cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 02-07-2016
Executado por LEO (administrador) em LEO-PC (03-07-2016 01:02:12)
Executando a partir de C:\Users\LEO\Desktop
Perfis Carregados: LEO (Perfis Disponíveis: LEO)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2016-01-29] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3944607463-745540758-164268886-1000\...\Run: [Google Update] => C:\Users\LEO\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-04-26] (Google Inc.)
HKU\S-1-5-21-3944607463-745540758-164268886-1000\...\Run: [uTorrent] => C:\Users\LEO\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-15] (BitTorrent Inc.)
HKU\S-1-5-21-3944607463-745540758-164268886-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-3944607463-745540758-164268886-1000\...\Run: [Chromium] => "c:\users\leo\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-06-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C688295F-7B6D-4B96-86B8-C1FB212591E0}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-3944607463-745540758-164268886-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3944607463-745540758-164268886-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3944607463-745540758-164268886-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_anvsft_16_19¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtD0C0FtAtD0CtC0B0D0CyC0DtBtC0DtN0D0Tzu0StCyDzzzytN1L2XzutAtFtBtCtFtCtFyCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyBzz0B0Bzy0B0E0CtGyDyByBzztG0DtCyC0DtGtC0CtC0AtGtD0FtC0CyDzytAtD0F0Dzz0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztCyEtD0Ezy0AtAtGyB0FtAyEtGyE0D0F0FtGzy0CyBzytGzyzzyB0BtDtBtAtDyD0E0C0B2QtN0A0LzuyE%26cr%3D935913031%26a%3Dwbf_anvsft_16_19%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-08] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-10-30] ()
Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30] ()
Toolbar: HKU\S-1-5-21-3944607463-745540758-164268886-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2009-10-30] ()
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\LEO\AppData\Roaming\Mozilla\Firefox\Profiles\ln1bptcm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\new_plugin\npjp2.dll [Nenhum Arquivo]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3944607463-745540758-164268886-1000: @tools.google.com/Google Update;version=3 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3944607463-745540758-164268886-1000: @tools.google.com/Google Update;version=9 -> C:\Users\LEO\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\LEO\AppData\Roaming\Mozilla\Firefox\Profiles\ln1bptcm.default\extensions\artur.dubovoy@gmail.com [2016-06-14]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-06-15] [não assinado]
FF HKU\S-1-5-21-3944607463-745540758-164268886-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://br.hao123.com/
CHR StartupUrls: Default -> "hxxp://br.hao123.com/former"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-26]
CHR Extension: (Google Docs) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-26]
CHR Extension: (Google Drive) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-26]
CHR Extension: (YouTube) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-26]
CHR Extension: (Adblock Plus) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-02]
CHR Extension: (Planilhas do Google) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-26]
CHR Extension: (Documentos Google off-line) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-26]
CHR Extension: (vGet Extension (Video Downloader, DLNA)) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniladkejehjfchadikcbjmgjaogciic [2016-07-02]
CHR Extension: (Fresh Youtube - Hide Annotations) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfjiclgmngaikjbhbmdjplpdlhbnjbm [2016-04-26]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2016-04-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\LEO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-26]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3944607463-745540758-164268886-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.JWIWRUE763PLHMH2CE44BZ3PGQ - C:\Users\LEO\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2016-01-29] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2016-01-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2016-01-29] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R1 MpKsla4b5c3eb; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D052625A-5A0E-4BB4-BBF3-3B4F12F96CAA}\MpKsla4b5c3eb.sys [44928 2016-07-03] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2016-01-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2016-01-29] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2016-04-26] () [Arquivo não assinado]
U3 atnzj290; C:\Windows\System32\Drivers\atnzj290.sys [0 ] (Microsoft Corporation) <==== ATENÇÃO (zero byte Arquivo/Pasta)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-03 01:02 - 2016-07-03 01:02 - 00020642 _____ C:\Users\LEO\Desktop\FRST.txt
2016-07-03 01:01 - 2016-07-03 01:02 - 00000000 ____D C:\FRST
2016-07-03 01:00 - 2016-07-03 01:00 - 02390016 _____ (Farbar) C:\Users\LEO\Desktop\FRST64.exe
2016-07-03 00:57 - 2016-07-03 00:57 - 05718872 _____ (Microsoft Corporation) C:\Users\LEO\Downloads\vcredist_x64 (1).exe
2016-07-03 00:52 - 2016-07-03 00:53 - 00000000 ____D C:\Users\LEO\Downloads\citra-latest-windows-amd64
2016-06-29 22:11 - 2016-06-29 22:34 - 00000000 ____D C:\Users\LEO\Downloads\Child.of.Light.RELOADED
2016-06-29 22:08 - 2016-06-29 22:08 - 00026653 _____ C:\Users\LEO\Downloads\child.of.light.reloaded-pc[www.gamestorrent.biz].torrent
2016-06-25 14:26 - 2009-01-14 03:06 - 00000000 ____D C:\Users\LEO\Downloads\seplugins
2016-06-25 13:09 - 2016-06-25 13:09 - 00848128 _____ C:\Users\LEO\Downloads\seplugins.rar
2016-06-25 13:06 - 2016-06-25 13:06 - 00050178 _____ C:\Users\LEO\Downloads\[newsinside.org]cwcheat_23_620hen.zip
2016-06-25 13:05 - 2016-06-25 13:05 - 00915776 _____ C:\Users\LEO\Downloads\CWCheatv0.2.3 (1).zip
2016-06-24 01:46 - 2016-06-24 01:48 - 00000000 ____D C:\Users\LEO\Downloads\Final_Fantasy_III_USA_PSN_PSP-PLAYASiA
2016-06-24 01:46 - 2016-06-24 01:47 - 00000000 ____D C:\Users\LEO\Downloads\Final Fantasy Anthology - Final Fantasy V [NTSC-U] [SLUS-00879]
2016-06-23 19:51 - 2016-06-23 19:55 - 197786271 _____ C:\Users\LEO\Downloads\Final_Fantasy_III_USA_PSN_PSP-PLAYASiA.rar
2016-06-23 19:46 - 2016-06-23 19:51 - 179631680 _____ C:\Users\LEO\Downloads\Final Fantasy Anthology - Final Fantasy V [NTSC-U] [SLUS-00879].rar
2016-06-22 00:25 - 2016-06-22 00:25 - 00000000 ____D C:\Users\LEO\AppData\Roaming\PowerISO
2016-06-22 00:02 - 2016-06-22 00:02 - 00915776 _____ C:\Users\LEO\Downloads\CWCheatv0.2.3.zip
2016-06-19 20:46 - 2016-06-19 20:46 - 00059494 _____ C:\Users\LEO\Desktop\Codigo CD 1.html
2016-06-19 20:46 - 2016-06-19 20:46 - 00000000 ____D C:\Users\LEO\Desktop\Codigo CD 1_files
2016-06-19 20:45 - 2016-06-19 20:45 - 01227559 _____ C:\Users\LEO\Desktop\MANUAL-CODIGO-SECRETO-2016.pdf
2016-06-18 13:53 - 2016-06-18 13:53 - 711567024 ____N C:\Users\LEO\Downloads\Dragon Warrior VII (USA) (Disc 1).bin
2016-06-18 13:53 - 2016-06-18 13:53 - 00000099 ____N C:\Users\LEO\Downloads\Dragon Warrior VII (USA) (Disc 1).cue
2016-06-18 13:44 - 2016-06-18 13:50 - 370946841 _____ C:\Users\LEO\Downloads\Dragon Warrior VII (USA) (Disc 1).7z
2016-06-16 23:21 - 2009-10-23 03:27 - 00000000 ____D C:\Users\LEO\Downloads\Grandia 3 (NTSC) PS2
2016-06-15 20:24 - 2016-06-15 20:24 - 00001369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk
2016-06-15 20:24 - 2016-06-15 20:24 - 00001363 _____ C:\Users\Public\Desktop\Central de Soluções HP.lnk
2016-06-15 20:24 - 2016-06-15 20:24 - 00001179 _____ C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk
2016-06-15 20:24 - 2016-06-15 20:24 - 00000000 ____D C:\Users\Todos os Usuários\HP Product Assistant
2016-06-15 20:24 - 2016-06-15 20:24 - 00000000 ____D C:\ProgramData\HP Product Assistant
2016-06-15 20:23 - 2016-06-15 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-06-15 20:22 - 2016-06-15 20:25 - 00175979 _____ C:\Windows\hpoins37.dat
2016-06-15 20:22 - 2010-02-03 09:05 - 00000558 ____N C:\Windows\hpomdl37.dat
2016-06-15 20:13 - 2016-06-15 20:13 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-15 19:51 - 2016-04-28 20:30 - 00175951 ____N C:\Windows\hpoins37.dat.temp
2016-06-15 19:51 - 2010-02-03 09:05 - 00000558 ____N C:\Windows\hpomdl37.dat.temp
2016-06-15 13:21 - 2016-06-15 13:22 - 229100369 _____ C:\Users\LEO\Desktop\Dragon Quest V - Hand of the Heavenly Bride BradyGames Official Guide.pdf
2016-06-15 13:01 - 2016-06-15 13:01 - 00019462 _____ C:\Users\LEO\Downloads\fairyt2 (1).mid
2016-06-15 12:37 - 2016-06-15 12:37 - 00019462 _____ C:\Users\LEO\Downloads\fairyt2.mid
2016-06-14 23:55 - 2016-06-15 00:01 - 229100369 _____ C:\Users\LEO\Downloads\Dragon Quest V - Hand of the Heavenly Bride BradyGames Official Guide.pdf
2016-06-14 14:25 - 2016-06-14 14:25 - 00000000 ____D C:\Users\LEO\AppData\Roaming\Macromedia
2016-06-14 14:25 - 2016-06-14 14:25 - 00000000 ____D C:\Users\LEO\AppData\Local\Macromedia
2016-06-14 14:24 - 2016-06-14 14:30 - 00000000 ____D C:\Users\LEO\AppData\Local\Mozilla
2016-06-14 14:24 - 2016-06-14 14:24 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-14 14:24 - 2016-06-14 14:24 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-14 14:24 - 2016-06-14 14:24 - 00000000 ____D C:\Users\LEO\AppData\Roaming\Mozilla
2016-06-14 14:24 - 2016-06-14 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-14 14:24 - 2016-06-14 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-14 14:15 - 2016-06-14 14:15 - 00242296 _____ C:\Users\LEO\Downloads\Firefox Setup Stub 47.0.exe
2016-06-09 21:39 - 2016-06-16 11:06 - 3441838991 ____R C:\Users\LEO\Downloads\Grandia 3 (NTSC) PS2.rar
2016-06-09 21:36 - 2016-06-09 21:39 - 397606912 ____N C:\Users\LEO\Downloads\Dark Chronicle (Europe) (En,Fr,De,Es,It).iso
2016-06-08 23:30 - 2016-06-08 23:30 - 00000105 _____ C:\Users\LEO\Desktop\regras.txt
2016-06-08 20:52 - 2016-06-08 20:52 - 00001242 _____ C:\Users\LEO\Desktop\Dolphin - Atalho (2).lnk
2016-06-07 19:32 - 2016-06-17 16:37 - 00000000 ____D C:\Users\LEO\Desktop\Nova pasta
2016-06-07 18:53 - 2016-06-07 18:54 - 00000000 ____D C:\Users\LEO\Downloads\dolphin arc rise fantasy
2016-06-07 18:50 - 2016-06-07 18:50 - 00000652 _____ C:\Users\LEO\Desktop\dolphin arc rise fantasy.txt
2016-06-07 17:56 - 2016-06-07 17:56 - 00000000 ____D C:\Users\LEO\Documents\Minhas digitalizações
2016-06-07 17:55 - 2016-06-07 17:55 - 00000000 ____D C:\Users\LEO\AppData\Local\HP

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-03 01:00 - 2016-04-26 22:44 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3944607463-745540758-164268886-1000UA.job
2016-07-03 00:51 - 2016-04-26 23:26 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-02 18:00 - 2016-04-26 22:44 - 00001018 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3944607463-745540758-164268886-1000Core.job
2016-07-02 13:54 - 2016-04-26 22:59 - 00000000 ____D C:\Users\LEO\AppData\Roaming\uTorrent
2016-07-02 12:52 - 2009-07-14 01:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-02 12:52 - 2009-07-14 01:45 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-02 12:47 - 2016-04-27 00:09 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-07-02 12:47 - 2016-04-27 00:09 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-02 12:47 - 2016-04-26 23:35 - 00000000 ___SD C:\Users\LEO\AppData\LocalLow\Temp
2016-07-02 12:47 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-26 22:27 - 2016-04-28 20:32 - 00000000 ____D C:\Users\LEO\AppData\LocalLow\HPAppData
2016-06-24 11:41 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-22 00:39 - 2009-07-14 14:55 - 00705394 _____ C:\Windows\system32\prfh0416.dat
2016-06-22 00:39 - 2009-07-14 14:55 - 00147234 _____ C:\Windows\system32\prfc0416.dat
2016-06-22 00:39 - 2009-07-14 02:13 - 01634190 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-22 00:39 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-06-21 15:14 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-06-18 14:03 - 2016-04-30 12:39 - 00000000 ____D C:\Users\LEO\AppData\Roaming\NVIDIA
2016-06-17 15:51 - 2016-04-26 23:26 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 15:44 - 2016-04-26 23:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 15:44 - 2016-04-26 23:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 15:44 - 2016-04-26 22:46 - 00002322 _____ C:\Users\LEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-16 10:31 - 2009-07-14 01:45 - 00283688 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 20:39 - 2016-04-26 21:44 - 00062984 _____ C:\Users\LEO\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-15 20:25 - 2009-07-13 23:34 - 00000438 _____ C:\Windows\win.ini
2016-06-15 20:24 - 2016-04-28 20:28 - 00000000 ____D C:\Users\LEO\AppData\Roaming\HpUpdate
2016-06-15 20:24 - 2016-04-28 20:26 - 00000000 ____D C:\Program Files (x86)\HP
2016-06-15 20:24 - 2016-04-28 20:13 - 00000000 ____D C:\Users\Todos os Usuários\HP
2016-06-15 20:24 - 2016-04-28 20:13 - 00000000 ____D C:\ProgramData\HP
2016-06-15 17:40 - 2016-04-26 23:01 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-09 11:43 - 2016-04-26 23:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-07 17:55 - 2016-04-28 20:30 - 00000000 ____D C:\Users\LEO\AppData\Roaming\HP

==================== Arquivos na raiz de alguns diretórios =======

2016-04-28 20:25 - 2016-06-15 20:25 - 0008719 _____ () C:\ProgramData\hpzinstall.log

Alguns arquivos em TEMP:
====================
C:\Users\LEO\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\LEO\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\LEO\AppData\Local\Temp\nsn8E6B.tmp.exe
C:\Users\LEO\AppData\Local\Temp\safeguard.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-06-29 16:45

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité