04/‎2017 não era esperado. CodeIntegrity: =================================== Date: 2016-08-25 21:22:01.846 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 21:22:00.317 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 21:22:00.145 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 20:11:59.064 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 20:11:57.520 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 20:11:57.254 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 05:04:22.877 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 05:04:21.551 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 05:04:21.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-23 09:01:12.409 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wsddpp.sys because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz Percentagem de memória em uso: 66% RAM física total: 3236.88 MB RAM física disponível: 1098.72 MB Virtual Total: 6472.04 MB Virtual disponível: 4170.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:68.27 GB) (Free:21.95 GB) NTFS Drive d: () (Fixed) (Total:397.39 GB) (Free:179.08 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 000617C3) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=68.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=397.4 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================