Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 17.02.2018 Executado por mathe (17-02-2018 21:32:04) Executando a partir de C:\Users\mathe\Desktop Windows 10 Pro 10240.16384 (X64) (2017-11-09 19:29:22) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-390941324-379733044-1376603182-500 - Administrator - Disabled) Convidado (S-1-5-21-390941324-379733044-1376603182-501 - Limited - Disabled) DefaultAccount (S-1-5-21-390941324-379733044-1376603182-503 - Limited - Disabled) mathe (S-1-5-21-390941324-379733044-1376603182-1001 - Administrator - Enabled) => C:\Users\mathe outro (S-1-5-21-390941324-379733044-1376603182-1003 - Administrator - Enabled) => C:\Users\outro ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.) 7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov) Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated) AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.39 - Piriform) Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.9001.2138 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.9001.2138 - Microsoft Corporation) Hidden Remo File Eraser 2.0 (HKLM\...\{D78E5094-F665-4F98-A552-43AE08C6C105}_is1) (Version: 2.0.0.51 - Remo Software) SHAREit (HKLM-x32\...\www.ushareit.com_is1) (Version: 4.0.6.177 - SHAREit Technologies Co.Ltd) SlimCleaner Plus (HKLM\...\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.) Hidden SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.) SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation) UpdateAssistant (HKLM-x32\...\{B7AFAF92-D1C8-49A0-B34A-B5DAF9C9D5C6}) (Version: 1.9.0.0 - Microsoft Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) Warsaw 2.0.3.2 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.0.3.2 - GAS Tecnologia) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-23] (Tonec Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-23] (AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-23] (AVAST Software) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-23] (AVAST Software) ContextMenuHandlers3: [RSShellEx] -> {669E97EA-B566-410F-A33A-0EC20F234823} => C:\Program Files (x86)\Remo File Eraser 2.0\64\rsh64.dll [2018-01-31] (Remo Software) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-08-28] (Igor Pavlov) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-23] (AVAST Software) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {08786E8D-C67F-4677-A047-C86EF01BC23A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation) Task: {0C4F87AF-FE44-4485-8CAF-3055F0C9FC59} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-12] (AVAST Software) Task: {1B4222B1-F2FD-410E-8FF2-F09BFC59D651} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-01-30] (Microsoft Corporation) Task: {1C33F3B6-E5E9-4E9A-8F82-8FF38A80B7BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-02-17] (Microsoft Corporation) Task: {34E6BE9B-2663-4FFF-A1AB-D72E11C4D6CF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-17] (Microsoft Corporation) Task: {4E0928E7-9E2B-480D-9E02-11F5C3A75813} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-23] (AVAST Software) Task: {835B6DBB-347E-480C-9AB1-F678C5762A4E} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-10] (Adobe Systems Incorporated) Task: {A2526083-39FF-4C41-9381-509E53F550F9} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\WINDOWS\TEMP\is-SCOEO.tmp\corefixer.exe <==== ATENÇÃO Task: {A60F3DA5-DB24-4C0E-A77A-04189A9EF790} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-10] (Google Inc.) Task: {AF68CE56-F5F5-47EF-8264-79D3F22897AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-10] (Google Inc.) Task: {B8508E08-3E68-4ED3-9819-F28CF7E5E254} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-01-09] (Piriform Ltd) Task: {C65D3B1F-05D3-4AA2-99C5-99C8AC43D78E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-17] (Microsoft Corporation) Task: {CA5DDF03-9278-4318-A644-652E1B986287} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.) Task: {DD6E6445-61B9-4811-9B3D-38798ECF22CA} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-01-09] (Piriform Ltd) Task: {DD7AFF81-344B-459E-AEAD-56521A4986AD} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-08-30] (@ByELDI) Task: {E13C717E-0C8E-41B7-8C65-932ABB14DD4C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-10] (Adobe Systems Incorporated) Task: {E31ED406-091E-4F63-82DB-8F21157E1EF9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-02-17] (Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2015-07-10 09:00 - 2015-07-10 09:00 - 000032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll 2015-07-10 08:59 - 2015-07-10 08:59 - 000403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll 2015-08-21 22:09 - 2015-08-21 22:09 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-07-10 09:00 - 2015-07-10 09:00 - 002498296 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-07-10 09:00 - 2015-07-10 09:00 - 000215352 _____ () c:\windows\system32\WerEtw.dll 2015-07-10 08:59 - 2015-07-10 08:59 