Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01 Executado por Hakaz7 (03-07-2017 19:53:06) Executando a partir de C:\Users\Hakaz7\Desktop Windows 10 Pro Versão 1607 (X64) (2016-09-15 15:44:03) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1487806579-2887001220-3690848270-500 - Administrator - Disabled) aldem (S-1-5-21-1487806579-2887001220-3690848270-1003 - Limited - Enabled) => C:\Users\aldem Convidado (S-1-5-21-1487806579-2887001220-3690848270-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1487806579-2887001220-3690848270-503 - Limited - Disabled) Hakaz7 (S-1-5-21-1487806579-2887001220-3690848270-1000 - Administrator - Enabled) => C:\Users\Hakaz7 HomeGroupUser$ (S-1-5-21-1487806579-2887001220-3690848270-1002 - Limited - Enabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - ) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.) AIMP Classic (HKLM-x32\...\AIMPClassic) (Version: - ) Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation) ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft) CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DriversCloud.com (64 bits) (HKLM\...\{A156B6AA-A988-4BE4-8377-FE0D310FB49F}) (Version: 10.0.1.0 - Cybelsoft) EagleGet version 2.0.4.19 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.19 - EagleGet) Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Intel(R) Network Connections 15.2.89.2 (HKLM\...\PROSetDX) (Version: 15.2.89.2 - Intel) K-Lite Mega Codec Pack 11.3.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.6 - ) Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 41.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 pt-BR)) (Version: 41.0.2 - Mozilla) Mozilla Firefox 53.0.2 (x64 pt-BR) (HKLM\...\Mozilla Firefox 53.0.2 (x64 pt-BR)) (Version: 53.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla) MPC-HC 1.7.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team) Nightly 43.0a1 (x64 en-US) (HKLM\...\Nightly 43.0a1 (x64 en-US)) (Version: 43.0a1 - Mozilla) Opera Stable 46.0.2597.32 (HKLM-x32\...\Opera 46.0.2597.32) (Version: 46.0.2597.32 - Opera Software) Oracle VM VirtualBox 5.1.2 (HKLM\...\{629314D8-8CB7-45F4-8C48-20EF2E330430}) (Version: 5.1.2 - Oracle Corporation) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.45.0.0 - Goversoft LLC) qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) RogueKiller version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software) Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com) Spotify (HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Spotify) (Version: 1.0.55.487.g256699aa - Spotify AB) UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net) VDownloader Plus 4.2.1820 (HKLM\...\VDownloader Plus_is1) (Version: 4.2.1820 - ) Watchtower Library 2015 - Português (HKLM-x32\...\{C0581871-09A0-4AE4-B4C2-188E2A8AD5FA}) (Version: 17.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {026A821F-8398-4C7A-9415-F1690D2011A1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {03AC74DB-BBD3-4F7F-B391-CEEBA99F502B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {097B0595-F663-42BB-AABC-CAFCFD985BCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.) Task: {12B98FC6-062C-44B6-8433-7E5116B5BD8B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1338BBB9-402D-41A9-9C9A-AB16163A54A5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {306E14B8-D507-4D63-8B23-196C023D30D9} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-03-23] () Task: {308FDFF4-A13B-40ED-A83A-85CBEB81D670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.) Task: {31F918BF-866D-4E0F-9CBF-2F387EB41B76} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3230F5D5-3995-495C-82DC-802F3F297A64} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4AAAC00F-A704-48E4-83D4-10ECBAF2D2B1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-16] (Adobe Systems Incorporated) Task: {5C1E0603-BE9E-4BB8-9E17-2954C62AAA1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {67F0F594-BEDE-4499-AC0E-50C915D3E177} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {6AD72B4B-85F1-4373-AC2D-654F1819B128} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6E9ADB02-B6DD-447E-B236-03F568A16191} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {71ABB2F6-A74E-4CFB-BABB-D4670F8502F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {741881B2-CD8A-4512-8FAF-AC79A3CBD08E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {79AF35CC-C4E4-405A-A612-9186E80E1C2C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {7A55049D-73DA-49EB-9656-4164E4B22FF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {84664C42-883A-4732-B22C-4A4EF94A0B2E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {87876F0F-1362-41DF-A592-B647859387D6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated) Task: {97428D03-ED99-4498-8F49-B1F92A687F20} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A9477F8C-3789-465D-9B1A-4B47F22D2876} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B756E350-E9DD-4FAD-819A-FBA5D6354CC7} - System32\Tasks\Opera scheduled Autoupdate 1442452640 => C:\Program Files (x86)\Opera\launcher.exe [2017-06-27] (Opera Software) Task: {BDA5345D-59D9-426F-A204-CDD8C51D0D00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C55F630C-52AF-4D43-9B56-E4286F8FAB2B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {C584DED3-BD55-415E-B98E-7948FD354614} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CE3156B4-617E-4A69-A706-4CFEE6C18A9A} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2016-01-31] (Goversoft LLC) Task: {CEDEA982-B649-44DA-AB68-EFEF9A463CAF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E74ADD65-BA9B-49CD-95FC-2AC7D03291C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {ECD7BE54-F1F9-4EF8-8628-6DA7A95F4787} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {EDCD98EF-3CE4-4259-8BF3-D5F8350ED7C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-15] (Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) Shortcut: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat () ==================== Módulos Carregados (Whitelisted) ============== 2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-06-14 16:10 - 2017-06-03 07:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2011-06-15 04:57 - 2011-06-15 04:57 - 00034304 _____ () C:\WINDOWS\System32\ssb6mlm.dll 2016-01-31 13:17 - 2016-01-31 13:17 - 03525431 _____ () C:\Program Files (x86)\PrivaZer\PrivaMenu5.dll 2016-09-15 22:48 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 04:58 - 2017-03-04 03:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 04:58 - 2017-03-04 03:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 04:58 - 2017-03-04 03:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 04:58 - 2017-03-04 03:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-06-14 16:10 - 2017-06-03 05:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-06-14 16:10 - 2017-06-03 05:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-06-14 16:10 - 2017-06-03 05:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-06-21 00:01 - 2017-06-21 00:01 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-21 00:01 - 2017-06-21 00:01 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-21 00:01 - 2017-06-21 00:01 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-06-21 00:01 - 2017-06-21 00:01 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll 2017-03-15 04:58 - 2017-03-04 03:04 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll 2017-03-15 04:58 - 2017-03-04 03:04 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll 2017-03-15 04:58 - 2017-03-04 03:04 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2017-04-12 14:17 - 2017-03-28 03:26 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll 2017-04-12 14:17 - 2017-03-28 03:13 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll 2017-06-08 14:29 - 2017-06-08 14:29 - 02567680 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll 2017-06-08 14:29 - 2017-06-08 14:29 - 00132608 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.2.1451.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll 2017-06-21 23:23 - 2017-06-21 23:23 - 00054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll 2017-06-01 13:07 - 2017-06-01 13:07 - 23661056 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Video.UI.exe 2017-06-01 13:07 - 2017-06-01 13:07 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-05-28 15:18 - 2017-05-28 15:19 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2017-06-01 13:07 - 2017-06-01 13:07 - 10214400 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17042.14211.0_x64__8wekyb3d8bbwe\EntPlat.dll 2017-06-02 18:18 - 2017-06-02 18:18 - 00198656 _____ () C:\Users\Hakaz7\AppData\Local\Packages\microsoft.adera_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\c69646e6175aa90d4a40c5ce39591439\CEServices.ni.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\samsungsetup.com -> hxxp://www.samsungsetup.com ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2017-07-02 21:35 - 00013820 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 cpm.paneladmin.pro 127.0.0.1 publisher.hmdiadmingate.xyz 127.0.0.1 distribution.hmdiadmingate.xyz 127.0.0.1 hmdicrewtracksystem.xyz 127.0.0.1 linkmate.space 127.0.0.1 space1.adminpressure.space 127.0.0.1 trackpressure.website 127.0.0.1 doctorlink.space 127.0.0.1 plugpackdownload.net 127.0.0.1 dscdn.pw 127.0.0.1 beautifllink.xyz127.0.0.1 w9448963.vpsnitro.u.avast.com 127.0.0.1 w9448963.vpsnitrotiny.u.avast.com 127.0.0.1 w9448963.iavs5x.u.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7event.stats.avast.com 127.0.0.1 sm00.avast.com 127.0.0.1 submit5.avast.com 127.0.0.1 geoip.avast.com 127.0.0.1 v7630928.iavs9x.u.avast.com 127.0.0.1 v7630928.ivps9x.u.avast.com 127.0.0.1 v7630928.ivps9tiny.u.avast.com 127.0.0.1 v7630928.vpsnitro.u.avast.com 127.0.0.1 v7630928.vpsnitrotiny.u.avast.com 127.0.0.1 v7630928.iavs5x.u.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7.stats.avast.com 127.0.0.1 v7event.stats.avast.com 127.0.0.1 sm00.avast.com 127.0.0.1 submit5.avast.com Existem ainda 319 mais linhas. ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hakaz7\Documents\EGDownloads\visão.jpg DNS Servers: 200.189.80.124 - 200.189.80.110 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [UDP Query User{727280AB-00B9-43CD-86B0-B628ECAA2748}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe FirewallRules: [TCP Query User{B5578DD4-5AD8-4C9E-8859-67531B323C37}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe FirewallRules: [UDP Query User{425650B8-A73E-4262-9915-00BB1328DE1A}C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe] => (Block) C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe FirewallRules: [TCP Query User{71FEE34B-14AC-4448-8990-D3037358E40B}C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe] => (Block) C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe FirewallRules: [{2F948DFB-9F89-4F7C-B57A-CCE70298D179}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F70EB1CB-4C4C-4B7B-85C0-02BFF8301C6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{BA9669A7-D367-4E07-86A1-3DC29A57C5B7}C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{7A97CE21-0EA4-417D-B648-9B2524714F93}C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{6B1A2B88-5170-41C3-A53B-051873648F21}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe FirewallRules: [{035ED720-88D5-4ADA-8677-5A8092FBAAF1}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe FirewallRules: [{23A6B6C3-D122-415E-96E5-A6381D1B932F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{D4FD9A26-9070-44B9-A8DA-8B9CABDE0D1A}] => (Allow) LPort=2869 FirewallRules: [{FA56EC70-193E-4206-B035-DAB3DF538830}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{4F74E4AC-1C7F-4E39-AEB8-23A3918E9BFC}C:\users\hakaz7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hakaz7\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{A2412B98-FC4F-4E58-BD46-719D5E12A58D}C:\users\hakaz7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hakaz7\appdata\roaming\spotify\spotify.exe FirewallRules: [{06D1A383-5285-4FB0-B75C-A4B1D8F83485}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe FirewallRules: [{8EC69FF0-F5A9-4DFC-8331-63B9BB9E5781}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe FirewallRules: [{2EB8D542-998D-4212-B6BD-95A24A9F6172}] => (Allow) C:\Program Files (x86)\Eastness\Application\chrome.exe FirewallRules: [{FF877634-74C4-4D54-88E8-636F354B9E85}] => (Allow) C:\Program Files (x86)\MIO\loader\samsungxhd502hj_s2bvj56b617167.dat FirewallRules: [{562B6E4C-9D66-47BA-A7F2-631873DF6E90}] => (Allow) C:\Program Files (x86)\MIO\loader\samsungxhd502hj_s2bvj56b617167.dat FirewallRules: [{FE35E9B2-A92A-4393-BD3D-CEBC4109595C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{0710C1D9-1C05-437A-9A43-ECD88AAE134C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{7E019E67-75E0-44CC-9E57-5CD496908850}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe FirewallRules: [UDP Query User{35016BA5-3C65-4FA3-AE1A-5F51F6C6FD96}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe FirewallRules: [{317B48A7-77C1-4B5C-B46E-24054B3319EC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{BBA90AF1-CB01-4534-87F9-345D4784BF37}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe FirewallRules: [{4B1B7A21-AEA3-475D-A914-6324B6FC07B8}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.898\opera.exe FirewallRules: [{B53FC0C0-F926-4C71-BECD-7C1B6DD24BFD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{7F67AFB0-2725-4F55-AAB2-F2021DB9E880}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{49ACBC2A-14E5-4E11-A0FC-A20EB3D5BD30}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{2953F0E5-360F-4C60-B790-F1E762987860}] => (Allow) C:\WINDOWS\System32\rundll32.exe FirewallRules: [{274E6F4B-A30B-41AA-946E-CEA2A74A5588}] => (Allow) C:\WINDOWS\System32\rundll32.exe FirewallRules: [{5D9826F9-6A45-4DDC-B9E5-567EC1BCD8D2}] => (Allow) C:\WINDOWS\System32\rundll32.exe FirewallRules: [{BA054877-06A5-47CE-9919-5952844C392B}] => (Allow) C:\WINDOWS\System32\rundll32.exe FirewallRules: [{E67E2E3A-E087-4F6B-8CDA-31960826E394}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5D470A83-1BD6-45B0-A593-828F7F1815A3}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.32\opera.exe ==================== Pontos de Restauração ========================= 03-07-2017 14:09:12 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Mouse compatível com PS/2 Description: Mouse compatível com PS/2 Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Teclado Padrão PS/2 Description: Teclado Padrão PS/2 Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (teclados padrões) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Error: (07/03/2017 07:47:54 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Falha na enumeração de sessões de usuário para gerar pools de filtro. Detalhes: (HRESULT : 0x80040210) (0x80040210) Erros de Sistema: ============= Error: (07/03/2017 07:47:32 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento do sistema que ocorreu às 19:11:50 do dia ‎03/‎07/‎2017 não era esperado. Error: (07/03/2017 12:07:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Adobe Acrobat Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (07/03/2017 12:07:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Realtek Audio Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (07/03/2017 06:32:00 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (07/02/2017 11:29:58 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR) Description: O servidor {0002DF02-0000-0000-C000-000000000046} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/02/2017 09:43:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Serviço de Biometria do Windows foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (07/02/2017 09:42:42 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (07/02/2017 09:39:15 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR) Description: O servidor {0002DF02-0000-0000-C000-000000000046} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/02/2017 01:12:13 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (07/02/2017 01:27:23 AM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR) Description: O servidor {0002DF02-0000-0000-C000-000000000046} não se registrou no DCOM dentro do tempo limite necessário. CodeIntegrity: =================================== Date: 2017-06-27 19:36:00.706 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-06-27 19:36:00.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-06-27 10:58:41.934 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-06-27 10:58:41.783 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-06-26 08:56:33.626 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. Date: 2017-06-26 08:56:32.813 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\winhttp.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz Percentagem de memória em uso: 59% RAM física total: 2009.33 MB RAM física disponível: 820.13 MB Virtual Total: 4441.33 MB Virtual disponível: 2993.76 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:397.08 GB) (Free:84.31 GB) NTFS Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:408.06 GB) NTFS Drive g: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 4A5A8254) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=397.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=68.1 GB) - (Type=05) Partition 4: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 5ED0A206) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1.9 GB) (Disk ID: 20736F63) No partition Table on disk 2. ==================== Fim de Addition.txt ============================