Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 10-07-2016 01 Executado por Yeshua (2016-07-11 15:54:01) Executando a partir de C:\Users\Yeshua\Downloads Windows 10 Pro Versão 1511 (X64) (2016-06-30 19:16:34) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-655074763-3298216413-123103994-500 - Administrator - Disabled) Convidado (S-1-5-21-655074763-3298216413-123103994-501 - Limited - Enabled) DefaultAccount (S-1-5-21-655074763-3298216413-123103994-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-655074763-3298216413-123103994-1014 - Limited - Enabled) Yeshua (S-1-5-21-655074763-3298216413-123103994-1000 - Administrator - Enabled) => C:\Users\Yeshua ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: ESET Smart Security 9.0.381.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 9.0.381.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: Firewall pessoal da ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-655074763-3298216413-123103994-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 7-Zip 16.02 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1602-000001000000}) (Version: 16.02.00.0 - Igor Pavlov) ACA & MEP 2017 Object Enabler (Version: 7.9.45.0 - Autodesk) Hidden ACAD Private (Version: 21.0.52.0 - Autodesk) Hidden AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) AMD Catalyst Install Manager (HKLM\...\{9204C155-00EA-6388-9362-01D16FFA114C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.) Aplicativo da área de trabalho Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 6.1.0.272 - Autodesk) Aplicativos da Autodesk em destaque 2016-2017 (HKLM-x32\...\{27C15055-713B-4D0E-881F-19598A2DFD59}) (Version: 2.2.0 - Autodesk) Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros) AutoCAD 2017 - English (Version: 21.0.52.0 - Autodesk) Hidden AutoCAD 2017 (Version: 21.0.52.0 - Autodesk) Hidden AutoCAD 2017 Language Pack - English (Version: 21.0.52.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk) Autodesk App Manager 2016-2017 (HKLM-x32\...\{C0954809-F5DC-426C-847E-8409DE14E4C0}) (Version: 2.2.0 - Autodesk) Autodesk AutoCAD 2017 - English (HKLM\...\AutoCAD 2017 - English) (Version: 21.0.52.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool 1.2.5 (HKLM-x32\...\{8600F844-9AA5-412E-B6F2-F9C6CBCFD268}) (Version: 1.2.5.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2017 Add-in 64 bit (HKLM\...\{276A67E0-71EB-4827-B5F7-2ACF02BC1A5B}) (Version: 4.37.6853 - Autodesk) Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk) Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Dell System Detect (HKU\S-1-5-21-655074763-3298216413-123103994-1000\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.) EPSON L355 Series Printer Uninstall (HKLM\...\EPSON L355 Series) (Version: - SEIKO EPSON Corporation) EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version: - SEIKO EPSON Corporation) ESET Smart Security (HKLM\...\{0237498F-BC8E-442E-BC7E-30AA60CBAF46}) (Version: 9.0.381.1 - ESET, spol. s r.o.) Importação do SketchUp 2016-2017 (HKLM-x32\...\{063925DB-9D8C-48E2-8F04-1B7038B6C783}) (Version: 2.2.0 - Autodesk) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 Language Pack (KB2817427) 64-Bit Edition (Version: - Microsoft) Hidden ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-655074763-3298216413-123103994-1000_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-655074763-3298216413-123103994-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Yeshua\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-655074763-3298216413-123103994-1000_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-655074763-3298216413-123103994-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2017\en-US\acadficn.dll (Autodesk, Inc.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {2A58340A-FDDB-4E43-A615-679A2200E2F9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {2F723898-1467-4090-B128-58CBE044C60E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {391A4093-543B-48AB-A2CD-3E66BA3FACE3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {39793CFA-6F57-4588-BCF2-9BE3C6630182} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {40D2068E-4DE8-4E7A-B4EC-E621FD1C2C94} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {48FA6D95-ED92-4433-8ABF-CF6A95956AB7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {4BD7D5A3-03A3-4FAC-9ECF-EBB440D8CF33} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {5A004081-19E1-4609-B21C-D5B2B26AA517} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {5C03DF47-03E7-425F-9FE8-2BE884FC423B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {7E9E336A-3551-4B29-94A3-5A1BE3369058} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Yeshua-PC-Yeshua Yeshua-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation) Task: {80E74C97-D9CE-4600-8128-F9ED41AAEAC0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {8474605F-5E5C-4AB2-9212-263F45BBC339} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {899994D5-17A3-4ADE-A81B-F15964D84F47} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {97982558-3667-4039-865A-E8EF22AED711} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {9C95E6EF-99E6-437E-A3C1-93BD581D012B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {A921520C-2EA2-4881-8AF8-59C2F1BAF8E3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {ABABF677-E50B-4BD1-B97F-CA85D20BC11C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {B6814D8B-49DA-4CE8-B2F5-6447EB7F6933} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {B6D4E2AC-CB5A-4A3C-82D3-D2EE90298930} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {BA04E042-E961-4905-BA0D-B9E6C5EDE1F2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {BC03704E-DD3E-498D-A4AC-8C3B67820CDC} - System32\Tasks\EPSON XP-410 Series Update {FDD84D49-DD10-4241-A35C-BD8F7110F481} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2014-11-20] (SEIKO EPSON CORPORATION) Task: {D6B2243D-CA1F-446C-9DB7-285E1F818ABD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {D6FD3568-7C2A-4208-8828-15D3B9A38EE3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {DAB3BFB2-5CF1-46AD-8541-FDF50348683C} - System32\Tasks\EPSON XP-410 Series Invitation {FDD84D49-DD10-4241-A35C-BD8F7110F481} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2014-11-20] (SEIKO EPSON CORPORATION) Task: {DC22A27E-7BD4-4337-A741-0009F9320F2D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {E00808F8-33D3-48A1-B022-E56450667543} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {EF4102E5-B2D0-49E2-8FB1-45BF0A556B5F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {F86D1705-9B53-4CE0-B1D5-A687969174F6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F98C5DDB-864E-40D9-B5B3-8AA1379D89D1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {FDD84D49-DD10-4241-A35C-BD8F7110F481}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Update {FDD84D49-DD10-4241-A35C-BD8F7110F481}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE:/EXE:{FDD84D49-DD10-4241-A35C-BD8F7110F481} /F:UpdateWORKGROUP\YESHUA-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ==================== Módulos Carregados (Whitelisted) ============== 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-06-30 15:58 - 2016-06-30 15:58 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-06-30 17:28 - 2016-06-30 17:30 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-06-30 15:58 - 2016-06-30 15:58 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-06-30 19:16 - 2016-06-30 19:16 - 00959168 _____ () C:\Users\Yeshua\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2016-04-27 03:29 - 2016-04-27 03:29 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-06-30 15:58 - 2016-06-30 15:58 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2012-10-01 20:36 - 2012-10-01 20:36 - 01408624 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll 2016-06-30 15:58 - 2016-06-30 15:58 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-06-30 15:58 - 2016-06-30 15:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-06-30 15:58 - 2016-06-30 15:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-06-30 15:58 - 2016-06-30 15:58 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-30 22:29 - 2016-05-25 06:34 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll 2016-06-30 22:29 - 2016-05-25 06:34 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll 2016-06-30 17:28 - 2016-06-30 17:30 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-06-30 17:28 - 2016-06-30 17:30 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-06-30 19:16 - 2016-06-30 19:16 - 00679624 _____ () C:\Users\Yeshua\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) HKU\S-1-5-21-655074763-3298216413-123103994-1000\Software\Classes\.scr: AutoCADScriptFile => C:\WINDOWS\system32\notepad.exe "%1" ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-655074763-3298216413-123103994-1000\...\dell.com -> dell.com ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-655074763-3298216413-123103994-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) HKLM\...\StartupApproved\Run32: => "ADSKAppManager" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{CE4EAF29-DCF2-4A11-BAA2-09503BEEC4BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{9A54C728-C7B5-4398-A926-A56116F5B01F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{B8F9FC94-7A49-4C88-B488-01750B13701D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{CD525940-8A28-4AAF-AD6B-A0BC63422B24}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{C740C31D-3DC5-4153-8DA2-5E7DE5D76555}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{2012D80D-562E-4990-BB92-9A8E3165BC49}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{EB090A39-73EE-41BC-83C6-8AED1DCFC016}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{4EA89222-8296-4224-9277-77ED3CA74EDA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{228A016F-56A0-4A93-9B18-285105C143E7}] => (Allow) C:\Users\Yeshua\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{09443640-30ED-4B9B-8D3E-8CABD653FB9D}] => (Allow) C:\Users\Yeshua\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CC43FBC2-1E95-477D-9D1E-ABA83436555C}] => (Allow) C:\Users\Yeshua\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{50AB423C-01A7-4E13-BBC8-46ACF14A348E}] => (Allow) C:\Users\Yeshua\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{49972D39-0D83-4B86-B70F-9531EE04EC59}] => (Allow) C:\Users\Yeshua\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D44FFA9B-B314-4836-9C04-FE631EC6D6C6}] => (Allow) C:\Users\Yeshua\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{E68C3885-FF67-4D70-8D56-41A2D77076CC}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{A250FDED-0F68-4D28-9C55-32E1BB1AAC60}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{748BC1CF-C7D5-4C1C-AA62-4F6406265D0F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe FirewallRules: [{F1448571-14CB-4B9F-AD87-386126F8EEBF}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe ==================== Pontos de Restauração ========================= ATENÇÃO: A Restauração do Sistema está desabilitada ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (07/11/2016 12:49:21 PM) (Source: Winlogon) (EventID: 4005) (User: ) Description: O processo de logon do Windows foi encerrado inesperadamente. Error: (07/09/2016 04:21:23 PM) (Source: Winlogon) (EventID: 4005) (User: ) Description: O processo de logon do Windows foi encerrado inesperadamente. Error: (07/08/2016 07:45:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: msvcrt.dll, versão: 7.0.10586.0, carimbo de data/hora: 0x5632d79e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000073c9a ID do processo com falha: 0xbc4 Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Error: (07/08/2016 10:07:16 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: msvcrt.dll, versão: 7.0.10586.0, carimbo de data/hora: 0x5632d79e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000073cc6 ID do processo com falha: 0x2588 Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Error: (07/06/2016 06:55:57 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: iertutil.dll, versão: 11.0.10586.420, carimbo de data/hora: 0x574916a8 Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000029f6c ID do processo com falha: 0x2e8 Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Error: (07/06/2016 06:47:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: msvcrt.dll, versão: 7.0.10586.0, carimbo de data/hora: 0x5632d79e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000073c9a ID do processo com falha: 0x278 Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Error: (07/04/2016 10:16:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: msvcrt.dll, versão: 7.0.10586.0, carimbo de data/hora: 0x5632d79e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000073b20 ID do processo com falha: 0x20bc Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Error: (07/03/2016 03:17:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: msvcrt.dll, versão: 7.0.10586.0, carimbo de data/hora: 0x5632d79e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000073c9a ID do processo com falha: 0x2e68 Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Error: (07/03/2016 02:33:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: msvcrt.dll, versão: 7.0.10586.0, carimbo de data/hora: 0x5632d79e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000073b25 ID do processo com falha: 0x278 Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Error: (07/03/2016 01:30:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: microsoftedgecp.exe, versão: 11.0.10586.20, carimbo de data/hora: 0x56540c35 Nome do módulo com falha: iertutil.dll, versão: 11.0.10586.420, carimbo de data/hora: 0x574916a8 Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000029f6c ID do processo com falha: 0x16ec Hora de início do aplicativo com falha: 0xmicrosoftedgecp.exe0 Caminho do aplicativo com falha: microsoftedgecp.exe1 Caminho do módulo com falha: microsoftedgecp.exe2 ID do Relatório: microsoftedgecp.exe3 Nome completo do pacote com falha: microsoftedgecp.exe4 ID do aplicativo relativo ao pacote com falha: microsoftedgecp.exe5 Erros de Sistema: ============= Error: (07/11/2016 03:25:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: O serviço NetTcpActivator depende do serviço NetTcpPortSharing, mas não foi possível iniciá-lo devido ao seguinte erro: %%1058 = O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Error: (07/11/2016 03:25:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento do sistema que ocorreu às 12:42:45 do dia ‎11/‎07/‎2016 não era esperado. Error: (07/11/2016 03:23:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_521948c foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (07/11/2016 12:49:21 PM) (Source: DCOM) (EventID: 10010) (User: Yeshua-PC) Description: {0002DF02-0000-0000-C000-000000000046} Error: (07/11/2016 12:49:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_419371d foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (07/10/2016 10:34:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_3940318 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (07/10/2016 09:13:40 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/10/2016 04:27:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (07/10/2016 04:07:06 PM) (Source: DCOM) (EventID: 10016) (User: Yeshua-PC) Description: padrão-computadorLocalAtivação{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Yeshua-PCYeshuaS-1-5-21-655074763-3298216413-123103994-1000LocalHost (Usando LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795 Error: (07/09/2016 04:21:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Host de Sincronização_378818e foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2016-07-07 19:26:26.517 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-05 11:03:47.876 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthCopyHook.dll that did not meet the Store signing level requirements. Date: 2016-07-02 11:04:38.342 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements. Date: 2016-07-02 11:04:38.313 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements. Date: 2016-07-02 11:04:38.278 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements. Date: 2016-07-02 11:04:38.226 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements. Date: 2016-07-02 11:04:38.181 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements. Date: 2016-07-02 11:04:38.130 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements. Date: 2016-07-02 11:04:37.230 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-07-02 11:04:37.066 Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz Percentagem de memória em uso: 36% RAM física total: 8152.91 MB RAM física disponível: 5174.89 MB Virtual Total: 16344.91 MB Virtual disponível: 13133.15 MB ==================== Drives ================================ Drive c: (Windows 10) (Fixed) (Total:96.73 GB) (Free:34.09 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)] Drive j: (DVD) (Removable) (Total:3.65 GB) (Free:0.42 GB) NTFS Drive k: (Informática) (Fixed) (Total:488.28 GB) (Free:485.4 GB) NTFS Drive p: (Profissional) (Fixed) (Total:488.28 GB) (Free:284.96 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1311F1E9) Partition 1: (Active) - (Size=96.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) Partition 3: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1277.1 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 3.7 GB) (Disk ID: 7E5EFADE) Partition 1: (Active) - (Size=3.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=32 KB) - (Type=21) ==================== Fim de Addition.txt ============================