Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 10.10.2018 Executado por Glauber (10-10-2018 17:37:10) Executando a partir de C:\Users\Glauber Segalla\Desktop Windows 8.1 Single Language (Update) (X64) (2016-01-05 17:06:09) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1751273365-4100181127-1669670999-500 - Administrator - Disabled) Convidado (S-1-5-21-1751273365-4100181127-1669670999-501 - Limited - Enabled) Glauber (S-1-5-21-1751273365-4100181127-1669670999-1001 - Administrator - Enabled) => C:\Users\Glauber Segalla ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.7.197 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{D1822C34-F342-B6AA-6369-899C9D2A9227}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation) CCleaner (HKLM\...\CCleaner) (Version: 5.47 - Piriform) Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) CPUID CPU-Z 1.84 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.84 - CPUID, Inc.) CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.) Dasher (HKLM-x32\...\Dasher) (Version: - Internet Chess Club) Dicionário eletrônico Houaiss (HKLM-x32\...\Houaiss) (Version: 1.0 - ) DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden Disk SpeedUp 5.0.1.61 (HKLM-x32\...\Disk SpeedUp) (Version: 5.0.1.61 - Glarysoft Ltd) Divulga versão 18.10.0 (HKLM-x32\...\{B15DA231-5B02-439A-9D33-3B1639508E46}_is1) (Version: 18.10.0 - Justiça Eleitoral) eM Client (HKLM-x32\...\{7B35918E-43E4-45AF-8F1B-C15D86CA919D}) (Version: 6.0.24928.0 - eM Client Inc.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.) Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HiDownloadPlatinum (HKLM-x32\...\HiDownload Platinum_is1) (Version: - ) HP Deskjet 2050 J510 series Estudo de aprimoramento de produtos (HKLM\...\{8D71EFB0-B1EF-4478-92D2-A65DB23AC460}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Deskjet 2050 J510 series Software básico do dispositivo (HKLM\...\{2DCBB45E-AA03-4089-87E7-EC17E606D738}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) HP Documentation (HKLM-x32\...\{229FDD0B-B642-4032-8C15-772B47797B8D}) (Version: 1.2.0.0 - Hewlett-Packard) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{57A79409-9C79-4080-9FFA-09D4DAECC26B}) (Version: 12.8.37.11 - HP) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonek Inc.) Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation) Media Player Codec Pack 4.4.2 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.4.2 - Media Player Codec Pack) MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.6366.2062 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Mozilla Firefox 56.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 pt-BR)) (Version: 56.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 56.0.0.6478 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: - ) My Drivers 5.00 (HKLM-x32\...\My Drivers_is1) (Version: 5.00 - Huntersoft) Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51046}) (Version: 8.10.26 - Nero AG) Notepad++ (HKLM-x32\...\Notepad++) (Version: 7 - Notepad++ Team) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.6326.1022 - Microsoft Corporation) Hidden Oracle VM VirtualBox 5.2.18 (HKLM\...\{F96A4E32-02CB-40E9-91C1-EE679237E107}) (Version: 5.2.18 - Oracle Corporation) Outlook Express 6 (HKLM-x32\...\Outlook Express 6) (Version: - ) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.40.723.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8105 - Realtek Semiconductor Corp.) RegSeeker (HKLM-x32\...\RegSeeker) (Version: 2.57.2212 - HoverDesk) Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.) Sound Volume Hotkeys 1.3 (HKLM-x32\...\SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}_is1) (Version: 1.3 - Softarium.com) SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1 - Krzysztof Kowalczyk) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) VCRedistSetup (HKLM-x32\...\{3921A67A-5AB1-4E48-9444-C71814CF3027}) (Version: 1.0.0 - Nero AG) Hidden Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version: - Media Converters) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\windows\system32\oleaut32.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2018-05-12] (Tonec Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft) ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] () ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink) ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google) ContextMenuHandlers1: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => -> Nenhum Arquivo ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> Nenhum Arquivo ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal) ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink) ContextMenuHandlers2: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => -> Nenhum Arquivo ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG) ContextMenuHandlers3: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => -> Nenhum Arquivo ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-12-08] () ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google) ContextMenuHandlers4: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => -> Nenhum Arquivo ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-06-06] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [PrivaZer] -> {7691BE2F-3D79-AADE-9C87-4D6EBCC76682} => -> Nenhum Arquivo ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\windows\system32\StartMenuHelper64.dll [2016-07-30] (IvoSoft) ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] () ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0EF2F7DC-FD4E-4BEF-9F60-0FE36A6046DF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.) Task: {130DAD44-BB74-43BD-B48B-A06525C43EE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {18F59F41-105A-4A07-B2A5-F5E19309485C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation) Task: {19BD36C0-0DBD-4FCE-9B29-58173CC21722} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-09-19] (Piriform Ltd) Task: {25837174-52C7-455B-BB74-D3459341BB55} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated) Task: {2D8DD275-66B4-4559-96AF-0F3086204C5E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.) Task: {2F254692-BFD8-403E-AC6B-4CCC3639D946} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-01] (Microsoft Corporation) Task: {353C9E21-F030-4D8A-93AF-9D9ED23B2EFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.) Task: {4A0834F0-04D8-4FA7-BC55-4F0EEFEDBD9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.) Task: {7148030C-B323-4944-8B4D-F0E947A3CCA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-15] (HP Inc.) Task: {78F7243A-71B0-4733-8887-3D4BFDA1B373} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-02-01] (Microsoft Corporation) Task: {80268918-B65A-43A7-8121-09CE552CE3BB} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-1751273365-4100181127-1669670999-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2017-12-08] (Mega Limited) Task: {80E8331B-14DE-4AC0-8067-DAF5D227A3A7} - System32\Tasks\HPCeeScheduleForGlauber => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {961925D8-CB4D-493D-AF40-73D4CF128D5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-21] (Google Inc.) Task: {9C9EA480-4875-479E-8AAA-EEF13FF8267B} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [2018-10-10] (Adobe Systems Incorporated) Task: {C02DD486-EEF4-41F2-A2BC-2A5733A605A0} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {C66B5A45-424B-4F86-A2BB-ADC73E175653} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-09-19] (Piriform Ltd) Task: {CE139996-C045-47E4-912A-0FA9C7E0D729} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.) Task: {D0EBB4F5-D223-4574-A9A8-910791293FB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.) Task: {D8C5FCBA-737D-4E6C-A395-CF017770D5D9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\windows\Tasks\HPCeeScheduleForGlauber.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2017-12-08 10:43 - 2017-12-08 10:43 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll 2010-07-15 01:44 - 2010-07-15 01:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2015-04-15 17:13 - 2015-04-15 17:13 - 000222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-01-05 17:17 - 2016-01-22 16:57 - 000089008 _____ () C:\windows\System32\cpwmon64.dll 2016-01-12 15:04 - 2016-01-07 05:13 - 000162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll 2015-04-22 16:04 - 2014-04-14 22:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\localhost -> localhost ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2017-08-02 17:56 - 2017-08-02 17:56 - 000000035 _____ C:\windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg DNS Servers: 8.8.4.4 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == Se uma entrada for incluída na fixlist, será removida. MSCONFIG\Services: KMS-R@1n => 2 MSCONFIG\startupreg: SunJavaUpdateSched => "c:\program files (x86)\common files\java\java update\jusched.exe" HKLM\...\StartupApproved\StartupFolder: => "CodecPackTrayMenu.lnk" HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "StartCCC" HKLM\...\StartupApproved\Run: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "cmsc" HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}" HKLM\...\StartupApproved\Run32: => "WindowsDefender" HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk" HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\StartupFolder: => "Nova mensagem.exe" HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "GUDelayStartup" HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "Codec Pack Update Checker" HKU\S-1-5-21-1751273365-4100181127-1669670999-1001\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{033B5964-7E7C-4DF8-9ACE-EC3B94EEFF34}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{612273FF-D2EE-467D-BE75-957A2B81338D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [{C7E3CB88-5049-4B0D-9615-36A379438CCD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{ADFD6F47-93CA-4AA9-96C3-75AC661BB7D3}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{7E437893-B136-4A50-85C6-5AAD14D3BA2C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{A078FDFA-726E-4D2C-AB52-51E1048E715E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1420F87C-0410-4E7B-BD1B-B62EB753CE62}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{49A5AB09-F80C-4C1D-AAA8-43D92CAC0A99}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe FirewallRules: [UDP Query User{F73E1F12-561D-4218-88D9-30BBEE1FD4BC}C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\javaw.exe ==================== Pontos de Restauração ========================= 22-09-2018 10:39:46 antes de atualizar o windows update 29-09-2018 14:55:50 Revo Uninstaller's restore point - Pale Moon 25.8.1 (x86 en-US) 01-10-2018 11:37:09 Revo Uninstaller's restore point - Mozilla Firefox 62.0.2 (x86 pt-BR) 01-10-2018 11:58:06 Revo Uninstaller's restore point - Mozilla Firefox 62.0.2 (x86 pt-BR) 01-10-2018 18:09:01 Operação de restauração 01-10-2018 18:55:48 Revo Uninstaller's restore point - Mozilla Firefox 57.0 (x64 pt-BR) 02-10-2018 15:05:15 Revo Uninstaller's restore point - Pale Moon 25.8.1 (x86 en-US) 02-10-2018 15:19:29 Installed Oracle VM VirtualBox 5.2.18 04-10-2018 11:35:28 Revo Uninstaller's restore point - Receptor versão 12.6.4 07-10-2018 13:28:25 ANTES DE INSTALAR O WATERFOX 08-10-2018 01:08:28 Revo Uninstaller's restore point - Waterfox 56.2.3 (x64 en-US) 09-10-2018 18:17:07 Revo Uninstaller's restore point - Internet Download Manager 10-10-2018 01:04:58 Desinstalado com Total Uninstall "" 10-10-2018 02:09:22 Operação de restauração ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Qualcomm Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (10/10/2018 01:04:57 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {9b3ef1cb-6322-4c13-9261-ce6f9d8b2260} Error: (10/09/2018 06:17:05 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {9e54af7a-c84f-4dad-b903-abcbcf76d470} Error: (10/08/2018 12:51:42 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (10/08/2018 01:08:27 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {c13f16b7-9e00-46ac-b4b3-d3c91b79a79c} Error: (10/04/2018 07:54:19 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (10/04/2018 11:35:27 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {5ae7a8be-dde8-4295-9153-b34eae2f1f5f} Error: (10/02/2018 07:56:11 PM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (10/02/2018 04:28:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: plugin-container.exe, versão: 56.0.0.6478, carimbo de data/hora: 0x59cab8da Nome do módulo com falha: xul.dll, versão: 56.0.0.6478, carimbo de data/hora: 0x59cab8c9 Código de exceção: 0x80000003 Deslocamento da falha: 0x00c47e59 ID do processo com falha: 0x358 Hora de início do aplicativo com falha: 0x01d45a85e1036c9c Caminho do aplicativo com falha: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Caminho do módulo com falha: C:\Program Files (x86)\Mozilla Firefox\xul.dll ID do Relatório: 4eb3766f-c679-11e8-8e28-9cb654a6fa79 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (10/10/2018 05:36:16 PM) (Source: disk) (EventID: 11) (User: ) Description: O driver detectou um erro de controlador em \Device\Harddisk1\DR1. Error: (10/10/2018 05:17:23 PM) (Source: DCOM) (EventID: 10001) (User: WIN8) Description: Não é possível iniciar o servidor DCOM: {AC746233-E9D3-49CD-862F-068F7B7CCCA4} como Não Disponível/Não Disponível. O erro: "740" Aconteceu ao iniciar este