cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by Ronan (2016-04-17 10:55:53)
Running from C:\Users\Ronan\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-04-13 17:17:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1377734129-2777699945-316570568-500 - Administrator - Disabled)
Guest (S-1-5-21-1377734129-2777699945-316570568-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1377734129-2777699945-316570568-1002 - Limited - Enabled)
Ronan (S-1-5-21-1377734129-2777699945-316570568-1000 - Administrator - Enabled) => C:\Users\Ronan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{AA3B06B1-E89A-43C6-A26B-7109DB4BEE7B}) (Version: 12.0.7.148 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.1.1.6 - Byte Technologies LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.89 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4101 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
K-Lite Mega Codec Pack 7.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.9.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware versão 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
MixVideoPlayer (HKLM-x32\...\MixVideoPlayer) (Version: v1.0.0.25 - SoftForce LLC) <==== ATTENTION
Mozilla Firefox 45.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 pt-BR)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Search Provided by Yahoo (HKLM-x32\...\YahooProvidedSearch) (Version: - ) <==== ATTENTION
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
Skype™ 7.9 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.9.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Update for PriceFountain (HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\Price Fountain) (Version: - Update for PriceFountain) <==== ATTENTION
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E9FBA14-0644-41D8-9A9B-E3396B420DBE} - System32\Tasks\{D972C03F-F47A-4871-90AD-5BB93E1855D6} => pcalua.exe -a C:\Users\Ronan\Downloads\dxwebsetup(1).exe -d C:\Users\Ronan\Downloads
Task: {1D3795DF-0FB3-4A82-ADE6-5ACDDCFBD8B4} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-03-28] (Byte Technologies LLC)
Task: {2BD8C619-806C-4D06-AC92-CDF230933669} - System32\Tasks\{6FD23353-8BA4-4AB4-976B-8C8735ADBB5C} => pcalua.exe -a C:\Users\Ronan\Downloads\NDP35SP1-KB958484-x86.exe -d C:\Users\Ronan\Downloads
Task: {322C6B0A-A2C2-4DE1-8270-D3718E50F5A1} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-04-16] ()
Task: {3792F669-DDCD-4B76-9EC4-DA449DCC0387} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-13] (Google Inc.)
Task: {3FC25FB5-5C61-41D5-A76F-948D7DA268B7} - System32\Tasks\MixVideoPlayer Update => C:\Program Files (x86)\MixVideoPlayer\mixUpdater.exe [2015-08-06] () <==== ATTENTION
Task: {5EA9CA96-28FC-4398-B2BC-3339318DFC9A} - System32\Tasks\Selection Tools Update => C:\Users\Ronan\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe <==== ATTENTION
Task: {673621D0-C9F2-480F-A350-97E640C64E07} - System32\Tasks\Ninight Collector => C:\Program Files (x86)\Ninight\NngCollector.exe [2016-04-12] ()
Task: {75208298-5E5C-4677-849C-9C1E6D549A8F} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-03-28] (Byte Technologies LLC)
Task: {7B780258-2AEF-480E-91BA-BB238B198019} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {8B6F94AD-02EF-4FAE-9898-2304D0947099} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {96DCE7C7-102D-4035-B7CE-2769EBAAD328} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1377734129-2777699945-316570568-1000
Task: {987F7A1C-7CD4-40FD-A5F4-5C6AF50457DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {98F7E3FA-03E1-42EA-A191-677657D89691} - System32\Tasks\{5F802C34-FBE7-66B3-5E8B-4BFA29B2BDF5} => C:\Users\Ronan\AppData\Local\{56BB6~1\UNINST~1.EXE [2013-05-04] ()
Task: {A90A4264-172C-43A7-95DC-54305165AE97} - System32\Tasks\Jiatid => C:\PROGRA~1\DYAEUG~1\Liclovak.bat
Task: {BB150F45-0FBF-4B13-B483-C0D9E8B5EA61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {C73B4522-52A6-4B26-97AA-1C44B78B4B73} - System32\Tasks\{B58B4FD4-C249-4F90-BB26-34ACA5F9BE49} => pcalua.exe -a C:\Users\Ronan\Downloads\dxwebsetup(2).exe -d C:\Users\Ronan\Downloads
Task: {E5AAE255-6E6B-421D-A4F0-1A2BF7C0E067} - System32\Tasks\WindApp Update => C:\Users\Ronan\AppData\Roaming\Store\WindApp\WindApp Update.exe <==== ATTENTION
Task: {E843D235-9268-4DDB-ACAE-12F499856A56} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-22] (AVAST Software)
Task: {E884E59C-EF83-4E00-B68E-72B99E7E9DD5} - System32\Tasks\{58CC4D08-B4E5-42AC-ACDD-0D9B82ADF5B9} => pcalua.exe -a C:\Users\Ronan\Downloads\dotNetFx35setup(1).exe -d C:\Users\Ronan\Downloads
Task: {EC6809AF-B506-4D80-AACF-F6B43910490B} - System32\Tasks\PFExe => C:\Users\Ronan\AppData\Local\PriceFountain\pricefountain.exe <==== ATTENTION
Task: {F71ABA8B-F34A-470B-A711-F0F927EEC834} - System32\Tasks\Fedaryqeule Server => C:\Program Files (x86)\Fedaryqeule\FedaryqeuleServerTsk.exe
Task: {F783759A-90DB-42A5-B6BF-1CFF838E6093} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-13] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{5F802C34-FBE7-66B3-5E8B-4BFA29B2BDF5}.job => C:\Users\Ronan\AppData\Local\{56BB6~1\UNINST~1.EXE