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-07-10 08:59 - 2015-07-10 08:59 - 000143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll 2015-07-10 09:00 - 2015-07-10 14:49 - 006579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-07-10 09:00 - 2015-07-10 14:49 - 000471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-07-10 09:00 - 2015-07-10 14:49 - 002274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2018-01-23 13:56 - 2018-01-23 13:56 - 000067984 _____ () C:\Program Files\AVAST Software\Avast\x64\dll_loader.dll 2018-01-23 13:56 - 2018-01-23 13:56 - 000067920 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll 2018-01-12 19:57 - 2018-01-03 07:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll 2018-01-12 19:57 - 2018-01-03 07:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll 2015-07-10 09:00 - 2015-07-10 14:49 - 001784320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2018-01-23 13:55 - 2018-01-23 13:55 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2018-01-23 13:55 - 2018-01-23 13:55 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll 2018-01-23 13:55 - 2018-01-23 13:55 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll 2017-11-09 18:39 - 2017-11-09 18:41 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-01-23 13:56 - 2018-01-23 13:56 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2018-01-23 13:54 - 2018-01-23 13:54 - 000282560 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-390941324-379733044-1376603182-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2015-07-10 09:04 - 2015-07-10 09:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-390941324-379733044-1376603182-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{937AB8D9-C0E1-4AA9-8148-840FFD7AAA15}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe FirewallRules: [{2E6E990F-A29E-4A22-8988-255C9AEF02D9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{F293AB8B-AD5C-4EF3-ACC3-6A1CAA7C2CC3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{A1F6804F-5184-4BFD-B973-DD3436DFB82B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{D4868DDD-F46C-46FC-835B-B4B46ED9CA07}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{7DF61A61-8FC5-423D-B25B-B038D53D382F}] => (Allow) LPort=1688 FirewallRules: [{58B0B206-E8DC-4088-B293-EFF29181BED2}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{45C767B9-4A70-480D-ACA6-6032F4DBF44F}] => (Allow) C:\Program Files (x86)\SHAREit Technologies\SHAREit\SHAREit.exe FirewallRules: [{F627D429-FEC3-4137-868D-ABA8770F1EA6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{ED8E3016-EA31-464E-B858-95FE33B6B78F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{B1F5A60F-B8E0-4325-BA4A-AB00384ABA14}] => (Allow) C:\Users\outro\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0C7B09D7-F909-4962-9A46-BD51A3150D1D}] => (Allow) C:\Users\outro\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{65C3C918-F42A-4999-9DD8-284BA89517D6}C:\users\mathe\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mathe\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{11B73151-E472-4873-9791-5409F1C9CD9E}C:\users\mathe\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\mathe\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{D9C42404-023E-4243-BA74-C689FB35263D}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe FirewallRules: [UDP Query User{17C02426-6918-4E10-9C44-6D4B7AD2CE93}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe FirewallRules: [{A1512C84-483C-4F2A-A44A-8D61F00D1562}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{09656B29-056C-4C99-A9ED-868AC9CDA5AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{21F472AC-E004-4902-A0EC-B48B967B3E9C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe ==================== Pontos de Restauração ========================= 16-12-2017 16:48:51 Windows Update 20-12-2017 21:16:33 Removed BlueStacks App Player 21-12-2017 22:43:00 DirectX instalado 12-01-2018 20:10:20 Windows Update 23-01-2018 12:44:31 Removed BlueStacks App Player ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Dispositivo do sistema básico Description: Dispositivo do sistema básico Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Dispositivo do sistema básico Description: Dispositivo do sistema básico Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/17/2018 09:20:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2018 09:19:02 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2018 09:16:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry Error: (02/17/2018 09:16:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2018 08:45:09 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry Error: (02/17/2018 08:45:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2018 08:41:35 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (02/17/2018 08:41:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkQuarantineRetry Erros de Sistema: ============= Error: (02/17/2018 08:25:47 