Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01
Executado por PATO (administrador) em PATO-PC (10-04-2016 11:37:07)
Executando a partir de C:\Users\PATO\Desktop
Perfis Carregados: PATO (Perfis Disponíveis: PATO)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Users\PATO\AppData\Roaming\alFSVWJB\write.exe
() C:\Users\PATO\AppData\Roaming\alFSVWJB\write.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [write.exe] => C:\Users\PATO\AppData\Roaming\alFSVWJB\write.exe [367616 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [890239143] => C:\ProgramData\msfbtbgbd.exe [252928 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [1932504160] => C:\ProgramData\msadsijk.exe [256000 2009-07-13] ( )
HKLM\...\Policies\Explorer\Run: [1219911102] => C:\ProgramData\msnrf.exe [208384 2009-07-13] ( )
HKLM\...\Policies\Explorer\Run: [1068501281] => C:\ProgramData\msukbzv.exe [260608 2009-07-13] ( )
HKLM\...\Policies\Explorer\Run: [795814799] => C:\ProgramData\msrhhfhc.exe [248832 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [1202425724] => C:\ProgramData\msqjqslon.exe [216064 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [1049620416] => C:\ProgramData\msqhtfo.exe [304128 2009-07-13] (Foxit Software Inc. )
HKLM\...\Policies\Explorer\Run: [1857426109] => C:\ProgramData\msdxhmqr.exe [170496 2009-07-13] (GNU)
HKLM\...\Policies\Explorer\Run: [1969131783] => C:\ProgramData\msezlpc.exe [168448 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [421308888] => C:\ProgramData\mspubv.exe [254976 2009-07-13] (Dogecoin project)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sysazwb6says32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-136633451\sysae6w6azbys32.exe [240640 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [syee132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123261541\seifsy2132s.exe [242688 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [syeiaz822s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1220326261\seiafs1z432.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sy192zi3zz3s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13404193961\se1935zz3332.exe [239616 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sy192i3aaarrs] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-134019216261\se1923ar32.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [syszwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633145871\sysewzbys32.exe [238080 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [senewsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186345671\senewsys32.exe [243712 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sysazwbsays32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633451\sysaewazbys32.exe [239104 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [senzwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1363345871\senewzbys32.exe [241152 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sy192zi3zz3s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13404193961\se1935zz3332.exe [239616 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [senewsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186345671\senewsys32.exe [243712 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sysazwb6says32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-136633451\sysae6w6azbys32.exe [240640 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [syee132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123261541\seifsy2132s.exe [242688 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [syszwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633145871\sysewzbys32.exe [238080 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sysazwbsays32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633451\sysaewazbys32.exe [239104 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [syeiaz822s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1220326261\seiafs1z432.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sy192i3aaarrs] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-134019216261\se1923ar32.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [senzwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1363345871\senewzbys32.exe [241152 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\MountPoints2: {70d9ba37-c8ef-11e5-b522-fcaa14f63320} - F:\setup.exe
AppInit_DLLs: C:\ProgramData\sulpnar\Zoo-Trax.dll => Nenhum Arquivo
AppInit_DLLs-x32: C:\ProgramData\sulpnar\Alphastring.dll => Nenhum Arquivo
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyServer: [S-1-5-21-1363737306-1635023690-1365230788-1000] => http=localhost:5050
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll Nenhum Arquivo
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{D4EA8000-34F0-480E-804B-B8FB0FF58F15}: [DhcpNameServer] 192.168.15.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwL3R71HyLSaJ5NofO2Y_nWiDNUVsfN_2N-l1kcHdhYwHPcmeN_qWBX1PWOdVnYdweUir1aOjAznpM9VGS4pzSyp1Kxl6mdg,
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1363737306-1635023690-1365230788-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1363737306-1635023690-1365230788-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR Profile: C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-26]
CHR Extension: (Google Docs) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-26]
CHR Extension: (Google Drive) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-26]
CHR Extension: (Google Search) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Block site) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-04-03]
CHR Extension: (Planilhas do Google) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-26]
CHR Extension: (Documentos Google off-line) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-12-23]
CHR Extension: (Gmail) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-26]
