Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:06-05-2016 01
Executado por Svc-Pc (2016-05-05 15:13:15)
Executando a partir de C:\Users\Svc-Pc\Downloads
Windows 8.1 Pro (X64) (2015-11-05 12:18:34)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-742465555-2576082086-511315665-500 - Administrator - Disabled)
Convidado (S-1-5-21-742465555-2576082086-511315665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-742465555-2576082086-511315665-1003 - Limited - Enabled)
Svc-Pc (S-1-5-21-742465555-2576082086-511315665-1001 - Administrator - Enabled) => C:\Users\Svc-Pc
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM-x32\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Calendar 2.0.0.11189 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11189 - MEIXIAN XIE) <==== ATENÇÃO
AnyFlix (HKLM\...\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATENÇÃO
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {00482C31-F664-4D92-ABFA-B26073BF00FA} - System32\Tasks\Mputyqasied Host => C:\Program Files (x86)\Mputyqasied\MputyqasiedHosttask.exe [2016-05-03] ()
Task: {055C924F-4478-4AEB-ACE1-96B91C1C469A} - System32\Tasks\AdobeAAMUpdater-1.0-Svc-Svc-Pc => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {50103FD7-D93D-4269-BD1B-0412818F1B24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {51F42148-BA23-4DF7-9B3B-A9A0C138DCF9} - System32\Tasks\Thquse Controls => C:\Program Files (x86)\Thquse\thqControlstsk.exe [2016-05-03] ()
Task: {55C91FE0-6E39-45CB-9E77-99414CE959CB} - System32\Tasks\svchost => C:\Users\Svc-Pc\AppData\Local\Temp\MZMGK2CWA\MZMGK2CWA.exe [2016-05-05] (TZ) <==== ATENÇÃO
Task: {5CFFD645-76B6-4A4D-A678-369922650BDE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6C6C842A-4294-4135-9509-14EEFF148BA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {740017EB-F13A-4D46-9F9B-38CA05CC2A81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {7A890BB8-E2C7-4B23-838E-CBD0341BE687} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATENÇÃO
Task: {7AE00BD8-8054-412C-B8AC-8AD2B1617C91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {8A413F62-CC27-4FE2-B9BE-71330FCEEA63} - System32\Tasks\FusionPlayer browser banner => C:\Program Files (x86)\FusionPlayer\BrowserBanner.exe
Task: {9C91E152-CBC4-4DA5-A3B5-0C4589309119} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E16CE5A7-21DD-4DB3-BF4B-F9183E01818A} - System32\Tasks\Selection Tools Update => C:\Users\Svc-Pc\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe [2016-04-11] (Nosibay) <==== ATENÇÃO
Task: {F3F014F8-69BA-4B2A-BD6A-9B41C5426AAB} - System32\Tasks\Driver Booster SkipUAC (Svc-Pc) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
==================== Módulos Carregados (Whitelisted) ==============
2015-10-22 11:05 - 2015-10-22 11:05 - 01927680 _____ () C:\Program Files\Sound+\SoundP.dll
2016-05-05 10:06 - 2016-05-05 10:06 - 00125800 _____ () C:\Users\Svc-Pc\AppData\Roaming\FofporRagoguq\Rivbig.exe
2016-05-05 14:01 - 2016-05-05 14:00 - 00949248 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
2016-05-05 12:44 - 2016-05-05 12:44 - 00294912 _____ () C:\Program Files (x86)\03AA02FC-1462467133-05F6-BA06-E10700080009\knspE1CB.tmpfs
2016-05-05 13:49 - 2016-05-05 13:49 - 00174936 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Nithut.exe
2016-05-05 13:49 - 2016-05-05 13:49 - 00125784 _____ () C:\Users\Svc-Pc\AppData\Roaming\FufikeEopun\Iwutk.exe
2016-04-07 05:02 - 2016-04-07 05:02 - 00124928 _____ () C:\Users\Svc-Pc\AppData\Local\Apps\2.0\abril.exe
2016-05-05 13:52 - 2016-05-05 13:52 - 00138240 _____ () C:\Program Files (x86)\03AA02FC-1462467133-05F6-BA06-E10700080009\hnsd1DB3.tmp
2016-05-05 13:52 - 2016-05-05 13:52 - 00389632 _____ () C:\Program Files (x86)\03AA02FC-1462467133-05F6-BA06-E10700080009\jnsd537.tmp
2016-05-05 10:06 - 2016-05-05 10:06 - 00174952 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Acaebmagpo.exe
2016-05-05 13:51 - 2016-04-26 06:27 - 01916928 _____ () c:\programdata\msiql.exe
2015-12-25 05:42 - 2015-12-25 05:42 - 00141960 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
2016-05-05 10:06 - 2016-05-05 10:06 - 00673128 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Reclisaki.dll
2016-05-05 13:49 - 2016-05-05 13:49 - 00673112 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Necso.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 03934344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe
2015-12-25 05:42 - 2015-12-25 05:42 - 00148104 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll
2016-05-05 13:49 - 2016-05-05 13:49 - 00116568 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Cacojopbu.exe
2016-05-05 13:49 - 2016-05-05 13:49 - 00148312 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Necso.exe
2016-05-05 10:06 - 2016-05-05 10:06 - 00148328 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Reclisaki.exe
2016-05-05 10:06 - 2016-05-05 10:06 - 00116584 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Diwumoflo.exe
2010-08-28 17:43 - 2010-08-28 17:43 - 00577335 ____N () c:\programdata\adb.exe
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-05-05 13:51 - 2016-04-26 06:27 - 01916928 _____ () C:\Users\Svc-Pc\AppData\Roaming\msiql.exe
2016-05-05 13:51 - 2016-04-26 06:27 - 01916928 _____ () c:\users\svc-pc\appdata\roaming\msiql.exe
2012-10-01 19:36 - 2012-10-01 19:36 - 01408624 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2016-05-05 10:06 - 2016-05-05 14:38 - 00222568 _____ () C:\Users\Svc-Pc\AppData\Roaming\FofporRagoguq\Jubhugiz.din
2016-05-05 13:49 - 2016-05-05 13:57 - 00222552 _____ () C:\Users\Svc-Pc\AppData\Roaming\FufikeEopun\Wokcyeat.din
2015-12-11 13:01 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-05-05 14:53 - 2016-04-07 11:30 - 02027520 _____ () C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll
2015-12-25 05:41 - 2015-12-25 05:41 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00747144 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00327304 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll
2016-05-05 13:49 - 2016-05-05 13:49 - 00263000 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Cacojopbu.dll
2016-05-05 10:06 - 2016-05-05 10:06 - 00263016 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Diwumoflo.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-05-02 17:46 - 2016-04-27 20:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-02 17:46 - 2016-04-27 20:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\100sexlinks.com -> 100sexlinks.com
Existem ainda 4788 sites a mais.
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2013-08-22 10:25 - 2016-05-05 13:52 - 00001188 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-742465555-2576082086-511315665-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Svc-Pc\Documents\160524w.jpg
DNS Servers: 200.175.182.139 - 200.175.5.139
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
(Atualmente não há nenhuma correção automática para esta seção.)
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45DC1012-37B4-431E-8B0D-4AAA442E5E27}] => (Allow) C:\Windows\Temp\KMSpico\AutoPico.exe
FirewallRules: [{49A5FDFA-A150-4F5A-A507-03D4EAF2F8B3}] => (Allow) C:\Windows\Temp\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{A5482205-E67C-493B-AFB0-4AB2F3E6FF6B}C:\backup\program files (x86)\skype\phone\skype.exe] => (Allow) C:\backup\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7642563A-2FBD-4FE8-91BF-982F0606A429}C:\backup\program files (x86)\skype\phone\skype.exe] => (Allow) C:\backup\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8CA88BE1-37AB-421D-B0D0-1918C7D8F135}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{90DAA76B-A1D2-447D-AD11-F19EA04485F3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{33117E06-B337-42B1-BD5A-7890C06DCEFC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{793DFE76-E6D6-4D35-80C3-D0D72DC67B32}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A0250C58-295F-4E42-960E-58703AA5DB75}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B492ED7E-A5B8-479B-A03C-47647876AF94}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{94F12B44-4CE5-430C-867E-B22B0132A805}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C8923C8D-CCE8-4673-BC45-4446842BC4D8}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{35FA827B-828B-4F6A-85E2-EBFBA8E9E966}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EBEF2353-1A8A-4180-8E9B-1ABF4D563439}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{05209818-F2FA-4A6F-B0A8-DDE961FDBCA4}C:\users\svc-pc\desktop\aa_v3.5.exe] => (Block) C:\users\svc-pc\desktop\aa_v3.5.exe
FirewallRules: [UDP Query User{FF77BC8C-F424-4B66-85BA-8C75DF6B62CF}C:\users\svc-pc\desktop\aa_v3.5.exe] => (Block) C:\users\svc-pc\desktop\aa_v3.5.exe
FirewallRules: [{03A15E2B-D3D2-4FDB-B0AC-1E58FE913AAD}] => (Allow) LPort=1688
FirewallRules: [{17DCED05-5A5B-415A-A926-A4EE8C2FC355}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D78F9411-E06F-4AFB-952C-0FEF4A274C5F}] => (Allow) C:\Users\Svc-Pc\AppData\Local\TNT2\2.0.0.2065\TNT2User.exe
==================== Pontos de Restauração =========================
14-04-2016 12:06:43 Ponto de Verificação Agendado
23-04-2016 10:40:19 Removed Corel Graphics - Windows Shell Extension.
02-05-2016 13:14:34 Ponto de Verificação Agendado
04-05-2016 07:47:40 Removed Corel Graphics - Windows Shell Extension.
04-05-2016 07:48:37 Removed Corel Graphics - Windows Shell Extension 64 Bit.
05-05-2016 14:17:39 Uniblue DriverScanner installation
05-05-2016 14:17:40 Removed UpdateAdmin
05-05-2016 15:01:19 Removed Ghostscript GPL 8.64 (Msi Setup).
05-05-2016 15:09:54 Removed Corel Graphics - Windows Shell Extension.
05-05-2016 15:10:27 Removed Corel Graphics - Windows Shell Extension 64 Bit.
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (05/05/2016 03:10:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.
System Error:
Acesso negado.
.
Error: (05/05/2016 03:09:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.
System Error:
Acesso negado.
.
Error: (05/05/2016 03:09:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:09:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (05/05/2016 03:07:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:07:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Erros de Sistema:
=============
Error: (05/05/2016 02:58:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Mabke Updater foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 400 milissegundos: Reiniciar o serviço.
Error: (05/05/2016 02:58:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço CD51DB06-5CE1-4879-b70C-B2F4D7C56D70 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 400 milissegundos: Reiniciar o serviço.
Error: (05/05/2016 02:55:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Advanced SystemCare Service 8 foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (05/05/2016 02:52:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço CloudPrinter suspenso ao iniciar.
Error: (05/05/2016 02:52:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço CD51DB06-5CE1-4879-b70C-B2F4D7C56D70 suspenso ao iniciar.
Error: (05/05/2016 02:51:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "SVC :0" não pôde ser registrado na interface com o endereço IP 192.168.25.40.
O computador de endereço IP 192.168.25.2 não permitiu que o nome fosse reivindicado por
este computador.
Error: (05/05/2016 02:51:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 14:46:28 do dia 05/05/2016 não era esperado.
Error: (05/05/2016 02:45:55 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "SVC :0" não pôde ser registrado na interface com o endereço IP 192.168.25.40.
O computador de endereço IP 192.168.25.2 não permitiu que o nome fosse reivindicado por
este computador.
Error: (05/05/2016 02:45:55 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "SVC :0" não pôde ser registrado na interface com o endereço IP 192.168.25.40.
O computador de endereço IP 192.168.25.221 não permitiu que o nome fosse reivindicado por
este computador.
Error: (05/05/2016 02:38:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço MPC Core Protect Service está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
CodeIntegrity:
===================================
Date: 2016-05-04 08:11:27.739
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 07:52:59.910
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-02 08:28:29.479
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-28 07:51:47.877
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-26 08:34:19.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-14 09:14:37.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-06 08:06:57.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-04 07:57:51.307
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-31 07:14:57.100
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-29 11:20:10.715
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentagem de memória em uso: 31%
RAM física total: 8080.95 MB
RAM física disponível: 5517.21 MB
Virtual Total: 9360.95 MB
Virtual disponível: 6934.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:749.81 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F2B86615)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt ============================
Executado por Svc-Pc (2016-05-05 15:13:15)
Executando a partir de C:\Users\Svc-Pc\Downloads
Windows 8.1 Pro (X64) (2015-11-05 12:18:34)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-742465555-2576082086-511315665-500 - Administrator - Disabled)
Convidado (S-1-5-21-742465555-2576082086-511315665-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-742465555-2576082086-511315665-1003 - Limited - Enabled)
Svc-Pc (S-1-5-21-742465555-2576082086-511315665-1001 - Administrator - Enabled) => C:\Users\Svc-Pc
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Illustrator CS5 (HKLM-x32\...\{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Calendar 2.0.0.11189 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11189 - MEIXIAN XIE) <==== ATENÇÃO
AnyFlix (HKLM\...\{B81759E6-5669-4DB3-A3A7-6CD76555DE1D}_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATENÇÃO
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {00482C31-F664-4D92-ABFA-B26073BF00FA} - System32\Tasks\Mputyqasied Host => C:\Program Files (x86)\Mputyqasied\MputyqasiedHosttask.exe [2016-05-03] ()
Task: {055C924F-4478-4AEB-ACE1-96B91C1C469A} - System32\Tasks\AdobeAAMUpdater-1.0-Svc-Svc-Pc => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {50103FD7-D93D-4269-BD1B-0412818F1B24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {51F42148-BA23-4DF7-9B3B-A9A0C138DCF9} - System32\Tasks\Thquse Controls => C:\Program Files (x86)\Thquse\thqControlstsk.exe [2016-05-03] ()
Task: {55C91FE0-6E39-45CB-9E77-99414CE959CB} - System32\Tasks\svchost => C:\Users\Svc-Pc\AppData\Local\Temp\MZMGK2CWA\MZMGK2CWA.exe [2016-05-05] (TZ) <==== ATENÇÃO
Task: {5CFFD645-76B6-4A4D-A678-369922650BDE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {6C6C842A-4294-4135-9509-14EEFF148BA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {740017EB-F13A-4D46-9F9B-38CA05CC2A81} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-05] (Google Inc.)
Task: {7A890BB8-E2C7-4B23-838E-CBD0341BE687} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATENÇÃO
Task: {7AE00BD8-8054-412C-B8AC-8AD2B1617C91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {8A413F62-CC27-4FE2-B9BE-71330FCEEA63} - System32\Tasks\FusionPlayer browser banner => C:\Program Files (x86)\FusionPlayer\BrowserBanner.exe
Task: {9C91E152-CBC4-4DA5-A3B5-0C4589309119} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E16CE5A7-21DD-4DB3-BF4B-F9183E01818A} - System32\Tasks\Selection Tools Update => C:\Users\Svc-Pc\AppData\Roaming\WTools\Selection Tools\Selection Tools Update.exe [2016-04-11] (Nosibay) <==== ATENÇÃO
Task: {F3F014F8-69BA-4B2A-BD6A-9B41C5426AAB} - System32\Tasks\Driver Booster SkipUAC (Svc-Pc) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Svc-Pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
==================== Módulos Carregados (Whitelisted) ==============
2015-10-22 11:05 - 2015-10-22 11:05 - 01927680 _____ () C:\Program Files\Sound+\SoundP.dll
2016-05-05 10:06 - 2016-05-05 10:06 - 00125800 _____ () C:\Users\Svc-Pc\AppData\Roaming\FofporRagoguq\Rivbig.exe
2016-05-05 14:01 - 2016-05-05 14:00 - 00949248 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
2016-05-05 12:44 - 2016-05-05 12:44 - 00294912 _____ () C:\Program Files (x86)\03AA02FC-1462467133-05F6-BA06-E10700080009\knspE1CB.tmpfs
2016-05-05 13:49 - 2016-05-05 13:49 - 00174936 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Nithut.exe
2016-05-05 13:49 - 2016-05-05 13:49 - 00125784 _____ () C:\Users\Svc-Pc\AppData\Roaming\FufikeEopun\Iwutk.exe
2016-04-07 05:02 - 2016-04-07 05:02 - 00124928 _____ () C:\Users\Svc-Pc\AppData\Local\Apps\2.0\abril.exe
2016-05-05 13:52 - 2016-05-05 13:52 - 00138240 _____ () C:\Program Files (x86)\03AA02FC-1462467133-05F6-BA06-E10700080009\hnsd1DB3.tmp
2016-05-05 13:52 - 2016-05-05 13:52 - 00389632 _____ () C:\Program Files (x86)\03AA02FC-1462467133-05F6-BA06-E10700080009\jnsd537.tmp
2016-05-05 10:06 - 2016-05-05 10:06 - 00174952 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Acaebmagpo.exe
2016-05-05 13:51 - 2016-04-26 06:27 - 01916928 _____ () c:\programdata\msiql.exe
2015-12-25 05:42 - 2015-12-25 05:42 - 00141960 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
2016-05-05 10:06 - 2016-05-05 10:06 - 00673128 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Reclisaki.dll
2016-05-05 13:49 - 2016-05-05 13:49 - 00673112 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Necso.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 03934344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\Calendar.exe
2015-12-25 05:42 - 2015-12-25 05:42 - 00148104 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarEntry.dll
2016-05-05 13:49 - 2016-05-05 13:49 - 00116568 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Cacojopbu.exe
2016-05-05 13:49 - 2016-05-05 13:49 - 00148312 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Necso.exe
2016-05-05 10:06 - 2016-05-05 10:06 - 00148328 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Reclisaki.exe
2016-05-05 10:06 - 2016-05-05 10:06 - 00116584 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Diwumoflo.exe
2010-08-28 17:43 - 2010-08-28 17:43 - 00577335 ____N () c:\programdata\adb.exe
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-05-05 13:51 - 2016-04-26 06:27 - 01916928 _____ () C:\Users\Svc-Pc\AppData\Roaming\msiql.exe
2016-05-05 13:51 - 2016-04-26 06:27 - 01916928 _____ () c:\users\svc-pc\appdata\roaming\msiql.exe
2012-10-01 19:36 - 2012-10-01 19:36 - 01408624 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2016-05-05 10:06 - 2016-05-05 14:38 - 00222568 _____ () C:\Users\Svc-Pc\AppData\Roaming\FofporRagoguq\Jubhugiz.din
2016-05-05 13:49 - 2016-05-05 13:57 - 00222552 _____ () C:\Users\Svc-Pc\AppData\Roaming\FufikeEopun\Wokcyeat.din
2015-12-11 13:01 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-05-05 14:53 - 2016-04-07 11:30 - 02027520 _____ () C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00543368 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPTask.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00406664 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPNet.dll
2015-12-25 05:41 - 2015-12-25 05:41 - 00428680 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPDR.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00747144 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPKernel.dll
2015-12-25 05:42 - 2015-12-25 05:42 - 00327304 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11189\EVPHelp.dll
2016-05-05 13:49 - 2016-05-05 13:49 - 00263000 _____ () C:\Users\Svc-Pc\AppData\Roaming\Nithut\Cacojopbu.dll
2016-05-05 10:06 - 2016-05-05 10:06 - 00263016 _____ () C:\Users\Svc-Pc\AppData\Roaming\Acaebmagpo\Diwumoflo.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-05-02 17:46 - 2016-04-27 20:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
2016-05-02 17:46 - 2016-04-27 20:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-742465555-2576082086-511315665-1001\...\100sexlinks.com -> 100sexlinks.com
Existem ainda 4788 sites a mais.
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2013-08-22 10:25 - 2016-05-05 13:52 - 00001188 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-742465555-2576082086-511315665-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Svc-Pc\Documents\160524w.jpg
DNS Servers: 200.175.182.139 - 200.175.5.139
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
(Atualmente não há nenhuma correção automática para esta seção.)
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{45DC1012-37B4-431E-8B0D-4AAA442E5E27}] => (Allow) C:\Windows\Temp\KMSpico\AutoPico.exe
FirewallRules: [{49A5FDFA-A150-4F5A-A507-03D4EAF2F8B3}] => (Allow) C:\Windows\Temp\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{A5482205-E67C-493B-AFB0-4AB2F3E6FF6B}C:\backup\program files (x86)\skype\phone\skype.exe] => (Allow) C:\backup\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7642563A-2FBD-4FE8-91BF-982F0606A429}C:\backup\program files (x86)\skype\phone\skype.exe] => (Allow) C:\backup\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8CA88BE1-37AB-421D-B0D0-1918C7D8F135}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{90DAA76B-A1D2-447D-AD11-F19EA04485F3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{33117E06-B337-42B1-BD5A-7890C06DCEFC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{793DFE76-E6D6-4D35-80C3-D0D72DC67B32}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A0250C58-295F-4E42-960E-58703AA5DB75}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B492ED7E-A5B8-479B-A03C-47647876AF94}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{94F12B44-4CE5-430C-867E-B22B0132A805}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{C8923C8D-CCE8-4673-BC45-4446842BC4D8}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{35FA827B-828B-4F6A-85E2-EBFBA8E9E966}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EBEF2353-1A8A-4180-8E9B-1ABF4D563439}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{05209818-F2FA-4A6F-B0A8-DDE961FDBCA4}C:\users\svc-pc\desktop\aa_v3.5.exe] => (Block) C:\users\svc-pc\desktop\aa_v3.5.exe
FirewallRules: [UDP Query User{FF77BC8C-F424-4B66-85BA-8C75DF6B62CF}C:\users\svc-pc\desktop\aa_v3.5.exe] => (Block) C:\users\svc-pc\desktop\aa_v3.5.exe
FirewallRules: [{03A15E2B-D3D2-4FDB-B0AC-1E58FE913AAD}] => (Allow) LPort=1688
FirewallRules: [{17DCED05-5A5B-415A-A926-A4EE8C2FC355}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D78F9411-E06F-4AFB-952C-0FEF4A274C5F}] => (Allow) C:\Users\Svc-Pc\AppData\Local\TNT2\2.0.0.2065\TNT2User.exe
==================== Pontos de Restauração =========================
14-04-2016 12:06:43 Ponto de Verificação Agendado
23-04-2016 10:40:19 Removed Corel Graphics - Windows Shell Extension.
