Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:07-02-2016
Executado por Rose (2016-02-13 21:08:27)
Executando a partir de D:\Desktop
Windows 8 Pro (X64) (2014-01-22 16:34:02)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2485532477-44574724-2394039227-500 - Administrator - Disabled)
Convidado (S-1-5-21-2485532477-44574724-2394039227-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2485532477-44574724-2394039227-1003 - Limited - Enabled)
Rose (S-1-5-21-2485532477-44574724-2394039227-1001 - Administrator - Enabled) => C:\Users\Rose

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-2485532477-44574724-2394039227-1001\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
7-Zip 9.17 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0917-000001000000}) (Version: 9.17.00.0 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe Flash Player Packages (HKU\S-1-5-21-2485532477-44574724-2394039227-1001\...\Adobe Flash Player Packages) (Version:  - ) <==== ATENÇÃO
Adobe Reader XI (11.0.12) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CheckMeUp (HKLM-x32\...\6ECB650E-8177-CC04-71B4-6BE3CD063758) (Version:  - CheckMeUp-software)
CloneDVD 5.5.0.0 (HKLM-x32\...\MainApp.exe_is1) (Version:  - Copyright (C) 2003-2010 DVD X Studios.)
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.16.0 - Uniblue Systems Ltd)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Módulo de Proteção Banco Santander (Brasil) S.A. (HKLM-x32\...\{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1) (Version: 3.7.1.1 - )
Opera Stable 35.0.2066.37 (HKLM-x32\...\Opera 35.0.2066.37) (Version: 35.0.2066.37 - Opera Software)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Popcorn Time (HKU\S-1-5-21-2485532477-44574724-2394039227-1001\...\Popcorn Time) (Version:  - Popcorn Official)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Real Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATENÇÃO
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATENÇÃO
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.7.0.113 - KMP Media co., Ltd)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version:  - Microsoft)
Wajam (HKLM-x32\...\WajaNetEn) (Version: 1.60.1.15 (i1.0) - Wajam) <==== ATENÇÃO
Watchtower Library 2014 - Português (HKLM-x32\...\{84C366E8-57F2-4D64-A24B-81CA35F576D0}) (Version: 16.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
WebShield (HKLM-x32\...\WebShield) (Version: 3.0.91 - Irrational Number Applications)
Windows 7 Codec Pack 4.0.8 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack)
WinRAR 4.00 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.3 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-2485532477-44574724-2394039227-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0001}\InprocServer32 -> C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-2485532477-44574724-2394039227-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0001}\InprocServer32 -> C:\Users\Rose\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll (GAS Tecnologia)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {0110B04E-F782-416C-B855-06436977A796} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {03B7FF7F-820F-409E-B3C3-2D6A6DD513C1} - System32\Tasks\Pritc => C:\Users\Rose\AppData\Local\Temp\00026159\casrss.exe [2016-02-13] (VLOME) <==== ATENÇÃO
Task: {0A98ABC5-8C90-4654-B835-18551F674243} - System32\Tasks\CheckMeUp Update => C:\Program Files (x86)\version09CheckMeUp\m6CheckMeUpw79.exe [2016-02-13] ()
Task: {0FA99973-149C-4D9D-B7D9-29320AC5C435} - System32\Tasks\Opera scheduled Autoupdate 1449712105 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
Task: {230712D8-5284-4173-AE8D-5C7655F631AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-09] (Google Inc.)
Task: {315DCB2A-BCE6-4DBA-AFEC-E4EA1DC5F099} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {34ABF8D2-2D51-4D78-BF87-C6B8E84C7552} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-HashDiagnostic => C:\Program Files (x86)\hela\hela.exe [2015-03-01] () <==== ATENÇÃO
Task: {39513E61-BD42-4389-8C77-54CC1B2924E1} - System32\Tasks\Nounu => C:\PROGRA~1\GROOVE~1\Fauoc.bat
Task: {3BCB8C5A-DCCF-45B4-BE04-EC34CADACB13} - System32\Tasks\Microsoft\windows\DiskDiagnostic\DiskDiagnostic => C:\Program Files (x86)\DiskDiagnostic\DiskDiagnostic.exe [2015-01-28] () <==== ATENÇÃO
Task: {40E94E8C-673E-4170-AD17-6E82310446FF} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe
Task: {449EE297-AF33-49A5-9496-BDC2C6C2A913} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2485532477-44574724-2394039227-1001Core => C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-03] (Facebook Inc.)
Task: {4704492F-91AE-48E8-B6D5-A070F357F29C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2485532477-44574724-2394039227-1001UA => C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-03] (Facebook Inc.)
Task: {4CF637CE-B093-4202-9567-C24F7D847699} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-18] (Microsoft Corporation)
Task: {54F08611-35AE-41A8-ADE3-8B2C4019F27C} - System32\Tasks\Fatsitfu => C:\PROGRA~1\SHOPPE~1\Ucomh.bat
Task: {595F5B23-B6E1-43CC-A3A0-8735B6CA92B7} - \AutoKMS -> Nenhum Arquivo <==== ATENÇÃO
Task: {6CB647D0-6A70-4CAA-9885-DA7DF30972EE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {7E87C770-46E2-4511-BAE1-4482ADF7C2A7} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATENÇÃO
Task: {8360CDB8-A351-4FC5-8C9D-AF15E4C8C583} - System32\Tasks\{1D7A1C2A-BF4C-47DE-83AF-F9A61FBEB16F} => pcalua.exe -a C:\Users\Rose\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=sien
Task: {892C3419-7772-4503-ADD1-B2FDF8E41A11} - System32\Tasks\Loca\Loca\Loca => C:\Program Files (x86)\Loca\bin\LocaProxy.exe [2015-02-20] () <==== ATENÇÃO
Task: {898951AA-EA7C-4BEC-B3A5-9B009C0B20E9} - System32\Tasks\DriverScanner => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe [2015-10-22] (Uniblue Systems Ltd)
Task: {89B0EFA4-B5A7-4389-912B-A359331226BB} - System32\Tasks\IBUpd2 => C:\Users\Rose\AppData\Local\BrowserAir\47.0.0.4\updater.exe
Task: {9D44427F-E7DA-45C7-9675-3133005AE8C6} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-02-09] ()
Task: {AA4CF1F2-427D-4EE0-B54F-C8D2D47A2E0F} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2015-10-22] (Uniblue Systems Ltd)
Task: {BF2A860A-A70F-45E2-8C02-AEBBF501243F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-09] (Google Inc.)
Task: {D3EE0B74-9735-4B85-BDD8-9AD179D94C77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {D6ED63FF-6E38-42BF-A0A1-E59645BC541E} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-12-04] (@ByELDI)
Task: {D85143B2-4BF2-4005-97D8-DC44B6352A74} - System32\Tasks\{9E66229A-0D98-4DAB-B98D-87906ABDA121} => pcalua.exe -a C:\Users\Rose\AppData\Local\{B26204C5-4AA1-4D28-8D89-A52A15FD9E9D}\OffersWizard.exe -c -delete-
Task: {EE052455-84E7-4055-9400-CA83A978C6C6} - System32\Tasks\Run_Dregol => C:\Users\Rose\AppData\Local\{F9E6C~1\UNINST~1.EXE
Task: {F88A0055-D5FD-4D5C-BB9B-9EB2D00802E2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\CheckMeUp Update.job => C:\Program Files (x86)\version09CheckMeUp\m6CheckMeUpw79.exe
Task: C:\Windows\Tasks\DriverScanner.job => C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2485532477-44574724-2394039227-1001Core.job => C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2485532477-44574724-2394039227-1001UA.job => C:\Users\Rose\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Run_Dregol.job => C:\Users\Rose\AppData\Local\{F9E6C~1\UNINST~1.EXE

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G2Dzamobl8173,9ae69066-90cf-4022-be25-1a11baeb124d,
ShortcutWithArgument: C:\Users\Rose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G2Dzamobl8173,9ae69066-90cf-4022-be25-1a11baeb124d, --disable-quic
ShortcutWithArgument: C:\Users\Rose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G2Dzamobl8173,9ae69066-90cf-4022-be25-1a11baeb124d,
ShortcutWithArgument: C:\Users\Rose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G2Dzamobl8173,9ae69066-90cf-4022-be25-1a11baeb124d, --disable-quic
ShortcutWithArgument: C:\Users\Rose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G2Dzamobl8173,9ae69066-90cf-4022-be25-1a11baeb124d,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G2Dzamobl8173,9ae69066-90cf-4022-be25-1a11baeb124d, --disable-quic

==================== Módulos Carregados (Whitelisted) ==============

2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-05 10:08 - 2014-09-05 10:08 - 00861696 _____ () C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
2015-02-20 17:49 - 2015-02-20 17:49 - 02042368 _____ () C:\Program Files (x86)\Loca\bin\LocaProxy.exe
2014-01-22 16:45 - 2010-12-17 21:14 - 00164352 _____ () C:\Program Files\WinRAR\rarext.dll
2014-06-02 19:40 - 2014-06-02 19:40 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2015-02-20 17:48 - 2015-02-20 17:48 - 00077312 _____ () C:\Program Files (x86)\Loca\bin\LocaProxyTracker.exe
2016-02-07 23:13 - 2016-02-07 23:13 - 00295856 _____ () C:\Program Files (x86)\KMSPico 10.0.6\KMSPico Registry Patch.exe
2016-02-03 07:45 - 2016-02-03 07:45 - 00582144 _____ () C:\Users\Rose\AppData\Local\Temp\befeejabed.exe
2016-02-13 18:22 - 2016-02-13 18:22 - 00184832 _____ () C:\Program Files (x86)\03000200-1455399624-0500-0006-000700080009\knsz7107.tmpfs
2016-02-13 19:41 - 2016-02-13 19:41 - 00307712 _____ () C:\Program Files (x86)\03000200-1455399624-0500-0006-000700080009\jnsu8D44.tmp
2016-02-13 19:41 - 2016-02-13 19:41 - 00416256 _____ () C:\Program Files (x86)\03000200-1455399624-0500-0006-000700080009\hnsuA8B2.tmp
2016-02-08 04:53 - 2016-02-08 04:53 - 00153460 _____ () C:\Program Files (x86)\KMSPico 10.0.6\7d0f5d4dbab7eba337870e39967aa843.exe
2016-02-13 11:41 - 2016-02-13 11:41 - 00142696 _____ () C:\Users\Rose\AppData\Roaming\OvauWon\Junqil.exe
2016-02-13 20:11 - 2016-02-13 20:12 - 01626112 _____ () C:\Windows\Temp\D0D6.tmp
2016-02-13 11:30 - 2016-02-13 11:30 - 00142688 _____ () C:\Users\Rose\AppData\Roaming\MiuslGhsocj\Pykpab.exe
2016-02-13 20:17 - 2016-02-09 12:30 - 02036224 _____ () C:\ProgramData\WindowsMsg\osmsg.exe