CHR HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Arquivo não assinado]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 ApppaznoR; C:\ProgramData\\ApppaznoR\\ApppaznoR.exe -f "C:\ProgramData\\ApppaznoR\\ApppaznoR.dat" -l -a
S4 BitTorrent; "C:\Program Files\BitTorrent\BitTorrent.exe" /s iid=6092060 did=APSnapdoAMRev sid=3 ref=c6c9fab5-a679-fa02-b91b-3f3dfc90807e-PolicyMac id=93f91369c66d9ed1854d0dfafd477c6701deb682ab2f6e2c101c78949d8e2aa7 [X]
S4 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a
S4 dnwnuondupdownlsad; C:\Users\PATO\AppData\Local\Tamptone.exe doonioad dnwnuondupdownlsad [X]
S4 ggbugreport; "C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
S4 GoogleChromeUpSvc; C:\Users\PATO\AppData\Roaming\svrupg.exe /s GoogleChromeUpSvc /uid:51444 /local:br [X]
S4 Iatenl; "C:\Users\PATO\AppData\Roaming\LakjVaiaae\Nerrutiq.exe" -cms [X]
S4 Oudafbim; "C:\Users\PATO\AppData\Roaming\Dugusiac\Dugusiac.exe" -cms [X]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S4 rijufoze; C:\Program Files (x86)\03AA02FC-1459619217-05F6-3306-200700080009\hnse3AFC.tmp [X]
S4 rocufyky; C:\Program Files (x86)\03AA02FC-1459619217-05F6-3306-200700080009\jnst22A9.tmp [X]
S4 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [X]
S4 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X]
S4 sulpnar; C:\ProgramData\\sulpnar\\sulpnar.exe -f "C:\ProgramData\\sulpnar\\sulpnar.dat" -l -a
S2 Winsere; "C:\Program Files (x86)\Winsere\Winsere\Winsere.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
S4 XBox; C:\Users\PATO\AppData\Roaming\XBox\XBLive.exe [X]
S4 xohywuruzbt; C:\Program Files (x86)\03AA02FC-1459619217-05F6-3306-200700080009\knso322.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82752 2016-04-02] (Cherimoya Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-09] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-09] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-02] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 cpuz134; \??\C:\Users\PATO\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 egg_protect; \??\C:\Windows\EProtect_amd64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-10 11:37 - 2016-04-10 11:37 - 00022773 _____ C:\Users\PATO\Desktop\FRST.txt
2016-04-10 11:36 - 2016-04-10 11:37 - 00000000 ____D C:\FRST
2016-04-10 11:34 - 2016-04-10 11:34 - 02374144 _____ (Farbar) C:\Users\PATO\Desktop\FRST64.exe
2016-04-10 11:29 - 2016-04-10 11:29 - 00408919 __RSH C:\VCFBN
2016-04-10 11:13 - 2015-05-04 09:21 - 00000000 ___RD C:\Users\PATO\Downloads\AtvdR W7 By PH Downs
2016-04-10 11:10 - 2016-04-10 11:10 - 02539067 _____ C:\Users\PATO\Downloads\AtvdR W7 By PH Downs.rar
2016-04-09 21:48 - 2016-04-09 21:48 - 00000000 ____D C:\$WINDOWS.~LS
2016-04-09 21:27 - 2016-04-09 21:27 - 00002086 _____ C:\Users\PATO\Desktop\Informe de compatibilidad de Windows.htm
2016-04-09 20:58 - 2016-04-09 21:58 - 00002543 _____ C:\Windows\diagwrn.xml
2016-04-09 20:58 - 2016-04-09 21:58 - 00001890 _____ C:\Windows\diagerr.xml
2016-04-09 15:47 - 2016-04-09 15:47 - 00000079 _____ C:\Users\PATO\Downloads\cacheupdater
2016-04-07 12:25 - 2016-04-07 12:22 - 262144000 _____ C:\Users\PATO\Downloads\Win7 64Bits.part09.rar
2016-04-07 12:18 - 2016-04-07 12:18 - 00000000 ____D C:\Users\PATO\Downloads\Nova pasta
2016-04-04 23:43 - 2016-04-05 04:41 - 00000675 _____ C:\Users\PATO\AppData\default.pls
2016-04-04 21:30 - 2016-04-04 21:30 - 00000000 ____D C:\Users\PATO\AppData\Local\Ahead
2016-04-04 21:13 - 2016-04-04 21:13 - 00002786 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2016-04-04 21:13 - 2016-04-04 21:13 - 00002646 _____ C:\Users\Public\Desktop\Nero Home.lnk
2016-04-04 21:13 - 2016-04-04 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2016-04-04 21:12 - 2016-04-06 22:53 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Ahead
2016-04-04 21:12 - 2016-04-04 21:12 - 00000000 ____D C:\Users\Todos os Usuários\Ahead
2016-04-04 21:12 - 2016-04-04 21:12 - 00000000 ____D C:\ProgramData\Ahead
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\Users\Todos os Usuários\Nero
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\ProgramData\Nero
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\Program Files (x86)\Nero
2016-04-04 21:09 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-04-04 21:09 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-04-04 21:02 - 2016-04-04 21:03 - 00000000 ____D C:\Users\PATO\Desktop\Nero StartSmart By MaxTuto
2016-04-04 20:32 - 2016-04-04 20:32 - 00000000 ____D C:\Users\PATO\Documents\HandHistory
2016-04-03 14:23 - 2016-04-03 14:23 - 00000000 ____D C:\Users\PATO\AppData\Roaming\MPC-HC
2016-04-03 14:02 - 2016-04-10 11:31 - 00000328 ____H C:\Windows\Tasks\alFSVWJB.job
2016-04-03 14:02 - 2016-04-03 14:02 - 00000000 _____ C:\Windows\kernel32.dll
2016-04-03 13:47 - 2016-04-10 11:01 - 00000000 ____D C:\Users\PATO\AppData\Local\CrashDumps
2016-04-03 13:44 - 2016-04-10 11:35 - 00015392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-03 13:44 - 2016-04-10 11:35 - 00015392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-03 13:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-04-03 13:44 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-04-03 13:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-04-03 13:43 - 2016-03-29 22:06 - 01373680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-04-03 13:43 - 2016-03-29 22:06 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-04-03 13:43 - 2016-03-21 17:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-03 13:43 - 2016-03-21 17:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-03 13:43 - 2016-03-21 17:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-03 13:41 - 2016-04-10 11:30 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-03 13:41 - 2016-04-10 11:30 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-04-03 13:41 - 2016-04-10 11:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-03 13:41 - 2016-04-03 13:41 - 00003966 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-03 13:39 - 2016-04-03 13:39 - 00000234 _____ C:\Windows\ntbtlog.txt
2016-04-03 12:00 - 2016-04-03 12:00 - 00108840 _____ C:\Users\PATO\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-03 00:07 - 2016-04-03 00:07 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-03 00:06 - 2016-04-03 00:07 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-03 00:01 - 2016-04-03 00:01 - 00003080 _____ C:\Windows\System32\Tasks\osTip
2016-04-02 21:41 - 2016-04-02 21:41 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-02 21:41 - 2016-04-02 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-04-02 21:41 - 2016-04-02 21:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-04-02 21:41 - 2012-07-03 13:46 - 00024904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2016-04-02 20:23 - 2016-04-02 20:23 - 00000000 _____ C:\autoexec.bat
2016-04-02 20:21 - 2016-04-02 20:21 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-02 19:02 - 2016-04-02 19:02 - 00000000 ____D C:\Windows\system32\ilou
2016-04-02 18:59 - 2016-04-02 18:59 - 00022878 _____ C:\Windows\System32\Tasks\{790F7847-040C-7909-0C11-7A0D0A0C1179}
2016-04-02 18:59 - 2016-04-02 18:59 - 00022164 _____ C:\Windows\System32\Tasks\DNSWILLISTON
2016-04-02 18:59 - 2016-04-02 18:59 - 00003726 _____ C:\Windows\System32\Tasks\DNS Monitoring
2016-04-02 18:56 - 2016-04-02 18:56 - 00003146 _____ C:\Windows\System32\Tasks\{4F7A2D45-214D-4A7B-A3F6-C33B1F693903}
2016-04-02 18:55 - 2016-04-10 11:31 - 00002928 _____ C:\Windows\System32\Tasks\alFSVWJB
2016-04-02 18:54 - 2016-04-02 18:54 - 00003336 _____ C:\Windows\System32\Tasks\Ovamwext
2016-04-02 18:22 - 2016-04-02 18:22 - 00000286 __RSH C:\Users\PATO\ntuser.pol
2016-04-02 14:47 - 2016-04-02 14:45 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-02 14:46 - 2016-04-02 14:46 - 00000680 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-04-02 14:46 - 2016-04-02 14:46 - 00000680 __RSH C:\ProgramData\ntuser.pol
2016-04-02 14:43 - 2016-04-02 14:43 - 00015160 _____ C:\Windows\System32\Tasks\WinTaske
2016-04-02 09:35 - 2016-04-02 18:53 - 00082752 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-31 17:14 - 2016-03-31 17:14 - 00000000 ____D C:\Users\PATO\AppData\Roaming\NVIDIA
2016-03-30 08:23 - 2016-03-30 08:24 - 00011010 _____ C:\Users\PATO\Desktop\tradução naruto.rar
2016-03-29 23:09 - 2016-04-03 14:02 - 00000000 ____D C:\Program Files (x86)\Naruto Shippuden Ultimate Ninja Storm Revolution
2016-03-29 19:33 - 2016-03-29 19:33 - 00000000 ___SD C:\Users\PATO\AppData\LocalLow\Temp
2016-03-29 18:46 - 2016-03-29 18:46 - 00000000 ____D C:\Users\PATO\AppData\Local\Disc_Soft_Ltd
2016-03-23 13:46 - 2016-04-03 13:43 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-23 13:46 - 2016-03-23 13:47 - 00000000 ____D C:\Users\PATO\AppData\Local\NVIDIA
2016-03-23 13:45 - 2016-03-29 22:05 - 01767248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-23 13:45 - 2016-03-29 22:05 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-23 13:45 - 2016-03-29 22:05 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-23 13:45 - 2016-03-23 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-23 13:44 - 2015-11-24 20:10 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-03-23 13:44 - 2015-11-24 15:40 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-03-23 13:44 - 2015-11-23 07:38 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2016-03-23 13:42 - 2015-11-24 20:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-03-23 13:42 - 2015-11-24 20:10 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-03-23 13:42 - 2015-11-24 20:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2016-03-23 13:13 - 2016-03-23 13:13 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Steam
2016-03-04 02:44 - 2016-03-04 02:44 - 00000849 _____ C:\Users\PATO\Desktop\gens - Atalho.lnk
2016-03-04 02:21 - 2016-03-04 02:21 - 00000516 _____ C:\Users\PATO\Desktop\ePSXe - Atalho.lnk
2016-03-04 00:36 - 2016-03-04 00:36 - 00000000 ____D C:\Users\PATO\AppData\Roaming\fltk.org
2016-03-02 21:35 - 2016-03-02 21:35 - 00003788 _____ C:\Windows\System32\Tasks\klcp_update
2016-03-02 21:35 - 2016-03-02 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-03-02 21:35 - 2015-12-18 07:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2016-03-02 21:35 - 2015-12-18 07:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2016-03-02 21:35 - 2015-10-24 14:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2016-03-02 21:35 - 2015-02-28 13:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-03-02 21:35 - 2012-07-21 08:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-03-02 21:35 - 2011-12-07 15:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-03-02 21:34 - 2016-03-02 21:35 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-03-01 15:43 - 2016-03-01 15:44 - 00000000 ____D C:\Users\PATO\Desktop\online]
2016-03-01 13:48 - 2016-03-01 13:48 - 00000000 ____D C:\Users\PATO\AppData\Local\Steam
2016-02-11 11:01 - 2016-02-11 11:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-11 11:01 - 2016-02-11 11:01 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Macromedia
2016-02-11 11:01 - 2016-02-11 11:01 - 00000000 ____D C:\Users\PATO\AppData\Local\CEF
2016-02-09 05:33 - 2016-04-03 14:02 - 00000000 ____D C:\Program Files (x86)\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst
2016-02-09 05:30 - 2016-02-09 05:30 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-02-09 05:17 - 2016-02-09 05:17 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Mozilla
2016-02-09 05:14 - 2016-04-03 00:09 - 00000000 ____D C:\Users\PATO\AppData\Roaming\DAEMON Tools Lite
2016-02-09 05:14 - 2016-02-09 13:33 - 00001817 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-02-09 05:14 - 2016-02-09 05:30 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-02-09 05:14 - 2016-02-09 05:29 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-02-09 05:14 - 2016-02-09 05:14 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-02-09 05:14 - 2016-02-09 05:14 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-19 21:50 - 2016-01-20 22:38 - 00000000 ____D C:\Users\PATO\AppData\Local\PokerStars