comando: C:\Program Files (x86)\Internet Download Manager\IDMan.exe -Embedding Error: (10/10/2018 04:38:05 PM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Este computador foi configurado como membro de um grupo de trabalho e não como membro de um domínio. Não é necessário executar o serviço de logon de rede nesta configuração. Error: (10/10/2018 12:38:36 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT) Description: Alerta fatal recebido do ponto de extremidade remoto. O código de alerta fatal definido do protocolo TLS é 20. Error: (10/10/2018 12:26:01 PM) (Source: DCOM) (EventID: 10010) (User: WIN8) Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/10/2018 12:25:31 PM) (Source: DCOM) (EventID: 10010) (User: WIN8) Description: O servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/10/2018 11:54:35 AM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Este computador foi configurado como membro de um grupo de trabalho e não como membro de um domínio. Não é necessário executar o serviço de logon de rede nesta configuração. Error: (10/10/2018 11:53:38 AM) (Source: DCOM) (EventID: 10010) (User: WIN8) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: =================================== Date: 2018-10-10 12:30:05.498 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {EDFCC0BE-2EE4-4E35-BA32-A928237F3A09} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2018-10-10 02:45:55.720 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {FBB4463C-1F40-4445-BF78-373C803D501B} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2018-10-10 02:00:39.587 Description: O Windows Defender detectou malware ou outros softwares potencialmente indesejados. Para obter mais informações, consulte: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:MSIL/Wirzemro.B&threatid=2147729241&enterprise=0 Nome: Trojan:MSIL/Wirzemro.B ID: 2147729241 Severidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Users\GLAUBE~1\AppData\Local\Temp\is-9QRMN.tmp\Bodied.exe Origem da Detecção: Computador local Tipo de Detecção: Concreto Origem da Detecção: Proteção em Tempo Real Usuário: WIN8\Glauber Nome do Processo: C:\Users\GLAUBE~1\AppData\Local\Temp\is-ET3VK.tmp\global_installer.tmp Versão da Assinatura: AV: 1.277.761.0, AS: 1.277.761.0, NIS: 119.0.0.0 Versão do Mecanismo: AM: 1.1.15300.6, NIS: 2.1.14600.4 Date: 2018-10-09 19:50:15.040 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {1656AA45-28F0-4267-9589-C03094073B7A} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2018-10-09 19:28:56.219 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {543C7131-24B7-43A1-A05E-5B50601E4E2D} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2017-04-04 19:53:15.183 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.239.713.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.13601.0 Código de erro: 0x80070643 Descrição do erro: Erro fatal durante a instalação. Date: 2017-04-03 12:32:20.502 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.239.573.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.13601.0 Código de erro: 0x80070643 Descrição do erro: Erro fatal durante a instalação. CodeIntegrity: =================================== Date: 2018-03-10 03:16:20.258 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2018-03-10 03:16:15.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eagleGet.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-24 16:52:52.134 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-24 10:53:45.539 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-24 04:01:56.848 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Informações da Memória =========================== Processador: AMD E1-6010 APU with AMD Radeon R2 Graphics Percentagem de memória em uso: 36% RAM física total: 3774.09 MB RAM física disponível: 2406.03 MB Virtual Total: 7614.09 MB Virtual disponível: 6148.51 MB ==================== Drives ================================ Drive b: (Arquivos) (Fixed) (Total:117.19 GB) (Free:90.87 GB) NTFS Drive c: (Windows ) (Fixed) (Total:332.64 GB) (Free:186.56 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)] Drive d: (Recovery Image) (Fixed) (Total:14.46 GB) (Free:1.79 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)] \\?\Volume{19b6435f-3b5d-4ffb-ad28-91c7b5f9407a}\ (Windows RE tools ) (Fixed) (Total:1 GB) (Free:0.67 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 55E3917C) Partition: GPT. ==================== Fim de Addition.txt ============================