cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:19-05-2016
Executado por jefferson (administrador) em JEFFERSON (19-05-2016 14:59:56)
Executando a partir de C:\Users\jefferson\Documents\EGDownloads
Perfis Carregados: jefferson (Perfis Disponíveis: jefferson)
Platform: Windows 8.1 Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Users\jefferson\AppData\Roaming\NetService\netservice.exe
(skype.cog.cc) C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\ProgramData\Windows Security\winsecurity.exe
() C:\Users\jefferson\AppData\Roaming\WinNetSvc\WinNetSvc.exe
() C:\Users\jefferson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Positivo Informática S.A.) C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\EagleGet\EGMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(BitTorrent Inc.) C:\Users\jefferson\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe
(BitTorrent Inc.) C:\Users\jefferson\AppData\Roaming\uTorrent\updates\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\jefferson\AppData\Roaming\uTorrent\updates\updates\3.4.7_42330\utorrentie.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\Eagleget.exe [1856000 2015-05-28] (EagleGet.com)
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\...\Run: [GoogleChromeAutoLaunch_BD30D734EB4CF81EB3E561E07FB6C53C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-05-11] (Google Inc.)
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\...\MountPoints2: {507ff932-07cf-11e5-be7a-80ee737c3abc} - "E:\setup.exe"
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-11-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
Startup: C:\Users\jefferson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2016-05-19]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\jefferson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\µTorrent.lnk [2015-06-01]
ShortcutTarget: µTorrent.lnk -> C:\Users\jefferson\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [S-1-5-21-328691905-2847663428-3791496222-1001] => Proxy está habilitado.
ProxyServer: [S-1-5-21-328691905-2847663428-3791496222-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{479736BF-1A7F-48CE-82CD-9087192DBA5F}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F0886B67-3608-4D1C-9FD9-F33B641257BD}: [DhcpNameServer] 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=mbtkv6&uid=S2ZAJ5BF131359_ST500LM012HN-M500MBB&tm=1435363540
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=mbtkv6&uid=S2ZAJ5BF131359_ST500LM012HN-M500MBB&tm=1435363540
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.mundopositivo.com.br/?utm_source=PC&utm_medium=browser&utm_campaign=urldefault
HKU\S-1-5-21-328691905-2847663428-3791496222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=mbtkv6&uid=S2ZAJ5BF131359_ST500LM012HN-M500MBB&tm=1435363540
SearchScopes: HKLM-x32 -> DefaultScope valor está ausente
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-328691905-2847663428-3791496222-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-328691905-2847663428-3791496222-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-328691905-2847663428-3791496222-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-12] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-12] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-328691905-2847663428-3791496222-1001 -> Sem Nome - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Nenhum Arquivo
IE Session Restore: HKU\S-1-5-21-328691905-2847663428-3791496222-1001 -> está habilitado.
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\jefferson\AppData\Roaming\Mozilla\Firefox\Profiles\j8p2d1ex.default
FF DefaultSearchEngine: omniboxes
FF SelectedSearchEngine: omniboxes
FF Homepage: www.qqovd.com?oem=mbtkv6&uid=S2ZAJ5BF131359_ST500LM012HN-M500MBB&tm=1435363540
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-328691905-2847663428-3791496222-1001: eagleget.com/EagleGet32 -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2015-05-28] (EagleGet)
FF Plugin HKU\S-1-5-21-328691905-2847663428-3791496222-1001: eagleget.com/EagleGet64_x86_64 -> C:\Program Files (x86)\EagleGet\npEagleget64.dll [2015-05-28] (EagleGet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\jefferson\AppData\Roaming\Mozilla\Firefox\Profiles\j8p2d1ex.default\searchplugins\yahoo-ysp.xml [2015-11-12]
FF Extension: Greasemonkey - C:\Users\jefferson\AppData\Roaming\Mozilla\Firefox\Profiles\j8p2d1ex.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-05-16]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/","hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal","hxxp://start.qone8.com/?type=hp&ts=1396701508&from=smt&uid=ST500LM012XHN-M500MBB_S2ZAJ5BF131359","hxxp://start.iminent.com/?appId=B74C60BD-FBAD-4747-A9B3-302BB96013D2","hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-210&v=n12521-363&t=4","hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-210&v=a12834-363&t=4","hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal","hxxp://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br","hxxp://br.hao123.com/?tn=incore_pay_hp_05_hao123_br","hxxp://start.qone8.com/?type=hp&ts=1401624500&from=smt&uid=ST500LM012XHN-M500MBB_S2ZAJ5BF105039","hxxp://start.qone8.com/?type=hppp&ts=1401634174&from=smt&uid=ST500LM012XHN-M500MBB_S2ZAJ5BF105039","hxxp://start.qone8.com/?type=hppp&ts=1401750005&from=smt&uid=ST500LM012XHN-M500MBB_S2ZAJ5BF105039","hxxp://start.qone8.com/?type=hppp&ts=1402160487&from=smt&uid=ST500LM012XHN-M500MBB_S2ZAJ5BF105039","hxxp://www.delta-homes.com/?utm_source=b&utm_medium=wpm0613&utm_campaign=installer&utm_content=hp&from=wpm0613&uid=ST500LM012XHN-M500MBB_S2ZAJ5BF105039&ts=1402694693","hxxp://br.hao123.com/?tn=pcf_inner_protection_01_hao123_br_chrome","hxxp://search.iminent.com/?appId=0BBBA1AA-A9B3-4215-98E5-2E5271EE0BAD","hxxp://br.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_23¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0E0EyBtAyB0CtA0A0B0C0AtB0EzztN0D0Tzu0StCtByEtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDtDtCtC0F0AtDtGyBtB0BzztGtA0FtB0CtGtA0CyCtBtGtCzztDtDtAyEyD0EyD0B0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0Dzy0Bzz0D0EtG0ByDtAyCtGyE0D0C0FtGzz0B0DtDtGyBtDyBtAtA0FtByD0Czz0F0B2QtN0A0LzutB%26cr%3D945455087%26a%3Dwncy_bxi01_15_23%26os%3DWindows 8.1 Pro with Media Center","hxxp://www.istartsurf.com/?type=hppp&ts=1434133372&z=7043ba1b347e13b3dc6d9e3gcz5cfz8g7c0c7c1meo&from=face&uid=ST500LM012XHN-M500MBB_S2ZAJ5BF131359"
CHR DefaultSearchURL: Default -> hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_23¶m1=1¶m2=f%3D4%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0E0EyBtAyB0CtA0A0B0C0AtB0EzztN0D0Tzu0StCtByEtDtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtDtDtCtC0F0AtDtGyBtB0BzztGtA0FtB0CtGtA0CyCtBtGtCzztDtDtAyEyD0EyD0B0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0D0Dzy0Bzz0D0EtG0ByDtAyCtGyE0D0C0FtGzz0B0DtDtGyBtDyBtAtA0FtByD0Czz0F0B2QtN0A0LzutB%26cr%3D945455087%26a%3Dwncy_bxi01_15_23%26os%3DWindows 8.1 Pro with Media Center&p={searchTerms}
CHR DefaultSearchKeyword: Default -> search provided by yahoo.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Session Restore: Default -> está habilitado.
CHR Profile: C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-19]
CHR Extension: (Google Drive) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-19]
CHR Extension: (YouTube) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-19]
CHR Extension: (busuu.com (pt)) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\epadnjldocmkadjbopkanclaamocokoo [2016-05-18]
CHR Extension: (Documentos Google off-line) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-18]
CHR Extension: (AdBlock) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-05-18]
CHR Extension: (Motorola Connect) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2016-05-18]
CHR Extension: (Skype) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-18]
CHR Extension: (Gmail) - C:\Users\jefferson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-19]
CHR HKU\S-1-5-21-328691905-2847663428-3791496222-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-04-29]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (mcafflfojcedkgjkoiebkbhnhldokecj) - C:\Users\jefferson\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcafflfojcedkgjkoiebkbhnhldokecj [2015-07-10]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AppManagerService; C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe [65304 2013-11-05] (Positivo Informática S.A.)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-05-07] (AVerMedia) [Arquivo não assinado]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [397312 2009-12-06] () [Arquivo não assinado]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
R2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [233472 2015-05-28] () [Arquivo não assinado]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129488 2012-12-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165328 2012-12-19] (Intel Corporation)
S2 KMSEmulator; C:\ProgramData\KMSAuto\KMSES.exe [277504 2015-06-05] () [Arquivo não assinado]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [977088 2014-03-02] () [Arquivo não assinado]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WMPNetworkAcSvc; C:\Users\jefferson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [4984448 2016-03-15] ()