2016-02-13 20:18 - 2016-02-13 20:18 - 00692648 _____ () c:\users\rose\appdata\local\temp\26705\player setup.exe
2016-02-13 20:42 - 2016-02-13 20:42 - 00708096 _____ () C:\Users\Rose\AppData\Local\Temp\is-8T4HU.tmp\MediaDownloader.tmp
2016-02-13 20:43 - 2016-02-13 20:43 - 00689568 _____ () c:\users\rose\appdata\local\temp\31609\vlc.exe
2016-02-13 20:52 - 2016-02-13 20:53 - 01671252 _____ () C:\Users\Rose\AppData\Local\Setup Wizard\9cdf354c-b7cb-4289-a2b4-dbc8476b8c84\5555-1008_checkmeup.exe
2016-02-13 20:53 - 2016-02-13 20:54 - 00689552 _____ () c:\users\rose\appdata\local\temp\00958\skype.exe
2016-02-05 03:15 - 2016-02-05 03:15 - 03280896 _____ () C:\Program Files\WajaNetEn\3e5fb6c2f226790563e39c2279ff0b2d.exe
2016-02-05 03:12 - 2016-02-05 03:12 - 02496000 _____ () c:\program files\wajaneten\5d996e0b58c800cc67ef8d69b2ed1dc9.exe
2016-02-05 03:15 - 2016-02-05 03:15 - 03280896 _____ () c:\program files\wajaneten\3e5fb6c2f226790563e39c2279ff0b2d.exe
2016-02-13 11:41 - 2016-02-13 19:43 - 00173416 _____ () C:\Users\Rose\AppData\Roaming\OvauWon\Hebbeak.din
2016-02-13 11:30 - 2016-02-13 20:16 - 00173408 _____ () C:\Users\Rose\AppData\Roaming\MiuslGhsocj\Liooschg.din
2016-02-13 21:04 - 2016-02-13 21:05 - 00689568 _____ () c:\users\rose\appdata\local\temp\03038\setup.exe
2016-02-13 21:02 - 2016-02-13 21:07 - 04524664 _____ () C:\Users\Rose\AppData\Local\Setup Wizard\dd036cc4-33a5-4766-b171-e680222c1c67\wwe_1.58.1.36.exe
2016-02-13 21:07 - 2016-02-13 21:07 - 00011264 _____ () C:\Users\Rose\AppData\Local\Temp\nsb7F90.tmp\System.dll
2016-02-13 21:07 - 2016-02-13 21:07 - 00117248 _____ () C:\Users\Rose\AppData\Local\Temp\nsb7F90.tmp\IpConfig.dll
2016-02-13 21:08 - 2016-02-13 21:08 - 00006656 _____ () C:\Users\Rose\AppData\Local\Temp\nsb7F90.tmp\nsExec.dll
2016-02-13 21:06 - 2016-02-13 21:06 - 00603136 _____ () C:\Program Files (x86)\version09CheckMeUp\m6CheckMeUpw79.exe
2016-02-13 21:08 - 2016-02-13 21:08 - 11838976 _____ () c:\program files\wajaneten\WajaNetEnlibs\ycfivz.dll
2016-02-13 20:56 - 2016-02-13 20:56 - 01277944 _____ () C:\ProgramData\eEHDuwAarjE\dat\HesqfvgwRno.dll
2015-10-09 23:23 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Rose\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-10-09 23:23 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Rose\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2016-02-13 21:08 - 2016-02-13 21:08 - 11838976 _____ () c:\program files\wajaneten\wajanetenlibs\ycfivz.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{bd7a1dda-cddf-11e5-beb8-002511bdde4c}
AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{bd7a1ddb-cddf-11e5-beb8-002511bdde4c}

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== EXE Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2012-07-26 03:26 - 2016-02-13 19:39 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2485532477-44574724-2394039227-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{57227D9B-53F4-4117-87DB-CCF31C9C741E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EFCA18AE-64B4-4F3A-8132-9235DDFABF5D}C:\users\rose\desktop\formatar pc\microsoft toolkit 2.4.5\microsoft toolkit 2.4.5\microsoft toolkit.exe] => (Allow) C:\users\rose\desktop\formatar pc\microsoft toolkit 2.4.5\microsoft toolkit 2.4.5\microsoft toolkit.exe
FirewallRules: [UDP Query User{DC3DB050-CC03-4E56-9CAB-EF54AA200DBA}C:\users\rose\desktop\formatar pc\microsoft toolkit 2.4.5\microsoft toolkit 2.4.5\microsoft toolkit.exe] => (Allow) C:\users\rose\desktop\formatar pc\microsoft toolkit 2.4.5\microsoft toolkit 2.4.5\microsoft toolkit.exe
FirewallRules: [{719F5F2A-5C78-4A2C-AE7B-08F2834300D1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A4CFD787-CED5-47E8-B27A-6EC389A0EFE3}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9405ABCD-EB09-4108-835C-EF8D0B81FB75}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{69B2DE36-40F0-4E01-96C1-9ADFE1DF33AA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24A1BD60-E06D-4BB3-8004-71FF1407537E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C5BD399C-760B-4D02-98DF-477EA071775D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{37B10166-22FF-4DFD-8815-227A822C822C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{475FBF71-83AD-4DB6-BD19-3870C928EF40}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DFA039FF-805A-4B70-B204-B40A777E2E3B}] => (Allow) C:\Users\Rose\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{34380099-C9DD-450F-83C7-D2F4A0B96487}] => (Allow) C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0CAD0E09-261A-471D-AC18-5EC6E893832B}] => (Allow) C:\Users\Rose\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{82C68AA0-A669-421D-8E40-7F20D0F68E95}C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{29A8425C-C2EA-4E0D-A025-70D0662B3EED}C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{5A63BEDF-84C5-4E16-9C72-2FC3851F4EE1}C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{69993E30-E59E-4DD9-9A23-7404FDE5D9F6}C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\rose\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{8CD7400E-950B-4714-90B1-D73740F32E5F}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4D4E6E20-4C6F-4BBD-9D8A-30EA76F48A2B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{0A1076A8-019D-4E06-954F-CD13FF5EEFBF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{60416755-51B2-4A46-80BF-567F4371C13D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADD9C679-A12F-49B0-9DAF-46618514C836}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FAE27091-0E81-4677-AC4B-ACEDA5EAA8D7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15489017-E89B-4A12-915F-72380CDF8752}] => (Allow) C:\Program Files (x86)\Loca\bin\LocaProxy.exe
FirewallRules: [{CE60CDDD-2FB9-4EAA-B2DE-FCDA0A11C3CB}] => (Allow) C:\Program Files (x86)\Loca\bin\LocaProxy.exe
FirewallRules: [{AC866674-2ED7-4D16-A950-5AA021597B84}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{890B9D05-BE17-4FD3-A8B3-D20FEAD25682}] => (Allow) C:\Users\Rose\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{53109312-43E2-45EE-BA87-0E1255664B80}C:\users\rose\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\rose\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{A66684ED-4BF1-493D-BC9C-F2C36F9D26D9}C:\users\rose\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\rose\appdata\local\popcorn time\nw.exe
FirewallRules: [{39701BDA-D17A-4AB6-94AA-27777FB4791E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Pontos de Restauração =========================

06-02-2016 15:20:08 Windows Defender Checkpoint
13-02-2016 19:38:10 Instalador de Módulos do Windows

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de Túnel Teredo da Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: Hewlett-Packard
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (02/13/2016 09:07:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: chrome.exe, versão: 48.0.2564.109, carimbo de data/hora: 0x56b94e2f
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0xc00001a5
Deslocamento da falha: 0x450d19b8
ID do processo com falha: 0x968
Hora de início do aplicativo com falha: 0xchrome.exe0
Caminho do aplicativo com falha: chrome.exe1
Caminho do módulo com falha: chrome.exe2
ID do Relatório: chrome.exe3
Nome completo do pacote com falha: chrome.exe4
ID do aplicativo relativo ao pacote com falha: chrome.exe5

Error: (02/13/2016 08:17:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: gplyra.exe, versão: 5.2.1.0, carimbo de data/hora: 0x56bbcff1
Nome do módulo com falha: OpenCL.dll, versão: 6.2.9200.17581, carimbo de data/hora: 0x5644f0df
Código de exceção: 0xc0000135
Deslocamento da falha: 0x00078dd2
ID do processo com falha: 0x167c
Hora de início do aplicativo com falha: 0xgplyra.exe0
Caminho do aplicativo com falha: gplyra.exe1
Caminho do módulo com falha: gplyra.exe2
ID do Relatório: gplyra.exe3
Nome completo do pacote com falha: gplyra.exe4
ID do aplicativo relativo ao pacote com falha: gplyra.exe5

Error: (02/13/2016 08:15:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: nfregdrv64.exe, versão: 0.0.0.0, carimbo de data/hora: 0x56bf303c
Nome do módulo com falha: nfapi64.dll, versão: 6.2.9200.17581, carimbo de data/hora: 0x5644f0f7
Código de exceção: 0xc0000135
Deslocamento da falha: 0x00000000000e1e80
ID do processo com falha: 0xe80
Hora de início do aplicativo com falha: 0xnfregdrv64.exe0
Caminho do aplicativo com falha: nfregdrv64.exe1
Caminho do módulo com falha: nfregdrv64.exe2
ID do Relatório: nfregdrv64.exe3
Nome completo do pacote com falha: nfregdrv64.exe4
ID do aplicativo relativo ao pacote com falha: nfregdrv64.exe5

Error: (02/13/2016 07:43:30 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225

Error: (02/13/2016 07:43:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: nfregdrv64.exe, versão: 0.0.0.0, carimbo de data/hora: 0x56bf32a9
Nome do módulo com falha: nfapi64.dll, versão: 6.2.9200.17581, carimbo de data/hora: 0x5644f0f7
Código de exceção: 0xc0000135
Deslocamento da falha: 0x00000000000e1e80
ID do processo com falha: 0x18e0
Hora de início do aplicativo com falha: 0xnfregdrv64.exe0
Caminho do aplicativo com falha: nfregdrv64.exe1
Caminho do módulo com falha: nfregdrv64.exe2
ID do Relatório: nfregdrv64.exe3
Nome completo do pacote com falha: nfregdrv64.exe4
ID do aplicativo relativo ao pacote com falha: nfregdrv64.exe5

Error: (02/13/2016 07:33:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/13/2016 07:33:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=4

Error: (02/10/2016 09:47:15 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (02/10/2016 09:47:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=a98bcd6d-5343-4603-8afe-5908e4611112;NotificationInterval=1440;Trigger=UserLogon;SessionId=3

Error: (02/10/2016 09:47:05 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225


Erros de Sistema:
=============
Error: (02/13/2016 09:08:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço MPC Core Protect Service está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/13/2016 08:38:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço csrcc foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/13/2016 08:38:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço 165488A5-9D2D-49F4-8FD4-301A6368D3EB foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/13/2016 08:37:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço MPC Core Protect Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/13/2016 08:20:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço MPC Core Protect Service está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (02/13/2016 08:15:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Double Spaced Firewall devido ao seguinte erro: 
%%1053

Error: (02/13/2016 08:15:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Double Spaced Firewall.

Error: (02/13/2016 07:49:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: A chamada ScRegSetValueExW falhou para DeleteFlag com o seguinte erro: 
%%4294967295

Error: (02/13/2016 07:48:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço csrcc foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/13/2016 07:48:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço 9FF35666-4F73-44B7-a232-E0C463227597 foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).


==================== Informações da Memória =========================== 

Processador: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz
Percentagem de memória em uso: 56%
RAM física total: 4086.24 MB
RAM física disponível: 1775.44 MB
Virtual Total: 6532 MB
Virtual disponível: 3035.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.31 GB) (Free:34.53 GB) NTFS
Drive d: (Disco) (Fixed) (Total:600.98 GB) (Free:304.99 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6DE62551)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=601 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================