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: O sistema detectou um conflito de endereço entre o endereço IP 192.168.1.3 e o sistema que possui o endereço de hardware de rede E4-90-7E-61-31-C7. Como resultado desse conflito, as operações de rede nesse sistema podem ser interrompidas. Error: (02/17/2018 08:19:40 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço AppXSvc. Error: (02/17/2018 07:54:32 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-GIRSH35) Description: Não é possível iniciar o servidor DCOM: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca como Não Disponível/Não Disponível. O erro: "317" Aconteceu ao iniciar este comando: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server Error: (02/17/2018 07:53:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço FDResPub. Error: (02/17/2018 07:52:16 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (02/17/2018 07:20:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GIRSH35) Description: O servidor CortanaUI não se registrou no DCOM dentro do tempo limite necessário. Error: (02/17/2018 07:09:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço ElRawDisk devido ao seguinte erro: O Windows não pode verificar a assinatura digital deste arquivo. Talvez uma alteração recente de hardware ou software tenha instalado um arquivo com uma assinatura incorreta ou danificado, ou talvez o arquivo seja um software mal-intencionado de origem desconhecida. Error: (02/17/2018 07:06:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GIRSH35) Description: O servidor CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: =================================== Date: 2017-11-09 18:24:49.850 Description: O Windows Defender detectou malware ou outros softwares potencialmente indesejados. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nome: HackTool:Win32/AutoKMS ID: 2147685180 Severidade: Médio Categoria: Ferramenta Caminho: containerfile:_C:\Users\mathe\Downloads\AT OF [UP].rar;file:_C:\Program Files\KMSpico\cert\is-ED63C.tmp;file:_C:\Program Files\KMSpico\scripts\is-4HGVS.tmp;file:_C:\Program Files\KMSpico\scripts\is-UHJ0H.tmp;file:_C:\Program Files\KMSpico\scripts\is-UN8KC.tmp;file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000006);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000360);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000361);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000366);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\UnInstall_Service.cmd;webfile:_C:\Users\mathe\Downloads\AT OF [UP].rar|http://www87.zippyshare.com/d/oDb2iDQ4/36446/ATDESKTOP-GIRSH35\matheOFDESKTOP-GIRSH35\matheDESKTOP-GIRSH35\mathebUPd.rar chrome.exe Origem da Detecção: Computador local Tipo de Detecção: Concreto Origem da Detecção: Downloads e anexos Usuário: DESKTOP-GIRSH35\mathe Nome do Processo: C:\Users\mathe\AppData\Local\Temp\is-BPMMT.tmp\AT OF.tmp Versão da Assinatura: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0 Versão do Mecanismo: AM: 1.1.11701.0, NIS: 2.1.11502.0 Date: 2017-11-09 18:24:49.513 Description: O Windows Defender detectou malware ou outros softwares potencialmente indesejados. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nome: HackTool:Win32/AutoKMS ID: 2147685180 Severidade: Médio Categoria: Ferramenta Caminho: containerfile:_C:\Users\mathe\Downloads\AT OF [UP].rar;file:_C:\Program Files\KMSpico\cert\is-ED63C.tmp;file:_C:\Program Files\KMSpico\scripts\is-4HGVS.tmp;file:_C:\Program Files\KMSpico\scripts\is-UN8KC.tmp;file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000006);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000360);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000361);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000366);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\UnInstall_Service.cmd;webfile:_C:\Users\mathe\Downloads\AT OF [UP].rar|http://www87.zippyshare.com/d/oDb2iDQ4/36446/ATDESKTOP-GIRSH35\matheOFDESKTOP-GIRSH35\matheDESKTOP-GIRSH35\mathebUPd.rar chrome.exe Origem da Detecção: Computador local Tipo de Detecção: Concreto Origem da Detecção: Downloads e anexos Usuário: DESKTOP-GIRSH35\mathe Nome do Processo: C:\Users\mathe\AppData\Local\Temp\is-BPMMT.tmp\AT OF.tmp Versão da Assinatura: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0 Versão do Mecanismo: AM: 1.1.11701.0, NIS: 2.1.11502.0 Date: 2017-11-09 18:24:49.366 Description: O Windows Defender detectou malware ou outros softwares potencialmente indesejados. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nome: HackTool:Win32/AutoKMS ID: 2147685180 Severidade: Médio Categoria: Ferramenta Caminho: containerfile:_C:\Users\mathe\Downloads\AT OF [UP].rar;file:_C:\Program Files\KMSpico\cert\is-ED63C.tmp;file:_C:\Program Files\KMSpico\scripts\is-UN8KC.tmp;file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000006);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000360);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000361);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000366);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\UnInstall_Service.cmd;webfile:_C:\Users\mathe\Downloads\AT OF [UP].rar|http://www87.zippyshare.com/d/oDb2iDQ4/36446/ATDESKTOP-GIRSH35\matheOFDESKTOP-GIRSH35\matheDESKTOP-GIRSH35\mathebUPd.rar chrome.exe Origem da Detecção: Computador local Tipo de Detecção: Concreto Origem da Detecção: Downloads e anexos Usuário: DESKTOP-GIRSH35\mathe Nome do Processo: C:\Users\mathe\AppData\Local\Temp\is-BPMMT.tmp\AT OF.tmp Versão da Assinatura: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0 Versão do Mecanismo: AM: 1.1.11701.0, NIS: 2.1.11502.0 Date: 2017-11-09 18:24:32.871 Description: O Windows Defender detectou malware ou outros softwares potencialmente indesejados. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nome: HackTool:Win32/AutoKMS ID: 2147685180 Severidade: Médio Categoria: Ferramenta Caminho: containerfile:_C:\Users\mathe\Downloads\AT OF [UP].rar;file:_C:\Program Files\KMSpico\cert\is-ED63C.tmp;file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000006);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000360);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000361);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000366);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\UnInstall_Service.cmd;webfile:_C:\Users\mathe\Downloads\AT OF [UP].rar|http://www87.zippyshare.com/d/oDb2iDQ4/36446/ATDESKTOP-GIRSH35\matheOFDESKTOP-GIRSH35\matheDESKTOP-GIRSH35\mathebUPd.rar chrome.exe Origem da Detecção: Computador local Tipo de Detecção: Concreto Origem da Detecção: Downloads e anexos Usuário: DESKTOP-GIRSH35\mathe Nome do Processo: C:\Users\mathe\AppData\Local\Temp\is-BPMMT.tmp\AT OF.tmp Versão da Assinatura: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0 Versão do Mecanismo: AM: 1.1.11701.0, NIS: 2.1.11502.0 Date: 2017-11-09 18:21:01.435 Description: O Windows Defender detectou malware ou outros softwares potencialmente indesejados. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0 Nome: HackTool:Win32/AutoKMS ID: 2147685180 Severidade: Médio Categoria: Ferramenta Caminho: containerfile:_C:\Users\mathe\Downloads\AT OF [UP].rar;file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000006);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000360);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000361);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\AT OF.exe->(inno#000366);file:_C:\Users\mathe\Downloads\AT OF [UP].rar->AT OF [UP]\UnInstall_Service.cmd;webfile:_C:\Users\mathe\Downloads\AT OF [UP].rar|http://www87.zippyshare.com/d/oDb2iDQ4/36446/ATDESKTOP-GIRSH35\matheOFDESKTOP-GIRSH35\matheDESKTOP-GIRSH35\mathebUPd.rar chrome.exe Origem da Detecção: Internet Tipo de Detecção: Concreto Origem da Detecção: Downloads e anexos Usuário: DESKTOP-GIRSH35\mathe Nome do Processo: Unknown Versão da Assinatura: AV: 1.199.1615.0, AS: 1.199.1615.0, NIS: 114.1.0.0 Versão do Mecanismo: AM: 1.1.11701.0, NIS: 2.1.11502.0 Date: 2017-11-22 13:51:13.322 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.199.1615.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.11701.0 Código de erro: 0x80240022 Descrição do erro: O programa não pode verificar se há atualizações de definições. Date: 2017-11-22 13:51:13.168 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.199.1615.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.11701.0 Código de erro: 0x80240022 Descrição do erro: O programa não pode verificar se há atualizações de definições. CodeIntegrity: =================================== Date: 2018-02-17 19:09:55.764 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\rsdrvx64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-02-17 18:18:59.321 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-02-17 18:18:59.102 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-02-17 18:18:58.884 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-02-17 18:00:37.256 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-02-17 18:00:36.820 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-02-06 14:37:51.441 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. Date: 2018-02-06 14:37:51.149 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wow64.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: AMD C-70 APU with Radeon(tm) HD Graphics Percentagem de memória em uso: 88% RAM física total: 1628.16 MB RAM física disponível: 190.01 MB Virtual Total: 21628.16 MB Virtual disponível: 19291.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:367.32 GB) (Free:295.33 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:97.66 GB) (Free:25.57 GB) NTFS \\?\Volume{be6edaf4-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS \\?\Volume{be6edaf4-0000-0000-0000-90ea5b000000}\ () (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BE6EDAF4) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=367.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================