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-10 11:01 - 2015-03-18 21:46 - 00000000 ____D C:\Users\PATO\AppData\Roaming\uTorrent
2016-04-09 14:38 - 2009-08-06 01:31 - 00703474 _____ C:\Windows\system32\prfh0416.dat
2016-04-09 14:38 - 2009-08-06 01:31 - 00146260 _____ C:\Windows\system32\prfc0416.dat
2016-04-09 14:38 - 2009-07-14 02:13 - 01628616 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-09 14:38 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-04-04 21:25 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-04 20:33 - 2015-12-23 19:52 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker
2016-04-03 13:44 - 2015-03-31 12:15 - 00000000 ____D C:\Users\PATO\AppData\Local\NVIDIA Corporation
2016-04-03 13:43 - 2015-03-18 18:29 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2016-04-03 13:43 - 2015-03-18 18:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-03 12:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-04-03 12:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-04-03 12:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-03 12:53 - 2015-11-09 23:37 - 00000000 ____D C:\Users\PATO\AppData\LocalLow\uTorrent
2016-04-03 12:08 - 2015-03-18 14:10 - 00000000 ____D C:\Users\PATO
2016-04-03 00:06 - 2015-04-02 00:29 - 00004060 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-03 00:06 - 2015-04-02 00:29 - 00003808 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-02 23:23 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-02 22:57 - 2015-03-18 14:11 - 00001435 _____ C:\Users\PATO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-02 21:41 - 2015-03-31 23:24 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Malwarebytes
2016-04-02 20:22 - 2015-10-10 10:09 - 00000000 ____D C:\Users\PATO\Desktop\foto
2016-04-02 20:05 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-02 19:17 - 2015-03-18 14:11 - 00001401 _____ C:\Users\PATO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-02 19:08 - 2015-04-02 00:29 - 00002120 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-02 18:55 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-02 14:46 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-29 19:17 - 2015-03-20 13:26 - 00000000 ____D C:\Users\PATO\AppData\Roaming\TS3Client
2016-03-27 09:19 - 2015-03-18 17:51 - 00000000 ____D C:\Users\PATO\AppData\Local\ElevatedDiagnostics
2016-03-23 20:56 - 2009-07-14 02:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-23 13:45 - 2015-03-18 18:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-23 13:45 - 2015-03-18 18:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-23 13:44 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Help
2016-03-20 20:22 - 2015-12-23 20:01 - 00000000 ____D C:\Users\PATO\AppData\Local\FullTiltPoker
2016-03-14 08:10 - 2015-04-07 23:48 - 00000000 ____D C:\Users\PATO\AppData\Roaming\TeamViewer
==================== Arquivos na raiz de alguns diretórios =======
2009-07-13 20:31 - 2009-07-13 22:14 - 0256000 ___SH ( ) C:\ProgramData\msadsijk.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0170496 ___SH (GNU) C:\ProgramData\msdxhmqr.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0168448 ___SH () C:\ProgramData\msezlpc.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0252928 ___SH () C:\ProgramData\msfbtbgbd.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0208384 ___SH ( ) C:\ProgramData\msnrf.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0254976 ___SH (Dogecoin project) C:\ProgramData\mspubv.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0304128 ___SH (Foxit Software Inc. ) C:\ProgramData\msqhtfo.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0216064 ___SH () C:\ProgramData\msqjqslon.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0248832 ___SH () C:\ProgramData\msrhhfhc.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0260608 ___SH ( ) C:\ProgramData\msukbzv.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\msadsijk.exe
C:\ProgramData\msdxhmqr.exe
C:\ProgramData\msezlpc.exe
C:\ProgramData\msfbtbgbd.exe
C:\ProgramData\msnrf.exe
C:\ProgramData\mspubv.exe
C:\ProgramData\msqhtfo.exe
C:\ProgramData\msqjqslon.exe
C:\ProgramData\msrhhfhc.exe
C:\ProgramData\msukbzv.exe
C:\Users\Todos os Usuários\msadsijk.exe
C:\Users\Todos os Usuários\msdxhmqr.exe
C:\Users\Todos os Usuários\msezlpc.exe
C:\Users\Todos os Usuários\msfbtbgbd.exe
C:\Users\Todos os Usuários\msnrf.exe
C:\Users\Todos os Usuários\mspubv.exe
C:\Users\Todos os Usuários\msqhtfo.exe
C:\Users\Todos os Usuários\msqjqslon.exe
C:\Users\Todos os Usuários\msrhhfhc.exe
C:\Users\Todos os Usuários\msukbzv.exe
Alguns arquivos em TEMP:
====================
C:\Users\PATO\AppData\Local\Temp\18362.exe
C:\Users\PATO\AppData\Local\Temp\438847.exe
C:\Users\PATO\AppData\Local\Temp\453909.exe
C:\Users\PATO\AppData\Local\Temp\KB00243065.exe
C:\Users\PATO\AppData\Local\Temp\KB00247916.exe
C:\Users\PATO\AppData\Local\Temp\KB00251239.exe
C:\Users\PATO\AppData\Local\Temp\KB00257432.exe
C:\Users\PATO\AppData\Local\Temp\KB21749284.exe
C:\Users\PATO\AppData\Local\Temp\KB21750735.exe
C:\Users\PATO\AppData\Local\Temp\KB21753465.exe
C:\Users\PATO\AppData\Local\Temp\KB74392259.exe
Alguns com tamanho de zero byte arquivos/pastas:
==========================
C:\Windows\kernel32.dll
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-10 01:00
==================== Fim de FRST.txt ============================
Executado por PATO (administrador) em PATO-PC (10-04-2016 11:37:07)
Executando a partir de C:\Users\PATO\Desktop
Perfis Carregados: PATO (Perfis Disponíveis: PATO)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
() C:\Users\PATO\AppData\Roaming\alFSVWJB\write.exe
