Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 17-10-2016 Executado por gilberto (25-10-2016 13:17:21) Executando a partir de C:\Users\gilberto\Downloads Windows 8.1 Pro (Update) (X64) (2016-10-12 15:47:06) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-736004364-387698703-3503565398-500 - Administrator - Disabled) Convidado (S-1-5-21-736004364-387698703-3503565398-501 - Limited - Disabled) gilberto (S-1-5-21-736004364-387698703-3503565398-1001 - Administrator - Enabled) => C:\Users\gilberto HomeGroupUser$ (S-1-5-21-736004364-387698703-3503565398-1003 - Limited - Enabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.) Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.18.0 - Mirillis) Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Atualizações da NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.5.0.0 - Byte Technologies LLC) <==== ATENÇÃO CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform) cFosSpeed v10.20 (HKLM\...\cFosSpeed) (Version: 10.20 - cFos Software GmbH, Bonn) FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MU Arena - Season 3. (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\MU Arena - Season 3.) (Version: - ) NVIDIA Driver de áudio HD 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Painel de controle da NVIDIA 341.95 (Version: 341.95 - NVIDIA Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7891 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) SnapDo (HKLM-x32\...\{A1478174-35AA-44E3-B78A-5F1C5FD01490}) (Version: 1.0.0.0 - Resoft) <==== ATENÇÃO Social2Search (HKLM\...\9b7ea2ff90c3ad3f64b197d546c2460d) (Version: 11.12.1.39 (i1.0) - Social2Search) <==== ATENÇÃO Suporte para Aplicativos Apple (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Suporte para Aplicativos Apple Apple (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) trotux - Uninstall (HKLM-x32\...\{14CC3F93-D26B-479E-9AB0-57CBD7B4CD04}) (Version: - ) <==== ATENÇÃO Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUSR_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft) VMware Workstation (HKLM\...\{1527BFD9-819D-4067-B13D-D5417C2F7148}) (Version: 12.5.0 - VMware, Inc.) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\Warcraft III) (Version: - ) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinThruster (HKLM-x32\...\WinThruster) (Version: 1.16.8 - Solvusoft Corporation) <==== ATENÇÃO WinThruster (Version: 1.16.8 - Solvusoft Corporation) Hidden <==== ATENÇÃO WTFast 4.2 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.2.2.862 - Initex & AAA Internet Publishing) Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.63 - Company Inc.) <==== ATENÇÃO ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {13069134-9674-4D9F-BD1B-5DFC65D33AC3} - System32\Tasks\ASC9_SkipUac_gilberto => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-08-16] (IObit) Task: {1B3E263C-F58B-4D2C-92A7-EF3852A59A24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-12] (Google Inc.) Task: {1EC3712F-91B9-4F8D-B85C-59D08DE13FF8} - System32\Tasks\Driver Booster SkipUAC (gilberto) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-07-18] (IObit) Task: {37BD9141-2FBF-4C69-950A-385E9DB8E3E3} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-07-20] (IObit) Task: {4F6F7F24-7BC5-433B-B9E2-10747D0C752F} - System32\Tasks\WinThruster64-gilberto-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe [2015-10-11] (Solvusoft Corporation) <==== ATENÇÃO Task: {65CC150B-5822-4A25-852D-96082B89278B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd) Task: {6B9AF680-BE59-48BF-9690-3D84569FF031} - System32\Tasks\cFos\Registration Tasks\Open Browser => Chrome.exe "hxxp://localhost:1487/cfosspeed/preferences.htm" Task: {820B77F9-777C-44BD-B638-FB52EE75BBB1} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe [2016-10-25] () <==== ATENÇÃO Task: {8356AD26-9E99-46C4-919A-900BB4BF2A48} - System32\Tasks\WinThruster64-gilberto-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe [2015-10-11] (Solvusoft Corporation) <==== ATENÇÃO Task: {949D365E-9909-4B8A-9360-252CF99454C9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {9571DB8F-703E-49D0-93C6-AB70506DA65B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-12] (Google Inc.) Task: {B0014C29-D2F8-4071-81EC-07E05EF66114} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe [2016-10-25] () <==== ATENÇÃO Task: {C1104C5D-BAC9-46DE-9D90-E6A165B2C630} - System32\Tasks\Satelybutoge Configuration => C:\Program Files (x86)\Dregurydering\couvight.exe [2016-10-25] (Glarysoft Ltd) Task: {C7FA6DB2-E0DA-4228-9EB9-E5ECBEE5D6E3} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-07-14] (IObit) Task: {D7A20916-1F32-4F27-A9AE-FB0EA5996A3C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {D94C1EE9-6FCD-4A47-B31C-7DD20F53F8B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {DB319959-CA93-4602-8FA3-D8BE814573F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\ASC9_SkipUac_gilberto.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe <==== ATENÇÃO Task: C:\Windows\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlock\qdMpQOG.exe <==== ATENÇÃO Task: C:\Windows\Tasks\WinThruster64-gilberto-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== ATENÇÃO Task: C:\Windows\Tasks\WinThruster64-gilberto-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== ATENÇÃO ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic ShortcutWithArgument: C:\Users\gilberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% --disable-quic ==================== Módulos Carregados (Whitelisted) ============== 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-10-12 15:14 - 2016-09-23 11:50 - 01919496 _____ () C:\Program Files (x86)\WTFast\service\WTFast.Service.exe 2016-10-12 13:57 - 2016-01-29 08:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-10-25 12:24 - 2016-10-25 12:24 - 00144384 _____ () C:\Users\gilberto\AppData\Roaming\Atigupy\Ckobewusule.dll 2015-08-26 05:44 - 2015-08-26 05:44 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll 2015-10-19 18:00 - 2015-10-19 18:00 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll 2016-10-24 12:10 - 2016-10-24 12:10 - 05562880 _____ () C:\Program Files\9b7ea2ff90c3ad3f64b197d546c2460d\ff3eee172239dfb5c6be9f5d56f1ae1c.exe 2016-09-26 05:00 - 2016-09-28 06:08 - 00057856 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe 2016-10-25 12:26 - 2016-10-25 12:25 - 00710656 _____ () C:\ProgramData\Ronzap\Ronzap.exe 2016-10-25 12:27 - 2016-10-22 22:08 - 03786752 _____ () C:\ProgramData\Logic Handler\set.exe 2016-10-25 12:27 - 2016-10-25 12:27 - 00004608 _____ () C:\Users\gilberto\AppData\Local\Bamtechno.exe 2016-10-25 12:21 - 2016-10-25 12:21 - 00312320 _____ () C:\Program Files\BitTorrent\BitTorrent.exe 2016-10-25 12:27 - 2016-10-25 12:27 - 00358912 _____ () C:\ProgramData\Ronzap\Uni-Ity.dll 2016-10-24 23:26 - 2016-10-20 06:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll 2016-10-24 23:26 - 2016-10-20 06:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00236856 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll 2016-10-12 14:17 - 2015-12-28 14:49 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2016-10-12 14:17 - 2015-12-23 19:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl 2016-10-12 14:17 - 2015-12-23 19:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl 2016-10-12 14:17 - 2015-12-23 19:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl 2016-10-25 12:24 - 2016-10-25 12:24 - 00277504 _____ () c:\program files (x86)\dregurydering\thavuywifiiedreports.dll 2016-10-12 14:16 - 2016-06-06 18:27 - 00355616 _____ () C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl 2016-10-12 14:16 - 2016-06-06 18:27 - 00190240 _____ () C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl 2016-10-12 14:16 - 2016-06-06 18:27 - 00057632 _____ () C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl 2016-10-12 14:16 - 2016-06-06 18:27 - 00899872 _____ () C:\Program Files (x86)\IObit\Driver Booster\webres.dll 2016-10-12 14:16 - 2016-06-06 18:27 - 00524064 _____ () C:\Program Files (x86)\IObit\Driver Booster\sqlite3.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-736004364-387698703-3503565398-1001\...\100sexlinks.com -> 100sexlinks.com Existem ainda 4788 sites a mais. ==================== Hosts Conteúdo: ========================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 11:25 - 2016-10-15 19:25 - 00001237 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.mirillis.com 127.0.0.1 s0ft4pc.com 127.0.0.1 serwer2.paka-service.com 127.0.0.1 thislineskipsanyemptylines 127.0.0.1 ns386119.ovh.net 127.0.0.1 mirillis.pl 127.0.0.1 www.ovh.com 127.0.0.1 176.31.241.10 127.0.0.1 91.121.143.139 127.0.0.1 thislineskipsanyemptylines ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-736004364-387698703-3503565398-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{41D6EA4C-2E02-48BD-B60F-6259B3160AAF}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe FirewallRules: [{73F9D3C6-1178-4A6E-AC98-DDA701ED87B8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe FirewallRules: [{5D234C20-0F50-4602-B9D4-63CDF1EF0CC3}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe FirewallRules: [TCP Query User{465B43DC-BDA4-4742-B99C-3D86779919DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{94847AE8-DD51-494B-84BD-8487A0DEE1FD}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{55CFC932-4785-48FC-9401-E105E5502B15}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe FirewallRules: [{CE57A8D8-59C6-480E-AAC1-6104C274A869}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe FirewallRules: [{9C1F112F-405D-4191-8965-0C89763D75CD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe FirewallRules: [{D5657C89-9C17-4855-B211-830CB00616DC}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe FirewallRules: [{95B536E5-1D2B-49B7-99D9-B220CECDFBF4}] => (Block) C:\Program Files\Mirillis\Action!\Action.exe FirewallRules: [{88C62788-D8B4-4151-9D4F-F78B3AC5076E}] => (Block) C:\Program Files (x86)\Mirillis\Action!\Action.exe FirewallRules: [TCP Query User{68E8D37B-DABB-42C7-80E1-3ABBCDC9D9FC}C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{EB43804B-8465-481E-99D2-FEFE97B3C1C4}C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{CAEA620D-61B2-41C9-801D-4F590D8F5DCF}C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe FirewallRules: [UDP Query User{7197AB58-B404-46CB-AB9E-D06D6532C2B1}C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\gilberto\appdata\roaming\utorrent\updates\3.4.9_42606.exe FirewallRules: [{8BD077AE-7B80-4003-826A-88A9CC7255C2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{71CBDC30-B659-4AE9-8845-BA3EA3CB5399}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{4325B6DE-00F3-4F9D-94F0-9CDCAB43E8E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{0FE89564-016E-4C7B-86B9-CD55BE0FF442}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{D1DDEA0B-21C4-4ABE-BC89-9EE3F01A7EAE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C4F33827-3F0D-4E8A-85B0-2BFF16149984}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6CCCF2B0-50EE-4D7A-9322-AA23DEE79F80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BF6014D6-FCA7-45C0-AE80-A2F3BC6D5708}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B2570597-084E-4644-8ED3-62B4D46066AB}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{5E521CB1-72AB-44E2-9C15-BFB202C5DC0F}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{B274A049-DA46-48B5-9793-375D7A5958AE}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{A366C1AB-3EF4-48A2-B85B-6D8DBF1ADAD2}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{0660128E-2547-46FD-A69A-3C5C7E87746E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{1517E478-2399-4371-8F20-B673738F0E01}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{12CDAC89-AF83-4624-AD53-23DC91404F39}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{535355D9-E2DF-4C8E-A8ED-86DB43C0DE1C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe FirewallRules: [{D742D595-168E-406B-B1D1-BA9BDA85D3B6}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{4B94D6BF-B68D-4E69-8F70-9480680E2B62}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe FirewallRules: [{4AB956F6-6F6F-4784-BA6A-C9B0A47865D9}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe FirewallRules: [{8C2B44CD-C869-4CB6-B91E-2E4BFEBEFEEC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe ==================== Pontos de Restauração ========================= 19-10-2016 16:35:14 Driver Booster : Microsoft Visual C++ 2012 Redistributable (x64) 19-10-2016 16:36:02 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 19-10-2016 16:50:42 Instalador de Módulos do Windows 19-10-2016 16:54:16 Instalador de Módulos do Windows 19-10-2016 16:57:27 Instalador de Módulos do Windows 19-10-2016 17:06:23 Instalador de Módulos do Windows 19-10-2016 17:09:43 Instalador de Módulos do Windows 19-10-2016 17:26:30 Instalador de Módulos do Windows 19-10-2016 17:31:03 Instalador de Módulos do Windows 19-10-2016 17:42:00 Instalador de Módulos do Windows 19-10-2016 18:06:00 Installed iTunes 21-10-2016 00:30:38 Installed VMware Workstation 25-10-2016 12:19:43 WinThruster (64-bit) Backup ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1017) (User: ) Description: Coleta de dados de contador de desempenho desabilitada no serviço "VMware" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo. Corrija os erros antes de habilitar os contadores de desempenho para esse serviço. Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1022) (User: ) Description: O Windows não pode abrir a DLL VMware do contador extensível de 64 bits em um ambiente de 32 bits. Contate o fornecedor do arquivo para obter uma versão de 32 bits. Opcionalmente, se você estiver executando em um ambiente nativo de 64 bits, poderá abrir a DLL do contador extensível de 64 bits usando a versão de 64 bits do Monitor de desempenho. Para usar essa ferramenta, abra a pasta Windows, a pasta System32 e inicie Perfmon.exe. Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: O Windows não consegue carregar a DLL rdyboost do contador extensível. Os primeiros quatro bytes (DWORD) da seção de Dados contêm o código de erro do Windows. Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1017) (User: ) Description: Coleta de dados de contador de desempenho desabilitada no serviço "Outlook" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo. Corrija os erros antes de habilitar os contadores de desempenho para esse serviço. Error: (10/25/2016 12:46:04 PM) (Source: Perflib) (EventID: 1022) (User: ) Description: O Windows não pode abrir a DLL Outlook do contador extensível de 64 bits em um ambiente de 32 bits. Contate o fornecedor do arquivo para obter uma versão de 32 bits. Opcionalmente, se você estiver executando em um ambiente nativo de 64 bits, poderá abrir a DLL do contador extensível de 64 bits usando a versão de 64 bits do Monitor de desempenho. Para usar essa ferramenta, abra a pasta Windows, a pasta System32 e inicie Perfmon.exe. Error: (10/25/2016 12:19:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddCoreCsiFiles : GetNextFileMapContent() failed. System Error: Parâmetro incorreto. . Error: (10/25/2016 12:19:43 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {0880298f-f8d9-459a-aacd-fe7f5ccd44eb} Error: (10/25/2016 11:26:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: mywindow) Description: Falha na ativação do aplicativo windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais. Error: (10/25/2016 11:26:25 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa SystemSettings.exe versão 6.3.9600.17031 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1504 Hora de Início: 01d22ec335ec56b1 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe ID do Relatório: 9c5ed066-9ab6-11e6-8257-7071bc64f01b Nome completo do pacote com falha: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel Error: (10/25/2016 11:26:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: mywindow) Description: O aplicativo windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel não foi iniciado dentro do tempo alocado. Erros de Sistema: ============= Error: (10/25/2016 01:02:57 PM) (Source: Virtual Disk Service) (EventID: 8) (User: ) Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019 Error: (10/25/2016 12:56:28 PM) (Source: Virtual Disk Service) (EventID: 8) (User: ) Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019 Error: (10/25/2016 12:54:16 PM) (Source: Virtual Disk Service) (EventID: 8) (User: ) Description: Falha ao abrir o dispositivo \\?\GLOBALROOT\Device\HarddiskVolume6. Código de erro: 5@020A0019 Error: (10/25/2016 12:24:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: O serviço Prikadom está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente. Error: (10/25/2016 12:19:52 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT) Description: ??\Device\HarddiskVolumeShadowCopy282 Error: (10/25/2016 12:01:51 PM) (Source: DCOM) (EventID: 10010) (User: mywindow) Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/25/2016 11:32:02 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT) Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:. Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x30000000133dd. O nome do arquivo é "\ProgramData\IObit\Driver Booster\Backups". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION". Error: (10/25/2016 11:28:30 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT) Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:. Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x200000001b31a. O nome do arquivo é "\Windows\WinSxS\amd64_mscorlib_b77a5c561934e089_4.0.9600.17187_none_45b39dca52f03d38". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION". Error: (10/25/2016 11:26:20 AM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT) Description: C:\Device\HarddiskVolume22 Error: (10/25/2016 12:36:53 AM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT) Description: Corrupção detectada na estrutura do sistema de arquivos, no volume C:. Uma corrupção foi encontrada em uma estrutura de índice do sistema de arquivos. O número de referência do arquivo é 0x200000001b31a. O nome do arquivo é "\Windows\WinSxS\amd64_mscorlib_b77a5c561934e089_4.0.9600.17187_none_45b39dca52f03d38". O atributo de índice corrompido é ":$I30:$INDEX_ALLOCATION". ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz Percentagem de memória em uso: 38% RAM física total: 8117.38 MB RAM física disponível: 5007.21 MB Virtual Total: 9397.38 MB Virtual disponível: 6162.37 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:469.51 GB) (Free:387.33 GB) NTFS Drive d: (Meu Bau) (Fixed) (Total:461.66 GB) (Free:441.94 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6593C62E) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=469.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=461.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.2 GB) (Disk ID: 00000000) Partition: GPT. ==================== Fim de Addition.txt ============================