Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01
Executado por Hakaz7 (25-06-2017 20:38:43)
Executando a partir de C:\Users\Hakaz7\Desktop
Windows 10 Pro Versão 1607 (X64) (2016-09-15 15:44:03)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-1487806579-2887001220-3690848270-500 - Administrator - Disabled)
aldem (S-1-5-21-1487806579-2887001220-3690848270-1003 - Limited - Enabled) => C:\Users\aldem
Convidado (S-1-5-21-1487806579-2887001220-3690848270-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1487806579-2887001220-3690848270-503 - Limited - Disabled)
Hakaz7 (S-1-5-21-1487806579-2887001220-3690848270-1000 - Administrator - Enabled) => C:\Users\Hakaz7
HomeGroupUser$ (S-1-5-21-1487806579-2887001220-3690848270-1002 - Limited - Enabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) <==== ATENÇÃO
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
AIMP Classic (HKLM-x32\...\AIMPClassic) (Version: - )
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DiskWMpower version 1.0 (HKLM-x32\...\DiskWMpower_is1) (Version: 1.0 - WeMonetize) <==== ATENÇÃO
DriversCloud.com (64 bits) (HKLM\...\{A156B6AA-A988-4BE4-8377-FE0D310FB49F}) (Version: 10.0.1.0 - Cybelsoft)
EagleGet version 2.0.4.19 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.19 - EagleGet)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Network Connections 15.2.89.2 (HKLM\...\PROSetDX) (Version: 15.2.89.2 - Intel)
K-Lite Mega Codec Pack 11.3.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft Office 365 ProPlus - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.6741.2048 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 pt-BR)) (Version: 41.0.2 - Mozilla)
Mozilla Firefox 53.0.2 (x64 pt-BR) (HKLM\...\Mozilla Firefox 53.0.2 (x64 pt-BR)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
MPC-HC 1.7.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team)
Nightly 43.0a1 (x64 en-US) (HKLM\...\Nightly 43.0a1 (x64 en-US)) (Version: 43.0a1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== ATENÇÃO
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Oracle VM VirtualBox 5.1.2 (HKLM\...\{629314D8-8CB7-45F4-8C48-20EF2E330430}) (Version: 5.1.2 - Oracle Corporation)
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <==== ATENÇÃO
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.45.0.0 - Goversoft LLC)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Social2Search (HKLM\...\89798490c2b4d681479595f7b986c615) (Version: 11.14.1.75 (i1.0) - Social2Search) <==== ATENÇÃO
Spotify (HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Spotify) (Version: 1.0.55.487.g256699aa - Spotify AB)
VDownloader Plus 4.2.1820 (HKLM\...\VDownloader Plus_is1) (Version: 4.2.1820 - )
Watchtower Library 2015 - Português (HKLM-x32\...\{C0581871-09A0-4AE4-B4C2-188E2A8AD5FA}) (Version: 17.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncApi64.dll => Nenhum Arquivo
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {026A821F-8398-4C7A-9415-F1690D2011A1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {03AC74DB-BBD3-4F7F-B391-CEEBA99F502B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {097B0595-F663-42BB-AABC-CAFCFD985BCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATENÇÃO
Task: {12B98FC6-062C-44B6-8433-7E5116B5BD8B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1338BBB9-402D-41A9-9C9A-AB16163A54A5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1487217D-3E37-4F2D-AC35-42CCE1C5D62D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)
Task: {152DA833-A17B-4B44-9077-309414376B20} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-25] (Microsoft Corporation)
Task: {2B3D4C55-B27B-4266-8CC0-D449AC953618} - System32\Tasks\O6dPumpAUx => C:\Program Files (x86)\ZBeAlTQs36\updengine.exe [2017-06-25] () <==== ATENÇÃO
Task: {306E14B8-D507-4D63-8B23-196C023D30D9} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-03-23] ()
Task: {308FDFF4-A13B-40ED-A83A-85CBEB81D670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {31514E56-53B7-4929-BDFA-92C5A4FF0702} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-25] (UC Web Inc.) <==== ATENÇÃO
Task: {31F918BF-866D-4E0F-9CBF-2F387EB41B76} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3230F5D5-3995-495C-82DC-802F3F297A64} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {39AF5752-245D-4B96-BCE1-A3EB28FF2666} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)
Task: {4AAAC00F-A704-48E4-83D4-10ECBAF2D2B1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} - System32\Tasks\PrintsCouth => Rundll32.exe "C:\Program Files\PrintsCouth\PrintsCouth.dll",bUjgdkEtA <==== ATENÇÃO
Task: {5C1E0603-BE9E-4BB8-9E17-2954C62AAA1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {67F0F594-BEDE-4499-AC0E-50C915D3E177} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6AD72B4B-85F1-4373-AC2D-654F1819B128} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6E9ADB02-B6DD-447E-B236-03F568A16191} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71ABB2F6-A74E-4CFB-BABB-D4670F8502F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {741881B2-CD8A-4512-8FAF-AC79A3CBD08E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79AF35CC-C4E4-405A-A612-9186E80E1C2C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7A55049D-73DA-49EB-9656-4164E4B22FF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7FACA3E3-682F-47A4-98A6-8131B955DDF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-25] (Microsoft Corporation)