() C:\Users\PATO\AppData\Roaming\alFSVWJB\write.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM-x32\...\Run: [write.exe] => C:\Users\PATO\AppData\Roaming\alFSVWJB\write.exe [367616 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [890239143] => C:\ProgramData\msfbtbgbd.exe [252928 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [1932504160] => C:\ProgramData\msadsijk.exe [256000 2009-07-13] ( )
HKLM\...\Policies\Explorer\Run: [1219911102] => C:\ProgramData\msnrf.exe [208384 2009-07-13] ( )
HKLM\...\Policies\Explorer\Run: [1068501281] => C:\ProgramData\msukbzv.exe [260608 2009-07-13] ( )
HKLM\...\Policies\Explorer\Run: [795814799] => C:\ProgramData\msrhhfhc.exe [248832 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [1202425724] => C:\ProgramData\msqjqslon.exe [216064 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [1049620416] => C:\ProgramData\msqhtfo.exe [304128 2009-07-13] (Foxit Software Inc. )
HKLM\...\Policies\Explorer\Run: [1857426109] => C:\ProgramData\msdxhmqr.exe [170496 2009-07-13] (GNU)
HKLM\...\Policies\Explorer\Run: [1969131783] => C:\ProgramData\msezlpc.exe [168448 2009-07-13] ()
HKLM\...\Policies\Explorer\Run: [421308888] => C:\ProgramData\mspubv.exe [254976 2009-07-13] (Dogecoin project)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sysazwb6says32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-136633451\sysae6w6azbys32.exe [240640 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [syee132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123261541\seifsy2132s.exe [242688 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [syeiaz822s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1220326261\seiafs1z432.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sy192zi3zz3s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13404193961\se1935zz3332.exe [239616 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sy192i3aaarrs] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-134019216261\se1923ar32.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [syszwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633145871\sysewzbys32.exe [238080 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [senewsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186345671\senewsys32.exe [243712 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [sysazwbsays32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633451\sysaewazbys32.exe [239104 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [senzwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1363345871\senewzbys32.exe [241152 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sy192zi3zz3s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13404193961\se1935zz3332.exe [239616 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [senewsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186345671\senewsys32.exe [243712 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sysazwb6says32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-136633451\sysae6w6azbys32.exe [240640 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [syee132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123261541\seifsy2132s.exe [242688 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [syszwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633145871\sysewzbys32.exe [238080 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sysazwbsays32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633451\sysaewazbys32.exe [239104 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [syeiaz822s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1220326261\seiafs1z432.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [sy192i3aaarrs] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-134019216261\se1923ar32.exe [235520 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\RunOnce: [senzwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1363345871\senewzbys32.exe [241152 2016-04-09] (Dogecoin project)
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\...\MountPoints2: {70d9ba37-c8ef-11e5-b522-fcaa14f63320} - F:\setup.exe
AppInit_DLLs: C:\ProgramData\sulpnar\Zoo-Trax.dll => Nenhum Arquivo
AppInit_DLLs-x32: C:\ProgramData\sulpnar\Alphastring.dll => Nenhum Arquivo
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyServer: [S-1-5-21-1363737306-1635023690-1365230788-1000] => http=localhost:5050
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll Nenhum Arquivo
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{D4EA8000-34F0-480E-804B-B8FB0FF58F15}: [DhcpNameServer] 192.168.15.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwL3R71HyLSaJ5NofO2Y_nWiDNUVsfN_2N-l1kcHdhYwHPcmeN_qWBX1PWOdVnYdweUir1aOjAznpM9VGS4pzSyp1Kxl6mdg,
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1363737306-1635023690-1365230788-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1363737306-1635023690-1365230788-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerBeIk9GgtbG1xu_wkfSdCtFv6IWYQwJlvbZV7xb7dZJhnRLxc0oNgx0VNKmjFSUJwLGrv4xzcsGyxwAr0IPDQMHkFCvZz-tlI1yCMgx55TkwnRGDGN5JzfyTxoz3ltcP5f8Hl4XrhplRE9iRDBQmisQYjQSjmyE,&q={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}
CHR Profile: C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-26]
CHR Extension: (Google Docs) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-26]
CHR Extension: (Google Drive) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-26]
CHR Extension: (Google Search) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Block site) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-04-03]
CHR Extension: (Planilhas do Google) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-26]
CHR Extension: (Documentos Google off-line) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2015-12-23]
CHR Extension: (Gmail) - C:\Users\PATO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-26]
CHR HKU\S-1-5-21-1363737306-1635023690-1365230788-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [Arquivo não assinado]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 ApppaznoR; C:\ProgramData\\ApppaznoR\\ApppaznoR.exe -f "C:\ProgramData\\ApppaznoR\\ApppaznoR.dat" -l -a
S4 BitTorrent; "C:\Program Files\BitTorrent\BitTorrent.exe" /s iid=6092060 did=APSnapdoAMRev sid=3 ref=c6c9fab5-a679-fa02-b91b-3f3dfc90807e-PolicyMac id=93f91369c66d9ed1854d0dfafd477c6701deb682ab2f6e2c101c78949d8e2aa7 [X]
S4 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a
S4 dnwnuondupdownlsad; C:\Users\PATO\AppData\Local\Tamptone.exe doonioad dnwnuondupdownlsad [X]
S4 ggbugreport; "C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
S4 GoogleChromeUpSvc; C:\Users\PATO\AppData\Roaming\svrupg.exe /s GoogleChromeUpSvc /uid:51444 /local:br [X]
S4 Iatenl; "C:\Users\PATO\AppData\Roaming\LakjVaiaae\Nerrutiq.exe" -cms [X]
S4 Oudafbim; "C:\Users\PATO\AppData\Roaming\Dugusiac\Dugusiac.exe" -cms [X]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S4 rijufoze; C:\Program Files (x86)\03AA02FC-1459619217-05F6-3306-200700080009\hnse3AFC.tmp [X]
S4 rocufyky; C:\Program Files (x86)\03AA02FC-1459619217-05F6-3306-200700080009\jnst22A9.tmp [X]
S4 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [X]
S4 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X]
S4 sulpnar; C:\ProgramData\\sulpnar\\sulpnar.exe -f "C:\ProgramData\\sulpnar\\sulpnar.dat" -l -a
S2 Winsere; "C:\Program Files (x86)\Winsere\Winsere\Winsere.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
S4 XBox; C:\Users\PATO\AppData\Roaming\XBox\XBLive.exe [X]
S4 xohywuruzbt; C:\Program Files (x86)\03AA02FC-1459619217-05F6-3306-200700080009\knso322.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82752 2016-04-02] (Cherimoya Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-09] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-09] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-02] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 cpuz134; \??\C:\Users\PATO\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 egg_protect; \??\C:\Windows\EProtect_amd64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-10 11:37 - 2016-04-10 11:37 - 00022773 _____ C:\Users\PATO\Desktop\FRST.txt
2016-04-10 11:36 - 2016-04-10 11:37 - 00000000 ____D C:\FRST
2016-04-10 11:34 - 2016-04-10 11:34 - 02374144 _____ (Farbar) C:\Users\PATO\Desktop\FRST64.exe
2016-04-10 11:29 - 2016-04-10 11:29 - 00408919 __RSH C:\VCFBN
2016-04-10 11:13 - 2015-05-04 09:21 - 00000000 ___RD C:\Users\PATO\Downloads\AtvdR W7 By PH Downs
2016-04-10 11:10 - 2016-04-10 11:10 - 02539067 _____ C:\Users\PATO\Downloads\AtvdR W7 By PH Downs.rar
2016-04-09 21:48 - 2016-04-09 21:48 - 00000000 ____D C:\$WINDOWS.~LS
2016-04-09 21:27 - 2016-04-09 21:27 - 00002086 _____ C:\Users\PATO\Desktop\Informe de compatibilidad de Windows.htm
2016-04-09 20:58 - 2016-04-09 21:58 - 00002543 _____ C:\Windows\diagwrn.xml
2016-04-09 20:58 - 2016-04-09 21:58 - 00001890 _____ C:\Windows\diagerr.xml
2016-04-09 15:47 - 2016-04-09 15:47 - 00000079 _____ C:\Users\PATO\Downloads\cacheupdater
2016-04-07 12:25 - 2016-04-07 12:22 - 262144000 _____ C:\Users\PATO\Downloads\Win7 64Bits.part09.rar
2016-04-07 12:18 - 2016-04-07 12:18 - 00000000 ____D C:\Users\PATO\Downloads\Nova pasta
2016-04-04 23:43 - 2016-04-05 04:41 - 00000675 _____ C:\Users\PATO\AppData\default.pls
2016-04-04 21:30 - 2016-04-04 21:30 - 00000000 ____D C:\Users\PATO\AppData\Local\Ahead
2016-04-04 21:13 - 2016-04-04 21:13 - 00002786 _____ C:\Users\Public\Desktop\Nero StartSmart.lnk
2016-04-04 21:13 - 2016-04-04 21:13 - 00002646 _____ C:\Users\Public\Desktop\Nero Home.lnk
2016-04-04 21:13 - 2016-04-04 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Ultra Edition
2016-04-04 21:12 - 2016-04-06 22:53 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Ahead
2016-04-04 21:12 - 2016-04-04 21:12 - 00000000 ____D C:\Users\Todos os Usuários\Ahead
2016-04-04 21:12 - 2016-04-04 21:12 - 00000000 ____D C:\ProgramData\Ahead
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\Users\Todos os Usuários\Nero
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\ProgramData\Nero
2016-04-04 21:11 - 2016-04-04 21:11 - 00000000 ____D C:\Program Files (x86)\Nero
2016-04-04 21:09 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-04-04 21:09 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-04-04 21:02 - 2016-04-04 21:03 - 00000000 ____D C:\Users\PATO\Desktop\Nero StartSmart By MaxTuto
2016-04-04 20:32 - 2016-04-04 20:32 - 00000000 ____D C:\Users\PATO\Documents\HandHistory
2016-04-03 14:23 - 2016-04-03 14:23 - 00000000 ____D C:\Users\PATO\AppData\Roaming\MPC-HC
2016-04-03 14:02 - 2016-04-10 11:31 - 00000328 ____H C:\Windows\Tasks\alFSVWJB.job
2016-04-03 14:02 - 2016-04-03 14:02 - 00000000 _____ C:\Windows\kernel32.dll
2016-04-03 13:47 - 2016-04-10 11:01 - 00000000 ____D C:\Users\PATO\AppData\Local\CrashDumps
2016-04-03 13:44 - 2016-04-10 11:35 - 00015392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-03 13:44 - 2016-04-10 11:35 - 00015392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-03 13:44 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-04-03 13:44 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-04-03 13:44 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-04-03 13:43 - 2016-03-29 22:06 - 01373680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-04-03 13:43 - 2016-03-29 22:06 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-04-03 13:43 - 2016-03-21 17:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-03 13:43 - 2016-03-21 17:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-03 13:43 - 2016-03-21 17:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-03 13:41 - 2016-04-10 11:30 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-03 13:41 - 2016-04-10 11:30 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-04-03 13:41 - 2016-04-10 11:30 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-03 13:41 - 2016-04-03 13:41 - 00003966 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-03 13:39 - 2016-04-03 13:39 - 00000234 _____ C:\Windows\ntbtlog.txt
2016-04-03 12:00 - 2016-04-03 12:00 - 00108840 _____ C:\Users\PATO\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-03 00:07 - 2016-04-03 00:07 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-03 00:06 - 2016-04-03 00:07 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-03 00:01 - 2016-04-03 00:01 - 00003080 _____ C:\Windows\System32\Tasks\osTip
2016-04-02 21:41 - 2016-04-02 21:41 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-02 21:41 - 2016-04-02 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-04-02 21:41 - 2016-04-02 21:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-04-02 21:41 - 2012-07-03 13:46 - 00024904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2016-04-02 20:23 - 2016-04-02 20:23 - 00000000 _____ C:\autoexec.bat
2016-04-02 20:21 - 2016-04-02 20:21 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-04-02 19:02 - 2016-04-02 19:02 - 00000000 ____D C:\Windows\system32\ilou
2016-04-02 18:59 - 2016-04-02 18:59 - 00022878 _____ C:\Windows\System32\Tasks\{790F7847-040C-7909-0C11-7A0D0A0C1179}
2016-04-02 18:59 - 2016-04-02 18:59 - 00022164 _____ C:\Windows\System32\Tasks\DNSWILLISTON
2016-04-02 18:59 - 2016-04-02 18:59 - 00003726 _____ C:\Windows\System32\Tasks\DNS Monitoring
2016-04-02 18:56 - 2016-04-02 18:56 - 00003146 _____ C:\Windows\System32\Tasks\{4F7A2D45-214D-4A7B-A3F6-C33B1F693903}
2016-04-02 18:55 - 2016-04-10 11:31 - 00002928 _____ C:\Windows\System32\Tasks\alFSVWJB
2016-04-02 18:54 - 2016-04-02 18:54 - 00003336 _____ C:\Windows\System32\Tasks\Ovamwext
2016-04-02 18:22 - 2016-04-02 18:22 - 00000286 __RSH C:\Users\PATO\ntuser.pol
2016-04-02 14:47 - 2016-04-02 14:45 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-02 14:46 - 2016-04-02 14:46 - 00000680 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-04-02 14:46 - 2016-04-02 14:46 - 00000680 __RSH C:\ProgramData\ntuser.pol
2016-04-02 14:43 - 2016-04-02 14:43 - 00015160 _____ C:\Windows\System32\Tasks\WinTaske
2016-04-02 09:35 - 2016-04-02 18:53 - 00082752 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-31 17:14 - 2016-03-31 17:14 - 00000000 ____D C:\Users\PATO\AppData\Roaming\NVIDIA
2016-03-30 08:23 - 2016-03-30 08:24 - 00011010 _____ C:\Users\PATO\Desktop\tradução naruto.rar
2016-03-29 23:09 - 2016-04-03 14:02 - 00000000 ____D C:\Program Files (x86)\Naruto Shippuden Ultimate Ninja Storm Revolution
2016-03-29 19:33 - 2016-03-29 19:33 - 00000000 ___SD C:\Users\PATO\AppData\LocalLow\Temp
2016-03-29 18:46 - 2016-03-29 18:46 - 00000000 ____D C:\Users\PATO\AppData\Local\Disc_Soft_Ltd
2016-03-23 13:46 - 2016-04-03 13:43 - 00001381 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-03-23 13:46 - 2016-03-23 13:47 - 00000000 ____D C:\Users\PATO\AppData\Local\NVIDIA
2016-03-23 13:45 - 2016-03-29 22:05 - 01767248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-23 13:45 - 2016-03-29 22:05 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-23 13:45 - 2016-03-29 22:05 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-23 13:45 - 2016-03-23 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-23 13:44 - 2015-11-24 20:10 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-03-23 13:44 - 2015-11-24 15:40 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-03-23 13:44 - 2015-11-24 15:40 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-03-23 13:44 - 2015-11-23 07:38 - 06049858 _____ C:\Windows\system32\nvcoproc.bin
2016-03-23 13:42 - 2015-11-24 20:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 17516040 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-03-23 13:42 - 2015-11-24 20:10 - 03579696 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-03-23 13:42 - 2015-11-24 20:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-03-23 13:42 - 2015-11-24 20:10 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2016-03-23 13:13 - 2016-03-23 13:13 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Steam
2016-03-04 02:44 - 2016-03-04 02:44 - 00000849 _____ C:\Users\PATO\Desktop\gens - Atalho.lnk
2016-03-04 02:21 - 2016-03-04 02:21 - 00000516 _____ C:\Users\PATO\Desktop\ePSXe - Atalho.lnk
2016-03-04 00:36 - 2016-03-04 00:36 - 00000000 ____D C:\Users\PATO\AppData\Roaming\fltk.org
2016-03-02 21:35 - 2016-03-02 21:35 - 00003788 _____ C:\Windows\System32\Tasks\klcp_update
2016-03-02 21:35 - 2016-03-02 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-03-02 21:35 - 2015-12-18 07:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll
2016-03-02 21:35 - 2015-12-18 07:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll
2016-03-02 21:35 - 2015-10-24 14:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2016-03-02 21:35 - 2015-02-28 13:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-03-02 21:35 - 2012-07-21 08:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-03-02 21:35 - 2011-12-07 15:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-03-02 21:34 - 2016-03-02 21:35 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-03-01 15:43 - 2016-03-01 15:44 - 00000000 ____D C:\Users\PATO\Desktop\online]
2016-03-01 13:48 - 2016-03-01 13:48 - 00000000 ____D C:\Users\PATO\AppData\Local\Steam
2016-02-11 11:01 - 2016-02-11 11:01 - 00000000 ____D C:\Windows\system32\Macromed
2016-02-11 11:01 - 2016-02-11 11:01 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Macromedia
2016-02-11 11:01 - 2016-02-11 11:01 - 00000000 ____D C:\Users\PATO\AppData\Local\CEF
2016-02-09 05:33 - 2016-04-03 14:02 - 00000000 ____D C:\Program Files (x86)\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst
2016-02-09 05:30 - 2016-02-09 05:30 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-02-09 05:17 - 2016-02-09 05:17 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Mozilla
2016-02-09 05:14 - 2016-04-03 00:09 - 00000000 ____D C:\Users\PATO\AppData\Roaming\DAEMON Tools Lite
2016-02-09 05:14 - 2016-02-09 13:33 - 00001817 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-02-09 05:14 - 2016-02-09 05:30 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-02-09 05:14 - 2016-02-09 05:29 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-02-09 05:14 - 2016-02-09 05:14 - 00000000 ____D C:\Users\Todos os Usuários\DAEMON Tools Lite
2016-02-09 05:14 - 2016-02-09 05:14 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-19 21:50 - 2016-01-20 22:38 - 00000000 ____D C:\Users\PATO\AppData\Local\PokerStars
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-10 11:01 - 2015-03-18 21:46 - 00000000 ____D C:\Users\PATO\AppData\Roaming\uTorrent
2016-04-09 14:38 - 2009-08-06 01:31 - 00703474 _____ C:\Windows\system32\prfh0416.dat
2016-04-09 14:38 - 2009-08-06 01:31 - 00146260 _____ C:\Windows\system32\prfc0416.dat
2016-04-09 14:38 - 2009-07-14 02:13 - 01628616 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-09 14:38 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-04-04 21:25 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-04-04 20:33 - 2015-12-23 19:52 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker
2016-04-03 13:44 - 2015-03-31 12:15 - 00000000 ____D C:\Users\PATO\AppData\Local\NVIDIA Corporation
2016-04-03 13:43 - 2015-03-18 18:29 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2016-04-03 13:43 - 2015-03-18 18:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-03 12:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-04-03 12:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-04-03 12:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-04-03 12:53 - 2015-11-09 23:37 - 00000000 ____D C:\Users\PATO\AppData\LocalLow\uTorrent
2016-04-03 12:08 - 2015-03-18 14:10 - 00000000 ____D C:\Users\PATO
2016-04-03 00:06 - 2015-04-02 00:29 - 00004060 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-03 00:06 - 2015-04-02 00:29 - 00003808 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-02 23:23 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-02 22:57 - 2015-03-18 14:11 - 00001435 _____ C:\Users\PATO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-02 21:41 - 2015-03-31 23:24 - 00000000 ____D C:\Users\PATO\AppData\Roaming\Malwarebytes
2016-04-02 20:22 - 2015-10-10 10:09 - 00000000 ____D C:\Users\PATO\Desktop\foto
2016-04-02 20:05 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-02 19:17 - 2015-03-18 14:11 - 00001401 _____ C:\Users\PATO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-02 19:08 - 2015-04-02 00:29 - 00002120 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-02 18:55 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-04-02 14:46 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-29 19:17 - 2015-03-20 13:26 - 00000000 ____D C:\Users\PATO\AppData\Roaming\TS3Client
2016-03-27 09:19 - 2015-03-18 17:51 - 00000000 ____D C:\Users\PATO\AppData\Local\ElevatedDiagnostics
2016-03-23 20:56 - 2009-07-14 02:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-23 13:45 - 2015-03-18 18:29 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-23 13:45 - 2015-03-18 18:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-23 13:44 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\Help
2016-03-20 20:22 - 2015-12-23 20:01 - 00000000 ____D C:\Users\PATO\AppData\Local\FullTiltPoker
2016-03-14 08:10 - 2015-04-07 23:48 - 00000000 ____D C:\Users\PATO\AppData\Roaming\TeamViewer
==================== Arquivos na raiz de alguns diretórios =======
2009-07-13 20:31 - 2009-07-13 22:14 - 0256000 ___SH ( ) C:\ProgramData\msadsijk.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0170496 ___SH (GNU) C:\ProgramData\msdxhmqr.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0168448 ___SH () C:\ProgramData\msezlpc.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0252928 ___SH () C:\ProgramData\msfbtbgbd.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0208384 ___SH ( ) C:\ProgramData\msnrf.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0254976 ___SH (Dogecoin project) C:\ProgramData\mspubv.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0304128 ___SH (Foxit Software Inc. ) C:\ProgramData\msqhtfo.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0216064 ___SH () C:\ProgramData\msqjqslon.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0248832 ___SH () C:\ProgramData\msrhhfhc.exe
2009-07-13 20:31 - 2009-07-13 22:14 - 0260608 ___SH ( ) C:\ProgramData\msukbzv.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\msadsijk.exe
C:\ProgramData\msdxhmqr.exe
C:\ProgramData\msezlpc.exe
C:\ProgramData\msfbtbgbd.exe
C:\ProgramData\msnrf.exe
C:\ProgramData\mspubv.exe
C:\ProgramData\msqhtfo.exe
C:\ProgramData\msqjqslon.exe
C:\ProgramData\msrhhfhc.exe
C:\ProgramData\msukbzv.exe
C:\Users\Todos os Usuários\msadsijk.exe
C:\Users\Todos os Usuários\msdxhmqr.exe
C:\Users\Todos os Usuários\msezlpc.exe
C:\Users\Todos os Usuários\msfbtbgbd.exe
C:\Users\Todos os Usuários\msnrf.exe
C:\Users\Todos os Usuários\mspubv.exe
C:\Users\Todos os Usuários\msqhtfo.exe
C:\Users\Todos os Usuários\msqjqslon.exe
C:\Users\Todos os Usuários\msrhhfhc.exe
C:\Users\Todos os Usuários\msukbzv.exe
Alguns arquivos em TEMP:
====================
C:\Users\PATO\AppData\Local\Temp\18362.exe
C:\Users\PATO\AppData\Local\Temp\438847.exe
C:\Users\PATO\AppData\Local\Temp\453909.exe
C:\Users\PATO\AppData\Local\Temp\KB00243065.exe
C:\Users\PATO\AppData\Local\Temp\KB00247916.exe
C:\Users\PATO\AppData\Local\Temp\KB00251239.exe
C:\Users\PATO\AppData\Local\Temp\KB00257432.exe
C:\Users\PATO\AppData\Local\Temp\KB21749284.exe
C:\Users\PATO\AppData\Local\Temp\KB21750735.exe
C:\Users\PATO\AppData\Local\Temp\KB21753465.exe
C:\Users\PATO\AppData\Local\Temp\KB74392259.exe
Alguns com tamanho de zero byte arquivos/pastas:
==========================
C:\Windows\kernel32.dll
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-10 01:00
==================== Fim de FRST.txt ============================