02-05-2016 13:14:34 Ponto de Verificação Agendado
04-05-2016 07:47:40 Removed Corel Graphics - Windows Shell Extension.
04-05-2016 07:48:37 Removed Corel Graphics - Windows Shell Extension 64 Bit.
05-05-2016 14:17:39 Uniblue DriverScanner installation
05-05-2016 14:17:40 Removed UpdateAdmin
05-05-2016 15:01:19 Removed Ghostscript GPL 8.64 (Msi Setup).
05-05-2016 15:09:54 Removed Corel Graphics - Windows Shell Extension.
05-05-2016 15:10:27 Removed Corel Graphics - Windows Shell Extension 64 Bit.
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:10:49 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (05/05/2016 03:10:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.
System Error:
Acesso negado.
.
Error: (05/05/2016 03:09:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.
System Error:
Acesso negado.
.
Error: (05/05/2016 03:09:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:09:52 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Error: (05/05/2016 03:07:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: AUTORIDADE NT)
Description: O Windows não pode carregar o arquivo de Registro de classes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
Error: (05/05/2016 03:07:11 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORIDADE NT)
Description: O Windows não pôde carregar o Registro. Isso geralmente é causado por memória insuficiente ou direitos de segurança insuficientes.
DETALHE - O banco de dados do Registro de configuração está corrompido.
para C:\Users\Svc-Pc\AppData\Local\Microsoft\Windows\\UsrClass.dat
Erros de Sistema:
=============
Error: (05/05/2016 02:58:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Mabke Updater foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 400 milissegundos: Reiniciar o serviço.
Error: (05/05/2016 02:58:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço CD51DB06-5CE1-4879-b70C-B2F4D7C56D70 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 400 milissegundos: Reiniciar o serviço.
Error: (05/05/2016 02:55:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Advanced SystemCare Service 8 foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (05/05/2016 02:52:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço CloudPrinter suspenso ao iniciar.
Error: (05/05/2016 02:52:52 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço CD51DB06-5CE1-4879-b70C-B2F4D7C56D70 suspenso ao iniciar.
Error: (05/05/2016 02:51:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "SVC :0" não pôde ser registrado na interface com o endereço IP 192.168.25.40.
O computador de endereço IP 192.168.25.2 não permitiu que o nome fosse reivindicado por
este computador.
Error: (05/05/2016 02:51:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 14:46:28 do dia 05/05/2016 não era esperado.
Error: (05/05/2016 02:45:55 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "SVC :0" não pôde ser registrado na interface com o endereço IP 192.168.25.40.
O computador de endereço IP 192.168.25.2 não permitiu que o nome fosse reivindicado por
este computador.
Error: (05/05/2016 02:45:55 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: O nome "SVC :0" não pôde ser registrado na interface com o endereço IP 192.168.25.40.
O computador de endereço IP 192.168.25.221 não permitiu que o nome fosse reivindicado por
este computador.
Error: (05/05/2016 02:38:45 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço MPC Core Protect Service está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
CodeIntegrity:
===================================
Date: 2016-05-04 08:11:27.739
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-03 07:52:59.910
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-05-02 08:28:29.479
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-28 07:51:47.877
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-26 08:34:19.270
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-14 09:14:37.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-06 08:06:57.509
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-04 07:57:51.307
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-31 07:14:57.100
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-29 11:20:10.715
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentagem de memória em uso: 31%
RAM física total: 8080.95 MB
RAM física disponível: 5517.21 MB
Virtual Total: 9360.95 MB
Virtual disponível: 6934.05 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:749.81 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F2B86615)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt ============================