Task: {84664C42-883A-4732-B22C-4A4EF94A0B2E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87876F0F-1362-41DF-A592-B647859387D6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {97428D03-ED99-4498-8F49-B1F92A687F20} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A9477F8C-3789-465D-9B1A-4B47F22D2876} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AA993382-ABE3-4686-AF3D-F26B0FE219EA} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {B6B84572-80FD-403E-AAFC-D5BDA21495D5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {B8B826C3-E110-4C85-845F-D8E70B51CBE7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO
Task: {BDA5345D-59D9-426F-A204-CDD8C51D0D00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE4A6AE7-1342-466F-8250-46DF14D45C07} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {C55F630C-52AF-4D43-9B56-E4286F8FAB2B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C584DED3-BD55-415E-B98E-7948FD354614} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE3156B4-617E-4A69-A706-4CFEE6C18A9A} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2016-01-31] (Goversoft LLC)
Task: {CEDEA982-B649-44DA-AB68-EFEF9A463CAF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D30C4AF5-8775-40AC-84EF-E353332925FC} - System32\Tasks\89798490c2b4d681479595f7b986c615 => sc start 89798490c2b4d681479595f7b986c615 <==== ATENÇÃO
Task: {D478E25B-7AE2-4C94-9F8B-01FFB7165E53} - System32\Tasks\Opera scheduled Autoupdate 1442452640 => C:\Program Files (x86)\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {E74ADD65-BA9B-49CD-95FC-2AC7D03291C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ECD7BE54-F1F9-4EF8-8628-6DA7A95F4787} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {EDCD98EF-3CE4-4259-8BF3-D5F8350ED7C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-15] (Microsoft Corporation)
Task: {F323D747-D4A8-4462-AD3A-B99AA23FC9E4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATENÇÃO
==================== Atalhos & WMI ========================
(As entradas podem ser listadas para serem restauradas ou removidas.)
WMI_ActiveScriptEventConsumer_ASEC: <==== ATENÇÃO
Shortcut: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk -> C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
==================== Módulos Carregados (Whitelisted) ==============
2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 16:10 - 2017-06-03 07:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-06-15 04:57 - 2011-06-15 04:57 - 00034304 _____ () C:\WINDOWS\System32\ssb6mlm.dll
2017-06-25 18:27 - 2016-06-05 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2017-06-25 19:04 - 2017-03-07 10:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2016-09-15 22:48 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 04:58 - 2017-03-04 03:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-06-21 00:01 - 2017-06-21 00:01 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 00:01 - 2017-06-21 00:01 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 00:01 - 2017-06-21 00:01 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 00:01 - 2017-06-21 00:01 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-25 19:04 - 2017-06-25 19:04 - 05367296 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe
2017-06-25 18:57 - 2017-06-25 18:57 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe
2017-06-25 18:58 - 2017-06-25 18:58 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe
2017-06-25 19:03 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe
2017-06-25 19:04 - 2017-06-25 19:04 - 02072576 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe
2017-05-13 00:38 - 2017-05-13 00:38 - 00117561 _____ () C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe
2017-06-25 19:04 - 2015-06-01 12:55 - 02464768 _____ () C:\Program Files\PrintsCouth\PrintsCouth.dll
2017-06-25 20:00 - 2017-06-25 20:00 - 00481792 _____ () C:\WINDOWS\TEMP\gC0E1.tmp.exe
2017-06-25 20:00 - 2017-06-25 20:00 - 00460800 _____ () C:\WINDOWS\TEMP\gCB23.tmp.exe
2017-03-15 04:58 - 2017-03-04 03:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 04:58 - 2017-03-04 03:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 04:58 - 2017-03-04 03:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 16:10 - 2017-06-03 05:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 16:10 - 2017-06-03 05:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 16:10 - 2017-06-03 05:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-25 03:39 - 2017-06-25 03:39 - 00762368 _____ () C:\Program Files (x86)\ZBeAlTQs36\kl.dll
2017-06-17 05:45 - 2017-06-17 05:45 - 66277464 _____ () C:\Program Files (x86)\Opera\45.0.2552.898\opera_browser.dll
2017-06-17 05:45 - 2017-06-17 05:44 - 02926680 _____ () C:\Program Files (x86)\Opera\45.0.2552.898\libglesv2.dll
2017-06-17 05:45 - 2017-06-17 05:44 - 00088152 _____ () C:\Program Files (x86)\Opera\45.0.2552.898\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2009-07-13 23:34 - 2017-06-25 18:57 - 00001151 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hakaz7\Documents\EGDownloads\visão.jpg