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AVerPola; C:\Windows\system32\DRIVERS\AVerPola.sys [850560 2013-04-15] (AVerMedia TECHNOLOGIES, Inc.) [Arquivo não assinado]
S3 AVPolCIR; C:\Windows\System32\drivers\AVPolCIR.sys [62976 2013-04-12] (AVerMedia TECHNOLOGIES, Inc.) [Arquivo não assinado]
S3 AVPolDIR; C:\Windows\System32\drivers\AVPolDIR.sys [7168 2013-04-12] (AVerMedia TECHNOLOGIES, Inc.) [Arquivo não assinado]
S3 cpuz139; C:\Users\jefferson\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [43312 2016-05-16] (CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-05-31] (Disc Soft Ltd)
R3 eagleGet; C:\Windows\System32\Drivers\eagleGet.sys [77112 2015-05-04] (eagleGet)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETJME; C:\Windows\system32\DRIVERS\NETJME.sys [137728 2013-06-18] (JMicron Technology Corp.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3785432 2015-04-21] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2015-07-31] (Basil Projects)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-05-19 14:59 - 2016-05-19 14:59 - 00000000 ____D C:\FRST
2016-05-19 14:32 - 2016-05-19 14:32 - 00000000 ____D C:\Users\jefferson\AppData\LocalLow\uTorrent
2016-05-17 20:51 - 2016-05-17 20:51 - 00002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-17 20:51 - 2016-05-17 20:51 - 00002280 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-17 20:41 - 2016-05-19 14:51 - 00001096 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-17 20:41 - 2016-05-19 13:51 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-17 20:41 - 2016-05-18 13:46 - 00004068 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-17 20:41 - 2016-05-18 13:46 - 00003832 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-17 20:41 - 2016-05-17 20:41 - 00987728 _____ (Google Inc.) C:\Users\jefferson\Downloads\ChromeSetup(1).exe
2016-05-17 20:40 - 2016-05-17 20:40 - 00987728 _____ (Google Inc.) C:\Users\jefferson\Downloads\ChromeSetup.exe
2016-05-17 20:09 - 2016-05-19 13:49 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-05-17 20:09 - 2016-05-17 20:09 - 00000000 ____D C:\Users\Todos os Usuários\Windows Security
2016-05-17 20:09 - 2016-05-17 20:09 - 00000000 ____D C:\ProgramData\Windows Security
2016-05-17 20:08 - 2016-05-17 20:08 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\excdir
2016-05-17 17:16 - 2016-05-17 17:16 - 00000770 _____ C:\Users\jefferson\Documents\Área de Trabalho - Atalho.lnk
2016-05-17 16:31 - 2016-05-17 18:15 - 00000000 ____D C:\Users\jefferson\Documents\Trabalho sobre a Africa
2016-05-16 13:27 - 2016-05-16 13:27 - 00003640 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series
2016-05-16 13:27 - 2016-05-16 13:27 - 00002010 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\Users\Todos os Usuários\Visan
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\Users\Todos os Usuários\HP Photo Creations
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\HpUpdate
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\Users\jefferson\AppData\LocalLow\Hewlett-Packard
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\ProgramData\Visan
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-05-16 13:27 - 2016-05-16 13:27 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-05-16 13:26 - 2016-05-16 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-05-16 13:26 - 2016-05-16 13:26 - 00002299 _____ C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
2016-05-16 13:26 - 2016-05-16 13:26 - 00001221 _____ C:\Users\Public\Desktop\Comprar suprimentos - HP Deskjet 2050 J510 series.lnk
2016-05-16 13:25 - 2016-05-16 13:27 - 00000000 ____D C:\Users\jefferson\AppData\Local\HP
2016-05-16 13:25 - 2016-05-16 13:27 - 00000000 ____D C:\Program Files (x86)\HP
2016-05-16 13:25 - 2016-05-16 13:25 - 00000057 _____ C:\Users\Todos os Usuários\Ament.ini
2016-05-16 13:25 - 2016-05-16 13:25 - 00000057 _____ C:\ProgramData\Ament.ini
2016-05-16 13:25 - 2016-05-16 13:25 - 00000000 ____D C:\Program Files\HP
2016-05-16 13:09 - 2016-05-16 13:09 - 00000990 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2016-05-16 13:09 - 2016-05-16 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Easy
2016-05-16 13:09 - 2016-05-16 13:09 - 00000000 ____D C:\Program Files\Easeware
2016-05-14 09:55 - 2016-05-14 09:55 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\sc
2016-05-11 14:22 - 2016-04-22 17:54 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 14:22 - 2016-04-22 17:15 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 14:22 - 2016-04-22 17:14 - 02893312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 14:22 - 2016-04-22 17:08 - 06052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 14:22 - 2016-04-22 17:06 - 20349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 14:22 - 2016-04-22 17:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 14:22 - 2016-04-22 16:35 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 14:22 - 2016-04-22 16:29 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 14:22 - 2016-04-22 16:24 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-05-11 14:22 - 2016-04-22 16:23 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 14:22 - 2016-04-22 16:19 - 15414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 14:22 - 2016-04-22 16:17 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-05-11 14:22 - 2016-04-22 16:14 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-05-11 14:22 - 2016-04-22 16:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-05-11 14:22 - 2016-04-22 16:14 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-05-11 14:22 - 2016-04-22 16:12 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-05-11 14:22 - 2016-04-22 15:58 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 14:22 - 2016-04-22 15:58 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-05-11 14:22 - 2016-04-22 15:54 - 13811200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 14:22 - 2016-04-22 15:53 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-05-11 14:22 - 2016-04-22 15:52 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-05-11 14:22 - 2016-04-22 15:52 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-05-11 14:22 - 2016-04-22 15:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-05-11 14:22 - 2016-04-22 15:51 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-05-11 14:22 - 2016-04-22 15:40 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 14:22 - 2016-04-22 15:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-05-11 14:22 - 2016-04-22 15:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-05-11 14:22 - 2016-04-22 15:24 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 14:22 - 2016-04-22 15:23 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-05-11 14:22 - 2016-03-31 03:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 14:22 - 2016-03-31 00:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 14:21 - 2016-04-10 01:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 14:21 - 2016-04-10 01:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 14:21 - 2016-04-09 18:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 14:21 - 2016-04-09 18:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 14:21 - 2016-04-06 18:13 - 00561960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-05-11 14:21 - 2016-04-06 18:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-05-11 14:21 - 2016-04-06 15:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-05-11 14:21 - 2016-04-06 15:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-05-11 14:21 - 2016-04-06 15:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-05-11 14:21 - 2016-04-06 14:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-05-11 14:21 - 2016-04-06 14:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-05-11 14:21 - 2016-04-06 13:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-05-11 14:21 - 2016-04-06 13:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 14:21 - 2016-04-06 13:20 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-05-11 14:21 - 2016-04-06 12:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 14:21 - 2016-03-28 22:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 14:19 - 2016-04-10 04:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 14:19 - 2016-04-10 04:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 14:19 - 2016-04-10 01:14 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 14:19 - 2016-04-09 19:07 - 01097728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 14:19 - 2016-03-14 13:50 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-05-11 14:19 - 2016-03-10 14:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsparse.dll
2016-05-11 14:19 - 2016-03-10 13:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsparse.dll
2016-05-11 14:19 - 2016-03-05 14:44 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 14:19 - 2016-03-05 14:04 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 14:19 - 2016-02-27 15:28 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-05-11 14:19 - 2016-02-27 14:57 - 03273728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-05-11 14:19 - 2016-02-27 14:19 - 03820544 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-05-11 14:19 - 2016-02-27 13:32 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-05-11 14:14 - 2016-04-11 03:21 - 00074584 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2016-05-11 14:14 - 2016-04-10 02:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 14:14 - 2016-03-15 22:58 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-05-11 14:14 - 2016-03-15 22:58 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-05-11 14:14 - 2016-03-11 21:49 - 02466136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-11 14:14 - 2016-03-11 21:47 - 00160160 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2016-05-11 14:14 - 2016-03-11 21:47 - 00121912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2016-05-11 14:14 - 2016-03-10 13:55 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-05-11 14:14 - 2016-03-10 13:52 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-05-11 14:14 - 2016-03-10 13:42 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-05-11 14:08 - 2016-04-09 20:29 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-05-11 13:58 - 2016-05-18 18:51 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx
2016-05-07 14:53 - 2016-05-07 14:53 - 00000434 _____ C:\WINDOWS\Tasks\Driver Easy Scheduled Scan.job
2016-05-07 14:53 - 2016-05-07 14:53 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\Easeware
2016-05-07 00:03 - 2016-05-07 00:03 - 00465824 _____ C:\WINDOWS\Minidump\050716-28578-01.dmp
2016-04-30 20:17 - 2016-04-30 20:17 - 00516184 _____ C:\WINDOWS\Minidump\043016-21562-01.dmp
2016-04-29 20:25 - 2016-04-29 20:25 - 00463208 _____ C:\WINDOWS\Minidump\042916-27234-01.dmp
2016-04-29 16:45 - 2016-04-29 16:45 - 00000000 ____D C:\Users\jefferson\AppData\Local\Unnamed
2016-04-26 20:20 - 2016-04-26 20:20 - 00461728 _____ C:\WINDOWS\Minidump\042616-47468-01.dmp
2016-04-25 00:35 - 2016-04-25 00:35 - 00221824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2016-04-25 00:35 - 2016-04-25 00:35 - 00129152 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus.sys
2016-04-19 19:14 - 2016-05-18 21:30 - 00000000 ____D C:\Users\jefferson\Downloads\dowloads google

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-05-19 14:59 - 2015-06-09 22:30 - 00000000 ____D C:\Users\jefferson\Documents\EGDownloads
2016-05-19 14:57 - 2015-05-27 15:10 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\uTorrent
2016-05-19 14:09 - 2015-07-16 21:18 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-19 13:49 - 2015-07-08 23:47 - 00001044 _____ C:\WINDOWS\Tasks\7FwUaq7iT9SNQG2J1n.job
2016-05-19 13:49 - 2015-06-01 20:47 - 00000000 __RDO C:\Users\jefferson\OneDrive
2016-05-18 21:50 - 2015-08-10 13:58 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\Skype
2016-05-18 20:25 - 2016-03-16 13:02 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\WMPNetworkAcSvc
2016-05-18 19:11 - 2015-05-26 19:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-328691905-2847663428-3791496222-1001
2016-05-18 18:51 - 2015-07-31 15:31 - 00000000 ____D C:\Program Files\KMSpico
2016-05-18 18:51 - 2015-06-26 21:05 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\NetService
2016-05-18 18:51 - 2015-06-18 18:13 - 00000000 ____D C:\Users\jefferson\AppData\LocalLow\Company
2016-05-18 17:41 - 2015-07-11 22:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-18 17:33 - 2015-07-11 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-18 17:33 - 2015-07-11 22:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-17 20:51 - 2015-05-26 18:31 - 00000000 ____D C:\Users\jefferson\AppData\Local\Google
2016-05-17 20:50 - 2015-05-26 18:38 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-17 20:18 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-17 20:17 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-17 19:55 - 2015-05-26 18:25 - 00000000 ____D C:\Users\jefferson\AppData\Local\Packages
2016-05-17 17:25 - 2014-11-21 23:44 - 01800588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-17 17:25 - 2014-11-21 22:52 - 00775740 _____ C:\WINDOWS\system32\prfh0416.dat
2016-05-17 17:25 - 2014-11-21 22:52 - 00158832 _____ C:\WINDOWS\system32\prfc0416.dat
2016-05-17 17:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Inf
2016-05-16 13:25 - 2015-06-01 18:49 - 00000000 ____D C:\Users\Todos os Usuários\HP
2016-05-16 13:25 - 2015-06-01 18:49 - 00000000 ____D C:\ProgramData\HP
2016-05-16 13:19 - 2015-06-01 13:36 - 00000000 ___RD C:\Users\jefferson\Documents\Scanned Documents
2016-05-15 21:09 - 2015-06-13 19:24 - 00000000 ____D C:\Users\jefferson\AppData\Roaming\vlc
2016-05-15 18:46 - 2015-09-18 20:44 - 00000000 ____D C:\Program Files (x86)\League of Legends
2016-05-14 19:50 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-14 19:37 - 2013-08-22 11:44 - 05044992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-14 19:32 - 2015-05-30 14:18 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-14 11:01 - 2012-07-26 04:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-12 15:09 - 2015-07-16 21:18 - 00003790 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-05-11 19:29 - 2014-11-21 23:21 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 19:27 - 2015-05-29 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 19:14 - 2015-05-29 14:52 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 19:12 - 2015-05-29 16:35 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-05-11 19:11 - 2015-06-05 15:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-11 17:08 - 2016-03-12 10:05 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 17:08 - 2016-03-12 10:05 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 14:07 - 2016-04-12 16:43 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 14:07 - 2016-04-12 16:43 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-05-11 14:07 - 2016-04-12 16:43 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-05-11 14:07 - 2016-04-12 16:43 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 14:07 - 2016-04-12 16:43 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-05-11 14:07 - 2016-04-12 16:43 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-05-11 14:07 - 2016-04-12 16:43 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-05-11 13:58 - 2015-12-26 09:39 - 00000000 ____D C:\Users\jefferson\AppData\rundir
2016-05-07 00:05 - 2015-08-10 13:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-07 00:03 - 2015-09-11 13:31 - 467759125 _____ C:\WINDOWS\MEMORY.DMP
2016-05-07 00:03 - 2015-09-11 13:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-05-06 17:09 - 2012-07-26 02:26 - 00000301 _____ C:\WINDOWS\win.ini
2016-05-05 21:14 - 2015-12-22 16:47 - 00000000 _____ C:\END
2016-05-05 20:44 - 2015-06-04 20:16 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-05 20:44 - 2015-06-04 20:16 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-05 19:38 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-05 19:38 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-30 15:59 - 2015-06-01 18:56 - 00000000 ____D C:\Users\jefferson
2016-04-26 20:20 - 2015-07-11 12:48 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2016-04-26 20:20 - 2015-07-11 12:48 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-25 17:28 - 2016-03-23 21:07 - 00000000 ____D C:\Users\jefferson\AppData\Local\ElevatedDiagnostics

==================== Arquivos na raiz de alguns diretórios =======

2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 _____ () C:\Users\jefferson\AppData\Roaming\7FwUaq7iT9SNQG2J1n
2015-07-11 15:36 - 2015-07-11 15:36 - 0000183 _____ () C:\Users\jefferson\AppData\Roaming\default.rss
2015-07-27 18:47 - 2015-07-27 18:47 - 0000600 _____ () C:\Users\jefferson\AppData\Local\PUTTY.RND
2015-09-02 15:13 - 2016-04-02 09:30 - 0007597 _____ () C:\Users\jefferson\AppData\Local\Resmon.ResmonCfg
2016-05-16 13:25 - 2016-05-16 13:25 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-02-11 08:19 - 2014-02-11 08:19 - 0507904 _____ () C:\ProgramData\DRV10.tmp
2014-02-11 08:19 - 2014-02-11 08:19 - 5501952 _____ (OEM) C:\ProgramData\E1010.tmp
2015-05-26 18:25 - 2015-05-26 18:25 - 0000139 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Alguns arquivos em TEMP:
====================
C:\Users\jefferson\AppData\Local\Temp\7C78.exe
C:\Users\jefferson\AppData\Local\Temp\7za.exe
C:\Users\jefferson\AppData\Local\Temp\cash_n_back_installer_sl_1.exe
C:\Users\jefferson\AppData\Local\Temp\DaS_21.exe
C:\Users\jefferson\AppData\Local\Temp\F0908873-585C-62EC-1BD7-C0B9D8C815F4.dll
C:\Users\jefferson\AppData\Local\Temp\hijackthis.exe
C:\Users\jefferson\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\jefferson\AppData\Local\Temp\NirCmd.exe
C:\Users\jefferson\AppData\Local\Temp\PEVZ.EXE
C:\Users\jefferson\AppData\Local\Temp\Quarantine.exe
C:\Users\jefferson\AppData\Local\Temp\remove.exe
C:\Users\jefferson\AppData\Local\Temp\sed.exe
C:\Users\jefferson\AppData\Local\Temp\setup_580.exe
C:\Users\jefferson\AppData\Local\Temp\shortcut.exe
C:\Users\jefferson\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jefferson\AppData\Local\Temp\sqlite3.dll
C:\Users\jefferson\AppData\Local\Temp\swreg.exe
C:\Users\jefferson\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\jefferson\AppData\Local\Temp\swxcacls.exe
C:\Users\jefferson\AppData\Local\Temp\Uninstall.exe
C:\Users\jefferson\AppData\Local\Temp\wget.exe
C:\Users\jefferson\AppData\Local\Temp\ytb.exe
C:\Users\jefferson\AppData\Local\Temp\zoek-delete.exe
C:\Users\jefferson\AppData\Local\Temp\{F973096F-F456-4A95-879F-ED23D4472CB4}-49.0.2623.87_chrome_installer.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-05-11 19:43

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité