Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 20-09-2017 Executado por RODRIGO (21-09-2017 20:05:06) Executando a partir de C:\Users\RODRIGO\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2016-05-19 17:24:20) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-2569912285-2516486697-1191534479-500 - Administrator - Disabled) Convidado (S-1-5-21-2569912285-2516486697-1191534479-501 - Limited - Disabled) RODRIGO (S-1-5-21-2569912285-2516486697-1191534479-1000 - Administrator - Enabled) => C:\Users\RODRIGO ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F} AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 7-Zip 16.01 (x64) (HKLM\...\7-Zip) (Version: 16.01 - Igor Pavlov) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated) Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.) Atualizações da NVIDIA 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avira (HKLM-x32\...\{1B48601D-0537-4589-9952-A8989BE8249A}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM-x32\...\{7c01a3b4-3454-446e-8473-8a245f962c28}) (Version: 1.2.96.16095 - Avira Operations GmbH & Co. KG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.30.29 - Avira Operations GmbH & Co. KG) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.) Chromium (HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\...\Chromium) (Version: 51.0.2683.0 - Chromium) CorelDRAW Graphics Suite 12 (HKLM-x32\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation) CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CPUID HWMonitor 1.32 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.32 - ) Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - ) foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.91 - Google Inc.) Google Drive (HKLM-x32\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden GunboundPS (HKLM-x32\...\GunboundPS_is1) (Version: - Softnyx co.,Ltd.) Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - ) HL-1200 series (HKLM-x32\...\{3D91358F-DE2D-46A2-AE8B-888C482B51C9}) (Version: 1.0.3.0 - Brother Industries, Ltd.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Matroska Pack (HKLM-x32\...\Matroska Pack) (Version: - ) MatroskaProp (remove only) (HKLM-x32\...\MatroskaProp) (Version: - ) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) NVIDIA Driver de áudio HD 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA Driver de controle do 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA Driver de gráficos 359.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.21 - NVIDIA Corporation) NVIDIA Driver do 3D Vision 359.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.21 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NyxLauncherPS (HKLM-x32\...\NyxLauncherPS_is1) (Version: - Softnyx co.,ltd.) Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Painel de controle da NVIDIA 359.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 359.21 - NVIDIA Corporation) Hidden PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.0 - pdfforge GmbH) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Winrar 5.00 (64-bit) (HKLM\...\Winrar 5.00 (64-bit)5.00) (Version: 5.00 - Friends in War) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google) ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-14] (Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-12-16] (NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-19] (Igor Pavlov) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-09-14] (Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1BF7B4FB-4966-4145-9D18-D52EBC6E9657} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {1C63D597-95FB-44DB-9103-20503CC96206} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated) Task: {32C3C618-27EA-42A4-8269-8BDA50E9EB4B} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-10] (@ByELDI) Task: {4B01B7F0-EB25-4E2D-A04C-FD9E5813ACF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-19] (Google Inc.) Task: {58CEF893-01D9-4913-83F4-E33AE9B2C284} - System32\Tasks\ASUS\i-Setup171410 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [2013-08-22] (ASUSTeK Computer Inc.) Task: {61D7A018-AD1B-4BED-88C7-2A8FAF6067C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) Task: {65ACB6E3-D5C9-425B-868C-53F15713E0F6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {9F56865D-8F3B-4895-8144-19CCEB59389A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {D5BB9F61-4F09-4CDA-88CA-A11406CE5B07} - System32\Tasks\{F4AFBCFE-BFCC-4A5D-AC47-41ED120FD804} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=lightinstaller&ver=7.38.0.101&LastError=12040 Task: {D7114060-818E-4B22-8FC1-2C860EB0A9AF} - System32\Tasks\Avira SystrayStartTrigger => Avira.SystrayStartTrigger.exe Task: {E16A4FF5-4CDA-460B-8400-5D3B288A9BCE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-19] (Google Inc.) Task: {EBB981F3-DD20-4DBB-9CD9-CE3E1B368DF9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_130_pepper.exe [2017-09-13] (Adobe Systems Incorporated) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2016-05-19 14:53 - 2015-12-16 16:47 - 000126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 000369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 003613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2017-03-06 18:24 - 2016-06-14 22:14 - 000289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 002667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 001990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 001842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 000208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 000035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2017-03-06 19:00 - 2016-06-14 22:14 - 000921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2017-09-18 19:55 - 2017-09-14 05:30 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.91\libglesv2.dll 2017-09-18 19:55 - 2017-09-14 05:30 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.91\libegl.dll 2017-03-06 18:24 - 2016-06-14 22:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2017-03-16 17:02 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2017-05-28 16:39 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-2569912285-2516486697-1191534479-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RODRIGO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{BC926E03-9E09-4383-B0D0-92C2EB5DF5BE}] => (Allow) C:\Users\RODRIGO\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [TCP Query User{811248B3-FC9F-4E6E-8CDD-E2F0E513339A}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme FirewallRules: [UDP Query User{2558D340-5DDF-4E76-835E-D09059B5DF0E}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme FirewallRules: [{B170C915-AACC-4F2A-A5C4-215B22E800E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D6BFDB83-7830-420B-811E-3916D91DA467}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{313788CC-A1A7-4881-BDEC-C092E0A0D8E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D4721F4C-8941-498E-9EB7-E2265EBBF6F3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{1703A1DF-76D0-4298-856E-C4824F58243E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{350104ED-B278-4DF5-8344-07D04945ACA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4E55C136-037E-47A0-B583-3F3F783BC8C9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{A1B9B51C-9192-46B0-9A80-6F1954A4D5C4}C:\program files (x86)\emuletorrent\emuletorrent.exe] => (Allow) C:\program files (x86)\emuletorrent\emuletorrent.exe FirewallRules: [UDP Query User{68816F71-9CAF-4808-9C1D-61F9E06BBC74}C:\program files (x86)\emuletorrent\emuletorrent.exe] => (Allow) C:\program files (x86)\emuletorrent\emuletorrent.exe FirewallRules: [TCP Query User{E0E93527-7E3A-4E47-9EE9-07A99628C0F6}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [UDP Query User{F1E18E3B-C12E-4AEB-8642-0C36F11D9BFC}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe FirewallRules: [{9CEAEE7F-13BD-4235-AB4F-FC2E4FB8909C}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe FirewallRules: [{3B7EDB70-08B5-4CD0-B6E2-FE812F6E6AB7}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [{8726AC61-CB5B-40ED-A065-3D482E6F6BFC}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe FirewallRules: [TCP Query User{D189AFD2-66E5-4FA8-B523-C04884ECDE9C}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [UDP Query User{41B392F0-89FA-4819-A0D5-4A6898CE337F}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe FirewallRules: [{608834C0-CA68-4423-9F56-F08069ECF58C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Pontos de Restauração ========================= 09-09-2017 23:05:27 Ponto de Verificação Agendado 17-09-2017 10:38:15 Ponto de Verificação Agendado 18-09-2017 19:07:21 JRT Pre-Junkware Removal ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Atheros AR5005G Wireless Network Adapter #2 Description: Atheros AR5005G Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (09/20/2017 10:04:28 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa bsplayer.exe versão 2.7.0.1080 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: dbc Hora de Início: 01d332756d192ff0 Hora de Término: 83 Caminho do Aplicativo: C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe Id do Relatório: Error: (08/22/2017 09:18:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Explorer.EXE versão 6.1.7601.17514 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 6f0 Hora de Início: 01d31ba2788e7be0 Hora de Término: 10 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 9568ce71-8798-11e7-a58e-20cf30e0979b Error: (08/22/2017 08:56:22 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Explorer.EXE versão 6.1.7601.17514 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 710 Hora de Início: 01d31ba1835d9fc0 Hora de Término: 10 Caminho do Aplicativo: C:\Windows\Explorer.EXE Id do Relatório: 7dead3e1-8795-11e7-b9d4-20cf30e0979b Error: (08/16/2017 06:53:18 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa bsplayer.exe versão 2.7.0.1080 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 3b4 Hora de Início: 01d316da0576d5c0 Hora de Término: 38 Caminho do Aplicativo: C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe Id do Relatório: 4d268899-82cd-11e7-ad92-20cf30e0979b Error: (08/13/2017 09:29:03 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa bsplayer.exe versão 2.7.0.1080 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID de Processo: 158c Hora de Início: 01d3142faf8907c0 Hora de Término: 13 Caminho do Aplicativo: C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe Id do Relatório: fb487a61-8022-11e7-8ba6-20cf30e0979b Error: (07/25/2017 09:30:48 PM) (Source: MsiInstaller) (EventID: 10005) (User: RODRIGO-PC) Description: Produto: Teoma Media Search App -- Erro 25001. Os aplicativos a seguir deverão estar fechados para continuar a desinstalação: Google Chrome Error: (05/19/2017 11:37:19 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: RODRIGO-PC) Description: O aplicativo ou serviço 'PDF Architect 4 Creator' não pôde ser reiniciado. Error: (05/19/2017 11:36:40 PM) (Source: MsiInstaller) (EventID: 10005) (User: RODRIGO-PC) Description: Produto: Teoma Media Search App -- Erro 25001. Os aplicativos a seguir deverão estar fechados para continuar a desinstalação: Google Chrome Error: (05/19/2017 11:36:33 PM) (Source: MsiInstaller) (EventID: 10005) (User: RODRIGO-PC) Description: Produto: Teoma Media Search App -- Erro 25001. Os aplicativos a seguir deverão estar fechados para continuar a desinstalação: Google Chrome Error: (05/19/2017 11:36:32 PM) (Source: MsiInstaller) (EventID: 10005) (User: RODRIGO-PC) Description: Produto: Teoma Media Search App -- Erro 25001. Os aplicativos a seguir deverão estar fechados para continuar a desinstalação: Google Chrome Erros de Sistema: ============= Error: (09/21/2017 07:55:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: AFD avipbb avkmgr CSC DfsC discache HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl Error: (09/21/2017 07:55:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço Agendador de Tarefas depende do serviço Log de Eventos do Windows, mas não foi possível iniciá-lo devido ao seguinte erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Error: (09/21/2017 07:50:45 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: AFD avipbb avkmgr CSC DfsC discache HWiNFO32 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl Error: (09/21/2017 07:50:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço Agendador de Tarefas depende do serviço Log de Eventos do Windows, mas não foi possível iniciá-lo devido ao seguinte erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Error: (09/21/2017 07:49:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: Acesso negado. Error: (09/21/2017 07:49:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: Acesso negado. Error: (09/21/2017 07:49:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: Acesso negado. Error: (09/21/2017 07:49:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: A chamada ScRegSetValueExW falhou para Start com o seguinte erro: Acesso negado. Error: (09/21/2017 07:42:19 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 19:41:07 às ‎21/‎09/‎2017 não era esperado. Error: (09/21/2017 07:41:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Gerenciador de Sessão do Gerenciador de Janelas da Área de Trabalho devido ao seguinte erro: O sistema não pode encontrar o caminho especificado. CodeIntegrity: =================================== Date: 2017-05-28 16:39:21.237 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-28 16:39:21.237 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-28 16:39:21.221 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-05-28 16:39:21.206 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-27 17:58:48.260 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-27 17:58:48.260 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-27 17:58:48.244 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-27 17:58:48.228 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-19 20:24:59.998 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-05-19 20:24:59.983 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Informações da Memória =========================== Processador: AMD Athlon(tm) II X4 640 Processor Percentagem de memória em uso: 61% RAM física total: 4095.23 MB RAM física disponível: 1582.38 MB Virtual Total: 8188.65 MB Virtual disponível: 4773.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:297.99 GB) (Free:197.99 GB) NTFS Drive e: (Novo volume) (Fixed) (Total:97.66 GB) (Free:27.89 GB) NTFS Drive f: (BACKUP) (Fixed) (Total:75.13 GB) (Free:43.28 GB) NTFS Drive g: (Rodrigo_02) (Fixed) (Total:292.97 GB) (Free:81.33 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 8ED1C27F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D7B70BC0) Partition 1: (Not Active) - (Size=293 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=75.1 GB) - (Type=OF Extended) ==================== Fim de Addition.txt ============================