DNS Servers: 200.189.80.124 - 200.189.80.110
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [UDP Query User{727280AB-00B9-43CD-86B0-B628ECAA2748}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{B5578DD4-5AD8-4C9E-8859-67531B323C37}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe
FirewallRules: [TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe
FirewallRules: [UDP Query User{425650B8-A73E-4262-9915-00BB1328DE1A}C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe] => (Block) C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe
FirewallRules: [TCP Query User{71FEE34B-14AC-4448-8990-D3037358E40B}C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe] => (Block) C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe
FirewallRules: [{2F948DFB-9F89-4F7C-B57A-CCE70298D179}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F70EB1CB-4C4C-4B7B-85C0-02BFF8301C6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{500A9256-49D3-4BAC-AEB9-4B1EE56300F8}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [TCP Query User{BA9669A7-D367-4E07-86A1-3DC29A57C5B7}C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7A97CE21-0EA4-417D-B648-9B2524714F93}C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{6B1A2B88-5170-41C3-A53B-051873648F21}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{035ED720-88D5-4ADA-8677-5A8092FBAAF1}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{23A6B6C3-D122-415E-96E5-A6381D1B932F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D4FD9A26-9070-44B9-A8DA-8B9CABDE0D1A}] => (Allow) LPort=2869
FirewallRules: [{FA56EC70-193E-4206-B035-DAB3DF538830}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4F74E4AC-1C7F-4E39-AEB8-23A3918E9BFC}C:\users\hakaz7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hakaz7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A2412B98-FC4F-4E58-BD46-719D5E12A58D}C:\users\hakaz7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hakaz7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{06D1A383-5285-4FB0-B75C-A4B1D8F83485}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{8EC69FF0-F5A9-4DFC-8331-63B9BB9E5781}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{2EB8D542-998D-4212-B6BD-95A24A9F6172}] => (Allow) C:\Program Files (x86)\Eastness\Application\chrome.exe
FirewallRules: [{FF877634-74C4-4D54-88E8-636F354B9E85}] => (Allow) C:\Program Files (x86)\MIO\loader\samsungxhd502hj_s2bvj56b617167.dat
FirewallRules: [{562B6E4C-9D66-47BA-A7F2-631873DF6E90}] => (Allow) C:\Program Files (x86)\MIO\loader\samsungxhd502hj_s2bvj56b617167.dat
FirewallRules: [{FE35E9B2-A92A-4393-BD3D-CEBC4109595C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0710C1D9-1C05-437A-9A43-ECD88AAE134C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FBB2E3F7-0FFE-4940-B260-CF925B302EDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7E019E67-75E0-44CC-9E57-5CD496908850}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{35016BA5-3C65-4FA3-AE1A-5F51F6C6FD96}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{E8680952-5C3D-46BD-B215-4F81102F9AF9}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{317B48A7-77C1-4B5C-B46E-24054B3319EC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{BBA90AF1-CB01-4534-87F9-345D4784BF37}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{4B1B7A21-AEA3-475D-A914-6324B6FC07B8}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.898\opera.exe
FirewallRules: [{7F2B75AE-2277-4FA5-995E-47097A8FB74E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B53FC0C0-F926-4C71-BECD-7C1B6DD24BFD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{37495DDA-2E61-425A-BE52-6A0AD582AE32}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7F67AFB0-2725-4F55-AAB2-F2021DB9E880}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1C69915D-197A-449D-A8B9-2BA2C5C966E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{49ACBC2A-14E5-4E11-A0FC-A20EB3D5BD30}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{E397A2C9-41F9-4C86-B2D0-043A9B6120BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{94632381-B65E-4552-8059-C9C64450C04D}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{56CC8437-2A4E-4999-B4A4-B18A4C493120}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{CC4F9A7A-BFF7-43D8-94E9-3DE430906912}] => (Allow) C:\WINDOWS\System32\rundll32.exe
==================== Pontos de Restauração =========================
06-06-2017 13:47:24 Ponto de Verificação Agendado
15-06-2017 13:28:14 Ponto de Verificação Agendado
24-06-2017 12:52:42 Ponto de Verificação Agendado
==================== Dispositivos Apresentando Falhas No Gerenciador =============
Name: Mouse compatível com PS/2
Description: Mouse compatível com PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teclado Padrão PS/2
Description: Teclado Padrão PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (teclados padrões)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (06/25/2017 08:33:41 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {2CD39202-3A2F-4935-9A86-65B919919A7F} foi rejeitada
Error: (06/25/2017 07:39:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ADMINISTRADOR)
Description: O pacote Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe+MicrosoftEdge foi terminado porque levou muito tempo para ser suspenso.
