Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:31-12-2015 Executado por Thiago (2016-01-04 21:08:56) Executando a partir de C:\Users\Thiago\Desktop Windows 10 Pro (X64) (2015-12-05 05:45:08) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-1713420583-1435638475-2300282280-500 - Administrator - Disabled) Convidado (S-1-5-21-1713420583-1435638475-2300282280-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1713420583-1435638475-2300282280-503 - Limited - Disabled) Thiago (S-1-5-21-1713420583-1435638475-2300282280-1001 - Administrator - Enabled) => C:\Users\Thiago ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.) Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.) Firebird 2.5.2.26539 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.2.26539 - Firebird Project) Flickr Uploadr for Windows (HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\FlickrUploadrWindows) (Version: 0.9.96.258 - Flickr) FormatFactory 3.7.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.7.5.0 - Free Time) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{F58E2607-024E-4E05-8016-6948B24D40F8}) (Version: 12.0.30.219 - Hewlett-Packard Company) hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation) K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - ) Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Sistema Gerencial Integrado 1.14.46.6 (HKLM-x32\...\Sistema Gerencial Integrado_is1) (Version: - Realtec Sistemas Ltda) Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft) Warsaw 1.8.0.10356 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.8.0.10356 - GAS Tecnologia) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Thiago\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto Task: {13C908C1-045E-46D0-887D-F965411E07C5} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic Task: {26946583-DB17-41FB-ACFC-ACA9D9EB7537} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-23] (Microsoft Corporation) Task: {2F827CD7-D1F9-418D-A88E-7BA9B277AAAF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.) Task: {45C8B5F3-3517-453E-8FD6-14D87E353C02} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {466CD80D-276B-4595-B088-2C27602B7E5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-10] (Google Inc.) Task: {6BA9F7DC-E82D-4FC3-8A0B-6A2EE0F926B8} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic Task: {6F294698-C4F6-4333-BDF8-F9DA32148EFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard) Task: {6FFBA5A3-081D-4D38-8CDD-3DD9722E3992} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {9E1034BA-CC12-4B66-B225-36CBEA18E25C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {BDE7556C-471A-40C1-95B9-2A49F1138818} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {C30DB7F4-276C-44E5-B245-5BD2C2C34EF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-10] (AVAST Software) Task: {D142D48B-D1EB-49C4-BD3C-BBB065B11AD5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {D97BD0FC-7CDD-4ABB-A70C-E7189C61B44F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company) Task: {DC03315C-C524-425F-9AC3-C8F4A3C80D6C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard) Task: {E68B23CF-BDB3-4E6E-9CDB-452102A8B5AD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {E92CB2A1-D5E7-485D-8CFD-615CA23C0253} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-10-16] () Task: {FD1D4F49-B3D4-4995-B1C2-A7F44B61A42B} - System32\Tasks\Format Factory => C:\Users\Thiago\AppData\Local\Temp\is-B4M1L.tmp\prsetup.exe <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2015-10-30 05:18 - 2015-10-30 05:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-05 04:10 - 2015-12-05 04:10 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-12-05 04:10 - 2015-12-05 04:10 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-11-12 21:11 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2015-11-12 21:11 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2015-12-17 19:06 - 2015-12-07 02:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2015-12-17 19:06 - 2015-12-07 02:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2015-12-17 19:06 - 2015-12-07 01:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2015-12-17 19:06 - 2015-12-07 01:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2015-12-17 19:06 - 2015-12-07 01:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2015-12-17 19:06 - 2015-12-07 01:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-10 12:51 - 2015-11-10 12:51 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-12-23 08:29 - 2015-12-23 08:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2015-11-10 12:43 - 2015-11-10 22:39 - 00026112 _____ () C:\Windows\KMS-R@1n.exe 2015-12-30 16:43 - 2015-12-30 16:43 - 03682816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.54020.0_x64__8wekyb3d8bbwe\Calculator.exe 2015-12-23 08:29 - 2015-12-23 08:37 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2015-12-23 08:29 - 2015-12-23 08:37 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2015-11-19 16:31 - 2015-11-19 16:32 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2015-11-10 13:19 - 2015-11-10 13:19 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-11-10 13:19 - 2015-11-10 13:19 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-01-03 18:51 - 2016-01-03 18:51 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010301\algo.dll 2015-11-10 13:19 - 2015-11-10 13:19 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-01-04 18:40 - 2016-01-04 18:40 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010401\algo.dll 2015-12-23 08:29 - 2015-12-23 08:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2015-12-23 08:29 - 2015-12-23 08:50 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2015-11-10 13:19 - 2015-11-10 13:19 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-12-16 17:36 - 2015-12-11 01:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll 2015-12-16 17:36 - 2015-12-11 01:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== AlternateDataStreams: C:\WINDOWS\System32:6ECF6A10_Uni.gbp AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com -> www.google.com IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\google.com.br -> www.google.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.b.br -> www.itau.b.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br IE trusted site: HKU\S-1-5-21-1713420583-1435638475-2300282280-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2015-07-10 09:04 - 2016-01-04 18:37 - 00002022 ____A C:\WINDOWS\system32\Drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com Existem ainda 4 mais linhas. ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{2B88B61C-68CE-4CD8-B60B-8526767481BE}] => (Allow) LPort=3050 FirewallRules: [{E38C3E7F-6304-4A2B-9BEC-B3C21D9F13E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C88719B4-A3A2-429D-95EA-AA3073ED6922}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{EB14FC76-748A-4987-8A04-8F35E224AE78}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{060D0F0C-ABEC-4558-A09A-BC20AA340BF1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{5C80D829-9C4A-45D8-88B5-7948B4FD3475}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{E7715E64-E832-4FBD-8C42-2F8C4D3DB47C}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{B14BDFEE-1D06-4ADC-84D4-497D0811AB31}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D7EF084F-F5E2-4F60-8969-E3BE87DBEA65}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{6FD9BAB7-5D84-45E1-B548-4DFFDD229DDB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{06466EFF-4A63-4434-AC09-9AAFE3BE7E30}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [UDP Query User{938481C3-78D6-4FC7-9FCF-FA449D4FB8DF}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe FirewallRules: [TCP Query User{626B287A-61AE-4F96-BC99-1393E34B6849}C:\program files (x86)\formatfactory\formatfactory.exe] => (Allow) C:\program files (x86)\formatfactory\formatfactory.exe FirewallRules: [{FA4FBFA6-47EF-4B6A-B1CB-DE3B206EC572}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7DF736D4-E196-4364-A620-CE9C1A2EF482}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{C7264999-9745-4F52-A4F3-CAC022C770A0}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2DC4B1EB-BF19-4A0A-A7F5-13122A7FE847}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{33131F99-8277-489B-95EB-212BEED6C4EA}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F27C7E5F-238E-4CAC-9274-AE760CFCB332}] => (Allow) C:\Users\Thiago\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{37B81A12-E863-4A09-A89E-A86E85112009}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{75EC6ED2-9844-471F-96E4-D13F347FF717}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe ==================== Pontos de Restauração ========================= 20-12-2015 07:04:58 Ponto de Verificação Agendado 23-12-2015 07:06:53 Windows Update 23-12-2015 07:08:33 Windows Update 30-12-2015 07:22:54 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (01/04/2016 06:47:59 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (01/04/2016 06:31:23 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: Explorer.EXE, versão: 10.0.10586.0, carimbo de data/hora: 0x5632d4c0 Nome do módulo com falha: twinui.appcore.dll, versão: 10.0.10586.11, carimbo de data/hora: 0x56457778 Código de exceção: 0x80270233 Deslocamento da falha: 0x0000000000166be4 ID do processo com falha: 0x7d8 Hora de início do aplicativo com falha: 0xExplorer.EXE0 Caminho do aplicativo com falha: Explorer.EXE1 Caminho do módulo com falha: Explorer.EXE2 ID do Relatório: Explorer.EXE3 Nome completo do pacote com falha: Explorer.EXE4 ID do aplicativo relativo ao pacote com falha: Explorer.EXE5 Error: (01/03/2016 09:19:49 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: utorrentie.exe, versão: 1.0.0.41372, carimbo de data/hora: 0x564b8ce9 Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.10586.0, carimbo de data/hora: 0x5632da1c Código de exceção: 0x4000001f Deslocamento da falha: 0x001382e2 ID do processo com falha: 0xbdc Hora de início do aplicativo com falha: 0xutorrentie.exe0 Caminho do aplicativo com falha: utorrentie.exe1 Caminho do módulo com falha: utorrentie.exe2 ID do Relatório: utorrentie.exe3 Nome completo do pacote com falha: utorrentie.exe4 ID do aplicativo relativo ao pacote com falha: utorrentie.exe5 Error: (01/03/2016 08:32:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EN4KEM9) Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (01/03/2016 07:52:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EN4KEM9) Description: Falha na ativação do aplicativo Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Erros de Sistema: ============= Error: (01/04/2016 07:18:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (01/04/2016 06:42:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Otimização de Entrega suspenso ao iniciar. Error: (01/04/2016 06:42:07 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT) Description: {4991D34B-80A1-4291-83B6-3328366B9097} Error: (01/04/2016 06:34:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-EN4KEM9) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (01/04/2016 06:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_1cb672f5 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (01/04/2016 06:34:47 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (01/04/2016 06:34:12 PM) (Source: Service Control Manager) (EventID: 7046) (User: ) Description: O seguinte serviço tem parado repetidamente de responder às solicitações de controle de serviço: Agente de Eventos do Sistema Contate o fornecedor do serviço ou o administrador do sistema para saber se deve desativar este serviço até que o problema seja identificado. nTalvez seja necessário reiniciar o computador no modo de segurança para desabilitar o serviço. Error: (01/04/2016 06:33:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço SystemEventsBroker. Error: (01/04/2016 06:33:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço BrokerInfrastructure. Error: (01/04/2016 06:32:50 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível CodeIntegrity: =================================== Date: 2015-12-31 09:06:48.643 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-30 07:25:12.721 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-23 10:04:41.039 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-23 07:22:51.271 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-23 06:59:14.138 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-12 09:21:25.776 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-05 03:39:20.109 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-05 03:37:48.887 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-05 03:17:39.897 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Percentagem de memória em uso: 55% RAM física total: 4003.89 MB RAM física disponível: 1797.79 MB Virtual Total: 4707.89 MB Virtual disponível: 2392.16 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:698.15 GB) (Free:303.65 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2A36747C) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=698.1 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ============================