Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:18-01-2016
Executado por Peteck (administrador) em PETECK-PC (23-01-2016 14:01:27)
Executando a partir de C:\Users\Peteck\Desktop
Perfis Carregados: Peteck (Perfis Disponíveis: Peteck)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(John Deere Ag Management Solutions) C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(John Deere Ag Management Solutions) C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.WDTSystemTrayApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() D:\RF Novus Planet\rf_online.bin
(Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe
(Indigo Rose Corporation) C:\Program Files (x86)\GS Live Update\LiveUpdate\GSLiveUpdate.exe
() C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\knsyE00A.tmpfs
() C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\jnstFAC1.tmp
() C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\hnsy1258.tmp
(Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\ProgramData\Wlojuoruhu\1.0.7.1\ihrnoium.exe
(BitTorrent Inc.) C:\Users\Peteck\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Peteck\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Peteck\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Wlojuoruhu\1.0.7.1\ihrnoium.exe
() C:\Program Files (x86)\SFK\SSFK.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [dply_en_015020215] => [X]
HKLM-x32\...\Run: [gmsd_br_005010216] => [X]
HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct_service.bat
HKLM-x32\...\RunOnce: [cmdrun] => cmd.exe /C ipconfig /flushdns
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-17] (Electronic Arts)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [uTorrent] => C:\Users\Peteck\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [WDTSystemTrayApp.exe] => C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.WDTSystemTrayApp.exe [55296 2015-06-30] (John Deere Ag Management Solutions)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [GoogleChromeAutoLaunch_D2C014BC15B9BCE8F07452F4B0B21D09] => "C:\Users\Peteck\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [Birds] => C:\Users\Peteck\AppData\Local\Birds\birds365.exe [113664 2016-01-23] (Birds)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [-] => c:\programdata\msiql.exe [2412032 2016-01-14] ()
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\A3FB110AD80824E309242083833A556D.dll Start /DEFAULT
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [CrashService] => "C:\Users\Peteck\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\MountPoints2: {95294eb1-c173-11e5-b186-c86000bbfb3e} - H:\setup.exe
HKU\S-1-5-18\...\Run: [MSConfig] => "C:\Windows\system32\config\systemprofile\pyvewfem.exe"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
AutoConfigURL: [S-1-5-21-4183138869-3339101748-1199650171-1000] => hxxp://unstopp.me/wpad.dat?d7d7e99e7d8aa2887112c0694825511e4821117
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8035E4BD-0321-4693-B89A-8C49AF766292}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8035E4BD-0321-4693-B89A-8C49AF766292}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca4a523d1684d20898c6e5081142039b
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca4a523d1684d20898c6e5081142039b
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca4a523d1684d20898c6e5081142039b
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4183138869-3339101748-1199650171-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4183138869-3339101748-1199650171-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-15] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-15] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-01-15] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-15] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-15] (Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-15] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{67EB9D57-D031-4BB0-845E-219EAE5F3080}] - C:\Program Files\groover230120161442\Firefox\{67EB9D57-D031-4BB0-845E-219EAE5F3080}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}] - C:\Program Files\shopperz230120161433\Firefox\{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{67EB9D57-D031-4BB0-845E-219EAE5F3080}] - C:\Program Files\groover230120161442\Firefox\{67EB9D57-D031-4BB0-845E-219EAE5F3080}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}] - C:\Program Files\shopperz230120161433\Firefox\{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}.xpi => não encontrado (a)
Chrome:
=======
CHR Profile: C:\Users\Peteck\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Peteck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-01-11] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-01-23] (TODO: ) [Arquivo não assinado]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 JohnDeereApexService; C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe [66048 2015-06-30] (John Deere Ag Management Solutions) [Arquivo não assinado]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3784232 2015-11-19] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-07-13] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-12] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [173248 2016-01-23] ()
R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2016-01-23] (Sony DADC Austria AG.) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [340136 2016-01-23] (Sysinternals process Explorer) <==== ATENÇÃO
R2 wucotusy; C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\hnsy1258.tmp [416256 2016-01-23] () [Arquivo não assinado]
R2 zutuzuni; C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\jnstFAC1.tmp [307712 2016-01-23] () [Arquivo não assinado]
R2 nezomyzuzbt; C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\knsyE00A.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [129000 2011-09-14] (ASMedia Technology Inc) [Arquivo não assinado]
S3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [394216 2011-09-14] (ASMedia Technology Inc) [Arquivo não assinado]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2016-01-23] (Cherimoya Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-01-23] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R1 {c3b5d16d-6fe6-4748-adbb-6d6059350c15}Gw64; C:\Windows\System32\drivers\{c3b5d16d-6fe6-4748-adbb-6d6059350c15}Gw64.sys [48744 2016-01-23] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-23 14:01 - 2016-01-23 14:02 - 00026039 _____ C:\Users\Peteck\Desktop\FRST.txt
2016-01-23 14:01 - 2016-01-23 14:01 - 00000000 ____D C:\FRST
2016-01-23 13:59 - 2016-01-23 14:00 - 02370560 _____ (Farbar) C:\Users\Peteck\Desktop\FRST64.exe
2016-01-23 13:42 - 2016-01-23 13:42 - 00000000 ____D C:\Users\Peteck\AppData\LocalLow\uTorrent
2016-01-23 13:32 - 2016-01-23 13:32 - 00000000 ____D C:\Windows\LastGood
2016-01-23 13:29 - 2016-01-23 13:29 - 00000000 ____D C:\Windows\system32\appmgmt
2016-01-23 13:22 - 2016-01-23 13:22 - 00003190 _____ C:\Windows\System32\Tasks\crash_service
2016-01-23 13:22 - 2016-01-23 13:22 - 00003158 _____ C:\Windows\System32\Tasks\Run_Bobby_Browser
2016-01-23 13:20 - 2016-01-23 13:20 - 00000161 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2016-01-23 13:20 - 2016-01-23 13:20 - 00000161 _____ C:\ProgramData\xcgui_debug.txt
2016-01-23 13:14 - 2016-01-23 13:14 - 00003448 _____ C:\Windows\System32\Tasks\Wlojuoruhu
2016-01-23 13:14 - 2016-01-23 13:14 - 00001730 ____R C:\Yeabeats Browser.lnk
2016-01-23 13:14 - 2016-01-23 13:14 - 00000000 ____D C:\Users\Todos os Usuários\Wlojuoruhu
2016-01-23 13:14 - 2016-01-23 13:14 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-01-23 13:14 - 2016-01-23 13:14 - 00000000 ____D C:\ProgramData\Wlojuoruhu
2016-01-23 13:14 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-01-23 13:14 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-01-23 13:13 - 2016-01-23 13:13 - 00000008 _____ C:\END
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-23 13:13 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2016-01-23 13:13 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-01-23 13:12 - 2016-01-23 13:12 - 00006417 _____ C:\Users\Todos os Usuários\webad.xml
2016-01-23 13:12 - 2016-01-23 13:12 - 00006417 _____ C:\ProgramData\webad.xml
2016-01-23 13:12 - 2016-01-14 07:46 - 02412032 _____ C:\Users\Todos os Usuários\msiql.exe
2016-01-23 13:12 - 2016-01-14 07:46 - 02412032 _____ C:\ProgramData\msiql.exe
2016-01-23 13:12 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-01-23 13:12 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-01-23 13:10 - 2016-01-23 13:18 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\systweak
2016-01-23 13:10 - 2016-01-23 13:10 - 00000000 ____D C:\Users\Peteck\AppData\Local\Birds365
2016-01-23 13:10 - 2016-01-23 13:10 - 00000000 ____D C:\Users\Peteck\AppData\Local\Birds
2016-01-23 13:10 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Todos os Usuários\service.exe
2016-01-23 13:10 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Peteck\AppData\Roaming\service.exe
2016-01-23 13:10 - 2016-01-11 15:49 - 01734656 _____ C:\ProgramData\service.exe
2016-01-23 13:10 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
2016-01-23 13:08 - 2016-01-23 13:33 - 00000000 ____D C:\Program Files\shopperz230120161433
2016-01-23 13:08 - 2016-01-23 13:08 - 00003340 _____ C:\Windows\System32\Tasks\Tybejisp
2016-01-23 13:08 - 2016-01-23 13:08 - 00000000 ____D C:\Windows\system32\gid
2016-01-23 13:08 - 2016-01-23 13:08 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\SogudJay
2016-01-23 12:52 - 2016-01-23 12:52 - 00000000 ____D C:\Windows\system32\gar
2016-01-23 12:52 - 2016-01-23 12:52 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\EqoouLel
2016-01-23 12:51 - 2016-01-23 13:09 - 00000000 ____D C:\Users\Peteck\AppData\Local\Tempfolder
2016-01-23 12:49 - 2016-01-23 13:32 - 00000000 ____D C:\Program Files\groover230120161442
2016-01-23 12:49 - 2016-01-23 12:49 - 00003338 _____ C:\Windows\System32\Tasks\Ycuvyaya
2016-01-23 12:49 - 2016-01-23 12:49 - 00000000 ____D C:\Users\Peteck\AppData\LocalLow\Company
2016-01-23 12:49 - 2016-01-23 12:49 - 00000000 ____D C:\Users\Peteck\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-01-23 12:49 - 2016-01-23 12:49 - 00000000 ____D C:\uninst
2016-01-23 12:47 - 2016-01-23 12:47 - 00003624 _____ C:\Windows\System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}
2016-01-23 12:47 - 2016-01-23 12:47 - 00000522 _____ C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\ProgramData\baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Program Files (x86)\Baidu
2016-01-23 12:46 - 2016-01-23 13:46 - 00000000 ____D C:\Program Files (x86)\SFK
2016-01-23 12:46 - 2016-01-23 13:26 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\istartpageing
2016-01-23 12:46 - 2016-01-23 13:11 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-23 12:46 - 2016-01-23 12:46 - 00000000 ____D C:\Users\Todos os Usuários\Tmp0x0x
2016-01-23 12:46 - 2016-01-23 12:46 - 00000000 ____D C:\ProgramData\Tmp0x0x
2016-01-23 12:37 - 2016-01-23 13:11 - 00000000 ____D C:\Users\Peteck\AppData\Local\1E00A360-1453552641-5500-66B4-C86000BBFB3E
2016-01-23 12:37 - 2016-01-23 03:38 - 00048744 _____ (StdLib) C:\Windows\system32\Drivers\{c3b5d16d-6fe6-4748-adbb-6d6059350c15}Gw64.sys
2016-01-23 12:36 - 2016-01-23 13:10 - 00000000 ____D C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E
2016-01-23 12:36 - 2016-01-23 12:35 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-23 10:45 - 2016-01-23 12:49 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-01-23 08:58 - 2016-01-23 08:58 - 00143360 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe
2016-01-23 08:58 - 2016-01-23 08:58 - 00001390 _____ C:\Users\Peteck\Desktop\Borderlands GOTY.lnk
2016-01-23 08:58 - 2016-01-23 08:58 - 00000000 __RHD C:\Users\Peteck\AppData\Roaming\SecuROM
2016-01-23 08:58 - 2016-01-23 08:58 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Borderlands GOTY
2016-01-23 08:58 - 2016-01-23 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-01-23 08:40 - 2016-01-23 08:40 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-01-23 00:19 - 2016-01-23 00:19 - 00000000 ____D C:\Users\Peteck\AppData\Local\Disc_Soft_Ltd
2016-01-23 00:19 - 2016-01-23 00:19 - 00000000 ____D C:\Program Files (x86)\R.G. Catalyst
2016-01-23 00:17 - 2016-01-23 00:17 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-01-23 00:17 - 2016-01-23 00:17 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-01-23 00:16 - 2016-01-23 00:18 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\DAEMON Tools Lite
2016-01-23 00:16 - 2016-01-23 00:17 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-01-23 00:16 - 2016-01-23 00:16 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-01-23 00:16 - 2016-01-23 00:16 - 00001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-01-23 00:12 - 2016-01-23 00:16 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-01-23 00:12 - 2016-01-23 00:16 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-22 23:47 - 2016-01-22 23:47 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2016-01-22 23:47 - 2016-01-22 23:47 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-01-22 23:40 - 2016-01-22 23:41 - 00000000 ____D C:\Users\Peteck\Downloads\Borderlands GOTY
2016-01-21 18:53 - 2016-01-21 18:53 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2016-01-20 19:57 - 2016-01-20 19:57 - 00494881 _____ C:\Users\Peteck\Documents\Scan0006.pdf
2016-01-20 19:56 - 2016-01-20 19:56 - 00767966 _____ C:\Users\Peteck\Documents\Scan0005.pdf
2016-01-20 19:55 - 2016-01-20 19:55 - 00696323 _____ C:\Users\Peteck\Documents\Scan0004.pdf
2016-01-20 19:53 - 2016-01-20 19:53 - 00639034 _____ C:\Users\Peteck\Documents\Scan0003.pdf
2016-01-20 19:52 - 2016-01-20 19:52 - 00839553 _____ C:\Users\Peteck\Documents\Scan0002.pdf
2016-01-20 19:49 - 2016-01-20 19:49 - 00872735 _____ C:\Users\Peteck\Documents\Scan0001.pdf
2016-01-20 19:48 - 2016-01-20 19:48 - 00905181 _____ C:\Users\Peteck\Documents\Scan0019.pdf
2016-01-16 13:34 - 2016-01-20 19:48 - 00000000 ____D C:\Users\Peteck\Documents\Modelos Personalizados do Office
2016-01-15 18:30 - 2016-01-15 18:30 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-14 19:57 - 2016-01-22 16:46 - 00000000 ____D C:\Users\Peteck\Documents\Arquivos do Outlook
2016-01-14 19:56 - 2016-01-22 23:32 - 00000000 ____D C:\Program Files\KMSpico
2016-01-14 19:55 - 2016-01-14 19:55 - 00002131 _____ C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00002110 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00002110 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00002110 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ___RD C:\Users\Peteck\OneDrive
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-01-14 19:51 - 2016-01-14 19:51 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2016-01-14 19:50 - 2016-01-15 18:31 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-01-14 19:50 - 2016-01-15 18:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-14 19:50 - 2016-01-14 19:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-01-14 19:48 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-14 19:48 - 2016-01-14 19:48 - 01804512 _____ C:\WindowsGABRIOLA.tt2
2016-01-14 19:47 - 2016-01-14 19:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-14 19:45 - 2016-01-14 19:45 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\PowerISO
2016-01-14 17:09 - 2016-01-14 17:09 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-01-14 17:09 - 2016-01-14 17:09 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-01-14 17:09 - 2016-01-14 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-01-14 17:09 - 2016-01-14 17:09 - 00000000 ____D C:\Program Files\PowerISO
2016-01-14 17:09 - 2015-10-08 05:00 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-01-14 17:05 - 2016-01-14 18:15 - 2299707392 _____ C:\Users\Peteck\Downloads\pt_office_professional_plus_2016_x86_x64_dvd_6966451.iso
2016-01-14 11:20 - 2016-01-14 11:20 - 00003062 _____ C:\Windows\System32\Tasks\ScanToPCActivationApp.exe_{D8FED070-318E-45C3-BE48-290723D1CC67}
2016-01-13 19:41 - 2016-01-13 19:42 - 00000000 ____D C:\Users\Peteck\Desktop\A-20
2015-12-27 06:01 - 2016-01-23 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Chase Resistance
2015-12-27 06:01 - 2015-12-27 07:23 - 00000000 ____D C:\Program Files (x86)\Grand Chase Resistance
2015-12-25 21:55 - 2015-12-25 21:55 - 00000000 ____D C:\Users\Peteck\Documents\MEGAsync
2015-12-25 21:54 - 2015-12-25 21:54 - 00000000 ____D C:\Users\Peteck\AppData\Local\Mega Limited
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-23 14:02 - 2015-07-11 03:23 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\uTorrent
2016-01-23 14:01 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2016-01-23 13:40 - 2015-07-11 02:04 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-23 13:36 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-23 13:36 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-23 13:30 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-01-23 13:26 - 2015-07-11 02:00 - 00001423 _____ C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-23 13:26 - 2015-07-11 02:00 - 00001401 _____ C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-23 13:15 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-23 13:10 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-23 12:46 - 2015-07-11 02:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-23 12:37 - 2009-07-14 00:34 - 00000505 _____ C:\Windows\win.ini
2016-01-23 11:42 - 2015-07-24 17:32 - 00000372 _____ C:\Windows\Tasks\At1.job
2016-01-22 23:57 - 2009-07-14 15:55 - 00702882 _____ C:\Windows\system32\prfh0416.dat
2016-01-22 23:57 - 2009-07-14 15:55 - 00145668 _____ C:\Windows\system32\prfc0416.dat
2016-01-22 23:57 - 2009-07-14 03:13 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 23:54 - 2015-07-11 13:54 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-22 23:54 - 2015-07-11 03:11 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2016-01-22 23:54 - 2015-07-11 03:11 - 00000000 ____D C:\ProgramData\Origin
2016-01-22 23:51 - 2015-07-11 15:13 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Skype
2016-01-22 23:50 - 2015-07-11 02:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-01-22 23:50 - 2015-07-11 02:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-22 23:50 - 2015-07-11 02:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 23:50 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-22 23:47 - 2015-07-11 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-22 22:50 - 2015-07-12 22:01 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-01-21 19:00 - 2015-12-22 21:38 - 00000000 ____D C:\stremio-cache
2016-01-21 13:52 - 2015-07-17 17:40 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\HpUpdate
2016-01-17 23:28 - 2015-07-11 15:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 18:30 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-15 11:23 - 2009-07-14 02:45 - 00459232 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 19:56 - 2015-07-11 02:03 - 00111752 _____ C:\Users\Peteck\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-14 19:55 - 2015-07-11 01:59 - 00000000 ____D C:\Users\Peteck
2016-01-14 17:09 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-14 17:09 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-14 10:38 - 2015-07-11 14:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 10:38 - 2015-07-11 14:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 14:41 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-08 18:21 - 2015-07-25 02:47 - 00000000 ____D C:\Users\Peteck\AppData\Local\Battle.net
2016-01-08 13:01 - 2015-07-25 02:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-24 17:23 - 2015-07-12 22:01 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-12-24 10:19 - 2015-07-25 02:47 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Battle.net
2015-12-24 08:53 - 2015-11-15 01:29 - 00000000 ____D C:\Users\Peteck\AppData\Local\ElevatedDiagnostics
==================== Arquivos na raiz de alguns diretórios =======
2016-01-23 13:10 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\Peteck\AppData\Roaming\service.exe
2015-07-17 17:39 - 2015-07-17 17:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-01-23 13:14 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-01-23 13:12 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-01-23 13:12 - 2016-01-14 07:46 - 2412032 _____ () C:\ProgramData\msiql.exe
2016-01-23 13:10 - 2016-01-11 15:49 - 1734656 _____ () C:\ProgramData\service.exe
2016-01-23 13:12 - 2016-01-23 13:12 - 0006417 _____ () C:\ProgramData\webad.xml
2016-01-23 13:20 - 2016-01-23 13:20 - 0000161 _____ () C:\ProgramData\xcgui_debug.txt
2016-01-23 13:13 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Windows\Tasks\At1.job
Alguns arquivos em TEMP:
====================
C:\Users\Peteck\AppData\Local\Temp\2630_3.28.1186_119G.exe
C:\Users\Peteck\AppData\Local\Temp\amisetup0256__16165.exe
C:\Users\Peteck\AppData\Local\Temp\bitool.dll
C:\Users\Peteck\AppData\Local\Temp\DAEMON Tools Lite.exe
C:\Users\Peteck\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Peteck\AppData\Local\Temp\eHBMbnrLOa.exe
C:\Users\Peteck\AppData\Local\Temp\jeZbAEQTOY.exe
C:\Users\Peteck\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Peteck\AppData\Local\Temp\nvStInst.exe
C:\Users\Peteck\AppData\Local\Temp\oprun10765.exe
C:\Users\Peteck\AppData\Local\Temp\oprun14021.exe
C:\Users\Peteck\AppData\Local\Temp\SecuExp.exe
C:\Users\Peteck\AppData\Local\Temp\sonarinst.exe
C:\Users\Peteck\AppData\Local\Temp\Stremio_install_1453346751778.exe
C:\Users\Peteck\AppData\Local\Temp\Stremio_install_1453409249077.exe
C:\Users\Peteck\AppData\Local\Temp\UninstallModule.exe
C:\Users\Peteck\AppData\Local\Temp\update.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-01-19 13:37
==================== Fim de FRST.txt ============================
Executado por Peteck (administrador) em PETECK-PC (23-01-2016 14:01:27)
Executando a partir de C:\Users\Peteck\Desktop
Perfis Carregados: Peteck (Perfis Disponíveis: Peteck)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(John Deere Ag Management Solutions) C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(John Deere Ag Management Solutions) C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.WDTSystemTrayApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Smart Code Ltd.) C:\Users\Peteck\AppData\Local\Programs\LNV\Stremio\Stremio.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
() D:\RF Novus Planet\rf_online.bin
(Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe
(Indigo Rose Corporation) C:\Program Files (x86)\GS Live Update\LiveUpdate\GSLiveUpdate.exe
() C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\knsyE00A.tmpfs
() C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\jnstFAC1.tmp
() C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\hnsy1258.tmp
(Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\ProgramData\Wlojuoruhu\1.0.7.1\ihrnoium.exe
(BitTorrent Inc.) C:\Users\Peteck\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Peteck\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Peteck\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Wlojuoruhu\1.0.7.1\ihrnoium.exe
() C:\Program Files (x86)\SFK\SSFK.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [591512 2015-11-19] (Razer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [dply_en_015020215] => [X]
HKLM-x32\...\Run: [gmsd_br_005010216] => [X]
HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
HKLM-x32\...\RunOnce: [IOPROTECT] => C:\Program Files (x86)\SpaceSondPro_v53.12311\ioproduct_service.bat
HKLM-x32\...\RunOnce: [cmdrun] => cmd.exe /C ipconfig /flushdns
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2015-12-17] (Electronic Arts)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [uTorrent] => C:\Users\Peteck\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-05] (BitTorrent Inc.)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [WDTSystemTrayApp.exe] => C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.WDTSystemTrayApp.exe [55296 2015-06-30] (John Deere Ag Management Solutions)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [GoogleChromeAutoLaunch_D2C014BC15B9BCE8F07452F4B0B21D09] => "C:\Users\Peteck\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default"
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4177784 2016-01-15] (Disc Soft Ltd)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [Birds] => C:\Users\Peteck\AppData\Local\Birds\birds365.exe [113664 2016-01-23] (Birds)
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [-] => c:\programdata\msiql.exe [2412032 2016-01-14] ()
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\A3FB110AD80824E309242083833A556D.dll Start /DEFAULT
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\Run: [CrashService] => "C:\Users\Peteck\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\...\MountPoints2: {95294eb1-c173-11e5-b186-c86000bbfb3e} - H:\setup.exe
HKU\S-1-5-18\...\Run: [MSConfig] => "C:\Windows\system32\config\systemprofile\pyvewfem.exe"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Peteck\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
AutoConfigURL: [S-1-5-21-4183138869-3339101748-1199650171-1000] => hxxp://unstopp.me/wpad.dat?d7d7e99e7d8aa2887112c0694825511e4821117
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8035E4BD-0321-4693-B89A-8C49AF766292}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8035E4BD-0321-4693-B89A-8C49AF766292}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca4a523d1684d20898c6e5081142039b
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca4a523d1684d20898c6e5081142039b
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-4183138869-3339101748-1199650171-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=ca4a523d1684d20898c6e5081142039b
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4183138869-3339101748-1199650171-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4183138869-3339101748-1199650171-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_16_02¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0B0B0F0BtA0EtBzz0A0CtN0D0Tzu0StCyEyByEtN1L2XzutAtFtCyBtFtBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtCtB0Czz0AtB0BtGyD0F0BtCtGzyzyyByEtGtCyDtAyCtGzzyEzytCtA0A0F0B0D0E0D0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0D0AzytCtDtC0EtG0C0FtBtBtGyE0CyCyEtG0B0DtDyDtG0AyE0CyEzzyEzy0B0DtDtB0E2QtN0A0LzuyE%26cr%3D1351060074%26a%3Dwncy_pwrisofs_16_02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-15] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-01-15] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-15] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2016-01-15] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-15] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-15] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-15] (Microsoft Corporation)
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-15] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-17] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{67EB9D57-D031-4BB0-845E-219EAE5F3080}] - C:\Program Files\groover230120161442\Firefox\{67EB9D57-D031-4BB0-845E-219EAE5F3080}.xpi => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}] - C:\Program Files\shopperz230120161433\Firefox\{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{67EB9D57-D031-4BB0-845E-219EAE5F3080}] - C:\Program Files\groover230120161442\Firefox\{67EB9D57-D031-4BB0-845E-219EAE5F3080}.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}] - C:\Program Files\shopperz230120161433\Firefox\{4A12BF1E-B45D-4F69-a2D2-94A073BCB9CB}.xpi => não encontrado (a)
Chrome:
=======
CHR Profile: C:\Users\Peteck\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Peteck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-24] (NVIDIA Corporation)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-01-11] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-01-23] (TODO: ) [Arquivo não assinado]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24376 2015-06-30] (Hewlett-Packard Company)
R2 JohnDeereApexService; C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe [66048 2015-06-30] (John Deere Ag Management Solutions) [Arquivo não assinado]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3784232 2015-11-19] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-24] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-07-13] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-12] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [173248 2016-01-23] ()
R2 UserAccess7; C:\Windows\SysWOW64\UAService7.exe [143360 2016-01-23] (Sony DADC Austria AG.) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [340136 2016-01-23] (Sysinternals process Explorer) <==== ATENÇÃO
R2 wucotusy; C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\hnsy1258.tmp [416256 2016-01-23] () [Arquivo não assinado]
R2 zutuzuni; C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\jnstFAC1.tmp [307712 2016-01-23] () [Arquivo não assinado]
R2 nezomyzuzbt; C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E\knsyE00A.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [129000 2011-09-14] (ASMedia Technology Inc) [Arquivo não assinado]
S3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [394216 2011-09-14] (ASMedia Technology Inc) [Arquivo não assinado]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2016-01-23] (Cherimoya Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-23] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-01-23] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-06-17] (NVIDIA Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R1 {c3b5d16d-6fe6-4748-adbb-6d6059350c15}Gw64; C:\Windows\System32\drivers\{c3b5d16d-6fe6-4748-adbb-6d6059350c15}Gw64.sys [48744 2016-01-23] (StdLib)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-23 14:01 - 2016-01-23 14:02 - 00026039 _____ C:\Users\Peteck\Desktop\FRST.txt
2016-01-23 14:01 - 2016-01-23 14:01 - 00000000 ____D C:\FRST
2016-01-23 13:59 - 2016-01-23 14:00 - 02370560 _____ (Farbar) C:\Users\Peteck\Desktop\FRST64.exe
2016-01-23 13:42 - 2016-01-23 13:42 - 00000000 ____D C:\Users\Peteck\AppData\LocalLow\uTorrent
2016-01-23 13:32 - 2016-01-23 13:32 - 00000000 ____D C:\Windows\LastGood
2016-01-23 13:29 - 2016-01-23 13:29 - 00000000 ____D C:\Windows\system32\appmgmt
2016-01-23 13:22 - 2016-01-23 13:22 - 00003190 _____ C:\Windows\System32\Tasks\crash_service
2016-01-23 13:22 - 2016-01-23 13:22 - 00003158 _____ C:\Windows\System32\Tasks\Run_Bobby_Browser
2016-01-23 13:20 - 2016-01-23 13:20 - 00000161 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2016-01-23 13:20 - 2016-01-23 13:20 - 00000161 _____ C:\ProgramData\xcgui_debug.txt
2016-01-23 13:14 - 2016-01-23 13:14 - 00003448 _____ C:\Windows\System32\Tasks\Wlojuoruhu
2016-01-23 13:14 - 2016-01-23 13:14 - 00001730 ____R C:\Yeabeats Browser.lnk
2016-01-23 13:14 - 2016-01-23 13:14 - 00000000 ____D C:\Users\Todos os Usuários\Wlojuoruhu
2016-01-23 13:14 - 2016-01-23 13:14 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-01-23 13:14 - 2016-01-23 13:14 - 00000000 ____D C:\ProgramData\Wlojuoruhu
2016-01-23 13:14 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-01-23 13:14 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-01-23 13:13 - 2016-01-23 13:13 - 00000008 _____ C:\END
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-23 13:13 - 2016-01-23 13:13 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-23 13:13 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2016-01-23 13:13 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-01-23 13:12 - 2016-01-23 13:12 - 00006417 _____ C:\Users\Todos os Usuários\webad.xml
2016-01-23 13:12 - 2016-01-23 13:12 - 00006417 _____ C:\ProgramData\webad.xml
2016-01-23 13:12 - 2016-01-14 07:46 - 02412032 _____ C:\Users\Todos os Usuários\msiql.exe
2016-01-23 13:12 - 2016-01-14 07:46 - 02412032 _____ C:\ProgramData\msiql.exe
2016-01-23 13:12 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-01-23 13:12 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-01-23 13:10 - 2016-01-23 13:18 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\systweak
2016-01-23 13:10 - 2016-01-23 13:10 - 00000000 ____D C:\Users\Peteck\AppData\Local\Birds365
2016-01-23 13:10 - 2016-01-23 13:10 - 00000000 ____D C:\Users\Peteck\AppData\Local\Birds
2016-01-23 13:10 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Todos os Usuários\service.exe
2016-01-23 13:10 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Peteck\AppData\Roaming\service.exe
2016-01-23 13:10 - 2016-01-11 15:49 - 01734656 _____ C:\ProgramData\service.exe
2016-01-23 13:10 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
2016-01-23 13:08 - 2016-01-23 13:33 - 00000000 ____D C:\Program Files\shopperz230120161433
2016-01-23 13:08 - 2016-01-23 13:08 - 00003340 _____ C:\Windows\System32\Tasks\Tybejisp
2016-01-23 13:08 - 2016-01-23 13:08 - 00000000 ____D C:\Windows\system32\gid
2016-01-23 13:08 - 2016-01-23 13:08 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\SogudJay
2016-01-23 12:52 - 2016-01-23 12:52 - 00000000 ____D C:\Windows\system32\gar
2016-01-23 12:52 - 2016-01-23 12:52 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\EqoouLel
2016-01-23 12:51 - 2016-01-23 13:09 - 00000000 ____D C:\Users\Peteck\AppData\Local\Tempfolder
2016-01-23 12:49 - 2016-01-23 13:32 - 00000000 ____D C:\Program Files\groover230120161442
2016-01-23 12:49 - 2016-01-23 12:49 - 00003338 _____ C:\Windows\System32\Tasks\Ycuvyaya
2016-01-23 12:49 - 2016-01-23 12:49 - 00000000 ____D C:\Users\Peteck\AppData\LocalLow\Company
2016-01-23 12:49 - 2016-01-23 12:49 - 00000000 ____D C:\Users\Peteck\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-01-23 12:49 - 2016-01-23 12:49 - 00000000 ____D C:\uninst
2016-01-23 12:47 - 2016-01-23 12:47 - 00003624 _____ C:\Windows\System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}
2016-01-23 12:47 - 2016-01-23 12:47 - 00000522 _____ C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\ProgramData\baidu
2016-01-23 12:47 - 2016-01-23 12:47 - 00000000 ____D C:\Program Files (x86)\Baidu
2016-01-23 12:46 - 2016-01-23 13:46 - 00000000 ____D C:\Program Files (x86)\SFK
2016-01-23 12:46 - 2016-01-23 13:26 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\istartpageing
2016-01-23 12:46 - 2016-01-23 13:11 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-01-23 12:46 - 2016-01-23 12:46 - 00000000 ____D C:\Users\Todos os Usuários\Tmp0x0x
2016-01-23 12:46 - 2016-01-23 12:46 - 00000000 ____D C:\ProgramData\Tmp0x0x
2016-01-23 12:37 - 2016-01-23 13:11 - 00000000 ____D C:\Users\Peteck\AppData\Local\1E00A360-1453552641-5500-66B4-C86000BBFB3E
2016-01-23 12:37 - 2016-01-23 03:38 - 00048744 _____ (StdLib) C:\Windows\system32\Drivers\{c3b5d16d-6fe6-4748-adbb-6d6059350c15}Gw64.sys
2016-01-23 12:36 - 2016-01-23 13:10 - 00000000 ____D C:\Program Files (x86)\1E00A360-1453559775-5500-66B4-C86000BBFB3E
2016-01-23 12:36 - 2016-01-23 12:35 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-23 10:45 - 2016-01-23 12:49 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-01-23 08:58 - 2016-01-23 08:58 - 00143360 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\UAService7.exe
2016-01-23 08:58 - 2016-01-23 08:58 - 00001390 _____ C:\Users\Peteck\Desktop\Borderlands GOTY.lnk
2016-01-23 08:58 - 2016-01-23 08:58 - 00000000 __RHD C:\Users\Peteck\AppData\Roaming\SecuROM
2016-01-23 08:58 - 2016-01-23 08:58 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Borderlands GOTY
2016-01-23 08:58 - 2016-01-23 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-01-23 08:40 - 2016-01-23 08:40 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-01-23 00:19 - 2016-01-23 00:19 - 00000000 ____D C:\Users\Peteck\AppData\Local\Disc_Soft_Ltd
2016-01-23 00:19 - 2016-01-23 00:19 - 00000000 ____D C:\Program Files (x86)\R.G. Catalyst
2016-01-23 00:17 - 2016-01-23 00:17 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-01-23 00:17 - 2016-01-23 00:17 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-01-23 00:16 - 2016-01-23 00:18 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\DAEMON Tools Lite
2016-01-23 00:16 - 2016-01-23 00:17 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-01-23 00:16 - 2016-01-23 00:16 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-01-23 00:16 - 2016-01-23 00:16 - 00001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-01-23 00:12 - 2016-01-23 00:16 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-01-23 00:12 - 2016-01-23 00:16 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-22 23:47 - 2016-01-22 23:47 - 00000000 ____D C:\Windows\SysWOW64\AGEIA
2016-01-22 23:47 - 2016-01-22 23:47 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-01-22 23:40 - 2016-01-22 23:41 - 00000000 ____D C:\Users\Peteck\Downloads\Borderlands GOTY
2016-01-21 18:53 - 2016-01-21 18:53 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio
2016-01-20 19:57 - 2016-01-20 19:57 - 00494881 _____ C:\Users\Peteck\Documents\Scan0006.pdf
2016-01-20 19:56 - 2016-01-20 19:56 - 00767966 _____ C:\Users\Peteck\Documents\Scan0005.pdf
2016-01-20 19:55 - 2016-01-20 19:55 - 00696323 _____ C:\Users\Peteck\Documents\Scan0004.pdf
2016-01-20 19:53 - 2016-01-20 19:53 - 00639034 _____ C:\Users\Peteck\Documents\Scan0003.pdf
2016-01-20 19:52 - 2016-01-20 19:52 - 00839553 _____ C:\Users\Peteck\Documents\Scan0002.pdf
2016-01-20 19:49 - 2016-01-20 19:49 - 00872735 _____ C:\Users\Peteck\Documents\Scan0001.pdf
2016-01-20 19:48 - 2016-01-20 19:48 - 00905181 _____ C:\Users\Peteck\Documents\Scan0019.pdf
2016-01-16 13:34 - 2016-01-20 19:48 - 00000000 ____D C:\Users\Peteck\Documents\Modelos Personalizados do Office
2016-01-15 18:30 - 2016-01-15 18:30 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-14 19:57 - 2016-01-22 16:46 - 00000000 ____D C:\Users\Peteck\Documents\Arquivos do Outlook
2016-01-14 19:56 - 2016-01-22 23:32 - 00000000 ____D C:\Program Files\KMSpico
2016-01-14 19:55 - 2016-01-14 19:55 - 00002131 _____ C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00002110 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00002110 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00002110 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ___RD C:\Users\Peteck\OneDrive
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft OneDrive
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-14 19:55 - 2016-01-14 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-01-14 19:51 - 2016-01-14 19:51 - 00002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002406 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002338 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00002322 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-01-14 19:51 - 2016-01-14 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016
2016-01-14 19:50 - 2016-01-15 18:31 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-01-14 19:50 - 2016-01-15 18:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-14 19:50 - 2016-01-14 19:50 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-01-14 19:48 - 2016-01-15 18:29 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-14 19:48 - 2016-01-14 19:48 - 01804512 _____ C:\WindowsGABRIOLA.tt2
2016-01-14 19:47 - 2016-01-14 19:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-14 19:45 - 2016-01-14 19:45 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\PowerISO
2016-01-14 17:09 - 2016-01-14 17:09 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-01-14 17:09 - 2016-01-14 17:09 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-01-14 17:09 - 2016-01-14 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-01-14 17:09 - 2016-01-14 17:09 - 00000000 ____D C:\Program Files\PowerISO
2016-01-14 17:09 - 2015-10-08 05:00 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2016-01-14 17:05 - 2016-01-14 18:15 - 2299707392 _____ C:\Users\Peteck\Downloads\pt_office_professional_plus_2016_x86_x64_dvd_6966451.iso
2016-01-14 11:20 - 2016-01-14 11:20 - 00003062 _____ C:\Windows\System32\Tasks\ScanToPCActivationApp.exe_{D8FED070-318E-45C3-BE48-290723D1CC67}
2016-01-13 19:41 - 2016-01-13 19:42 - 00000000 ____D C:\Users\Peteck\Desktop\A-20
2015-12-27 06:01 - 2016-01-23 12:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Chase Resistance
2015-12-27 06:01 - 2015-12-27 07:23 - 00000000 ____D C:\Program Files (x86)\Grand Chase Resistance
2015-12-25 21:55 - 2015-12-25 21:55 - 00000000 ____D C:\Users\Peteck\Documents\MEGAsync
2015-12-25 21:54 - 2015-12-25 21:54 - 00000000 ____D C:\Users\Peteck\AppData\Local\Mega Limited
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-23 14:02 - 2015-07-11 03:23 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\uTorrent
2016-01-23 14:01 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2016-01-23 13:40 - 2015-07-11 02:04 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-23 13:36 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-23 13:36 - 2009-07-14 02:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-23 13:30 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-01-23 13:26 - 2015-07-11 02:00 - 00001423 _____ C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-23 13:26 - 2015-07-11 02:00 - 00001401 _____ C:\Users\Peteck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-23 13:15 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-23 13:10 - 2009-07-14 03:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-01-23 12:46 - 2015-07-11 02:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-23 12:37 - 2009-07-14 00:34 - 00000505 _____ C:\Windows\win.ini
2016-01-23 11:42 - 2015-07-24 17:32 - 00000372 _____ C:\Windows\Tasks\At1.job
2016-01-22 23:57 - 2009-07-14 15:55 - 00702882 _____ C:\Windows\system32\prfh0416.dat
2016-01-22 23:57 - 2009-07-14 15:55 - 00145668 _____ C:\Windows\system32\prfc0416.dat
2016-01-22 23:57 - 2009-07-14 03:13 - 01626900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-22 23:54 - 2015-07-11 13:54 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-22 23:54 - 2015-07-11 03:11 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2016-01-22 23:54 - 2015-07-11 03:11 - 00000000 ____D C:\ProgramData\Origin
2016-01-22 23:51 - 2015-07-11 15:13 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Skype
2016-01-22 23:50 - 2015-07-11 02:08 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-01-22 23:50 - 2015-07-11 02:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-22 23:50 - 2015-07-11 02:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-22 23:50 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-22 23:47 - 2015-07-11 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-22 22:50 - 2015-07-12 22:01 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-01-21 19:00 - 2015-12-22 21:38 - 00000000 ____D C:\stremio-cache
2016-01-21 13:52 - 2015-07-17 17:40 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\HpUpdate
2016-01-17 23:28 - 2015-07-11 15:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 18:30 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-15 11:23 - 2009-07-14 02:45 - 00459232 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 19:56 - 2015-07-11 02:03 - 00111752 _____ C:\Users\Peteck\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-14 19:55 - 2015-07-11 01:59 - 00000000 ____D C:\Users\Peteck
2016-01-14 17:09 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-14 17:09 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-14 10:38 - 2015-07-11 14:58 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 10:38 - 2015-07-11 14:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 14:41 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-08 18:21 - 2015-07-25 02:47 - 00000000 ____D C:\Users\Peteck\AppData\Local\Battle.net
2016-01-08 13:01 - 2015-07-25 02:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-12-24 17:23 - 2015-07-12 22:01 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-12-24 10:19 - 2015-07-25 02:47 - 00000000 ____D C:\Users\Peteck\AppData\Roaming\Battle.net
2015-12-24 08:53 - 2015-11-15 01:29 - 00000000 ____D C:\Users\Peteck\AppData\Local\ElevatedDiagnostics
==================== Arquivos na raiz de alguns diretórios =======
2016-01-23 13:10 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\Peteck\AppData\Roaming\service.exe
2015-07-17 17:39 - 2015-07-17 17:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-01-23 13:14 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-01-23 13:12 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-01-23 13:12 - 2016-01-14 07:46 - 2412032 _____ () C:\ProgramData\msiql.exe
2016-01-23 13:10 - 2016-01-11 15:49 - 1734656 _____ () C:\ProgramData\service.exe
2016-01-23 13:12 - 2016-01-23 13:12 - 0006417 _____ () C:\ProgramData\webad.xml
2016-01-23 13:20 - 2016-01-23 13:20 - 0000161 _____ () C:\ProgramData\xcgui_debug.txt
2016-01-23 13:13 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Windows\Tasks\At1.job
Alguns arquivos em TEMP:
====================
C:\Users\Peteck\AppData\Local\Temp\2630_3.28.1186_119G.exe
C:\Users\Peteck\AppData\Local\Temp\amisetup0256__16165.exe
C:\Users\Peteck\AppData\Local\Temp\bitool.dll
C:\Users\Peteck\AppData\Local\Temp\DAEMON Tools Lite.exe
C:\Users\Peteck\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Peteck\AppData\Local\Temp\eHBMbnrLOa.exe
C:\Users\Peteck\AppData\Local\Temp\jeZbAEQTOY.exe
C:\Users\Peteck\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Peteck\AppData\Local\Temp\nvStInst.exe
C:\Users\Peteck\AppData\Local\Temp\oprun10765.exe
C:\Users\Peteck\AppData\Local\Temp\oprun14021.exe
C:\Users\Peteck\AppData\Local\Temp\SecuExp.exe
C:\Users\Peteck\AppData\Local\Temp\sonarinst.exe
C:\Users\Peteck\AppData\Local\Temp\Stremio_install_1453346751778.exe
C:\Users\Peteck\AppData\Local\Temp\Stremio_install_1453409249077.exe
C:\Users\Peteck\AppData\Local\Temp\UninstallModule.exe
C:\Users\Peteck\AppData\Local\Temp\update.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-01-19 13:37
==================== Fim de FRST.txt ============================