Error: (06/25/2017 07:39:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: MicrosoftEdge.exe, versão: 11.0.14393.1358, carimbo de data/hora: 0x59327901
Nome do módulo com falha: Windows.UI.Xaml.dll, versão: 10.0.14393.1198, carimbo de data/hora: 0x5902836c
Código de exceção: 0xc000027b
Deslocamento da falha: 0x00000000006d5eab
ID do processo com falha: 0x744
Hora de início do aplicativo com falha: 0x01d2ee03ec65a875
Caminho do aplicativo com falha: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Caminho do módulo com falha: C:\Windows\System32\Windows.UI.Xaml.dll
ID do Relatório: fd89a768-c0c1-4014-852d-aba645f72bf9
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
ID do aplicativo relativo ao pacote com falha: MicrosoftEdge
Error: (06/25/2017 07:04:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (06/25/2017 07:03:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: ic-0.e18800aacff13.exe, versão: 1.0.0.1, carimbo de data/hora: 0x5939595b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc00001a5
Deslocamento da falha: 0x01050e2a
ID do processo com falha: 0x1734
Hora de início do aplicativo com falha: 0x01d2edfeda3b9f22
Caminho do aplicativo com falha: C:\Users\Hakaz7\AppData\Local\Temp\30200281\ic-0.e18800aacff13.exe
Caminho do módulo com falha: unknown
ID do Relatório: 74ca6ea1-6561-42c9-8bb7-9f6b310bfa00
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (06/25/2017 06:59:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (06/25/2017 06:32:14 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (06/25/2017 06:30:57 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {2CD39202-3A2F-4935-9A86-65B919919A7F} foi rejeitada
Error: (06/25/2017 06:07:15 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {2CD39202-3A2F-4935-9A86-65B919919A7F} foi rejeitada
Error: (06/25/2017 05:02:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Falha no Procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll". Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da seção de Dados contêm o código do erro.
Erros de Sistema:
=============
Error: (06/25/2017 07:09:24 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (06/25/2017 07:07:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço egGetSvc foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (06/25/2017 07:07:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço 89798490c2b4d681479595f7b986c615 devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.
Error: (06/25/2017 07:07:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço 89798490c2b4d681479595f7b986c615.
Error: (06/25/2017 07:05:11 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:11 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:11 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:07 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:07 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:06 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentagem de memória em uso: 77%
RAM física total: 2009.33 MB
RAM física disponível: 459.15 MB
Virtual Total: 4185.33 MB
Virtual disponível: 1303.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:397.08 GB) (Free:124.75 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A5A8254)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=397.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=68.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
==================== Fim de Addition.txt ============================
Executado por Hakaz7 (25-06-2017 20:38:43)
Executando a partir de C:\Users\Hakaz7\Desktop
Windows 10 Pro Versão 1607 (X64) (2016-09-15 15:44:03)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-1487806579-2887001220-3690848270-500 - Administrator - Disabled)
aldem (S-1-5-21-1487806579-2887001220-3690848270-1003 - Limited - Enabled) => C:\Users\aldem
Convidado (S-1-5-21-1487806579-2887001220-3690848270-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1487806579-2887001220-3690848270-503 - Limited - Disabled)
Hakaz7 (S-1-5-21-1487806579-2887001220-3690848270-1000 - Administrator - Enabled) => C:\Users\Hakaz7
HomeGroupUser$ (S-1-5-21-1487806579-2887001220-3690848270-1002 - Limited - Enabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) <==== ATENÇÃO
9-lab Removal Tool (HKLM-x32\...\9-lab Removal Tool) (Version: - )
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
AIDA64 Extreme v5.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.00 - FinalWire Ltd.)
