Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão:18-04-2016 Executado por Victor (2016-04-19 18:54:42) Executando a partir de C:\Downloads Windows 10 Pro Versão 1511 (X64) (2016-02-12 14:15:32) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-164514490-1679632668-4210770689-500 - Administrator - Disabled) => C:\Users\Administrador ASPNET (S-1-5-21-164514490-1679632668-4210770689-1003 - Limited - Enabled) Convidado (S-1-5-21-164514490-1679632668-4210770689-501 - Limited - Disabled) DefaultAccount (S-1-5-21-164514490-1679632668-4210770689-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-164514490-1679632668-4210770689-1002 - Limited - Enabled) Outros (S-1-5-21-164514490-1679632668-4210770689-1004 - Administrator - Enabled) => C:\Users\Outros Victor (S-1-5-21-164514490-1679632668-4210770689-1000 - Administrator - Enabled) => C:\Users\Victor ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-164514490-1679632668-4210770689-1000\...\uTorrent) (Version: 3.4.5.41712 - BitTorrent Inc.) A Lenda do Herói - O Jogo (HKLM\...\Steam App 389170) (Version: - Dumativa Creative Studio) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atualizações da NVIDIA 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd) DC Universe Online Live (HKU\S-1-5-21-164514490-1679632668-4210770689-1000\...\DG0-DC Universe Online Live) (Version: - Sony Online Entertainment) DEVIL MAY CRY 4 (HKLM-x32\...\{D4E5A687-797D-44B1-8F96-4FD7A24166A9}) (Version: 1.00.000 - CAPCOM CO., LTD.) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) EveryonePiano 1.8 (HKLM-x32\...\EveryonePiano_is1) (Version: 1.8.1.25 - EveryonePiano.com) Facebook Chat IM 1.1 (HKLM-x32\...\Facebook Chat IM) (Version: 1.1 - FBCIM) GameShadow (HKLM-x32\...\{F7C1C17E-70E3-475F-BD52-EA554391F15D}) (Version: 2.01.0000 - GameShadow Ltd) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music) Hitman Absolution (HKLM-x32\...\{95030349-3623-4920-89BF-8BEC5EF311C5}_is1) (Version: 1.0433.1 - Square Enix) Hitman Blood Money (HKLM-x32\...\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}) (Version: 1.00.0000 - Eidos) Holodrive (HKLM\...\Steam App 370770) (Version: - BitCake Studio) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Java(TM) 7 Update 3 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217003FF}) (Version: 7.0.30 - Oracle) JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation) K-Lite Codec Pack 11.8.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.5 - KLCP) Medal of Honor: Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.2.1.280 - Electronic Arts) Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MouseServer version 1.7.1 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.7.1 - Necta Co.) NVIDIA Driver de áudio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Driver de controle do 3D Vision 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA Driver de gráficos 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.) Painel de controle da NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com) Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer) The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - ) The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.) TuxGuitar (HKLM-x32\...\TuxGuitar 1.3.1) (Version: 1.3.1 - Name of your company) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-164514490-1679632668-4210770689-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Victor\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {09834471-301A-4D49-85C5-6465705ED42A} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-04-16] () Task: {1003A7A8-D35E-401D-B532-535794E81ECC} - System32\Tasks\Pritc => C:\Users\Victor\AppData\Local\Temp\is-O2EA5.tmp\print.exe [2016-03-03] (VLOME) <==== ATENÇÃO Task: {1248AEED-D81F-449F-9277-8E19EC40573D} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {1372C5A8-BE92-4A0A-9A9B-59B956F86671} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {14C77B1D-D6C7-4984-A7B3-E69F6A99CEDD} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {14DA2FC1-382B-484E-AAD1-55DDB58894C9} - System32\Tasks\DNS Monitoring => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\AnyFlix\DNSMON~1.DLL" <==== ATENÇÃO Task: {1875140A-1475-40F0-AA89-3C0C5F5481E0} - System32\Tasks\PrivacyKeeper_EdgeUnlock => C:\Program Files (x86)\PrivacyKeeper\TaskTools.exe Task: {26270E71-AA47-4751-B741-2E438D5811F1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {27315E43-2C45-4869-9F44-FDE0BE52F087} - System32\Tasks\PrivacyKeeper_Master => C:\Program Files (x86)\PrivacyKeeper\InstAct.exe Task: {27B2BD46-3F42-4BA5-A81F-356CECF414EA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {291DE05D-EE3F-4196-8EC6-AC6534A360D5} - System32\Tasks\{050C0447-0B08-0E0E-0C11-780E7E7F1108} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAkAHMAYwA7ACQAUAByAG8A (a entrada de dados tem 9296 mais caracteres). <==== ATENÇÃO Task: {4948CC77-2152-4D99-A14A-2FF3D53D0E45} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {4CAAA69B-D81E-4D14-9C42-AA3CF5E4EAF4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {4F8387F9-BF6B-4A55-BC76-37D76EF827C1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {647A2FFF-F24C-4661-B486-D68D92152ADE} - System32\Tasks\kze3024 => C:\Program Files (x86)\Hoistsearch\kze3024.exe <==== ATENÇÃO Task: {6E75FDDC-ABF6-4E71-BF74-1DB38D64655E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-06] (Microsoft Corporation) Task: {6EBBA8B8-E321-4B97-8116-E4E1163A50C7} - System32\Tasks\MixVideoPlayer Update => C:\Program Files (x86)\MixVideoPlayer\mixUpdater.exe <==== ATENÇÃO Task: {730C0DCA-5F51-4B65-92EB-F51FB70FFE52} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {73FE9C29-7D47-40BD-BF0E-628FD69F9F33} - System32\Tasks\PrivacyKeeper_Popup => C:\Program Files (x86)\PrivacyKeeper\PrivacyKeeper.exe Task: {743458C5-1AD8-4630-935A-0E2BCB2BF3E5} - System32\Tasks\DNSLOMETA => dnslometa.exe <==== ATENÇÃO Task: {7DECE24A-DD91-4FF2-B33B-37E4A475C0F6} - System32\Tasks\Redywo => C:\PROGRA~1\Ekeh\Uosietta.bat <==== ATENÇÃO Task: {8BC0F912-EEE7-4D2A-9B46-E83882884942} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {8BEC5C87-706F-4FA2-8696-B76586ECF0C0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) Task: {91FAC75E-0976-47CD-A390-765BB7B3ACE5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {92ADB831-E8EB-4CBC-B696-BC3906AF0DD2} - System32\Tasks\ttwifi => C:\Program Files (x86)\ttwifi\tiantianwifi.exe Task: {939F56CE-12B4-4B27-8493-1AE38D864E92} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {966D185B-387C-4E4E-92B0-4976511357F1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {97DFA06E-698B-4706-A45E-EED553E94832} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {9C511203-2E71-49FE-ABB8-6CBB50735A59} - System32\Tasks\Pwtyfemuk Cache => C:\Program Files (x86)\Pwtyfemuk\Pwtcchtsk.exe Task: {A5BF893E-B66D-4F0E-B8CC-FD9E6632C1AC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-28] (Dropbox, Inc.) Task: {A76B3807-4811-40E7-B8E6-75B8FF9AC449} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-28] (Dropbox, Inc.) Task: {A899EFA0-65B7-461A-A8B6-BAD1A01BB009} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {AA360784-9E5F-4FB7-AF87-FAD2E8E2D8B1} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {AE27CF45-97F9-4C5D-B5BE-FE752CC40FA6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {B51F5DAA-950B-4818-854E-9B4D458819B2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {B6269E7A-9002-4C66-9AC9-52F8D5596F0A} - System32\Tasks\PrivacyKeeper_Popup3 => C:\Program Files (x86)\PrivacyKeeper\PrivacyKeeper.exe Task: {BB2308B9-DE59-44F2-A1AB-C1B6DB85AEB7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {BE65BF0E-7BB8-4047-94B8-9D3DACD9E9C1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C0DCA532-9BC7-43E2-9602-437F7A9344F9} - System32\Tasks\PrivacyKeeper_Edge => C:\Program Files (x86)\PrivacyKeeper\TaskTools.exe Task: {C530E60E-70FF-472C-B236-C9F9559C2F59} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {C6396923-AE02-4C2F-B66E-2B179FC5C1BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.) Task: {CCA6E84F-1DF7-471D-9E84-AA22F66090D4} - System32\Tasks\Price Fountain => C:\Users\Victor\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2016-04-19] () <==== ATENÇÃO Task: {D6F3B5DA-6FE8-4312-AD3A-FE9101BAFF96} - System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} => C:\Program Files (x86)\baidu\update\baidujp_update.exe Task: {DB646FA2-333B-4EE4-B52A-4D3E6E7EEF2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.) Task: {DBBF2E6E-F1AA-4923-A0CF-899BB56B40E0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {DF4887B4-138C-4A3A-9DA9-C45D25AC4D63} - System32\Tasks\{D9C6447E-23A3-48B5-8BC5-4B8867169038} => pcalua.exe -a C:\DMSetup-Serial.exe -d C:\ Task: {E3AD755B-927D-4802-929D-70DC43CE9101} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {EB1AAF8A-F238-430D-B814-8B53AA4785A7} - System32\Tasks\PrivacyKeeper_SkipUac => C:\Program Files (x86)\PrivacyKeeper\TaskTools.exe Task: {F7056A69-1E45-4020-A5F0-5C46F89429E6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {FD4174D7-B477-4882-97C9-7BA0DAB5BCBC} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job => C:\Program Files (x86)\baidu\update\baidujp_update.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Price Fountain.job => ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Victor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ ShortcutWithArgument: C:\Users\Victor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ ==================== Módulos Carregados (Whitelisted) ============== 2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-05 00:30 - 2016-04-05 00:30 - 03587000 _____ () C:\ProgramData\System32\SafeGuard64.dll 2016-02-12 04:12 - 2014-07-02 15:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-17 06:17 - 2016-04-17 06:17 - 00174416 _____ () C:\Users\Victor\AppData\Roaming\Tueasjey\Tueasjey.exe 2016-04-07 05:02 - 2016-04-07 05:02 - 00124928 _____ () C:\Users\Victor\AppData\Local\Apps\2.0\abril.exe 2015-12-09 04:18 - 2015-12-09 04:18 - 00153552 _____ () C:\Program Files (x86)\WeatherTool\2.0.0.11150\WeatherService.exe 2016-04-19 00:24 - 2016-04-19 10:20 - 01913344 _____ () c:\programdata\msiql.exe 2016-03-02 03:33 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-17 06:17 - 2016-04-17 06:17 - 00670544 _____ () C:\Users\Victor\AppData\Roaming\Tueasjey\Sughe.dll 2016-03-02 03:33 - 2016-02-23 08:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-17 06:17 - 2016-04-17 06:17 - 00115536 _____ () C:\Users\Victor\AppData\Roaming\Tueasjey\Riytkutm.exe 2016-04-17 06:17 - 2016-04-17 06:17 - 00146256 _____ () C:\Users\Victor\AppData\Roaming\Tueasjey\Sughe.exe 2016-04-19 00:23 - 2016-04-16 09:46 - 02055168 _____ () C:\ProgramData\WindowsMsg\osmsg.exe 2016-04-19 12:39 - 2016-04-19 12:40 - 00599904 _____ () c:\users\victor\appdata\local\temp\23621\setup.exe 2016-04-19 12:47 - 2016-04-19 12:47 - 00600008 ____N () c:\users\victor\appdata\local\temp\25087\setup.exe 2016-02-12 12:25 - 2016-02-12 12:26 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-12 14:07 - 2015-12-07 01:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-03-02 03:32 - 2016-02-23 05:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-01-28 19:44 - 2016-01-13 07:00 - 00318976 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\libbluray.dll 2016-01-28 19:44 - 2015-10-24 14:00 - 04374528 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax 2016-02-12 14:10 - 2016-01-04 22:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-02-12 14:08 - 2016-01-04 22:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-12 14:09 - 2016-01-16 02:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-12 14:10 - 2016-01-16 02:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-04-05 00:30 - 2016-04-05 00:30 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll 2016-04-19 00:54 - 2016-04-07 11:30 - 02027520 _____ () C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll 2016-04-17 06:17 - 2016-04-17 06:17 - 00261968 _____ () C:\Users\Victor\AppData\Roaming\Tueasjey\Riytkutm.dll 2016-02-12 12:25 - 2016-02-12 12:26 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-02-12 12:25 - 2016-02-12 12:26 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-04-05 16:14 - 2016-03-04 15:51 - 00096768 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\chrome_elf.dll 2016-04-11 11:43 - 2016-03-04 15:51 - 00732160 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\chrome_elf_wk.dll 2010-01-30 01:41 - 2010-01-30 01:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver" ==================== EXE Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:34 - 2016-04-19 01:12 - 00001444 ____A C:\WINDOWS\system32\Drivers\etc\hosts 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-164514490-1679632668-4210770689-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Victor\Pictures\friends-tv-series-poker-1920x1200-wallpaper413149.jpg DNS Servers: 104.197.191.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: ) Firewall do Windows está desabilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Atualmente não há nenhuma correção automática para esta seção.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent HKLM\...\StartupApproved\Run: => "vnlgp" HKLM\...\StartupApproved\Run: => "IDSCCOM8GP" HKLM\...\StartupApproved\Run32: => "EasyHotspot" HKLM\...\StartupApproved\Run32: => "HomePageHelper" HKLM\...\StartupApproved\Run32: => "LightGate" HKU\S-1-5-21-164514490-1679632668-4210770689-1000\...\StartupApproved\Run: => "Selection Tools" HKU\S-1-5-21-164514490-1679632668-4210770689-1000\...\StartupApproved\Run: => "WindApp" HKU\S-1-5-21-164514490-1679632668-4210770689-1000\...\StartupApproved\Run: => "Pritc" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [UDP Query User{5FACD93F-BF28-4F8F-AEA7-66876D50AA57}C:\users\victor\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\victor\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{EEDAECDD-0356-4DF0-B2E8-2055BE3F1AB9}C:\users\victor\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\victor\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{9D047CE7-C8D0-4DB3-844E-B4C372C1DD4E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe FirewallRules: [{4B02BF92-821F-4E16-8D00-4F7B5ED4DB1C}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe FirewallRules: [{BAAC48AF-680C-47D2-8E43-8F7D9EF28AA7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{AC5FCF46-7BBC-434F-B7B4-AC767551E610}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{CDA2B3E0-56AC-4E97-B242-794BDDF0B61E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{7400D71B-AD42-4BDD-AA80-B03635F81B32}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{0367A701-E025-4EBA-B3AA-0CB41E65CCC2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [{57D75C87-4E56-4D96-A940-671268AD9E16}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe FirewallRules: [UDP Query User{C2467311-1A4A-42C2-A2F0-0C63184EB50B}C:\users\victor\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\victor\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{CB9F14A1-81BF-47E6-9B5C-01DC135C2CE3}C:\users\victor\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\victor\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{7266C684-4570-490E-AB34-BB0C9B24E8DF}D:\jogos\bf2\ea games\battlefield 2\bf2.exe] => (Allow) D:\jogos\bf2\ea games\battlefield 2\bf2.exe FirewallRules: [TCP Query User{97719605-27C6-4CDB-A2EF-C12521251411}D:\jogos\bf2\ea games\battlefield 2\bf2.exe] => (Allow) D:\jogos\bf2\ea games\battlefield 2\bf2.exe FirewallRules: [UDP Query User{2B71533D-EB0A-4DAD-BF2D-EA18EFDAC7F3}C:\program files (x86)\nfs hot pursuit\nfs11.exe] => (Allow) C:\program files (x86)\nfs hot pursuit\nfs11.exe FirewallRules: [TCP Query User{D6B58AD5-6567-4199-99F7-565A1927CA72}C:\program files (x86)\nfs hot pursuit\nfs11.exe] => (Allow) C:\program files (x86)\nfs hot pursuit\nfs11.exe FirewallRules: [{D4DFF2C2-144B-4A92-BF52-BB3B89B78830}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{5B852725-4BF2-4733-BF63-83453B462B6E}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{D872DBDF-F641-4218-BF74-24E880D6DDC9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{EB78155F-CA90-42BD-9357-4EAC6FBB2A1B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D6FC11A3-C6A5-4553-8811-ED4E116205DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{C817B74B-03B6-4757-B58E-B37C96A22418}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{555A98DF-B7BB-4A3A-8FDB-CE7D3DBDCC2D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{EFD8B1C1-94F7-4C64-B196-335FCE664A39}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DBDD7BF9-FE89-46A9-9004-B17486BC5D1F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{32554EE4-A469-4D96-AD9B-E528E82FFEF3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BBD4EA68-2A42-4659-B4CE-68E0966CFE4C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{8F571680-59F8-4152-8046-3D05441CAE7F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [TCP Query User{71F06BA2-FA7B-4391-95A5-AE1388AFE74C}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe FirewallRules: [UDP Query User{8DA1F648-09A9-4DC5-9F22-F3202F06F656}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe FirewallRules: [{195E0570-C7B2-478F-BF51-39D1008E6B95}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{28C60630-7A37-46A8-8FC0-E6AFBB5B8352}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{20F14641-06F9-4DCF-A98A-1CC74BB5BB9F}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Rogue\ACC.exe FirewallRules: [{C5679165-8A2C-4B35-A31D-76E4C8577887}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Rogue\ACC.exe FirewallRules: [TCP Query User{E09EDD1F-C1DF-43FE-ADF2-6FDC7FCE40F9}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe FirewallRules: [UDP Query User{C4F308C2-A986-4E94-82D9-26AA9F5B6F9D}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe FirewallRules: [TCP Query User{AE901304-9D3F-4CA0-8F60-ADC3903B9A60}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe FirewallRules: [UDP Query User{2EF265FB-1CE1-4540-B130-F12763370FD2}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe FirewallRules: [TCP Query User{842D3DEA-518C-4C87-8C95-279882BD5BFE}F:\testdriveunlimited.exe] => (Allow) F:\testdriveunlimited.exe FirewallRules: [UDP Query User{AEBB2DBF-3C88-4129-B131-B9B385458A91}F:\testdriveunlimited.exe] => (Allow) F:\testdriveunlimited.exe FirewallRules: [TCP Query User{E55ECC09-456F-43B2-91F3-6FA6A71553EB}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe FirewallRules: [UDP Query User{9C4836FE-4B56-4E0D-B584-A645E5ED2F19}C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tom clancy's ghost recon phantoms na\game\ncsa-live\ghostreconphantoms.exe FirewallRules: [TCP Query User{490F88C7-D800-407F-868A-DC6A13B36DC7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{BAB0A000-9C0A-4683-A531-387147B34384}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [{E814D885-43E7-4B3D-BC53-719CCE164069}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{BDC73838-A022-42B2-84EE-6D36C2D720DB}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [TCP Query User{47335D57-ECDA-4544-AF6E-FC12118059A6}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe FirewallRules: [UDP Query User{7DD3B759-5F56-49BC-8924-4BACF311CF07}C:\program files (x86)\mouseserver\mouseserver.exe] => (Allow) C:\program files (x86)\mouseserver\mouseserver.exe FirewallRules: [TCP Query User{E2CFB0FB-1CFD-481E-B028-F0553DD0BDD9}C:\program files (x86)\eidos\hitman blood money\hitmanbloodmoney.exe] => (Allow) C:\program files (x86)\eidos\hitman blood money\hitmanbloodmoney.exe FirewallRules: [UDP Query User{EDFC447B-A421-40DA-BFC9-970F73592267}C:\program files (x86)\eidos\hitman blood money\hitmanbloodmoney.exe] => (Allow) C:\program files (x86)\eidos\hitman blood money\hitmanbloodmoney.exe FirewallRules: [{29141269-7C85-41AF-960C-D532FDC06DDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holodrive\Holodrive.exe FirewallRules: [{3B803A4C-881A-47D5-8419-3AED720BBF93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Holodrive\Holodrive.exe FirewallRules: [{059F36A1-8F57-4966-AF03-8DE20DB8FBB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Lenda do Herói - O Jogo\DumaLegend.exe FirewallRules: [{B4CD7A9C-7B48-4420-9BC0-BDC78C7B568A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Lenda do Herói - O Jogo\DumaLegend.exe FirewallRules: [{F149BEBF-6F94-4649-AF70-CC91DD534EE1}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{28C53B07-724B-4E76-B893-D1F5EAB15158}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa.exe FirewallRules: [{5910B8A0-42FA-4EAB-B3E9-5294E2D2C44F}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{35857E64-8FC9-4201-B2E2-0497BAA2F350}] => (Allow) C:\Program Files (x86)\Origin Games\Medal of Honor Pacific Assault\mohpa_setup.exe FirewallRules: [{7CABABA8-DAAA-4FB5-AA85-D7468ECEA7D0}] => (Allow) 㩃啜敳獲噜捩潴屲灁䑰瑡屡潒浡湩屧獳屮獳⹮硥e FirewallRules: [{22CB5743-8B86-4B7F-B986-31DD3923D84E}] => (Allow) 㩃啜敳獲噜捩潴屲灁䑰瑡屡潒浡湩屧獳屮慳敶灵攮數 FirewallRules: [{1DA629BF-7598-46C5-8B1F-71925B69138A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{0929F795-88C1-4021-9990-33BA9225A2E1}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{163CDED4-5EFA-4B31-8529-4D634845C4C7}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{47B5CF64-0F39-4C4B-9E85-FB31BE9EFD61}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe FirewallRules: [{CA4AC9BA-40EB-4EBF-AE9E-D56CF23D1CE1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [TCP Query User{CB8D2FAA-B63E-4055-85AB-7394CE4772B9}C:\program files (x86)\atari\test drive unlimited 2\uplauncher.exe] => (Allow) C:\program files (x86)\atari\test drive unlimited 2\uplauncher.exe FirewallRules: [UDP Query User{68155A4C-A999-429A-B251-2DD4A457B4B2}C:\program files (x86)\atari\test drive unlimited 2\uplauncher.exe] => (Allow) C:\program files (x86)\atari\test drive unlimited 2\uplauncher.exe FirewallRules: [TCP Query User{FB56B6CA-1592-41B0-ABD0-B8BF636D363D}C:\program files (x86)\atari\test drive unlimited 2\testdrive2.exe] => (Allow) C:\program files (x86)\atari\test drive unlimited 2\testdrive2.exe FirewallRules: [UDP Query User{FE94065B-3D39-4A78-BF6A-015B190CA866}C:\program files (x86)\atari\test drive unlimited 2\testdrive2.exe] => (Allow) C:\program files (x86)\atari\test drive unlimited 2\testdrive2.exe FirewallRules: [{B31A647F-FEF9-4719-886C-AD34A2BDBE92}] => (Allow) LPort=24985 FirewallRules: [{7930C6DA-00C9-4EE2-90FB-627F95278390}] => (Allow) LPort=24985 FirewallRules: [{13D50A43-A17D-4ADB-BE95-01D8DC46D7D2}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe FirewallRules: [{0B880987-395C-4FA4-B48A-37AFB9CA0E23}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe FirewallRules: [{039B454C-7AB8-40F3-9355-FF7EA3409EE5}] => (Allow) C:\WINDOWS\TEMP\19062\download\MiniThunderPlatform.exe FirewallRules: [{DEA19504-F855-4CBB-AD46-7C6C08C6E1DB}] => (Allow) C:\WINDOWS\TEMP\19062\download\MiniThunderPlatform.exe FirewallRules: [{AA3AA552-EEE7-4FDB-8DF9-EB69E46997A8}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{D7781802-885C-4D45-B0C9-1C58DE5615EC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{1CB18E9A-D033-414F-B53B-CC96677AB04F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\PLUGINS\CHECKPCMGRUPDATE.EXE ==================== Pontos de Restauração ========================= 02-04-2016 03:46:15 Installed Advanced Archive Password Recovery 04-04-2016 22:56:43 Removed Devil May Cry 3 Special Edition ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: Dispositivo de Scanner SCSI Description: Dispositivo de Scanner SCSI Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: scsiscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Realtek 8180 Extensible 802.11b Wireless Device Description: Dispositivo sem Fio Realtek 8180 Extensible 802.11b Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Semiconductor Corp Service: RTL85n64 Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (04/19/2016 03:14:25 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Falha ao criar ponto de restauração (Processo = C:\WINDOWS\system32\svchost.exe -k netsvcs; Descrição = Windows Update; Erro = 0x81000101). Error: (04/19/2016 02:14:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary TS888x64. System Error: O sistema não pode encontrar o arquivo especificado. . Error: (04/19/2016 02:14:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary TSSysKit. System Error: O sistema não pode encontrar o arquivo especificado. . Error: (04/19/2016 02:14:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error: Acesso negado. . Error: (04/19/2016 12:59:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: VICTOR-PC) Description: O pacote Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{ff8b4b4c-d07c-48cd-9fa4-de5e2f5df5cf} foi terminado porque levou muito tempo para ser suspenso. Error: (04/19/2016 12:58:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ShellExperienceHost.exe, versão: 10.0.10586.122, carimbo de data/hora: 0x56cc0133 Nome do módulo com falha: StartUI.dll, versão: 10.0.10586.122, carimbo de data/hora: 0x56cbff9f Código de exceção: 0xc000041d Deslocamento da falha: 0x000000000029bfb8 ID do processo com falha: 0xd4 Hora de início do aplicativo com falha: 0xShellExperienceHost.exe0 Caminho do aplicativo com falha: ShellExperienceHost.exe1 Caminho do módulo com falha: ShellExperienceHost.exe2 ID do Relatório: ShellExperienceHost.exe3 Nome completo do pacote com falha: ShellExperienceHost.exe4 ID do aplicativo relativo ao pacote com falha: ShellExperienceHost.exe5 Error: (04/19/2016 12:58:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ShellExperienceHost.exe, versão: 10.0.10586.122, carimbo de data/hora: 0x56cc0133 Nome do módulo com falha: StartUI.dll, versão: 10.0.10586.122, carimbo de data/hora: 0x56cbff9f Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000029bfb8 ID do processo com falha: 0xd4 Hora de início do aplicativo com falha: 0xShellExperienceHost.exe0 Caminho do aplicativo com falha: ShellExperienceHost.exe1 Caminho do módulo com falha: ShellExperienceHost.exe2 ID do Relatório: ShellExperienceHost.exe3 Nome completo do pacote com falha: ShellExperienceHost.exe4 ID do aplicativo relativo ao pacote com falha: ShellExperienceHost.exe5 Error: (04/19/2016 12:50:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: SystemSettings.exe, versão: 10.0.10586.11, carimbo de data/hora: 0x56457cb1 Nome do módulo com falha: dcomp.dll, versão: 10.0.10586.11, carimbo de data/hora: 0x56457939 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001d2ae ID do processo com falha: 0x1760 Hora de início do aplicativo com falha: 0xSystemSettings.exe0 Caminho do aplicativo com falha: SystemSettings.exe1 Caminho do módulo com falha: SystemSettings.exe2 ID do Relatório: SystemSettings.exe3 Nome completo do pacote com falha: SystemSettings.exe4 ID do aplicativo relativo ao pacote com falha: SystemSettings.exe5 Error: (04/19/2016 12:47:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VICTOR-PC) Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (04/19/2016 12:46:40 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Erros de Sistema: ============= Error: (04/19/2016 12:47:08 PM) (Source: DCOM) (EventID: 10010) (User: VICTOR-PC) Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca Error: (04/19/2016 12:43:30 PM) (Source: DCOM) (EventID: 10001) (User: VICTOR-PC) Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXr0dtzccx33hvam1xwfz3c1354p6222qd.mcaNão DisponívelNão Disponível Error: (04/19/2016 12:42:34 PM) (Source: DCOM) (EventID: 10001) (User: VICTOR-PC) Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca31CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mcaNão DisponívelNão Disponível Error: (04/19/2016 12:42:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Host de Sincronização_348ce7. Error: (04/19/2016 12:41:52 PM) (Source: DCOM) (EventID: 10010) (User: VICTOR-PC) Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} Error: (04/19/2016 12:41:39 PM) (Source: DCOM) (EventID: 10010) (User: VICTOR-PC) Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca Error: (04/19/2016 12:40:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Application Manager 3.57.4713165 devido ao seguinte erro: %%1006 Error: (04/19/2016 12:39:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Application Manager 3.57.4713165 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço. Error: (04/19/2016 12:39:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Windows Security foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (04/19/2016 12:36:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Application Manager 3.57.4713165 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2016-04-19 12:59:27.695 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-04-19 12:54:04.894 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-04-19 00:23:40.139 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. Date: 2016-04-19 00:23:40.138 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. Date: 2016-04-19 00:23:27.798 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. Date: 2016-04-19 00:23:27.790 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. Date: 2016-04-19 00:20:20.928 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. Date: 2016-04-19 00:20:20.928 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. Date: 2016-04-19 00:20:14.136 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. Date: 2016-04-19 00:20:14.135 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\System32\SafeGuard64.dll that did not meet the security requirements for Shared Sections. ==================== Informações da Memória =========================== Processador: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ Percentagem de memória em uso: 54% RAM física total: 4094.49 MB RAM física disponível: 1844.14 MB Virtual Total: 8190.49 MB Virtual disponível: 5567.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.29 GB) (Free:55.09 GB) NTFS Drive k: (VITU) (Removable) (Total:7.51 GB) (Free:0.47 GB) FAT32 Drive w: (200901121302) (CDROM) (Total:6.34 GB) (Free:0 GB) CDFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: B0000000) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=449 MB) - (Type=27) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. ======================================================== Disk: 6 (Size: 7.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Fim de Addition.txt ============================