Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01
Executado por Waleran (administrador) em WALERAN-PC (15-03-2016 08:18:29)
Executando a partir de C:\Users\Waleran\Desktop
Perfis Carregados: Waleran (Perfis Disponíveis: Waleran & Putos fudidos)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\Waleran\AppData\Roaming\Dropbox\bin\Dropbox.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [Dropbox Update] => C:\Users\Waleran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [TQOS_REPORT] => d:\program files\腾讯游戏\怪物猎人online\bin\client\tools\tqos_reporter.exe
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Waleran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3435526850-6769864-2887345629-1004\User: Restrição - Chrome <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Tcpip\Parameters: [DhcpNameServer] 201.6.2.105 201.6.2.185
Tcpip\..\Interfaces\{4F2E4CD0-D74B-4631-80E1-4FD22B9EA1E8}: [DhcpNameServer] 201.6.2.105 201.6.2.185
Internet Explorer:
==================
URLSearchHook: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 -> DefaultScope {FB79A02C-DA8C-48e8-B311-BF6F0A2BE612} URL = hxxp://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 -> {F687512A-591D-4169-9FE6-EB2B6A49D415} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 -> {FB79A02C-DA8C-48e8-B311-BF6F0A2BE612} URL = hxxp://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: 应用宝一键安装插件 -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Waleran\AppData\Roaming\Mozilla\Firefox\Profiles\RmA1hUcq.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3435526850-6769864-2887345629-1000: @my.com/Games -> C:\Users\Waleran\AppData\Local\MyComGames\NPMyComDetector.dll [2016-02-21] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-3435526850-6769864-2887345629-1000: SkypePlugin -> C:\Users\Waleran\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi.dll [2016-01-15] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3435526850-6769864-2887345629-1000: SkypePlugin64 -> C:\Users\Waleran\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi-x64.dll [2016-01-15] (Skype Technologies S.A.)
FF Extension: Avira Browser Safety - C:\Users\Waleran\AppData\Roaming\Mozilla\Firefox\Profiles\RmA1hUcq.default\Extensions\abs@avira.com [2015-05-17] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com./"
CHR Profile: C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14]
CHR Extension: (Google Docs) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14]
CHR Extension: (Google Drive) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Chamada pelo Skype) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-01-28]
CHR Extension: (YouTube) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-15]
CHR Extension: (Documentos Google off-line) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-05-14]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-23] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] () [Arquivo não assinado]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1352736 2016-03-09] ()
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [Arquivo não assinado]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [954080 2013-09-19] (Fortinet Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3477816 2015-08-26] (INCA Internet Co., Ltd.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-10] (Electronic Arts)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Arquivo não assinado]
R2 ReduceTheLag-v3; C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe [223232 2015-08-28] () [Arquivo não assinado]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [835152 2016-03-10] (Valve Corporation) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-15] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1101024 2016-01-27] (TENCENT)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-12-16] (电脑管家)
S1 QMUdisk; \??\D:\Program Files\腾讯游戏\QQPCMgr\11.1.16884.202\QMUdisk64.sys [X]
S1 softaal; \??\D:\Program Files\腾讯游戏\QQPCMgr\11.1.16884.202\softaal64.sys [X]
S3 TS888x64; \??\D:\Program Files\腾讯游戏\QQPCMgr\11.1.16884.202\TS888x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-15 08:18 - 2016-03-15 08:19 - 00022571 _____ C:\Users\Waleran\Desktop\FRST.txt
2016-03-15 08:18 - 2016-03-15 08:18 - 00000000 ____D C:\FRST
2016-03-15 08:17 - 2016-03-15 08:17 - 02374144 _____ (Farbar) C:\Users\Waleran\Desktop\FRST64.exe
2016-03-15 08:14 - 2016-03-15 08:14 - 00000856 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-03-15 00:36 - 2016-03-15 01:19 - 3014958217 _____ C:\Users\Waleran\Desktop\Final Fantasy XII (USA).7z
2016-03-15 00:29 - 2016-03-15 08:14 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-03-15 00:14 - 2016-03-15 00:14 - 17837152 _____ C:\Users\Waleran\Desktop\pcsx2-1.4.0-setup.exe
2016-03-14 20:59 - 2016-03-14 20:59 - 00467711 _____ C:\Users\Waleran\Desktop\d06911357e8cf76b3c82df92c5f14d6d.pdf
2016-03-14 16:50 - 2016-03-14 16:50 - 00000000 ____D C:\Users\Putos fudidos\Desktop\Nova pasta (3)
2016-03-12 15:34 - 2016-03-12 15:34 - 00106116 _____ C:\Users\Waleran\Desktop\V3801037.pdf
2016-03-11 09:34 - 2016-03-11 09:34 - 41260905 _____ C:\Users\Waleran\Desktop\90 - Dtn.rar
2016-03-10 23:23 - 2016-03-10 23:23 - 00000000 ____D C:\Users\Todos os Usuários\gbas
2016-03-10 23:23 - 2016-03-10 23:23 - 00000000 ____D C:\ProgramData\gbas
2016-03-10 23:22 - 2016-03-10 23:22 - 00002135 _____ C:\Users\Waleran\Desktop\Itaú.lnk
2016-03-10 23:22 - 2016-03-10 23:22 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-03-10 23:22 - 2016-03-10 23:22 - 00000000 ____D C:\Users\Waleran\AppData\Local\Aplicativo Itau
2016-03-08 20:01 - 2016-03-12 21:26 - 00000000 ____D C:\Users\Waleran\Desktop\TWD
2016-03-07 15:14 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\LocalLow\Adobe
2016-03-07 15:14 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\CEF
2016-03-07 15:14 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\Adobe
2016-03-07 15:03 - 2016-03-07 15:03 - 02325977 _____ C:\Users\Putos fudidos\Downloads\Apostila_Preço_de_Venda_SEBRAE.pdf
2016-03-05 13:51 - 2016-03-05 17:45 - 00065324 _____ C:\Users\Waleran\Desktop\T2 Balanço de massa de alto forno.xlsx
2016-03-03 20:18 - 2016-03-03 20:18 - 00010580 _____ C:\Users\Waleran\Desktop\Graduacao 07,03.pdf
2016-03-03 12:31 - 2016-03-03 12:31 - 00000861 _____ C:\Users\Waleran\Desktop\ARK_Launcher-SP - Atalho.lnk
2016-03-03 08:28 - 2016-03-03 08:28 - 00000000 ___SH C:\Users\Waleran\AppData\Local\LumaEmu
2016-03-02 23:48 - 2016-03-12 20:53 - 00000000 ___SD C:\Users\Waleran\AppData\LocalLow\Temp
2016-03-02 21:15 - 2009-04-24 20:30 - 53803729 _____ C:\Users\Waleran\Desktop\zer0-nplus.cso
2016-03-02 21:01 - 2016-03-02 21:02 - 14840814 _____ C:\Users\Waleran\Desktop\ppsspp_win.zip
2016-03-01 11:45 - 2016-03-01 11:53 - 00725789 _____ C:\Users\Waleran\Desktop\tracao metais.xlsx
2016-02-29 22:35 - 2016-02-29 22:35 - 00010437 _____ C:\Users\Waleran\Documents\Pasta1w3232.xlsx
2016-02-25 11:18 - 2016-02-25 11:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-25 11:18 - 2016-02-25 11:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-25 11:18 - 2016-02-25 11:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-24 21:05 - 2016-02-24 21:05 - 00558721 _____ C:\Users\Waleran\Desktop\Materiais_e_Metodos.pdf
2016-02-24 19:36 - 2016-02-24 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FortiClient
2016-02-24 19:36 - 2016-02-24 19:36 - 00000000 ____D C:\Program Files (x86)\Fortinet
2016-02-21 23:11 - 2016-03-02 19:09 - 00000122 _____ C:\Users\Waleran\Desktop\Skyforge My.com.url
2016-02-21 23:11 - 2016-02-21 23:11 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2016-02-21 20:22 - 2016-03-09 08:15 - 00000000 ____D C:\Users\Waleran\AppData\Local\MyComGames
2016-02-21 20:22 - 2016-02-21 20:22 - 05200752 _____ (MY.COM B.V.) C:\Users\Waleran\Desktop\SkyforgeLoader_a19cd06b1db3ee0124d5b295e6f44fc9__en.exe
2016-02-21 20:22 - 2016-02-21 20:22 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2016-02-18 11:59 - 2016-02-28 18:28 - 00012058 _____ C:\Users\Waleran\Desktop\gastos.xlsx
2016-02-17 22:02 - 2016-02-17 22:02 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-14 11:49 - 2016-02-14 12:00 - 00000000 ____D C:\Users\Waleran\Desktop\magic
2016-02-13 17:57 - 2016-02-14 13:25 - 00011025 _____ C:\Users\Waleran\Documents\magic.xlsx
2016-02-11 10:35 - 2016-02-28 17:15 - 00000000 ____D C:\Users\Waleran\Desktop\monsterhunter 3rd
2016-02-06 23:24 - 2016-02-06 23:24 - 00000000 ____D C:\Users\Putos fudidos\Tracing
2016-02-06 23:23 - 2016-02-06 23:24 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Skype
2016-02-04 19:35 - 2016-02-04 19:35 - 00003106 _____ C:\Windows\System32\Tasks\{11A7A447-A9B6-4160-B37F-FA845AD1BCCD}
2016-01-28 22:43 - 2016-01-28 22:43 - 00000000 ____D C:\Users\Waleran\AppData\Local\Ndemic Creations
2016-01-28 22:21 - 2016-02-06 23:22 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-28 22:21 - 2016-02-06 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-28 22:21 - 2016-01-28 22:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-28 22:07 - 2016-01-28 22:18 - 00000000 ____D C:\Users\Waleran\AppData\Local\SkypePlugin
2016-01-28 22:06 - 2016-01-28 22:06 - 14229504 _____ C:\Users\Waleran\Desktop\SkypeWebPlugin.msi
2016-01-28 21:02 - 2016-01-28 21:02 - 00000000 ____D C:\Users\Waleran\Documents\League of Legends
2016-01-27 16:36 - 2016-01-27 16:36 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Avira
2016-01-26 22:39 - 2016-01-26 22:39 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-01-25 22:35 - 2016-01-25 22:35 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-25 22:35 - 2016-01-25 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-25 22:35 - 2016-01-25 22:35 - 00000000 ____D C:\Program Files\CCleaner
2016-01-25 19:13 - 2016-01-25 19:13 - 00000684 _____ C:\Users\Waleran\Desktop\lol.launcher - Atalho.lnk
2016-01-25 18:59 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Adobe
2016-01-25 18:59 - 2016-02-06 23:22 - 00134256 _____ C:\Users\Putos fudidos\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-25 18:59 - 2016-01-27 16:37 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\Google
2016-01-25 18:59 - 2016-01-27 16:32 - 00002249 _____ C:\Users\Putos fudidos\Desktop\Google Chrome.lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00001415 _____ C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00001381 _____ C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00001238 _____ C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Macromedia
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\ATI
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\ATI
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\AMD
2016-01-25 18:58 - 2016-02-06 23:24 - 00000000 ____D C:\Users\Putos fudidos
2016-01-25 18:58 - 2016-01-25 18:58 - 00607564 __RSH C:\Users\Putos fudidos\ntuser.pol
2016-01-25 18:58 - 2016-01-25 18:58 - 00000020 ___SH C:\Users\Putos fudidos\ntuser.ini
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Modelos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Meus documentos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Menu Iniciar
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Documents\Minhas músicas
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Documents\Minhas imagens
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Documents\Meus vídeos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Dados de aplicativos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Configurações locais
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\AppData\Local\Histórico
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\AppData\Local\Dados de aplicativos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Ambiente de rede
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Ambiente de impressão
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Motorola Mobility
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\VirtualStore
2016-01-25 18:58 - 2015-05-18 01:22 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\Microsoft Help
2016-01-25 18:58 - 2009-07-14 15:11 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Media Center Programs
2016-01-25 18:27 - 2016-01-25 18:58 - 00000660 __RSH C:\Users\Waleran\ntuser.pol
2016-01-24 18:28 - 2016-01-24 18:28 - 14992038 _____ ( ) C:\Users\Waleran\Desktop\klcp_update_1186_20160118.exe
2016-01-22 18:11 - 2016-01-22 18:11 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReduceTheLag
2016-01-22 18:11 - 2016-01-22 18:11 - 00000000 ____D C:\Program Files (x86)\ReducetheLag
2016-01-15 15:20 - 2016-01-15 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Motorola
2016-01-15 15:20 - 2016-01-15 15:20 - 00000000 ____D C:\ProgramData\Motorola
2016-01-15 15:16 - 2016-01-15 15:16 - 00003490 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2016-01-15 15:16 - 2016-01-15 15:16 - 00003298 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2016-01-15 15:16 - 2016-01-15 15:16 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Motorola Mobility
2016-01-15 15:15 - 2016-01-15 15:16 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
2016-01-15 15:15 - 2016-01-15 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2016-01-15 15:15 - 2016-01-15 15:15 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-01-15 15:15 - 2016-01-15 15:15 - 00000000 ____D C:\Program Files (x86)\Motorola
2016-01-15 15:14 - 2016-01-15 15:14 - 00000000 ____D C:\Program Files\Motorola Mobility LLC
2016-01-15 15:14 - 2016-01-15 15:14 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2016-01-15 15:13 - 2016-01-15 15:13 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Motorola
2016-01-15 15:11 - 2016-01-15 15:11 - 34236544 _____ (Motorola Mobility) C:\Users\Waleran\Desktop\MotorolaDeviceManager_2.5.4.exe
2016-01-10 16:16 - 2016-01-11 00:32 - 00000000 ____D C:\Users\Waleran\AppData\Local\Origin
2016-01-10 16:16 - 2016-01-10 16:17 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Origin
2016-01-10 16:12 - 2016-01-11 00:35 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2016-01-10 16:12 - 2016-01-11 00:35 - 00000000 ____D C:\ProgramData\Origin
2016-01-10 16:12 - 2016-01-10 16:12 - 00000000 ____D C:\Users\Todos os Usuários\Electronic Arts
2016-01-10 16:12 - 2016-01-10 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-01-07 20:19 - 2016-01-07 20:19 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft Games
2016-01-06 19:38 - 2016-01-06 19:38 - 00003154 _____ C:\Windows\System32\Tasks\{04FC0CEC-EF06-4D34-AA41-B0AB2192D46A}
2016-01-03 16:33 - 2016-01-03 16:33 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Tera_Awesomium
2015-12-22 13:49 - 2015-12-22 13:49 - 00001277 _____ C:\Users\Waleran\Desktop\DarkSoulsII - Atalho.lnk
2015-12-22 11:55 - 2015-12-22 11:55 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\DarkSoulsII
2015-12-22 11:55 - 2015-12-22 11:55 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2015-12-22 11:55 - 2015-12-22 11:55 - 00000000 ____D C:\ProgramData\Steam
2015-12-21 11:25 - 2016-03-01 11:33 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\OBS
2015-12-21 11:25 - 2015-12-21 11:25 - 00000000 ____D C:\Users\Waleran\AppData\Local\assembly
2015-12-21 11:24 - 2015-12-21 11:25 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-12-21 11:24 - 2015-12-21 11:24 - 00000931 _____ C:\Users\Waleran\Desktop\Open Broadcaster Software.lnk
2015-12-17 09:28 - 2015-12-17 09:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-12-17 09:22 - 2015-12-17 17:35 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-12-17 09:22 - 2015-12-17 09:22 - 00000000 ____D C:\Users\Todos os Usuários\TXPCMGR
2015-12-17 09:22 - 2015-12-17 09:22 - 00000000 ____D C:\ProgramData\TXPCMGR
2015-12-17 01:38 - 2015-12-17 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-12-16 08:51 - 2015-12-16 08:51 - 00000000 ____D C:\Users\Waleran\Documents\Klei
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-15 08:05 - 2009-07-14 01:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-15 08:05 - 2009-07-14 01:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-15 07:50 - 2015-06-17 18:39 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3435526850-6769864-2887345629-1000UA.job
2016-03-15 07:33 - 2015-05-14 22:55 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 00:37 - 2015-05-14 23:03 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Skype
2016-03-15 00:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-03-15 00:28 - 2015-05-17 14:13 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-03-15 00:28 - 2015-05-17 14:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 23:59 - 2015-06-17 18:39 - 00000986 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3435526850-6769864-2887345629-1000Core.job
2016-03-14 23:33 - 2015-05-14 22:55 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 21:35 - 2015-05-14 22:55 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 20:48 - 2015-07-01 21:04 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\MPC-HC
2016-03-14 20:48 - 2015-06-08 19:45 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\uTorrent
2016-03-14 20:12 - 2015-05-14 22:30 - 00000177 ____H C:\dvmexp.idx
2016-03-14 20:04 - 2015-05-16 17:59 - 00000000 ___RD C:\Users\Waleran\Dropbox
2016-03-14 20:04 - 2015-05-16 17:55 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Dropbox
2016-03-14 20:03 - 2015-05-14 22:28 - 00000000 ___HD C:\temp
2016-03-14 20:02 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 16:51 - 2009-07-14 14:55 - 00704478 _____ C:\Windows\system32\prfh0416.dat
2016-03-14 16:51 - 2009-07-14 14:55 - 00146784 _____ C:\Windows\system32\prfc0416.dat
2016-03-14 16:51 - 2009-07-14 02:13 - 01631590 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-12 15:31 - 2015-05-17 19:59 - 00000000 ____D C:\Users\Waleran\Desktop\Matérias
2016-03-09 18:27 - 2015-05-15 09:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 09:42 - 2015-12-03 20:54 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2016-03-01 11:08 - 2014-08-18 17:38 - 00000000 ____D C:\Users\Waleran\Desktop\ppsspp
2016-02-28 18:23 - 2015-05-14 21:34 - 00000000 ____D C:\Users\Waleran\Desktop\Faixas
2016-02-28 14:00 - 2015-08-16 10:47 - 00000000 ___RD C:\Users\Waleran\Documents\Scanned Documents
2016-02-23 19:55 - 2015-05-17 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-23 19:54 - 2015-05-17 15:05 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Arquivos na raiz de alguns diretórios =======
2016-03-03 08:28 - 2016-03-03 08:28 - 0000000 ___SH () C:\Users\Waleran\AppData\Local\LumaEmu
2015-12-15 11:27 - 2016-01-13 16:54 - 0000296 _____ () C:\ProgramData\DP0004.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\DP0004.dat
C:\Users\Todos os Usuários\DP0004.dat
Alguns arquivos em TEMP:
====================
C:\Users\Putos fudidos\AppData\Local\Temp\avgnt.exe
C:\Users\Waleran\AppData\Local\Temp\avgnt.exe
C:\Users\Waleran\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll
[2009-07-13 20:38] - [2009-07-13 22:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
C:\Windows\SysWOW64\User32.dll
[2015-06-19 20:50] - [2015-06-19 20:50] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-03-09 00:28
==================== Fim de FRST.txt ============================
Executado por Waleran (administrador) em WALERAN-PC (15-03-2016 08:18:29)
Executando a partir de C:\Users\Waleran\Desktop
Perfis Carregados: Waleran (Perfis Disponíveis: Waleran & Putos fudidos)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(DeviceVM, Inc.) C:\ASUS.SYS\config\DVMExportService.exe
(Fortinet Inc.) C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
(
ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dropbox, Inc.) C:\Users\Waleran\AppData\Roaming\Dropbox\bin\Dropbox.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [TurboV EVO] => C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe [9936512 2010-07-15] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Six Engine] => C:\Program Files (x86)\ASUS\EPU\EPU.exe [5309056 2010-03-16] (
ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [804168 2016-02-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [Dropbox Update] => C:\Users\Waleran\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [TQOS_REPORT] => d:\program files\腾讯游戏\怪物猎人online\bin\client\tools\tqos_reporter.exe
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3435526850-6769864-2887345629-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Waleran\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Waleran\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-3435526850-6769864-2887345629-1004\User: Restrição - Chrome <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Tcpip\Parameters: [DhcpNameServer] 201.6.2.105 201.6.2.185
Tcpip\..\Interfaces\{4F2E4CD0-D74B-4631-80E1-4FD22B9EA1E8}: [DhcpNameServer] 201.6.2.105 201.6.2.185
Internet Explorer:
==================
URLSearchHook: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 -> DefaultScope {FB79A02C-DA8C-48e8-B311-BF6F0A2BE612} URL = hxxp://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 -> {F687512A-591D-4169-9FE6-EB2B6A49D415} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3435526850-6769864-2887345629-1000 -> {FB79A02C-DA8C-48e8-B311-BF6F0A2BE612} URL = hxxp://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: 应用宝一键安装插件 -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Waleran\AppData\Roaming\Mozilla\Firefox\Profiles\RmA1hUcq.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll [2013-09-19] (Fortinet Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3435526850-6769864-2887345629-1000: @my.com/Games -> C:\Users\Waleran\AppData\Local\MyComGames\NPMyComDetector.dll [2016-02-21] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-3435526850-6769864-2887345629-1000: SkypePlugin -> C:\Users\Waleran\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi.dll [2016-01-15] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3435526850-6769864-2887345629-1000: SkypePlugin64 -> C:\Users\Waleran\AppData\Local\SkypePlugin\7.13.0.71\npGatewayNpapi-x64.dll [2016-01-15] (Skype Technologies S.A.)
FF Extension: Avira Browser Safety - C:\Users\Waleran\AppData\Roaming\Mozilla\Firefox\Profiles\RmA1hUcq.default\Extensions\abs@avira.com [2015-05-17] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com./"
CHR Profile: C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-14]
CHR Extension: (Google Docs) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14]
CHR Extension: (Google Drive) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (Chamada pelo Skype) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-01-28]
CHR Extension: (YouTube) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-14]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-15]
CHR Extension: (Documentos Google off-line) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-05-14]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Waleran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2016-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2016-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2016-02-23] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1417592 2016-02-23] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] () [Arquivo não assinado]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1352736 2016-03-09] ()
R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-10-16] (DeviceVM, Inc.) [Arquivo não assinado]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 FortiSslvpnDaemon; C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [954080 2013-09-19] (Fortinet Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3477816 2015-08-26] (INCA Internet Co., Ltd.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-01-10] (Electronic Arts)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Arquivo não assinado]
R2 ReduceTheLag-v3; C:\Program Files (x86)\ReducetheLag\reducethelag_v3_service.exe [223232 2015-08-28] () [Arquivo não assinado]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [835152 2016-03-10] (Valve Corporation) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2016-02-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-15] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
S3 TesSafe; C:\Windows\system32\TesSafe.sys [1101024 2016-01-27] (TENCENT)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-12-16] (电脑管家)
S1 QMUdisk; \??\D:\Program Files\腾讯游戏\QQPCMgr\11.1.16884.202\QMUdisk64.sys [X]
S1 softaal; \??\D:\Program Files\腾讯游戏\QQPCMgr\11.1.16884.202\softaal64.sys [X]
S3 TS888x64; \??\D:\Program Files\腾讯游戏\QQPCMgr\11.1.16884.202\TS888x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-15 08:18 - 2016-03-15 08:19 - 00022571 _____ C:\Users\Waleran\Desktop\FRST.txt
2016-03-15 08:18 - 2016-03-15 08:18 - 00000000 ____D C:\FRST
2016-03-15 08:17 - 2016-03-15 08:17 - 02374144 _____ (Farbar) C:\Users\Waleran\Desktop\FRST64.exe
2016-03-15 08:14 - 2016-03-15 08:14 - 00000856 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-03-15 00:36 - 2016-03-15 01:19 - 3014958217 _____ C:\Users\Waleran\Desktop\Final Fantasy XII (USA).7z
2016-03-15 00:29 - 2016-03-15 08:14 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-03-15 00:14 - 2016-03-15 00:14 - 17837152 _____ C:\Users\Waleran\Desktop\pcsx2-1.4.0-setup.exe
2016-03-14 20:59 - 2016-03-14 20:59 - 00467711 _____ C:\Users\Waleran\Desktop\d06911357e8cf76b3c82df92c5f14d6d.pdf
2016-03-14 16:50 - 2016-03-14 16:50 - 00000000 ____D C:\Users\Putos fudidos\Desktop\Nova pasta (3)
2016-03-12 15:34 - 2016-03-12 15:34 - 00106116 _____ C:\Users\Waleran\Desktop\V3801037.pdf
2016-03-11 09:34 - 2016-03-11 09:34 - 41260905 _____ C:\Users\Waleran\Desktop\90 - Dtn.rar
2016-03-10 23:23 - 2016-03-10 23:23 - 00000000 ____D C:\Users\Todos os Usuários\gbas
2016-03-10 23:23 - 2016-03-10 23:23 - 00000000 ____D C:\ProgramData\gbas
2016-03-10 23:22 - 2016-03-10 23:22 - 00002135 _____ C:\Users\Waleran\Desktop\Itaú.lnk
2016-03-10 23:22 - 2016-03-10 23:22 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-03-10 23:22 - 2016-03-10 23:22 - 00000000 ____D C:\Users\Waleran\AppData\Local\Aplicativo Itau
2016-03-08 20:01 - 2016-03-12 21:26 - 00000000 ____D C:\Users\Waleran\Desktop\TWD
2016-03-07 15:14 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\LocalLow\Adobe
2016-03-07 15:14 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\CEF
2016-03-07 15:14 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\Adobe
2016-03-07 15:03 - 2016-03-07 15:03 - 02325977 _____ C:\Users\Putos fudidos\Downloads\Apostila_Preço_de_Venda_SEBRAE.pdf
2016-03-05 13:51 - 2016-03-05 17:45 - 00065324 _____ C:\Users\Waleran\Desktop\T2 Balanço de massa de alto forno.xlsx
2016-03-03 20:18 - 2016-03-03 20:18 - 00010580 _____ C:\Users\Waleran\Desktop\Graduacao 07,03.pdf
2016-03-03 12:31 - 2016-03-03 12:31 - 00000861 _____ C:\Users\Waleran\Desktop\ARK_Launcher-SP - Atalho.lnk
2016-03-03 08:28 - 2016-03-03 08:28 - 00000000 ___SH C:\Users\Waleran\AppData\Local\LumaEmu
2016-03-02 23:48 - 2016-03-12 20:53 - 00000000 ___SD C:\Users\Waleran\AppData\LocalLow\Temp
2016-03-02 21:15 - 2009-04-24 20:30 - 53803729 _____ C:\Users\Waleran\Desktop\zer0-nplus.cso
2016-03-02 21:01 - 2016-03-02 21:02 - 14840814 _____ C:\Users\Waleran\Desktop\ppsspp_win.zip
2016-03-01 11:45 - 2016-03-01 11:53 - 00725789 _____ C:\Users\Waleran\Desktop\tracao metais.xlsx
2016-02-29 22:35 - 2016-02-29 22:35 - 00010437 _____ C:\Users\Waleran\Documents\Pasta1w3232.xlsx
2016-02-25 11:18 - 2016-02-25 11:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-25 11:18 - 2016-02-25 11:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-25 11:18 - 2016-02-25 11:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-24 21:05 - 2016-02-24 21:05 - 00558721 _____ C:\Users\Waleran\Desktop\Materiais_e_Metodos.pdf
2016-02-24 19:36 - 2016-02-24 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FortiClient
2016-02-24 19:36 - 2016-02-24 19:36 - 00000000 ____D C:\Program Files (x86)\Fortinet
2016-02-21 23:11 - 2016-03-02 19:09 - 00000122 _____ C:\Users\Waleran\Desktop\Skyforge My.com.url
2016-02-21 23:11 - 2016-02-21 23:11 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com
2016-02-21 20:22 - 2016-03-09 08:15 - 00000000 ____D C:\Users\Waleran\AppData\Local\MyComGames
2016-02-21 20:22 - 2016-02-21 20:22 - 05200752 _____ (MY.COM B.V.) C:\Users\Waleran\Desktop\SkyforgeLoader_a19cd06b1db3ee0124d5b295e6f44fc9__en.exe
2016-02-21 20:22 - 2016-02-21 20:22 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My.com Games
2016-02-18 11:59 - 2016-02-28 18:28 - 00012058 _____ C:\Users\Waleran\Desktop\gastos.xlsx
2016-02-17 22:02 - 2016-02-17 22:02 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-14 11:49 - 2016-02-14 12:00 - 00000000 ____D C:\Users\Waleran\Desktop\magic
2016-02-13 17:57 - 2016-02-14 13:25 - 00011025 _____ C:\Users\Waleran\Documents\magic.xlsx
2016-02-11 10:35 - 2016-02-28 17:15 - 00000000 ____D C:\Users\Waleran\Desktop\monsterhunter 3rd
2016-02-06 23:24 - 2016-02-06 23:24 - 00000000 ____D C:\Users\Putos fudidos\Tracing
2016-02-06 23:23 - 2016-02-06 23:24 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Skype
2016-02-04 19:35 - 2016-02-04 19:35 - 00003106 _____ C:\Windows\System32\Tasks\{11A7A447-A9B6-4160-B37F-FA845AD1BCCD}
2016-01-28 22:43 - 2016-01-28 22:43 - 00000000 ____D C:\Users\Waleran\AppData\Local\Ndemic Creations
2016-01-28 22:21 - 2016-02-06 23:22 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-28 22:21 - 2016-02-06 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-28 22:21 - 2016-01-28 22:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-28 22:07 - 2016-01-28 22:18 - 00000000 ____D C:\Users\Waleran\AppData\Local\SkypePlugin
2016-01-28 22:06 - 2016-01-28 22:06 - 14229504 _____ C:\Users\Waleran\Desktop\SkypeWebPlugin.msi
2016-01-28 21:02 - 2016-01-28 21:02 - 00000000 ____D C:\Users\Waleran\Documents\League of Legends
2016-01-27 16:36 - 2016-01-27 16:36 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Avira
2016-01-26 22:39 - 2016-01-26 22:39 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-01-25 22:35 - 2016-01-25 22:35 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-25 22:35 - 2016-01-25 22:35 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-25 22:35 - 2016-01-25 22:35 - 00000000 ____D C:\Program Files\CCleaner
2016-01-25 19:13 - 2016-01-25 19:13 - 00000684 _____ C:\Users\Waleran\Desktop\lol.launcher - Atalho.lnk
2016-01-25 18:59 - 2016-03-07 15:14 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Adobe
2016-01-25 18:59 - 2016-02-06 23:22 - 00134256 _____ C:\Users\Putos fudidos\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-25 18:59 - 2016-01-27 16:37 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\Google
2016-01-25 18:59 - 2016-01-27 16:32 - 00002249 _____ C:\Users\Putos fudidos\Desktop\Google Chrome.lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00001415 _____ C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00001381 _____ C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00001238 _____ C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Macromedia
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\ATI
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\ATI
2016-01-25 18:59 - 2016-01-25 18:59 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\AMD
2016-01-25 18:58 - 2016-02-06 23:24 - 00000000 ____D C:\Users\Putos fudidos
2016-01-25 18:58 - 2016-01-25 18:58 - 00607564 __RSH C:\Users\Putos fudidos\ntuser.pol
2016-01-25 18:58 - 2016-01-25 18:58 - 00000020 ___SH C:\Users\Putos fudidos\ntuser.ini
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Modelos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Meus documentos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Menu Iniciar
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Documents\Minhas músicas
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Documents\Minhas imagens
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Documents\Meus vídeos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Dados de aplicativos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Configurações locais
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\AppData\Local\Histórico
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\AppData\Local\Dados de aplicativos
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Ambiente de rede
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 _SHDL C:\Users\Putos fudidos\Ambiente de impressão
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Motorola Mobility
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\VirtualStore
2016-01-25 18:58 - 2015-05-18 01:22 - 00000000 ____D C:\Users\Putos fudidos\AppData\Local\Microsoft Help
2016-01-25 18:58 - 2009-07-14 15:11 - 00000000 ____D C:\Users\Putos fudidos\AppData\Roaming\Media Center Programs
2016-01-25 18:27 - 2016-01-25 18:58 - 00000660 __RSH C:\Users\Waleran\ntuser.pol
2016-01-24 18:28 - 2016-01-24 18:28 - 14992038 _____ ( ) C:\Users\Waleran\Desktop\klcp_update_1186_20160118.exe
2016-01-22 18:11 - 2016-01-22 18:11 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReduceTheLag
2016-01-22 18:11 - 2016-01-22 18:11 - 00000000 ____D C:\Program Files (x86)\ReducetheLag
2016-01-15 15:20 - 2016-01-15 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Motorola
2016-01-15 15:20 - 2016-01-15 15:20 - 00000000 ____D C:\ProgramData\Motorola
2016-01-15 15:16 - 2016-01-15 15:16 - 00003490 _____ C:\Windows\System32\Tasks\Motorola Device Manager Update
2016-01-15 15:16 - 2016-01-15 15:16 - 00003298 _____ C:\Windows\System32\Tasks\Motorola Device Manager Initial Update
2016-01-15 15:16 - 2016-01-15 15:16 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Motorola Mobility
2016-01-15 15:15 - 2016-01-15 15:16 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
2016-01-15 15:15 - 2016-01-15 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2016-01-15 15:15 - 2016-01-15 15:15 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-01-15 15:15 - 2016-01-15 15:15 - 00000000 ____D C:\Program Files (x86)\Motorola
2016-01-15 15:14 - 2016-01-15 15:14 - 00000000 ____D C:\Program Files\Motorola Mobility LLC
2016-01-15 15:14 - 2016-01-15 15:14 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2016-01-15 15:13 - 2016-01-15 15:13 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Motorola
2016-01-15 15:11 - 2016-01-15 15:11 - 34236544 _____ (Motorola Mobility) C:\Users\Waleran\Desktop\MotorolaDeviceManager_2.5.4.exe
2016-01-10 16:16 - 2016-01-11 00:32 - 00000000 ____D C:\Users\Waleran\AppData\Local\Origin
2016-01-10 16:16 - 2016-01-10 16:17 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Origin
2016-01-10 16:12 - 2016-01-11 00:35 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2016-01-10 16:12 - 2016-01-11 00:35 - 00000000 ____D C:\ProgramData\Origin
2016-01-10 16:12 - 2016-01-10 16:12 - 00000000 ____D C:\Users\Todos os Usuários\Electronic Arts
2016-01-10 16:12 - 2016-01-10 16:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-01-07 20:19 - 2016-01-07 20:19 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft Games
2016-01-06 19:38 - 2016-01-06 19:38 - 00003154 _____ C:\Windows\System32\Tasks\{04FC0CEC-EF06-4D34-AA41-B0AB2192D46A}
2016-01-03 16:33 - 2016-01-03 16:33 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Tera_Awesomium
2015-12-22 13:49 - 2015-12-22 13:49 - 00001277 _____ C:\Users\Waleran\Desktop\DarkSoulsII - Atalho.lnk
2015-12-22 11:55 - 2015-12-22 11:55 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\DarkSoulsII
2015-12-22 11:55 - 2015-12-22 11:55 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2015-12-22 11:55 - 2015-12-22 11:55 - 00000000 ____D C:\ProgramData\Steam
2015-12-21 11:25 - 2016-03-01 11:33 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\OBS
2015-12-21 11:25 - 2015-12-21 11:25 - 00000000 ____D C:\Users\Waleran\AppData\Local\assembly
2015-12-21 11:24 - 2015-12-21 11:25 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-12-21 11:24 - 2015-12-21 11:24 - 00000931 _____ C:\Users\Waleran\Desktop\Open Broadcaster Software.lnk
2015-12-17 09:28 - 2015-12-17 09:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-12-17 09:22 - 2015-12-17 17:35 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-12-17 09:22 - 2015-12-17 09:22 - 00000000 ____D C:\Users\Todos os Usuários\TXPCMGR
2015-12-17 09:22 - 2015-12-17 09:22 - 00000000 ____D C:\ProgramData\TXPCMGR
2015-12-17 01:38 - 2015-12-17 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-12-16 08:51 - 2015-12-16 08:51 - 00000000 ____D C:\Users\Waleran\Documents\Klei
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-15 08:05 - 2009-07-14 01:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-15 08:05 - 2009-07-14 01:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-15 07:50 - 2015-06-17 18:39 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3435526850-6769864-2887345629-1000UA.job
2016-03-15 07:33 - 2015-05-14 22:55 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 00:37 - 2015-05-14 23:03 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Skype
2016-03-15 00:29 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-03-15 00:28 - 2015-05-17 14:13 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-03-15 00:28 - 2015-05-17 14:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-14 23:59 - 2015-06-17 18:39 - 00000986 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3435526850-6769864-2887345629-1000Core.job
2016-03-14 23:33 - 2015-05-14 22:55 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 21:35 - 2015-05-14 22:55 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 20:48 - 2015-07-01 21:04 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\MPC-HC
2016-03-14 20:48 - 2015-06-08 19:45 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\uTorrent
2016-03-14 20:12 - 2015-05-14 22:30 - 00000177 ____H C:\dvmexp.idx
2016-03-14 20:04 - 2015-05-16 17:59 - 00000000 ___RD C:\Users\Waleran\Dropbox
2016-03-14 20:04 - 2015-05-16 17:55 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Dropbox
2016-03-14 20:03 - 2015-05-14 22:28 - 00000000 ___HD C:\temp
2016-03-14 20:02 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-14 16:51 - 2009-07-14 14:55 - 00704478 _____ C:\Windows\system32\prfh0416.dat
2016-03-14 16:51 - 2009-07-14 14:55 - 00146784 _____ C:\Windows\system32\prfc0416.dat
2016-03-14 16:51 - 2009-07-14 02:13 - 01631590 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-12 15:31 - 2015-05-17 19:59 - 00000000 ____D C:\Users\Waleran\Desktop\Matérias
2016-03-09 18:27 - 2015-05-15 09:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 09:42 - 2015-12-03 20:54 - 00000000 ____D C:\Users\Waleran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
2016-03-01 11:08 - 2014-08-18 17:38 - 00000000 ____D C:\Users\Waleran\Desktop\ppsspp
2016-02-28 18:23 - 2015-05-14 21:34 - 00000000 ____D C:\Users\Waleran\Desktop\Faixas
2016-02-28 14:00 - 2015-08-16 10:47 - 00000000 ___RD C:\Users\Waleran\Documents\Scanned Documents
2016-02-23 19:55 - 2015-05-17 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-02-23 19:54 - 2015-05-17 15:05 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
==================== Arquivos na raiz de alguns diretórios =======
2016-03-03 08:28 - 2016-03-03 08:28 - 0000000 ___SH () C:\Users\Waleran\AppData\Local\LumaEmu
2015-12-15 11:27 - 2016-01-13 16:54 - 0000296 _____ () C:\ProgramData\DP0004.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\DP0004.dat
C:\Users\Todos os Usuários\DP0004.dat
Alguns arquivos em TEMP:
====================
C:\Users\Putos fudidos\AppData\Local\Temp\avgnt.exe
C:\Users\Waleran\AppData\Local\Temp\avgnt.exe
C:\Users\Waleran\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll
[2009-07-13 20:38] - [2009-07-13 22:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E
C:\Windows\SysWOW64\User32.dll
[2015-06-19 20:50] - [2015-06-19 20:50] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-03-09 00:28
==================== Fim de FRST.txt ============================