AIMP Classic (HKLM-x32\...\AIMPClassic) (Version: - )
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
ComicRack v0.9.176 (HKLM\...\ComicRack) (Version: v0.9.176 - cYo Soft)
CPUID CPU-Z 1.79 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DiskWMpower version 1.0 (HKLM-x32\...\DiskWMpower_is1) (Version: 1.0 - WeMonetize) <==== ATENÇÃO
DriversCloud.com (64 bits) (HKLM\...\{A156B6AA-A988-4BE4-8377-FE0D310FB49F}) (Version: 10.0.1.0 - Cybelsoft)
EagleGet version 2.0.4.19 (HKLM-x32\...\{F6D8142A-B30B-454B-9EE0-08A7B997DFE4}_is1) (Version: 2.0.4.19 - EagleGet)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Network Connections 15.2.89.2 (HKLM\...\PROSetDX) (Version: 15.2.89.2 - Intel)
K-Lite Mega Codec Pack 11.3.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MegaDownloader 1.7 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 1.7 - AppsForMega.info)
Microsoft Office 365 ProPlus - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.6741.2048 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 pt-BR)) (Version: 41.0.2 - Mozilla)
Mozilla Firefox 53.0.2 (x64 pt-BR) (HKLM\...\Mozilla Firefox 53.0.2 (x64 pt-BR)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
MPC-HC 1.7.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.8 - MPC-HC Team)
Nightly 43.0a1 (x64 en-US) (HKLM\...\Nightly 43.0a1 (x64 en-US)) (Version: 43.0a1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== ATENÇÃO
Opera Stable 45.0.2552.898 (HKLM-x32\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Oracle VM VirtualBox 5.1.2 (HKLM\...\{629314D8-8CB7-45F4-8C48-20EF2E330430}) (Version: 5.1.2 - Oracle Corporation)
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <==== ATENÇÃO
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PrivaZer (HKLM-x32\...\PrivaZer) (Version: 2.45.0.0 - Goversoft LLC)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RogueKiller version 12.10.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.6.0 - Adlice Software)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Social2Search (HKLM\...\89798490c2b4d681479595f7b986c615) (Version: 11.14.1.75 (i1.0) - Social2Search) <==== ATENÇÃO
Spotify (HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Spotify) (Version: 1.0.55.487.g256699aa - Spotify AB)
VDownloader Plus 4.2.1820 (HKLM\...\VDownloader Plus_is1) (Version: 4.2.1820 - )
Watchtower Library 2015 - Português (HKLM-x32\...\{C0581871-09A0-4AE4-B4C2-188E2A8AD5FA}) (Version: 17.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncApi64.dll => Nenhum Arquivo
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {026A821F-8398-4C7A-9415-F1690D2011A1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {03AC74DB-BBD3-4F7F-B391-CEEBA99F502B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {097B0595-F663-42BB-AABC-CAFCFD985BCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATENÇÃO
Task: {12B98FC6-062C-44B6-8433-7E5116B5BD8B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1338BBB9-402D-41A9-9C9A-AB16163A54A5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1487217D-3E37-4F2D-AC35-42CCE1C5D62D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)
Task: {152DA833-A17B-4B44-9077-309414376B20} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-25] (Microsoft Corporation)
Task: {2B3D4C55-B27B-4266-8CC0-D449AC953618} - System32\Tasks\O6dPumpAUx => C:\Program Files (x86)\ZBeAlTQs36\updengine.exe [2017-06-25] () <==== ATENÇÃO
Task: {306E14B8-D507-4D63-8B23-196C023D30D9} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-03-23] ()
Task: {308FDFF4-A13B-40ED-A83A-85CBEB81D670} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {31514E56-53B7-4929-BDFA-92C5A4FF0702} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-25] (UC Web Inc.) <==== ATENÇÃO
Task: {31F918BF-866D-4E0F-9CBF-2F387EB41B76} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3230F5D5-3995-495C-82DC-802F3F297A64} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {39AF5752-245D-4B96-BCE1-A3EB28FF2666} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)
Task: {4AAAC00F-A704-48E4-83D4-10ECBAF2D2B1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_131_pepper.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} - System32\Tasks\PrintsCouth => Rundll32.exe "C:\Program Files\PrintsCouth\PrintsCouth.dll",bUjgdkEtA <==== ATENÇÃO
Task: {5C1E0603-BE9E-4BB8-9E17-2954C62AAA1E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {67F0F594-BEDE-4499-AC0E-50C915D3E177} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6AD72B4B-85F1-4373-AC2D-654F1819B128} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6E9ADB02-B6DD-447E-B236-03F568A16191} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {71ABB2F6-A74E-4CFB-BABB-D4670F8502F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {741881B2-CD8A-4512-8FAF-AC79A3CBD08E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {79AF35CC-C4E4-405A-A612-9186E80E1C2C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {7A55049D-73DA-49EB-9656-4164E4B22FF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7FACA3E3-682F-47A4-98A6-8131B955DDF8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-25] (Microsoft Corporation)
Task: {84664C42-883A-4732-B22C-4A4EF94A0B2E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {87876F0F-1362-41DF-A592-B647859387D6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {97428D03-ED99-4498-8F49-B1F92A687F20} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A9477F8C-3789-465D-9B1A-4B47F22D2876} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AA993382-ABE3-4686-AF3D-F26B0FE219EA} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {B6B84572-80FD-403E-AAFC-D5BDA21495D5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {B8B826C3-E110-4C85-845F-D8E70B51CBE7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO
Task: {BDA5345D-59D9-426F-A204-CDD8C51D0D00} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE4A6AE7-1342-466F-8250-46DF14D45C07} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATENÇÃO
Task: {C55F630C-52AF-4D43-9B56-E4286F8FAB2B} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {C584DED3-BD55-415E-B98E-7948FD354614} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE3156B4-617E-4A69-A706-4CFEE6C18A9A} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [2016-01-31] (Goversoft LLC)
Task: {CEDEA982-B649-44DA-AB68-EFEF9A463CAF} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D30C4AF5-8775-40AC-84EF-E353332925FC} - System32\Tasks\89798490c2b4d681479595f7b986c615 => sc start 89798490c2b4d681479595f7b986c615 <==== ATENÇÃO
Task: {D478E25B-7AE2-4C94-9F8B-01FFB7165E53} - System32\Tasks\Opera scheduled Autoupdate 1442452640 => C:\Program Files (x86)\Opera\launcher.exe [2017-06-12] (Opera Software)
Task: {E74ADD65-BA9B-49CD-95FC-2AC7D03291C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {ECD7BE54-F1F9-4EF8-8628-6DA7A95F4787} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {EDCD98EF-3CE4-4259-8BF3-D5F8350ED7C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-15] (Microsoft Corporation)
Task: {F323D747-D4A8-4462-AD3A-B99AA23FC9E4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATENÇÃO
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATENÇÃO
==================== Atalhos & WMI ========================
(As entradas podem ser listadas para serem restauradas ou removidas.)
WMI_ActiveScriptEventConsumer_ASEC: <==== ATENÇÃO
Shortcut: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Port Forwarding\SPF - Basic UI Mode.lnk -> C:\Program Files (x86)\Simple Port Forwarding\basic_ui.bat ()
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk -> C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
==================== Módulos Carregados (Whitelisted) ==============
2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 16:10 - 2017-06-03 07:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-06-15 04:57 - 2011-06-15 04:57 - 00034304 _____ () C:\WINDOWS\System32\ssb6mlm.dll
2017-06-25 18:27 - 2016-06-05 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2017-06-25 19:04 - 2017-03-07 10:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2016-09-15 22:48 - 2016-09-07 01:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 04:58 - 2017-03-04 03:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-06-21 00:01 - 2017-06-21 00:01 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 00:01 - 2017-06-21 00:01 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 00:01 - 2017-06-21 00:01 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 00:01 - 2017-06-21 00:01 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-25 19:04 - 2017-06-25 19:04 - 05367296 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe
2017-06-25 18:57 - 2017-06-25 18:57 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe
2017-06-25 18:58 - 2017-06-25 18:58 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe
2017-06-25 19:03 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe
2017-06-25 19:04 - 2017-06-25 19:04 - 02072576 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe
2017-05-13 00:38 - 2017-05-13 00:38 - 00117561 _____ () C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe
2017-06-25 19:04 - 2015-06-01 12:55 - 02464768 _____ () C:\Program Files\PrintsCouth\PrintsCouth.dll
2017-06-25 20:00 - 2017-06-25 20:00 - 00481792 _____ () C:\WINDOWS\TEMP\gC0E1.tmp.exe
2017-06-25 20:00 - 2017-06-25 20:00 - 00460800 _____ () C:\WINDOWS\TEMP\gCB23.tmp.exe
2017-03-15 04:58 - 2017-03-04 03:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 04:58 - 2017-03-04 03:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-15 04:58 - 2017-03-04 03:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 16:10 - 2017-06-03 05:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 16:10 - 2017-06-03 05:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 16:10 - 2017-06-03 05:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-25 03:39 - 2017-06-25 03:39 - 00762368 _____ () C:\Program Files (x86)\ZBeAlTQs36\kl.dll
2017-06-17 05:45 - 2017-06-17 05:45 - 66277464 _____ () C:\Program Files (x86)\Opera\45.0.2552.898\opera_browser.dll
2017-06-17 05:45 - 2017-06-17 05:44 - 02926680 _____ () C:\Program Files (x86)\Opera\45.0.2552.898\libglesv2.dll
2017-06-17 05:45 - 2017-06-17 05:44 - 00088152 _____ () C:\Program Files (x86)\Opera\45.0.2552.898\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\samsungsetup.com -> hxxp://www.samsungsetup.com
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2009-07-13 23:34 - 2017-06-25 18:57 - 00001151 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hakaz7\Documents\EGDownloads\visão.jpg
DNS Servers: 200.189.80.124 - 200.189.80.110
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [UDP Query User{727280AB-00B9-43CD-86B0-B628ECAA2748}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{B5578DD4-5AD8-4C9E-8859-67531B323C37}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe
FirewallRules: [TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe
FirewallRules: [UDP Query User{425650B8-A73E-4262-9915-00BB1328DE1A}C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe] => (Block) C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe
FirewallRules: [TCP Query User{71FEE34B-14AC-4448-8990-D3037358E40B}C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe] => (Block) C:\users\hakaz7\desktop\pendrive dedé\pendrive dedé\fg752p.exe
FirewallRules: [{2F948DFB-9F89-4F7C-B57A-CCE70298D179}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F70EB1CB-4C4C-4B7B-85C0-02BFF8301C6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{500A9256-49D3-4BAC-AEB9-4B1EE56300F8}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [TCP Query User{BA9669A7-D367-4E07-86A1-3DC29A57C5B7}C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{7A97CE21-0EA4-417D-B648-9B2524714F93}C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\hakaz7\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{6B1A2B88-5170-41C3-A53B-051873648F21}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{035ED720-88D5-4ADA-8677-5A8092FBAAF1}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{23A6B6C3-D122-415E-96E5-A6381D1B932F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D4FD9A26-9070-44B9-A8DA-8B9CABDE0D1A}] => (Allow) LPort=2869
FirewallRules: [{FA56EC70-193E-4206-B035-DAB3DF538830}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{4F74E4AC-1C7F-4E39-AEB8-23A3918E9BFC}C:\users\hakaz7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hakaz7\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A2412B98-FC4F-4E58-BD46-719D5E12A58D}C:\users\hakaz7\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\hakaz7\appdata\roaming\spotify\spotify.exe
FirewallRules: [{06D1A383-5285-4FB0-B75C-A4B1D8F83485}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{8EC69FF0-F5A9-4DFC-8331-63B9BB9E5781}] => (Allow) C:\Program Files\DriversCloud.com\DriversCloud.exe
FirewallRules: [{2EB8D542-998D-4212-B6BD-95A24A9F6172}] => (Allow) C:\Program Files (x86)\Eastness\Application\chrome.exe
FirewallRules: [{FF877634-74C4-4D54-88E8-636F354B9E85}] => (Allow) C:\Program Files (x86)\MIO\loader\samsungxhd502hj_s2bvj56b617167.dat
FirewallRules: [{562B6E4C-9D66-47BA-A7F2-631873DF6E90}] => (Allow) C:\Program Files (x86)\MIO\loader\samsungxhd502hj_s2bvj56b617167.dat
FirewallRules: [{FE35E9B2-A92A-4393-BD3D-CEBC4109595C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0710C1D9-1C05-437A-9A43-ECD88AAE134C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FBB2E3F7-0FFE-4940-B260-CF925B302EDD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7E019E67-75E0-44CC-9E57-5CD496908850}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{35016BA5-3C65-4FA3-AE1A-5F51F6C6FD96}C:\program files\oracle\virtualbox\virtualbox.exe] => (Allow) C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [{E8680952-5C3D-46BD-B215-4F81102F9AF9}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.888\opera.exe
FirewallRules: [{317B48A7-77C1-4B5C-B46E-24054B3319EC}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{BBA90AF1-CB01-4534-87F9-345D4784BF37}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{4B1B7A21-AEA3-475D-A914-6324B6FC07B8}] => (Allow) C:\Program Files (x86)\Opera\45.0.2552.898\opera.exe
FirewallRules: [{7F2B75AE-2277-4FA5-995E-47097A8FB74E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B53FC0C0-F926-4C71-BECD-7C1B6DD24BFD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{37495DDA-2E61-425A-BE52-6A0AD582AE32}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7F67AFB0-2725-4F55-AAB2-F2021DB9E880}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1C69915D-197A-449D-A8B9-2BA2C5C966E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{49ACBC2A-14E5-4E11-A0FC-A20EB3D5BD30}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{E397A2C9-41F9-4C86-B2D0-043A9B6120BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{94632381-B65E-4552-8059-C9C64450C04D}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{56CC8437-2A4E-4999-B4A4-B18A4C493120}] => (Allow) C:\WINDOWS\System32\rundll32.exe
FirewallRules: [{CC4F9A7A-BFF7-43D8-94E9-3DE430906912}] => (Allow) C:\WINDOWS\System32\rundll32.exe
==================== Pontos de Restauração =========================
06-06-2017 13:47:24 Ponto de Verificação Agendado
15-06-2017 13:28:14 Ponto de Verificação Agendado
24-06-2017 12:52:42 Ponto de Verificação Agendado
==================== Dispositivos Apresentando Falhas No Gerenciador =============
Name: Mouse compatível com PS/2
Description: Mouse compatível com PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teclado Padrão PS/2
Description: Teclado Padrão PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (teclados padrões)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (06/25/2017 08:33:41 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {2CD39202-3A2F-4935-9A86-65B919919A7F} foi rejeitada
Error: (06/25/2017 07:39:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ADMINISTRADOR)
Description: O pacote Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe+MicrosoftEdge foi terminado porque levou muito tempo para ser suspenso.
Error: (06/25/2017 07:39:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: MicrosoftEdge.exe, versão: 11.0.14393.1358, carimbo de data/hora: 0x59327901
Nome do módulo com falha: Windows.UI.Xaml.dll, versão: 10.0.14393.1198, carimbo de data/hora: 0x5902836c
Código de exceção: 0xc000027b
Deslocamento da falha: 0x00000000006d5eab
ID do processo com falha: 0x744
Hora de início do aplicativo com falha: 0x01d2ee03ec65a875
Caminho do aplicativo com falha: C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Caminho do módulo com falha: C:\Windows\System32\Windows.UI.Xaml.dll
ID do Relatório: fd89a768-c0c1-4014-852d-aba645f72bf9
Nome completo do pacote com falha: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe
ID do aplicativo relativo ao pacote com falha: MicrosoftEdge
Error: (06/25/2017 07:04:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (06/25/2017 07:03:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: ic-0.e18800aacff13.exe, versão: 1.0.0.1, carimbo de data/hora: 0x5939595b
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc00001a5
Deslocamento da falha: 0x01050e2a
ID do processo com falha: 0x1734
Hora de início do aplicativo com falha: 0x01d2edfeda3b9f22
Caminho do aplicativo com falha: C:\Users\Hakaz7\AppData\Local\Temp\30200281\ic-0.e18800aacff13.exe
Caminho do módulo com falha: unknown
ID do Relatório: 74ca6ea1-6561-42c9-8bb7-9f6b310bfa00
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (06/25/2017 06:59:56 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (06/25/2017 06:32:14 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (06/25/2017 06:30:57 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {2CD39202-3A2F-4935-9A86-65B919919A7F} foi rejeitada
Error: (06/25/2017 06:07:15 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {2CD39202-3A2F-4935-9A86-65B919919A7F} foi rejeitada
Error: (06/25/2017 05:02:11 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Falha no Procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll". Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da seção de Dados contêm o código do erro.
Erros de Sistema:
=============
Error: (06/25/2017 07:09:24 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
e APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (06/25/2017 07:07:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço egGetSvc foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (06/25/2017 07:07:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço 89798490c2b4d681479595f7b986c615 devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.
Error: (06/25/2017 07:07:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço 89798490c2b4d681479595f7b986c615.
Error: (06/25/2017 07:05:11 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:11 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:11 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:07 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:07 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} não se registrou no DCOM dentro do tempo limite necessário.
Error: (06/25/2017 07:05:06 PM) (Source: DCOM) (EventID: 10010) (User: ADMINISTRADOR)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentagem de memória em uso: 77%
RAM física total: 2009.33 MB
RAM física disponível: 459.15 MB
Virtual Total: 4185.33 MB
Virtual disponível: 1303.45 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:397.08 GB) (Free:124.75 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4A5A8254)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=397.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=68.1 GB) - (Type=05)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)
==================== Fim de Addition.txt ============================