Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 17-10-2016
Executado por gilberto (25-10-2016 13:17:21)
Executando a partir de C:\Users\gilberto\Downloads
Windows 8.1 Pro (Update) (X64) (2016-10-12 15:47:06)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-736004364-387698703-3503565398-500 - Administrator - Disabled)
Convidado (S-1-5-21-736004364-387698703-3503565398-501 - Limited - Disabled)
gilberto (S-1-5-21-736004364-387698703-3503565398-1001 - Administrator - Enabled) => C:\Users\gilberto
HomeGroupUser$ (S-1-5-21-736004364-387698703-3503565398-1003 - Limited - Enabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.18.0 - Mirillis)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atualizações da NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.5.0.0 - Byte Technologies LLC) <==== ATENÇÃO
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
cFosSpeed v10.20 (HKLM\...\cFosSpeed) (Version: 10.20 - cFos Software GmbH, Bonn)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MU Arena - Season 3. (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\MU Arena - Season 3.) (Version: - )
NVIDIA Driver de áudio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Painel de controle da NVIDIA 341.95 (Version: 341.95 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7891 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SnapDo (HKLM-x32\...\{A1478174-35AA-44E3-B78A-5F1C5FD01490}) (Version: 1.0.0.0 - Resoft) <==== ATENÇÃO
Social2Search (HKLM\...\9b7ea2ff90c3ad3f64b197d546c2460d) (Version: 11.12.1.39 (i1.0) - Social2Search) <==== ATENÇÃO
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
trotux - Uninstall (HKLM-x32\...\{14CC3F93-D26B-479E-9AB0-57CBD7B4CD04}) (Version: - ) <==== ATENÇÃO
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUSR_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft)
VMware Workstation (HKLM\...\{1527BFD9-819D-4067-B13D-D5417C2F7148}) (Version: 12.5.0 - VMware, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\Warcraft III) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinThruster (HKLM-x32\...\WinThruster) (Version: 1.16.8 - Solvusoft Corporation) <==== ATENÇÃO
WinThruster (Version: 1.16.8 - Solvusoft Corporation) Hidden <==== ATENÇÃO
WTFast 4.2 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.2.2.862 - Initex & AAA Internet Publishing)
Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.63 - Company Inc.) <==== ATENÇÃO
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {13069134-9674-4D9F-BD1B-5DFC65D33AC3} - System32\Tasks\ASC9_SkipUac_gilberto => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-08-16] (IObit)
Task: {1B3E263C-F58B-4D2C-92A7-EF3852A59A24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-12] (Google Inc.)
Task: {1EC3712F-91B9-4F8D-B85C-59D08DE13FF8} - System32\Tasks\Driver Booster SkipUAC (gilberto) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-18] (IObit)
Task: {37BD9141-2FBF-4C69-950A-385E9DB8E3E3} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-07-20] (IObit)
Task: {4F6F7F24-7BC5-433B-B9E2-10747D0C752F} - System32\Tasks\WinThruster64-gilberto-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe [2015-10-11] (Solvusoft Corporation) <==== ATENÇÃO
Task: {65CC150B-5822-4A25-852D-96082B89278B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {6B9AF680-BE59-48BF-9690-3D84569FF031} - System32\Tasks\cFos\Registration Tasks\Open Browser => Chrome.exe "hxxp://localhost:1487/cfosspeed/preferences.htm"
Task: {820B77F9-777C-44BD-B638-FB52EE75BBB1} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe [2016-10-25] () <==== ATENÇÃO
Task: {8356AD26-9E99-46C4-919A-900BB4BF2A48} - System32\Tasks\WinThruster64-gilberto-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe [2015-10-11] (Solvusoft Corporation) <==== ATENÇÃO
Task: {949D365E-9909-4B8A-9360-252CF99454C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9571DB8F-703E-49D0-93C6-AB70506DA65B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-12] (Google Inc.)
Task: {B0014C29-D2F8-4071-81EC-07E05EF66114} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe [2016-10-25] () <==== ATENÇÃO
Task: {C1104C5D-BAC9-46DE-9D90-E6A165B2C630} - System32\Tasks\Satelybutoge Configuration => C:\Program Files (x86)\Dregurydering\couvight.exe [2016-10-25] (Glarysoft Ltd)
Task: {C7FA6DB2-E0DA-4228-9EB9-E5ECBEE5D6E3} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-14] (IObit)
Task: {D7A20916-1F32-4F27-A9AE-FB0EA5996A3C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D94C1EE9-6FCD-4A47-B31C-7DD20F53F8B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DB319959-CA93-4602-8FA3-D8BE814573F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\ASC9_SkipUac_gilberto.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe <==== ATENÇÃO
Task: C:\Windows\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe <==== ATENÇÃO
Task: C:\Windows\Tasks\WinThruster64-gilberto-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATENÇÃO
Task: C:\Windows\Tasks\WinThruster64-gilberto-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATENÇÃO
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
==================== Módulos Carregados (Whitelisted) ==============
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-12 15:14 - 2016-09-23 11:50 - 01919496 _____ () C:\Program Files (x86)\WTFast\service\WTFast.Service.exe
2016-10-12 13:57 - 2016-01-29 08:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-25 12:24 - 2016-10-25 12:24 - 00144384 _____ () C:\Users\gilberto\AppData\Roaming\Atigupy\Ckobewusule.dll
2015-08-26 05:44 - 2015-08-26 05:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-10-19 18:00 - 2015-10-19 18:00 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-10-24 12:10 - 2016-10-24 12:10 - 05562880 _____ () C:\Program Files\9b7ea2ff90c3ad3f64b197d546c2460d\ff3eee172239dfb5c6be9f5d56f1ae1c.exe
2016-09-26 05:00 - 2016-09-28 06:08 - 00057856 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-10-25 12:26 - 2016-10-25 12:25 - 00710656 _____ () C:\ProgramData\Ronzap\Ronzap.exe
2016-10-25 12:27 - 2016-10-22 22:08 - 03786752 _____ () C:\ProgramData\Logic Handler\set.exe
2016-10-25 12:27 - 2016-10-25 12:27 - 00004608 _____ () C:\Users\gilberto\AppData\Local\Bamtechno.exe
2016-10-25 12:21 - 2016-10-25 12:21 - 00312320 _____ () C:\Program Files\BitTorrent\BitTorrent.exe
2016-10-25 12:27 - 2016-10-25 12:27 - 00358912 _____ () C:\ProgramData\Ronzap\Uni-Ity.dll
2016-10-24 23:26 - 2016-10-20 06:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-24 23:26 - 2016-10-20 06:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00236856 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-12 14:17 - 2015-12-28 14:49 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-10-12 14:17 - 2015-12-23 19:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-10-12 14:17 - 2015-12-23 19:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-10-12 14:17 - 2015-12-23 19:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-10-25 12:24 - 2016-10-25 12:24 - 00277504 _____ () c:\program files (x86)\dregurydering\thavuywifiiedreports.dll
2016-10-12 14:16 - 2016-06-06 18:27 - 00355616 _____ () C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl
2016-10-12 14:16 - 2016-06-06 18:27 - 00190240 _____ () C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl
2016-10-12 14:16 - 2016-06-06 18:27 - 00057632 _____ () C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl
2016-10-12 14:16 - 2016-06-06 18:27 - 00899872 _____ () C:\Program Files (x86)\IObit\Driver Booster\webres.dll
2016-10-12 14:16 - 2016-06-06 18:27 - 00524064 _____ () C:\Program Files (x86)\IObit\Driver Booster\sqlite3.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\100sexlinks.com -> 100sexlinks.com
Existem ainda 4788 sites a mais.
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2013-08-22 11:25 - 2016-10-15 19:25 - 00001237 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.mirillis.com
127.0.0.1 s0ft4pc.com
127.0.0.1 serwer2.paka-service.com
127.0.0.1 thislineskipsanyemptylines
127.0.0.1 ns386119.ovh.net
127.0.0.1 mirillis.pl
127.0.0.1 www.ovh.com
127.0.0.1 176.31.241.10
127.0.0.1 91.121.143.139
127.0.0.1 thislineskipsanyemptylines
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-736004364-387698703-3503565398-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41D6EA4C-2E02-48BD-B60F-6259B3160AAF}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{73F9D3C6-1178-4A6E-AC98-DDA701ED87B8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5D234C20-0F50-4602-B9D4-63CDF1EF0CC3}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [TCP Query User{465B43DC-BDA4-4742-B99C-3D86779919DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{94847AE8-DD51-494B-84BD-8487A0DEE1FD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{55CFC932-4785-48FC-9401-E105E5502B15}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe
FirewallRules: [{CE57A8D8-59C6-480E-AAC1-6104C274A869}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe
FirewallRules: [{9C1F112F-405D-4191-8965-0C89763D75CD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{D5657C89-9C17-4855-B211-830CB00616DC}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{95B536E5-1D2B-49B7-99D9-B220CECDFBF4}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe
FirewallRules: [{88C62788-D8B4-4151-9D4F-F78B3AC5076E}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe
FirewallRules: [TCP Query User{68E8D37B-DABB-42C7-80E1-3ABBCDC9D9FC}C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EB43804B-8465-481E-99D2-FEFE97B3C1C4}C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{CAEA620D-61B2-41C9-801D-4F590D8F5DCF}C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [UDP Query User{7197AB58-B404-46CB-AB9E-D06D6532C2B1}C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [{8BD077AE-7B80-4003-826A-88A9CC7255C2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{71CBDC30-B659-4AE9-8845-BA3EA3CB5399}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4325B6DE-00F3-4F9D-94F0-9CDCAB43E8E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0FE89564-016E-4C7B-86B9-CD55BE0FF442}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D1DDEA0B-21C4-4ABE-BC89-9EE3F01A7EAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4F33827-3F0D-4E8A-85B0-2BFF16149984}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CCCF2B0-50EE-4D7A-9322-AA23DEE79F80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF6014D6-FCA7-45C0-AE80-A2F3BC6D5708}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2570597-084E-4644-8ED3-62B4D46066AB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5E521CB1-72AB-44E2-9C15-BFB202C5DC0F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{B274A049-DA46-48B5-9793-375D7A5958AE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A366C1AB-3EF4-48A2-B85B-6D8DBF1ADAD2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{0660128E-2547-46FD-A69A-3C5C7E87746E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{1517E478-2399-4371-8F20-B673738F0E01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{12CDAC89-AF83-4624-AD53-23DC91404F39}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{535355D9-E2DF-4C8E-A8ED-86DB43C0DE1C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{D742D595-168E-406B-B1D1-BA9BDA85D3B6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{4B94D6BF-B68D-4E69-8F70-9480680E2B62}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{4AB956F6-6F6F-4784-BA6A-C9B0A47865D9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{8C2B44CD-C869-4CB6-B91E-2E4BFEBEFEEC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
==================== Pontos de Restauração =========================
19-10-2016 16:35:14 Driver Booster : Microsoft Visual C++ 2012 Redistributable (x64)
19-10-2016 16:36:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
19-10-2016 16:50:42 Instalador de Módulos do Windows
19-10-2016 16:54:16 Instalador de Módulos do Windows
19-10-2016 16:57:27 Instalador de Módulos do Windows
19-10-2016 17:06:23 Instalador de Módulos do Windows
19-10-2016 17:09:43 Instalador de Módulos do Windows
19-10-2016 17:26:30 Instalador de Módulos do Windows
19-10-2016 17:31:03 Instalador de Módulos do Windows
19-10-2016 17:42:00 Instalador de Módulos do Windows
19-10-2016 18:06:00 Installed iTunes
21-10-2016 00:30:38 Installed VMware Workstation
25-10-2016 12:19:43 WinThruster (64-bit) Backup
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Coleta de dados de contador de desempenho desabilitada no serviço "VMware" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo. Corrija os erros antes de habilitar os contadores de desempenho para esse serviço.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: O Windows não pode abrir a DLL VMware do contador extensível de 64 bits em um ambiente de 32 bits. Contate o fornecedor do arquivo para obter uma versão de 32 bits. Opcionalmente, se você estiver executando em um ambiente nativo de 64 bits, poderá abrir a DLL do contador extensível de 64 bits usando a versão de 64 bits do Monitor de desempenho. Para usar essa ferramenta, abra a pasta Windows, a pasta System32 e inicie Perfmon.exe.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: O Windows não consegue carregar a DLL rdyboost do contador extensível. Os primeiros quatro bytes (DWORD) da seção de Dados contêm o código de erro do Windows.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Coleta de dados de contador de desempenho desabilitada no serviço "Outlook" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo. Corrija os erros antes de habilitar os contadores de desempenho para esse serviço.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: O Windows não pode abrir a DLL Outlook do contador extensível de 64 bits em um ambiente de 32 bits. Contate o fornecedor do arquivo para obter uma versão de 32 bits. Opcionalmente, se você estiver executando em um ambiente nativo de 64 bits, poderá abrir a DLL do contador extensível de 64 bits usando a versão de 64 bits do Monitor de desempenho. Para usar essa ferramenta, abra a pasta Windows, a pasta System32 e inicie Perfmon.exe.
Error: (10/25/2016 12:19:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Parâmetro incorreto.
.
Error: (10/25/2016 12:19:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.
Operação:
Obtendo Dados do Gravador
Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {0880298f-f8d9-459a-aacd-fe7f5ccd44eb}
Error: (10/25/2016 11:26:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mywindow)
Description: Falha na ativação do aplicativo windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/25/2016 11:26:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa SystemSettings.exe versão 6.3.9600.17031 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID do Processo: 1504
Hora de Início: 01d22ec335ec56b1
Hora de Término: 4294967295
Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
ID do Relatório: 9c5ed066-9ab6-11e6-8257-7071bc64f01b
Nome completo do pacote com falha: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel
Error: (10/25/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: mywindow)
Description: O aplicativo windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel não foi iniciado dentro do tempo alocado.
Erros de Sistema:
=============
Error: (10/25/2016 01:02:57 PM) (Source: Virtual Disk Service) (EventID: 8) (User: )
Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019
Error: (10/25/2016 12:56:28 PM) (Source: Virtual Disk Service) (EventID: 8) (User: )
Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019
Error: (10/25/2016 12:54:16 PM) (Source: Virtual Disk Service) (EventID: 8) (User: )
Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019
Error: (10/25/2016 12:24:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço Prikadom está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
Error: (10/25/2016 12:19:52 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT)
Description: ??\Device\HarddiskVolumeShadowCopy282
Error: (10/25/2016 12:01:51 PM) (Source: DCOM) (EventID: 10010) (User: mywindow)
Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário.
Error: (10/25/2016 11:32:02 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:.
Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x30000000133dd. O nome do arquivo é "\ProgramData\IObit\Driver Booster\Backups". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION".
Error: (10/25/2016 11:28:30 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:.
Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x200000001b31a. O nome do arquivo é "\Windows\WinSxS\amd64_mscorlib_b77a5c561934e089_4.0.9600.17187_none_45b39dca52f03d38". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION".
Error: (10/25/2016 11:26:20 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT)
Description: C:\Device\HarddiskVolume22
Error: (10/25/2016 12:36:53 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:.
Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x200000001b31a. O nome do arquivo é "\Windows\WinSxS\amd64_mscorlib_b77a5c561934e089_4.0.9600.17187_none_45b39dca52f03d38". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION".
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentagem de memória em uso: 38%
RAM física total: 8117.38 MB
RAM física disponível: 5007.21 MB
Virtual Total: 9397.38 MB
Virtual disponível: 6162.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:469.51 GB) (Free:387.33 GB) NTFS
Drive d: (Meu Bau) (Fixed) (Total:461.66 GB) (Free:441.94 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6593C62E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=469.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=461.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Fim de Addition.txt ============================
Executado por gilberto (25-10-2016 13:17:21)
Executando a partir de C:\Users\gilberto\Downloads
Windows 8.1 Pro (Update) (X64) (2016-10-12 15:47:06)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-736004364-387698703-3503565398-500 - Administrator - Disabled)
Convidado (S-1-5-21-736004364-387698703-3503565398-501 - Limited - Disabled)
gilberto (S-1-5-21-736004364-387698703-3503565398-1001 - Administrator - Enabled) => C:\Users\gilberto
HomeGroupUser$ (S-1-5-21-736004364-387698703-3503565398-1003 - Limited - Enabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.18.0 - Mirillis)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atualizações da NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.5.0.0 - Byte Technologies LLC) <==== ATENÇÃO
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
cFosSpeed v10.20 (HKLM\...\cFosSpeed) (Version: 10.20 - cFos Software GmbH, Bonn)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MU Arena - Season 3. (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\MU Arena - Season 3.) (Version: - )
NVIDIA Driver de áudio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Painel de controle da NVIDIA 341.95 (Version: 341.95 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7891 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
SnapDo (HKLM-x32\...\{A1478174-35AA-44E3-B78A-5F1C5FD01490}) (Version: 1.0.0.0 - Resoft) <==== ATENÇÃO
Social2Search (HKLM\...\9b7ea2ff90c3ad3f64b197d546c2460d) (Version: 11.12.1.39 (i1.0) - Social2Search) <==== ATENÇÃO
Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
trotux - Uninstall (HKLM-x32\...\{14CC3F93-D26B-479E-9AB0-57CBD7B4CD04}) (Version: - ) <==== ATENÇÃO
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUSR_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft)
VMware Workstation (HKLM\...\{1527BFD9-819D-4067-B13D-D5417C2F7148}) (Version: 12.5.0 - VMware, Inc.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\Warcraft III) (Version: - )
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinThruster (HKLM-x32\...\WinThruster) (Version: 1.16.8 - Solvusoft Corporation) <==== ATENÇÃO
WinThruster (Version: 1.16.8 - Solvusoft Corporation) Hidden <==== ATENÇÃO
WTFast 4.2 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.2.2.862 - Initex & AAA Internet Publishing)
Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.63 - Company Inc.) <==== ATENÇÃO
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {13069134-9674-4D9F-BD1B-5DFC65D33AC3} - System32\Tasks\ASC9_SkipUac_gilberto => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-08-16] (IObit)
Task: {1B3E263C-F58B-4D2C-92A7-EF3852A59A24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-12] (Google Inc.)
Task: {1EC3712F-91B9-4F8D-B85C-59D08DE13FF8} - System32\Tasks\Driver Booster SkipUAC (gilberto) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-18] (IObit)
Task: {37BD9141-2FBF-4C69-950A-385E9DB8E3E3} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-07-20] (IObit)
Task: {4F6F7F24-7BC5-433B-B9E2-10747D0C752F} - System32\Tasks\WinThruster64-gilberto-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe [2015-10-11] (Solvusoft Corporation) <==== ATENÇÃO
Task: {65CC150B-5822-4A25-852D-96082B89278B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {6B9AF680-BE59-48BF-9690-3D84569FF031} - System32\Tasks\cFos\Registration Tasks\Open Browser => Chrome.exe "hxxp://localhost:1487/cfosspeed/preferences.htm"
Task: {820B77F9-777C-44BD-B638-FB52EE75BBB1} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe [2016-10-25] () <==== ATENÇÃO
Task: {8356AD26-9E99-46C4-919A-900BB4BF2A48} - System32\Tasks\WinThruster64-gilberto-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe [2015-10-11] (Solvusoft Corporation) <==== ATENÇÃO
Task: {949D365E-9909-4B8A-9360-252CF99454C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9571DB8F-703E-49D0-93C6-AB70506DA65B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-12] (Google Inc.)
Task: {B0014C29-D2F8-4071-81EC-07E05EF66114} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe [2016-10-25] () <==== ATENÇÃO
Task: {C1104C5D-BAC9-46DE-9D90-E6A165B2C630} - System32\Tasks\Satelybutoge Configuration => C:\Program Files (x86)\Dregurydering\couvight.exe [2016-10-25] (Glarysoft Ltd)
Task: {C7FA6DB2-E0DA-4228-9EB9-E5ECBEE5D6E3} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-14] (IObit)
Task: {D7A20916-1F32-4F27-A9AE-FB0EA5996A3C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D94C1EE9-6FCD-4A47-B31C-7DD20F53F8B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {DB319959-CA93-4602-8FA3-D8BE814573F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\ASC9_SkipUac_gilberto.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe <==== ATENÇÃO
Task: C:\Windows\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe <==== ATENÇÃO
Task: C:\Windows\Tasks\WinThruster64-gilberto-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATENÇÃO
Task: C:\Windows\Tasks\WinThruster64-gilberto-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATENÇÃO
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic
==================== Módulos Carregados (Whitelisted) ==============
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-12 15:14 - 2016-09-23 11:50 - 01919496 _____ () C:\Program Files (x86)\WTFast\service\WTFast.Service.exe
2016-10-12 13:57 - 2016-01-29 08:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-25 12:24 - 2016-10-25 12:24 - 00144384 _____ () C:\Users\gilberto\AppData\Roaming\Atigupy\Ckobewusule.dll
2015-08-26 05:44 - 2015-08-26 05:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-10-19 18:00 - 2015-10-19 18:00 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-10-24 12:10 - 2016-10-24 12:10 - 05562880 _____ () C:\Program Files\9b7ea2ff90c3ad3f64b197d546c2460d\ff3eee172239dfb5c6be9f5d56f1ae1c.exe
2016-09-26 05:00 - 2016-09-28 06:08 - 00057856 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-10-25 12:26 - 2016-10-25 12:25 - 00710656 _____ () C:\ProgramData\Ronzap\Ronzap.exe
2016-10-25 12:27 - 2016-10-22 22:08 - 03786752 _____ () C:\ProgramData\Logic Handler\set.exe
2016-10-25 12:27 - 2016-10-25 12:27 - 00004608 _____ () C:\Users\gilberto\AppData\Local\Bamtechno.exe
2016-10-25 12:21 - 2016-10-25 12:21 - 00312320 _____ () C:\Program Files\BitTorrent\BitTorrent.exe
2016-10-25 12:27 - 2016-10-25 12:27 - 00358912 _____ () C:\ProgramData\Ronzap\Uni-Ity.dll
2016-10-24 23:26 - 2016-10-20 06:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-24 23:26 - 2016-10-20 06:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00236856 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-12 14:17 - 2015-12-28 14:49 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-10-12 14:17 - 2015-12-23 19:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2016-10-12 14:17 - 2015-12-23 19:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2016-10-12 14:17 - 2015-12-23 19:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2016-10-25 12:24 - 2016-10-25 12:24 - 00277504 _____ () c:\program files (x86)\dregurydering\thavuywifiiedreports.dll
2016-10-12 14:16 - 2016-06-06 18:27 - 00355616 _____ () C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl
2016-10-12 14:16 - 2016-06-06 18:27 - 00190240 _____ () C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl
2016-10-12 14:16 - 2016-06-06 18:27 - 00057632 _____ () C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl
2016-10-12 14:16 - 2016-06-06 18:27 - 00899872 _____ () C:\Program Files (x86)\IObit\Driver Booster\webres.dll
2016-10-12 14:16 - 2016-06-06 18:27 - 00524064 _____ () C:\Program Files (x86)\IObit\Driver Booster\sqlite3.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\100sexlinks.com -> 100sexlinks.com
Existem ainda 4788 sites a mais.
==================== Hosts Conteúdo: ==========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2013-08-22 11:25 - 2016-10-15 19:25 - 00001237 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.mirillis.com
127.0.0.1 s0ft4pc.com
127.0.0.1 serwer2.paka-service.com
127.0.0.1 thislineskipsanyemptylines
127.0.0.1 ns386119.ovh.net
127.0.0.1 mirillis.pl
127.0.0.1 www.ovh.com
127.0.0.1 176.31.241.10
127.0.0.1 91.121.143.139
127.0.0.1 thislineskipsanyemptylines
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-736004364-387698703-3503565398-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{41D6EA4C-2E02-48BD-B60F-6259B3160AAF}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{73F9D3C6-1178-4A6E-AC98-DDA701ED87B8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5D234C20-0F50-4602-B9D4-63CDF1EF0CC3}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [TCP Query User{465B43DC-BDA4-4742-B99C-3D86779919DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{94847AE8-DD51-494B-84BD-8487A0DEE1FD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{55CFC932-4785-48FC-9401-E105E5502B15}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe
FirewallRules: [{CE57A8D8-59C6-480E-AAC1-6104C274A869}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe
FirewallRules: [{9C1F112F-405D-4191-8965-0C89763D75CD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{D5657C89-9C17-4855-B211-830CB00616DC}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{95B536E5-1D2B-49B7-99D9-B220CECDFBF4}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe
FirewallRules: [{88C62788-D8B4-4151-9D4F-F78B3AC5076E}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe
FirewallRules: [TCP Query User{68E8D37B-DABB-42C7-80E1-3ABBCDC9D9FC}C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EB43804B-8465-481E-99D2-FEFE97B3C1C4}C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{CAEA620D-61B2-41C9-801D-4F590D8F5DCF}C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [UDP Query User{7197AB58-B404-46CB-AB9E-D06D6532C2B1}C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe
FirewallRules: [{8BD077AE-7B80-4003-826A-88A9CC7255C2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{71CBDC30-B659-4AE9-8845-BA3EA3CB5399}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4325B6DE-00F3-4F9D-94F0-9CDCAB43E8E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0FE89564-016E-4C7B-86B9-CD55BE0FF442}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D1DDEA0B-21C4-4ABE-BC89-9EE3F01A7EAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C4F33827-3F0D-4E8A-85B0-2BFF16149984}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CCCF2B0-50EE-4D7A-9322-AA23DEE79F80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BF6014D6-FCA7-45C0-AE80-A2F3BC6D5708}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B2570597-084E-4644-8ED3-62B4D46066AB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5E521CB1-72AB-44E2-9C15-BFB202C5DC0F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{B274A049-DA46-48B5-9793-375D7A5958AE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{A366C1AB-3EF4-48A2-B85B-6D8DBF1ADAD2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{0660128E-2547-46FD-A69A-3C5C7E87746E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{1517E478-2399-4371-8F20-B673738F0E01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{12CDAC89-AF83-4624-AD53-23DC91404F39}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{535355D9-E2DF-4C8E-A8ED-86DB43C0DE1C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{D742D595-168E-406B-B1D1-BA9BDA85D3B6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{4B94D6BF-B68D-4E69-8F70-9480680E2B62}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{4AB956F6-6F6F-4784-BA6A-C9B0A47865D9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{8C2B44CD-C869-4CB6-B91E-2E4BFEBEFEEC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
==================== Pontos de Restauração =========================
19-10-2016 16:35:14 Driver Booster : Microsoft Visual C++ 2012 Redistributable (x64)
19-10-2016 16:36:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
19-10-2016 16:50:42 Instalador de Módulos do Windows
19-10-2016 16:54:16 Instalador de Módulos do Windows
19-10-2016 16:57:27 Instalador de Módulos do Windows
19-10-2016 17:06:23 Instalador de Módulos do Windows
19-10-2016 17:09:43 Instalador de Módulos do Windows
19-10-2016 17:26:30 Instalador de Módulos do Windows
19-10-2016 17:31:03 Instalador de Módulos do Windows
19-10-2016 17:42:00 Instalador de Módulos do Windows
19-10-2016 18:06:00 Installed iTunes
21-10-2016 00:30:38 Installed VMware Workstation
25-10-2016 12:19:43 WinThruster (64-bit) Backup
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Coleta de dados de contador de desempenho desabilitada no serviço "VMware" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo. Corrija os erros antes de habilitar os contadores de desempenho para esse serviço.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: O Windows não pode abrir a DLL VMware do contador extensível de 64 bits em um ambiente de 32 bits. Contate o fornecedor do arquivo para obter uma versão de 32 bits. Opcionalmente, se você estiver executando em um ambiente nativo de 64 bits, poderá abrir a DLL do contador extensível de 64 bits usando a versão de 64 bits do Monitor de desempenho. Para usar essa ferramenta, abra a pasta Windows, a pasta System32 e inicie Perfmon.exe.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: O Windows não consegue carregar a DLL rdyboost do contador extensível. Os primeiros quatro bytes (DWORD) da seção de Dados contêm o código de erro do Windows.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Coleta de dados de contador de desempenho desabilitada no serviço "Outlook" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo. Corrija os erros antes de habilitar os contadores de desempenho para esse serviço.
Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: O Windows não pode abrir a DLL Outlook do contador extensível de 64 bits em um ambiente de 32 bits. Contate o fornecedor do arquivo para obter uma versão de 32 bits. Opcionalmente, se você estiver executando em um ambiente nativo de 64 bits, poderá abrir a DLL do contador extensível de 64 bits usando a versão de 64 bits do Monitor de desempenho. Para usar essa ferramenta, abra a pasta Windows, a pasta System32 e inicie Perfmon.exe.
Error: (10/25/2016 12:19:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Parâmetro incorreto.
.
Error: (10/25/2016 12:19:43 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.
Operação:
Obtendo Dados do Gravador
Contexto:
Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
Nome do Gravador: System Writer
ID de Instância de Gravador: {0880298f-f8d9-459a-aacd-fe7f5ccd44eb}
Error: (10/25/2016 11:26:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mywindow)
Description: Falha na ativação do aplicativo windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.
Error: (10/25/2016 11:26:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa SystemSettings.exe versão 6.3.9600.17031 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.
ID do Processo: 1504
Hora de Início: 01d22ec335ec56b1
Hora de Término: 4294967295
Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
ID do Relatório: 9c5ed066-9ab6-11e6-8257-7071bc64f01b
Nome completo do pacote com falha: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy
ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel
Error: (10/25/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: mywindow)
Description: O aplicativo windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel não foi iniciado dentro do tempo alocado.
Erros de Sistema:
=============
Error: (10/25/2016 01:02:57 PM) (Source: Virtual Disk Service) (EventID: 8) (User: )
Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019
Error: (10/25/2016 12:56:28 PM) (Source: Virtual Disk Service) (EventID: 8) (User: )
Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019
Error: (10/25/2016 12:54:16 PM) (Source: Virtual Disk Service) (EventID: 8) (User: )
Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019
Error: (10/25/2016 12:24:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: O serviço Prikadom está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.
Error: (10/25/2016 12:19:52 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT)
Description: ??\Device\HarddiskVolumeShadowCopy282
Error: (10/25/2016 12:01:51 PM) (Source: DCOM) (EventID: 10010) (User: mywindow)
Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário.
Error: (10/25/2016 11:32:02 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:.
Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x30000000133dd. O nome do arquivo é "\ProgramData\IObit\Driver Booster\Backups". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION".
Error: (10/25/2016 11:28:30 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:.
Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x200000001b31a. O nome do arquivo é "\Windows\WinSxS\amd64_mscorlib_b77a5c561934e089_4.0.9600.17187_none_45b39dca52f03d38". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION".
Error: (10/25/2016 11:26:20 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT)
Description: C:\Device\HarddiskVolume22
Error: (10/25/2016 12:36:53 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:.
Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x200000001b31a. O nome do arquivo é "\Windows\WinSxS\amd64_mscorlib_b77a5c561934e089_4.0.9600.17187_none_45b39dca52f03d38". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION".
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Percentagem de memória em uso: 38%
RAM física total: 8117.38 MB
RAM física disponível: 5007.21 MB
Virtual Total: 9397.38 MB
Virtual disponível: 6162.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:469.51 GB) (Free:387.33 GB) NTFS
Drive d: (Meu Bau) (Fixed) (Total:461.66 GB) (Free:441.94 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6593C62E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=469.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=461.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Fim de Addition.txt ============================