Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 26-10-2017 Executado por Bruno campos (26-10-2017 02:12:40) Executando a partir de C:\Users\Bruno campos\Downloads Windows 7 Professional Service Pack 1 (X64) (2017-10-25 19:16:28) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-3482999910-4114749731-1815573784-500 - Administrator - Disabled) Bruno campos (S-1-5-21-3482999910-4114749731-1815573784-1000 - Administrator - Enabled) => C:\Users\Bruno campos Convidado (S-1-5-21-3482999910-4114749731-1815573784-501 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.62 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Microsoft .NET Framework 4.6.1 (PTB) (HKLM\...\{A4CA54C9-68EE-393F-B10F-9C44884312B0}) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.7 (HKLM\...\{BCF0C1F7-671C-3922-A7EA-8AC11F4FC0EB}) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) MySQL Workbench 6.3 CE (HKLM\...\{CD8C5EC0-56A3-4F6E-BB22-E230059DF1F2}) (Version: 6.3.9 - Oracle Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8254 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0152 - REALTEK Semiconductor Corp.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Wampserver64 3.1.0 (HKLM\...\{wampserver64}_is1) (Version: 3.1.0 - Dominique Ottello aka Otomatic) WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-02-19] (Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {B4CA32E6-777E-421D-BD09-7C0F7D562C17} - System32\Tasks\R@1n-KMS\Office14ProPlus => wmic [Argument = path OfficeSoftwareProtectionProduct where (ID="6f327760-8c5c-417c-9b61-836a98287e0c") call Activate] Task: {D48174AC-3E66-4A95-8938-65A7CE1189C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-26] (Google Inc.) Task: {E25DFC60-9F34-4F3D-953D-1BF8A0E44AD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-26] (Google Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Bruno campos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\HP Print para Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cjanmonomjogheabiocdamfpknlpdehm ==================== Módulos Carregados (Whitelisted) ============== 2011-03-17 00:07 - 2011-03-17 00:07 - 004297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-10-26 00:14 - 2017-10-26 01:14 - 000026112 _____ () C:\Windows\KMS-R@1n.exe 2012-01-10 21:12 - 2012-01-10 21:12 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2017-10-26 00:14 - 2017-10-26 01:14 - 000005120 _____ () C:\Windows\KMS-R@1nHook.exe 2017-10-26 01:14 - 2017-10-26 01:14 - 000004096 _____ () C:\Windows\KMS-R@1nHook.dll 2017-10-26 01:27 - 2017-08-17 10:34 - 014545920 _____ () c:\wamp64\bin\mariadb\mariadb10.2.8\bin\mysqld.exe 2017-10-26 00:56 - 2017-10-17 06:08 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\libglesv2.dll 2017-10-26 00:56 - 2017-10-17 06:08 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.62\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-14 00:34 - 2009-06-10 19:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3482999910-4114749731-1815573784-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bruno campos\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{4004F304-1D60-4F1A-978C-73F59CE3BC07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{90C7752D-5AEF-4F16-A2D0-B63109D01D5B}] => (Allow) C:\Windows\KMS-R@1n.exe FirewallRules: [{CCA91BDD-E177-4C5A-B20A-0CEBA1E6130F}] => (Allow) C:\Windows\KMS-R@1n.exe ==================== Pontos de Restauração ========================= 25-10-2017 23:46:35 Instalado REALTEK PCIE Wireless LAN Driver 25-10-2017 23:57:49 DriverPack 17.7.73 26-10-2017 00:06:48 Installed Microsoft Office Professional Plus 2010 26-10-2017 00:13:04 Re-Loader by R@1n 26-10-2017 00:31:15 DriverPack 17.7.73 26-10-2017 00:34:56 Windows Update 26-10-2017 00:40:31 DriverPack 17.7.73 26-10-2017 01:13:38 Re-Loader by R@1n 26-10-2017 01:15:40 Installed Microsoft .NET Framework 4.7 26-10-2017 01:24:49 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 26-10-2017 01:33:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 26-10-2017 01:52:22 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 26-10-2017 01:53:03 Installed MySQL Workbench 6.3 CE ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (10/26/2017 01:54:10 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicativo: MySQLWorkbench.exe Versão do Framework: v4.0.30319 Descrição: O processo foi terminado devido a uma exceção sem tratamento. Informações da Exceção: System.IO.FileLoadException em MySQL.GUI.Workbench.Program.Main(System.String[]) Error: (10/26/2017 01:48:45 AM) (Source: MsiInstaller) (EventID: 10005) (User: Brunocampos-PC) Description: Product: MySQL Workbench 6.3 CE -- MySQL Workbench requires the Visual C++ 2015 Redistributable Package to be installed. Click the Download-Button on the next page to open a web page containing further instructions. Error: (10/26/2017 01:22:41 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/26/2017 01:15:45 AM) (Source: VSS) (EventID: 12344) (User: ) Description: Erro de Cópia de Sombra de Volume: um erro 0x00000000c000014d foi encontrado enquanto o Gravador do Registro estava preparando o Registro para uma cópia de sombra. Verifique se há erros relacionados nos logs de eventos do aplicativo e do sistema. Operação: Evento OnFreeze Congelar Evento Contexto: Contexto de Execução: Registry Writer Contexto de Execução: Writer Id de Classe de Gravador: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nome do Gravador: Registry Writer ID de Instância de Gravador: {cfc824b1-cb8b-4b9d-aa74-b34cdeab6ed1} Error: (10/26/2017 12:43:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/26/2017 12:23:24 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/26/2017 12:09:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/25/2017 11:50:11 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/25/2017 07:19:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (10/25/2017 06:41:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Erros de Sistema: ============= Error: (10/26/2017 01:15:45 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: AUTORIDADE NT) Description: 0xc000014d32\Device\HarddiskVolume1\Boot\BCD Error: (10/26/2017 12:41:43 AM) (Source: ACPI) (EventID: 13) (User: ) Description: : O controlador incorporado (EC) não respondeu dentro do tempo limite especificado. Isso pode indicar erro no hardware ou firmware do EC ou que o BIOS está acessando o EC incorretamente. Verifique com o fabricante do computador se há uma versão do BIOS mais atualizada. Em algumas situações, esse erro pode fazer que o computador funcione incorretamente. Error: (10/26/2017 12:18:20 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou com o DCOM dentro do tempo limite requerido. Error: (10/25/2017 05:25:35 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 17:24:13 às ‎25/‎10/‎2017 não era esperado. Error: (10/25/2017 05:16:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: O serviço Serviço de transferência inteligente de plano de fundo terminou com o erro específico de serviço %%-2147023781 = O sistema está sendo desligado.. Error: (10/25/2017 05:16:31 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: AUTORIDADE NT) Description: Falha ao iniciar o serviço do BITS. Erro 2147943515. Error: (10/25/2017 05:13:21 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Falha na inicialização do despejo de memória! ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz Percentagem de memória em uso: 44% RAM física total: 5940.54 MB RAM física disponível: 3320.01 MB Virtual Total: 11879.27 MB Virtual disponível: 8570.37 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:152.77 GB) (Free:116.74 GB) NTFS Drive d: () (Fixed) (Total:312.5 GB) (Free:312.37 GB) NTFS Drive f: (VIVACELL) (Removable) (Total:14.42 GB) (Free:2.27 GB) FAT32 ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2DE48582) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=152.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=312.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 14.4 GB) (Disk ID: 0123FBBD) Partition 1: (Active) - (Size=14.4 GB) - (Type=0C) ==================== Fim de Addition.txt ============================