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser (2).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser (3).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\Users\Ronan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://navigation.iwatchavi.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://navigation.iwatchavi.com/

==================== Loaded Modules (Whitelisted) ==============

2016-04-12 19:29 - 2016-04-12 19:29 - 03587000 _____ () C:\ProgramData\System32\SafeGuard64.dll
2016-04-12 18:04 - 2016-04-12 18:04 - 00285184 _____ () C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\knspF947.tmpfs
2016-04-12 10:09 - 2016-04-12 10:09 - 00174448 _____ () C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Mafcaedbew.exe
2016-04-12 19:28 - 2016-04-12 19:28 - 00138240 _____ () C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\hnsa3630.tmp
2016-04-12 19:28 - 2016-04-12 19:28 - 00389632 _____ () C:\Program Files (x86)\03000200-1460500065-0500-0006-000700080009\jnsp1555.tmp
2016-04-13 11:41 - 2016-04-13 18:51 - 01920000 _____ () c:\programdata\msiql.exe
2016-04-12 10:09 - 2016-04-12 10:09 - 00670576 _____ () C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Nongekoag.dll
2016-04-12 10:09 - 2016-04-12 10:09 - 00146288 _____ () C:\Users\Ronan\AppData\Roaming\Mafcaedbew\Nongekoag.exe
2016-03-31 14:24 - 2016-03-31 14:24 - 01417216 _____ () C:\Users\Ronan\AppData\Roaming\cpuminer\cpm.exe
2015-03-13 10:54 - 2015-03-13 10:54 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-04-13 11:41 - 2016-04-13 18:51 - 01920000 _____ () C:\ProgramData\msiql.exe
2016-04-16 12:58 - 2016-04-16 09:46 - 02055168 _____ () C:\ProgramData\WindowsMsg\osmsg.exe
2016-04-17 09:51 - 2016-04-17 09:51 - 00254264 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2016-04-17 09:51 - 2016-04-17 09:51 - 00564024 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2016-04-12 19:29 - 2016-04-12 19:29 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1377734129-2777699945-316570568-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 23:34 - 2016-04-12 19:26 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1377734129-2777699945-316570568-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: msiql => C:\ProgramData\mspop.exe /RUNNING
MSCONFIG\startupreg: Spotify => "C:\Users\Ronan\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ronan\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{08B41129-EBAF-4706-9A8F-DECEB15C9CF4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{87DF2E43-C70B-4D1F-9F2B-D97ED9237D24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC56487B-D6C7-4853-915E-5496B696D8B1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5D80C9A6-3197-4E4A-B55B-21C5ED47DB1C}] => (Allow) C:\Users\Ronan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ADF57CA5-B7F1-4998-AEDB-C25E49C6B5D6}] => (Allow) C:\Users\Ronan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F849053B-59AA-47BE-9477-AC8C9137AC62}] => (Allow) C:\Users\Ronan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7E628E74-0AB5-4CD3-9286-D71AF96FF6E8}] => (Allow) C:\Users\Ronan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7823811B-4358-4A19-B4DA-FBCEFE9DF6F7}] => (Allow) C:\Users\Ronan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D2B6DDB6-73F8-416C-B651-8A211EF84A67}] => (Allow) C:\Users\Ronan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E8288727-CFA8-472C-8F13-2A5564B997F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14B25827-C368-4B8D-BB0A-E9DF3D2C06FD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C0E97256-0D68-489A-A4DF-7F9B616EF6E1}C:\users\ronan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8284CD62-E520-4A9D-8D7B-66531C151BD2}C:\users\ronan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ronan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FD492215-06DC-4C69-A722-7F78078065F5}C:\users\ronan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ronan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D3B9B44D-FA43-4025-892F-987609490B47}C:\users\ronan\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ronan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D84C6DAD-74B0-48E1-844C-B3B8744AE496}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{126EAE1E-8612-4DF4-B5FF-DA0E3BDCFF3E}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{FA4E3C33-D864-4ABE-BF55-30D5E0B17BD5}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe

==================== Restore Points =========================

22-03-2016 03:01:50 Windows Update
23-03-2016 01:51:53 Windows Update
23-03-2016 13:00:04 Windows Update
24-03-2016 03:00:15 Windows Update
24-03-2016 21:51:01 Windows Update
29-03-2016 15:03:12 Windows Update
02-04-2016 11:04:38 Windows Update
05-04-2016 12:58:44 Windows Update
06-04-2016 12:34:47 Windows Update
09-04-2016 23:26:14 Windows Update
10-04-2016 17:40:26 Windows Update
11-04-2016 20:55:39 Windows Update
12-04-2016 04:27:59 Windows Update
12-04-2016 18:09:35 Windows Update
12-04-2016 18:31:02 avast! antivirus system restore point
12-04-2016 23:31:31 Windows Update
14-04-2016 18:38:15 Windows Update
16-04-2016 13:00:04 Removed KogamaLauncher-BR
16-04-2016 13:05:35 Uniblue DriverScanner installation
16-04-2016 16:15:57 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2016 09:48:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: mediadownloadersetup.exe, versão: 0.0.0.0, carimbo de hora: 0x2a425e19
Nome do módulo de falhas: mediadownloadersetup.exe, versão: 0.0.0.0, carimbo de hora: 0x2a425e19
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00002c08
Identificação do processo com falha: 0xdcc
Hora de início do aplicativo com falha: 0xmediadownloadersetup.exe0
Caminho do aplicativo com falha: mediadownloadersetup.exe1
FCaminho do módulo de falhas: mediadownloadersetup.exe2
Identificação do Relatório: mediadownloadersetup.exe3

Error: (04/17/2016 09:43:28 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\ProgramData\Microsoft\Diagnosis\events11.rbs por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente. O Windows fechou o programa Processo de Host para Serviços do Windows por causa desse erro.

Programa: Processo de Host para Serviços do Windows
Arquivo: C:\ProgramData\Microsoft\Diagnosis\events11.rbs

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (04/17/2016 09:43:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_DiagTrack, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc3c1
Nome do módulo de falhas: diagtrack.dll, versão: 10.0.10242.0, carimbo de hora: 0x55a86ba1
Código de exceção: 0xc0000006
Deslocamento com falha: 0x000000000007097e
Identificação do processo com falha: 0xbb8
Hora de início do aplicativo com falha: 0xsvchost.exe_DiagTrack0
Caminho do aplicativo com falha: svchost.exe_DiagTrack1
FCaminho do módulo de falhas: svchost.exe_DiagTrack2
Identificação do Relatório: svchost.exe_DiagTrack3

Error: (04/17/2016 09:42:50 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\ProgramData\Microsoft\Diagnosis\events11.rbs por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente. O Windows fechou o programa Processo de Host para Serviços do Windows por causa desse erro.

Programa: Processo de Host para Serviços do Windows
Arquivo: C:\ProgramData\Microsoft\Diagnosis\events11.rbs

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (04/17/2016 09:42:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_DiagTrack, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc3c1
Nome do módulo de falhas: diagtrack.dll, versão: 10.0.10242.0, carimbo de hora: 0x55a86ba1
Código de exceção: 0xc0000006
Deslocamento com falha: 0x000000000007097e
Identificação do processo com falha: 0xb64
Hora de início do aplicativo com falha: 0xsvchost.exe_DiagTrack0
Caminho do aplicativo com falha: svchost.exe_DiagTrack1
FCaminho do módulo de falhas: svchost.exe_DiagTrack2
Identificação do Relatório: svchost.exe_DiagTrack3

Error: (04/17/2016 09:42:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/17/2016 09:42:14 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\ProgramData\Microsoft\Diagnosis\events11.rbs por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente. O Windows fechou o programa Processo de Host para Serviços do Windows por causa desse erro.

Programa: Processo de Host para Serviços do Windows
Arquivo: C:\ProgramData\Microsoft\Diagnosis\events11.rbs

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (04/17/2016 09:42:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_DiagTrack, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc3c1
Nome do módulo de falhas: diagtrack.dll, versão: 10.0.10242.0, carimbo de hora: 0x55a86ba1
Código de exceção: 0xc0000006
Deslocamento com falha: 0x000000000007097e
Identificação do processo com falha: 0x6b4
Hora de início do aplicativo com falha: 0xsvchost.exe_DiagTrack0
Caminho do aplicativo com falha: svchost.exe_DiagTrack1
FCaminho do módulo de falhas: svchost.exe_DiagTrack2
Identificação do Relatório: svchost.exe_DiagTrack3

Error: (04/17/2016 09:20:10 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\ProgramData\Microsoft\Diagnosis\events11.rbs por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente. O Windows fechou o programa Processo de Host para Serviços do Windows por causa desse erro.

Programa: Processo de Host para Serviços do Windows
Arquivo: C:\ProgramData\Microsoft\Diagnosis\events11.rbs

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (04/17/2016 09:20:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome de aplicativo com falha: svchost.exe_DiagTrack, versão: 6.1.7600.16385, carimbo de hora: 0x4a5bc3c1
Nome do módulo de falhas: diagtrack.dll, versão: 10.0.10242.0, carimbo de hora: 0x55a86ba1
Código de exceção: 0xc0000006
Deslocamento com falha: 0x000000000007097e
Identificação do processo com falha: 0xed8
Hora de início do aplicativo com falha: 0xsvchost.exe_DiagTrack0
Caminho do aplicativo com falha: svchost.exe_DiagTrack1
FCaminho do módulo de falhas: svchost.exe_DiagTrack2
Identificação do Relatório: svchost.exe_DiagTrack3


System errors:
=============
Error: (04/17/2016 10:33:27 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:23 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:20 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:17 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:14 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:10 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:07 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:05 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:33:01 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.

Error: (04/17/2016 10:32:59 AM) (Source: Disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um bloco defeituoso.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 45%
Total physical RAM: 4002.89 MB
Available physical RAM: 2161.91 MB
Total Virtual: 8003.98 MB
Available Virtual: 5971.02 MB

==================== Drives ================================

Drive c: (Novo volume) (Fixed) (Total:465.76 GB) (Free:315.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3072BD03)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité