Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Maxwel (administrator) on MAXWEL-PC (07-02-2016 15:17:24)
Running from C:\Users\Maxwel\Desktop
Loaded Profiles: Maxwel (Available Profiles: Maxwel)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Users\Maxwel\AppData\Roaming\XBox\XBLive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(VLOME) C:\ProgramData\Windows Update\tmp\msdtc-.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
() C:\Windows\Temp\04743\Player Setup.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\Maxwel\AppData\Roaming\uTorrent\uTorrent.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(BitTorrent Inc.) C:\Users\Maxwel\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Maxwel\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
() C:\Users\Maxwel\AppData\Roaming\msiql.exe
() C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160205_2135.exe
(MPC-HC Team) C:\Program Files (x86)\MPC-HC\mpc-hc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [dply_en_015020183] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [uTorrent] => C:\Users\Maxwel\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [Doydoo.exe] => C:\Program Files (x86)\Google Chrome\Doydoo.exe [18424727 2015-12-09] ()
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [YeaInstaller] => C:\Users\Maxwel\AppData\Local\Temp\is-VCK3T.tmp\pyeaplayer_soft_partner.exe [1979392 2015-12-24] (TZ) <===== ATTENTION
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [-] => c:\users\maxwel\appdata\roaming\msiql.exe [2413056 2016-01-08] ()
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe [2980352 2016-01-08] (VLOME)
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\A3FB110AD80824E309242083833A556D.dll Start /DEFAULT
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [1905664 2016-01-16] ()
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\eMachines.scr [425984 2009-08-05] ()
HKU\S-1-5-18\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe [2980352 2016-01-08] (VLOME)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll No File
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [2316728 2016-01-05] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DD5D3D63-591C-47D3-8673-1AEDDEB14120}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F1187CEF-F549-414F-B012-E187DF51A682}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273611158725l0434z1i5r44020234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={c10018362b844df2909fa28692fa045b}&r=eg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273611158725l0434z1i5r44020234
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={c10018362b844df2909fa28692fa045b}&r=eg
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
SearchScopes: HKU\.DEFAULT -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enBR665
SearchScopes: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enBR665
SearchScopes: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [2009-11-05] (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Maxwel\AppData\Roaming\Mozilla\Firefox\Profiles\ieol8lqv.default
FF DefaultSearchEngine: navegaki
FF SelectedSearchEngine: navegaki
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1564596154-4204280832-1984041207-1001: gastecnologia.com.br/sf/cef -> C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1564596154-4204280832-1984041207-1001: gastecnologia.com.br/sf/cef64 -> C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF SearchPlugin: C:\Users\Maxwel\AppData\Roaming\Mozilla\Firefox\Profiles\ieol8lqv.default\searchplugins\navegaki.xml [2016-01-05]
FF Extension: GBBD Caixa Economica Federal - C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2015-12-11] [not signed]
FF HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (YouTube) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]
CHR Extension: (Google Search) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-06]
CHR Extension: (Gmail) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [587576 2015-08-13] (GAS Tecnologia)
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-01-10] (TODO: ) [File not signed]
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2016-01-19] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1371960 2015-06-23] (Baidu.com, Inc.)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe [153224 2015-12-10] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 XBox; C:\Users\Maxwel\AppData\Roaming\XBox\XBLive.exe [7142328 2015-12-08] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2010-01-20] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2015-12-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-12-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-09] (Symantec Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20160104.001\IDSvia64.sys [767224 2015-12-08] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20160104.002\ENG64.SYS [138488 2015-12-09] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20160104.002\EX64.SYS [2148080 2015-12-09] (Symantec Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-01] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-11-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-11-05] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-11-05] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2015-12-10] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-11-05] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-03] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-07 15:17 - 2016-02-07 15:17 - 00020661 _____ C:\Users\Maxwel\Desktop\FRST.txt
2016-02-07 15:17 - 2016-02-07 15:17 - 00000000 ____D C:\FRST
2016-02-07 15:16 - 2016-02-07 15:16 - 02370560 _____ (Farbar) C:\Users\Maxwel\Desktop\FRST64.exe
2016-02-07 15:14 - 2016-02-07 15:15 - 01721344 _____ (Farbar) C:\Users\Maxwel\Downloads\FRST.exe
2016-02-07 09:09 - 2016-02-05 11:35 - 01132808 _____ C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160205_2135.exe
2016-02-06 22:39 - 2016-02-07 00:27 - 931970592 _____ C:\Users\Maxwel\Downloads\Pânico na Floresta 5 - (Terror) Filme Completo Dublado.mp4
2016-02-06 22:36 - 2016-02-07 00:46 - 954173704 _____ C:\Users\Maxwel\Downloads\Pânico na Floresta ( Wrong Turn ) - DUBLADO HD -.mp4
2016-02-06 22:34 - 2016-02-06 22:37 - 291292158 _____ C:\Users\Maxwel\Downloads\Pânico Na Floresta 1 Dublado Completo.mp3.downloading
2016-02-06 21:06 - 2016-02-06 21:35 - 210009981 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .11 - gloria.tv.mp4
2016-02-06 21:06 - 2016-02-06 21:32 - 207169524 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .12 - gloria.tv.mp4
2016-02-06 20:36 - 2016-02-06 21:04 - 202362166 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .9 - gloria.tv.mp4
2016-02-06 20:36 - 2016-02-06 21:02 - 201723837 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .10 - gloria.tv.mp4
2016-02-06 19:39 - 2016-02-06 19:41 - 70084544 _____ C:\Users\Maxwel\Downloads\CD_Chrystian_e_Ralf_-_As_20_Mais.rar
2016-02-06 13:21 - 2016-02-06 13:21 - 00000000 _____ C:\Users\Maxwel\Downloads\Eduardo Costa 2015 - Vivendo e Aprendendo [CD Completo].mp3.downloading
2016-02-05 09:41 - 2016-02-05 09:41 - 00000000 ____D C:\Users\Maxwel\Desktop\CATOLICAS
2016-02-04 21:38 - 2016-02-04 22:25 - 645278650 _____ C:\Users\Maxwel\Downloads\Assistir O Auto da Compadecida Online HD Completo Grátis.mp4
2016-02-04 16:12 - 2016-02-04 16:32 - 00000000 ____D C:\Users\Maxwel\Downloads\Discografia - João Paulo & Daniel
2016-02-04 16:12 - 2016-02-04 16:12 - 00014609 _____ C:\Users\Maxwel\Downloads\Discografia-João-Paulo-Daniel.rar
2016-02-04 16:10 - 2016-02-04 18:36 - 00000000 ____D C:\Users\Maxwel\Downloads\Chitãozinho e Xororó - Discografia
2016-02-03 19:13 - 2016-02-06 21:18 - 00000000 ____D C:\Users\Maxwel\Downloads\Pânico na Floresta 5 [2012 DUAL AUDIO] 720p
2016-02-03 19:06 - 2016-02-03 23:12 - 421777143 _____ C:\Users\Maxwel\Downloads\Pânico Na Floresta – BluRay Rip 720p Dual Áudio (2003).mp4
2016-02-03 11:06 - 2016-02-02 01:28 - 01132808 _____ C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160202_1128.exe
2016-02-03 11:01 - 2016-02-03 11:01 - 394111521 _____ C:\Windows\MEMORY.DMP
2016-02-01 11:31 - 2016-02-01 11:32 - 00000000 ____D C:\Users\Maxwel\Desktop\sertanejo coletanea
2016-01-30 15:43 - 2016-01-30 17:30 - 651647495 _____ C:\Users\Maxwel\Downloads\KARAOKE SERTANEJO UNIVERSITÁRIO SELEÇAO AGNALDO MINEIRO.mp4
2016-01-30 11:43 - 2016-01-30 11:54 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2016-01-30 11:43 - 2016-01-30 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
2016-01-30 11:43 - 2000-05-22 22:58 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2016-01-27 10:32 - 2016-01-27 10:32 - 00277184 _____ C:\Windows\Minidump\012716-33056-01.dmp
2016-01-25 16:54 - 2016-02-06 16:28 - 00000000 ____D C:\Users\Maxwel\Downloads\SERTANEJO 2
2016-01-25 16:36 - 2016-02-06 16:39 - 00000000 ____D C:\Users\Maxwel\Downloads\SERTANEJO 1
2016-01-24 15:48 - 2016-01-24 15:49 - 00000000 ____D C:\Users\Maxwel\Desktop\RITMO TECLADO
2016-01-24 12:30 - 2016-01-24 12:30 - 36500732 _____ C:\Users\Maxwel\Documents\Track No12.wav
2016-01-24 12:30 - 2016-01-24 12:30 - 33969980 _____ C:\Users\Maxwel\Documents\Track No14.wav
2016-01-24 12:30 - 2016-01-24 12:30 - 26255420 _____ C:\Users\Maxwel\Documents\Track No13.wav
2016-01-24 12:30 - 2016-01-24 12:30 - 01401672 _____ C:\Users\Maxwel\Documents\Track No15.nrg
2016-01-24 12:29 - 2016-01-24 12:30 - 35235356 _____ C:\Users\Maxwel\Documents\Track No11.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 30630140 _____ C:\Users\Maxwel\Documents\Track No09.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 30244412 _____ C:\Users\Maxwel\Documents\Track No10.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 30037436 _____ C:\Users\Maxwel\Documents\Track No08.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 29418860 _____ C:\Users\Maxwel\Documents\Track No07.wav
2016-01-24 12:28 - 2016-01-24 12:29 - 35811596 _____ C:\Users\Maxwel\Documents\Track No06.wav
2016-01-24 12:28 - 2016-01-24 12:28 - 40115756 _____ C:\Users\Maxwel\Documents\Track No03.wav
2016-01-24 12:28 - 2016-01-24 12:28 - 37251020 _____ C:\Users\Maxwel\Documents\Track No05.wav
2016-01-24 12:28 - 2016-01-24 12:28 - 34877852 _____ C:\Users\Maxwel\Documents\Track No04.wav
2016-01-24 12:27 - 2016-01-24 12:28 - 42797036 _____ C:\Users\Maxwel\Documents\Track No02.wav
2016-01-24 12:27 - 2016-01-24 12:27 - 31733228 _____ C:\Users\Maxwel\Documents\Track No01.wav
2016-01-24 11:58 - 2016-01-24 11:58 - 00000000 ____D C:\Users\Maxwel\Desktop\FOTOS
2016-01-24 11:49 - 2016-01-24 11:54 - 00000000 ____D C:\Users\Maxwel\Desktop\MINHAS COMPOSICOES
2016-01-23 23:52 - 2016-01-25 12:23 - 00000000 ____D C:\Users\Maxwel\Downloads\Belchior - 1977 - Coracao Selvagem (LP Rip MP3 at 320) [jarax4u]
2016-01-23 23:44 - 2016-01-24 17:03 - 00000000 ____D C:\Users\Maxwel\Downloads\Belchior - [CD As Melhores][Sempre 2009] - Movienet
2016-01-23 23:34 - 2016-01-25 11:03 - 00000000 ____D C:\Users\Maxwel\Downloads\Moacyr Franco
2016-01-23 21:40 - 2016-01-23 23:06 - 00000000 ____D C:\Users\Maxwel\Downloads\Fagner - discografia
2016-01-23 19:59 - 2016-01-23 20:12 - 00000000 ____D C:\Users\Maxwel\Downloads\ROCK N'2
2016-01-23 17:58 - 2016-01-23 18:28 - 00000000 ____D C:\Users\Maxwel\Downloads\ROCK
2016-01-23 17:13 - 2016-01-23 20:23 - 00000000 ____D C:\Users\Maxwel\Downloads\Va.Ultimate.Trance.2015.Progressive.Edition.[2016]-TDG
2016-01-23 17:05 - 2016-01-23 17:27 - 00000000 ____D C:\Users\Maxwel\Downloads\Summer Eletrohits 2016
2016-01-23 17:03 - 2016-01-23 19:41 - 00000000 ____D C:\Users\Maxwel\Downloads\VA - Progressive Bounce Products Shock (2015)
2016-01-23 16:47 - 2016-01-30 10:42 - 00000000 ____D C:\Users\Maxwel\Downloads\GOSPEL - VARIOS ARTISTAS
2016-01-23 11:54 - 2016-02-03 22:19 - 00000000 ____D C:\Users\Maxwel\Downloads\Discografia Raul Seixas - 38 Álbuns
2016-01-22 16:08 - 2016-01-22 16:08 - 00001072 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-01-20 10:08 - 2016-01-24 04:47 - 00000000 ____D C:\Users\Maxwel\Downloads\PornoLab{утопая в похоти}Brazil
2016-01-20 09:31 - 2016-01-20 12:10 - 00000000 ____D C:\Users\Maxwel\Downloads\The Submission Of Emma Marx_ Boundaries XXX (2015) DVDRip
2016-01-20 09:28 - 2016-01-20 13:37 - 00000000 ____D C:\Users\Maxwel\Downloads\Alex Romero - Female Prison Guards - SS
2016-01-19 17:23 - 2016-01-19 17:46 - 00000000 ____D C:\Users\Maxwel\Downloads\Piano Bar .2008 [8 CD Box Set][www.lokotorrents.com][mp3]
2016-01-19 11:12 - 2016-01-19 11:12 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\EncryptStick
2016-01-18 18:55 - 2016-01-18 05:55 - 02412032 _____ C:\Users\Maxwel\AppData\Roaming\popnew.exe
2016-01-17 12:19 - 2016-01-17 12:19 - 00004090 _____ C:\Windows\System32\Tasks\SparkUpdater
2016-01-17 12:18 - 2016-01-17 12:18 - 00002206 _____ C:\Users\Public\Desktop\Facebook.lnk
2016-01-17 12:18 - 2016-01-17 12:18 - 00002190 _____ C:\Users\Public\Desktop\Google.lnk
2016-01-17 12:18 - 2016-01-17 12:18 - 00002158 _____ C:\Users\Public\Desktop\Baidu Browser.lnk
2016-01-17 12:18 - 2016-01-17 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser
2016-01-17 12:17 - 2016-01-17 12:19 - 00000000 ____D C:\Program Files (x86)\baidu
2016-01-16 12:56 - 2016-01-16 13:49 - 00000000 ____D C:\Users\Maxwel\Downloads\52 Marchinhas de Carnaval
2016-01-15 16:12 - 2016-01-15 16:12 - 00000000 ____D C:\Users\Maxwel\Downloads\Erasmo Carlos
2016-01-15 15:50 - 2016-01-15 15:52 - 00000000 ____D C:\Users\Maxwel\Downloads\Barto Galeno- bolero-
2016-01-15 15:46 - 2016-01-15 15:48 - 00000000 ____D C:\Users\Maxwel\Downloads\Trio Nordestino -forro-
2016-01-15 15:45 - 2016-01-15 15:46 - 00000000 ____D C:\Users\Maxwel\Downloads\sampa crew
2016-01-15 15:41 - 2016-01-15 15:44 - 00000000 ____D C:\Users\Maxwel\Downloads\Sela Rasgada forro
2016-01-14 15:04 - 2016-01-14 15:04 - 00000000 ____D C:\Users\Maxwel\Downloads\Carlos Gardel
2016-01-13 17:33 - 2016-01-14 22:22 - 00000000 ____D C:\Users\Maxwel\Downloads\Nelson Gonçalves
2016-01-12 19:47 - 2016-01-14 18:20 - 00000000 ____D C:\Users\Maxwel\Downloads\Duo Milla Viljamaa and Johanna Juhola - Tango Diary - 2013
2016-01-12 18:04 - 2016-01-12 18:35 - 00000000 ____D C:\Users\Maxwel\Downloads\As Melhores de Bezerra da Silva
2016-01-12 06:21 - 2016-01-15 18:12 - 00000000 ____D C:\Users\Maxwel\Downloads\Tango Chill out (Buenos Aires Sessions)
2016-01-11 22:25 - 2016-01-16 16:10 - 00000000 ____D C:\Users\Maxwel\Downloads\Mana-MTV-Unplugged-1999
2016-01-11 22:09 - 2016-01-15 18:16 - 00000000 ____D C:\Users\Maxwel\Downloads\TrioLosPanchos-69-189
2016-01-11 21:43 - 2016-01-14 10:16 - 00000000 ____D C:\Users\Maxwel\Downloads\Boleros-Cantineros-Vol-1
2016-01-11 19:25 - 2016-01-14 15:27 - 00000000 ____D C:\Users\Maxwel\Downloads\VA - 100% Tango (2015)
2016-01-11 10:13 - 2016-02-07 09:07 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-11 10:13 - 2016-02-07 09:07 - 00000000 ____D C:\Program Files (x86)\osTip
2016-01-11 10:12 - 2016-01-11 10:12 - 00651168 _____ C:\Windows\Minidump\011116-28610-01.dmp
2016-01-10 12:49 - 2016-01-10 12:49 - 00000000 ____D C:\idioma
2016-01-10 12:47 - 2016-01-10 12:47 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-09 15:02 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\Mc Pedrinho - Dom Dom Dom (2015) - www.musicasparabaixar.org
2016-01-09 15:02 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\Funk Paredao 2015 - www.musicasparabaixar.org
2016-01-09 15:02 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\DJ W O MELHOR DO FUNK 2015
2016-01-09 15:01 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\Balada Funk (2015) - www.musicasparabaixar.org
2016-01-09 13:11 - 2016-02-03 16:01 - 02786816 _____ (TODO: ) C:\Users\Maxwel\AppData\Roaming\svrupg.exe
2016-01-09 13:09 - 2016-01-08 11:10 - 02413056 _____ C:\Users\Maxwel\AppData\Roaming\msiql.exe
2016-01-09 09:49 - 2016-02-07 09:08 - 00000000 ____D C:\Users\Maxwel\AppData\LocalLow\uTorrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-07 15:17 - 2015-11-07 12:22 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\uTorrent
2016-02-07 14:40 - 2015-11-06 01:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-07 13:27 - 2015-12-20 22:46 - 00000186 _____ C:\Users\Maxwel\AppData\default.pls
2016-02-07 13:11 - 2015-12-24 23:36 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\CalendarTool
2016-02-07 12:42 - 2009-07-14 03:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-07 12:42 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-02-07 11:59 - 2015-12-18 19:22 - 00000000 ____D C:\Users\Maxwel\Documents\ConvertXtoDVD
2016-02-07 10:40 - 2015-11-06 01:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 09:14 - 2009-07-14 02:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-07 09:14 - 2009-07-14 02:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-07 09:08 - 2016-01-02 11:11 - 00009441 _____ C:\Users\Maxwel\AppData\Roaming\webad.xml
2016-02-07 09:07 - 2015-11-07 00:39 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-07 09:07 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-06 19:42 - 2015-12-11 08:54 - 00000000 ____D C:\Users\Maxwel\Downloads\New folder (2)
2016-02-05 10:18 - 2015-12-26 14:01 - 00000000 ____D C:\Users\Maxwel\Desktop\FUNK
2016-02-04 21:42 - 2015-11-06 01:59 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 21:42 - 2015-11-06 01:59 - 00002326 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-03 22:48 - 2015-12-13 10:36 - 00000000 ____D C:\Users\Maxwel\Downloads\Discografia de Ze Ramalho
2016-02-03 16:12 - 2015-12-25 00:52 - 00002898 _____ C:\Users\Maxwel\AppData\Roaming\xcgui_debug.txt
2016-02-03 11:02 - 2015-12-03 19:33 - 00000000 ____D C:\Windows\Minidump
2016-02-01 10:35 - 2015-11-06 01:58 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 10:35 - 2015-11-06 01:58 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 13:12 - 2009-07-14 02:45 - 00343552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-30 11:50 - 2015-11-06 01:37 - 00079544 _____ C:\Users\Maxwel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-23 10:06 - 2015-12-15 22:10 - 00000000 ____D C:\Users\Maxwel\Downloads\Titãs
2016-01-22 16:08 - 2015-11-07 12:35 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-22 16:08 - 2015-11-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-22 16:08 - 2015-11-07 12:34 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-01-18 11:14 - 2015-12-20 22:37 - 00000000 ____D C:\Users\Maxwel\Downloads\Street Fighter II Victory Completo[Dublado][HDTV]
2016-01-18 11:03 - 2015-12-20 12:10 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-17 12:20 - 2015-12-13 15:39 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\Baidu
2016-01-17 09:00 - 2015-11-07 00:38 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-01-14 18:19 - 2015-11-06 01:36 - 00000000 ____D C:\Users\Maxwel
2016-01-11 10:17 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-11 05:40 - 2016-01-05 08:53 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-10 13:07 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-10 12:26 - 2009-11-05 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-08 14:44 - 2015-11-07 00:38 - 00000000 ____D C:\ProgramData\boost_interprocess
==================== Files in the root of some directories =======
2015-12-24 23:35 - 2015-12-24 23:35 - 2983664 _____ () C:\Users\Maxwel\AppData\Roaming\52beaec59969.exe
2015-12-24 23:34 - 2015-12-24 15:56 - 1888256 _____ () C:\Users\Maxwel\AppData\Roaming\carssn.exe
2016-02-03 11:06 - 2016-02-02 01:28 - 1132808 _____ () C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160202_1128.exe
2016-02-07 09:09 - 2016-02-05 11:35 - 1132808 _____ () C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160205_2135.exe
2015-12-18 19:18 - 2015-12-18 19:18 - 0099384 _____ () C:\Users\Maxwel\AppData\Roaming\inst.exe
2016-01-09 13:09 - 2016-01-08 11:10 - 2413056 _____ () C:\Users\Maxwel\AppData\Roaming\msiql.exe
2015-12-18 19:18 - 2015-12-18 19:18 - 0007859 _____ () C:\Users\Maxwel\AppData\Roaming\pcouffin.cat
2015-12-18 19:18 - 2015-12-18 19:18 - 0001167 _____ () C:\Users\Maxwel\AppData\Roaming\pcouffin.inf
2015-12-18 19:18 - 2015-12-18 19:18 - 0000055 _____ () C:\Users\Maxwel\AppData\Roaming\pcouffin.log
2015-12-18 19:18 - 2015-12-18 19:18 - 0082816 _____ (VSO Software) C:\Users\Maxwel\AppData\Roaming\pcouffin.sys
2016-01-18 18:55 - 2016-01-18 05:55 - 2412032 _____ () C:\Users\Maxwel\AppData\Roaming\popnew.exe
2015-12-24 23:35 - 2015-12-23 07:13 - 4524576 _____ (${COMPANY_NAME}) C:\Users\Maxwel\AppData\Roaming\Setup.exe
2015-12-27 00:02 - 2015-12-25 07:18 - 4540096 _____ (${COMPANY_NAME}) C:\Users\Maxwel\AppData\Roaming\setup.exe@ver=1.0.0.0
2016-01-09 13:11 - 2016-02-03 16:01 - 2786816 _____ (TODO: ) C:\Users\Maxwel\AppData\Roaming\svrupg.exe
2015-11-07 00:38 - 2015-11-07 00:38 - 0017876 _____ () C:\Users\Maxwel\AppData\Roaming\unins000.dat
2015-11-07 00:38 - 2015-11-07 00:38 - 0728225 _____ () C:\Users\Maxwel\AppData\Roaming\unins000.exe
2016-01-02 11:11 - 2016-02-07 09:08 - 0009441 _____ () C:\Users\Maxwel\AppData\Roaming\webad.xml
2015-12-25 00:52 - 2016-02-03 16:12 - 0002898 _____ () C:\Users\Maxwel\AppData\Roaming\xcgui_debug.txt
2015-12-24 23:34 - 2015-11-14 21:06 - 2496403 _____ ( ) C:\Users\Maxwel\AppData\Roaming\yeaplayer_51447.exe
Files to move or delete:
====================
C:\Users\Maxwel\AppData\Local\Temp\is-VCK3T.tmp\pyeaplayer_soft_partner.exe
Some files in TEMP:
====================
C:\Users\Maxwel\AppData\Local\Temp\belchior.cd.as.melhores.sempre.2009.movienet_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\BELCHIOR_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\carssn.exe
C:\Users\Maxwel\AppData\Local\Temp\fagner.discografia_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\ICReinstall_Format-Factory_370.exe
C:\Users\Maxwel\AppData\Local\Temp\karaoke5.exe
C:\Users\Maxwel\AppData\Local\Temp\OSWALDO_MONTE_NEGRO_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\rio_negro_e_solimoes_discografia_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\spark_install(1).exe
C:\Users\Maxwel\AppData\Local\Temp\spark_install.exe
C:\Users\Maxwel\AppData\Local\Temp\uTorrent.exe
C:\Users\Maxwel\AppData\Local\Temp\wrar530br.exe
C:\Users\Maxwel\AppData\Local\Temp\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Maxwel\AppData\Local\Temp\z2D8zyAGvI.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-29 14:24
==================== End of FRST.txt ============================
Ran by Maxwel (administrator) on MAXWEL-PC (07-02-2016 15:17:24)
Running from C:\Users\Maxwel\Desktop
Loaded Profiles: Maxwel (Available Profiles: Maxwel)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Baidu Inc.) C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
() C:\Users\Maxwel\AppData\Roaming\XBox\XBLive.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(VLOME) C:\ProgramData\Windows Update\tmp\msdtc-.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
() C:\Windows\Temp\04743\Player Setup.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\Maxwel\AppData\Roaming\uTorrent\uTorrent.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
(BitTorrent Inc.) C:\Users\Maxwel\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(BitTorrent Inc.) C:\Users\Maxwel\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
() C:\Users\Maxwel\AppData\Roaming\msiql.exe
() C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160205_2135.exe
(MPC-HC Team) C:\Program Files (x86)\MPC-HC\mpc-hc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe [823840 2009-09-30] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [dply_en_015020183] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal)
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [uTorrent] => C:\Users\Maxwel\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [Doydoo.exe] => C:\Program Files (x86)\Google Chrome\Doydoo.exe [18424727 2015-12-09] ()
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [YeaInstaller] => C:\Users\Maxwel\AppData\Local\Temp\is-VCK3T.tmp\pyeaplayer_soft_partner.exe [1979392 2015-12-24] (TZ) <===== ATTENTION
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [-] => c:\users\maxwel\appdata\roaming\msiql.exe [2413056 2016-01-08] ()
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe [2980352 2016-01-08] (VLOME)
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\A3FB110AD80824E309242083833A556D.dll Start /DEFAULT
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [1905664 2016-01-16] ()
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\eMachines.scr [425984 2009-08-05] ()
HKU\S-1-5-18\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe [2980352 2016-01-08] (VLOME)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll No File
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [2316728 2016-01-05] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DD5D3D63-591C-47D3-8673-1AEDDEB14120}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{F1187CEF-F549-414F-B012-E187DF51A682}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273611158725l0434z1i5r44020234
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={c10018362b844df2909fa28692fa045b}&r=eg
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e725&r=273611158725l0434z1i5r44020234
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={c10018362b844df2909fa28692fa045b}&r=eg
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
SearchScopes: HKU\.DEFAULT -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enBR665
SearchScopes: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enBR665
SearchScopes: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={c10018362b844df2909fa28692fa045b}&r=eg
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL [2009-11-05] (Symantec Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1564596154-4204280832-1984041207-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll [2011-09-21] (Symantec Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Maxwel\AppData\Roaming\Mozilla\Firefox\Profiles\ieol8lqv.default
FF DefaultSearchEngine: navegaki
FF SelectedSearchEngine: navegaki
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=738cd1c3044837aca498b40e0012e64a
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-1564596154-4204280832-1984041207-1001: gastecnologia.com.br/sf/cef -> C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2014-12-09] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1564596154-4204280832-1984041207-1001: gastecnologia.com.br/sf/cef64 -> C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll [2014-12-09] (GAS Tecnologia)
FF SearchPlugin: C:\Users\Maxwel\AppData\Roaming\Mozilla\Firefox\Profiles\ieol8lqv.default\searchplugins\navegaki.xml [2016-01-05]
FF Extension: GBBD Caixa Economica Federal - C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-11-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn [2015-12-11] [not signed]
FF HKU\S-1-5-21-1564596154-4204280832-1984041207-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Maxwel\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-06]
CHR Extension: (Google Drive) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (YouTube) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-06]
CHR Extension: (Google Search) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-06]
CHR Extension: (Gmail) - C:\Users\Maxwel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ePowerSvc; C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [844320 2009-09-30] (Acer Incorporated)
S3 GameConsoleService; C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe [250616 2009-05-22] (WildTangent, Inc.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [587576 2015-08-13] (GAS Tecnologia)
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-01-10] (TODO: ) [File not signed]
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [117648 2011-09-21] (Symantec Corporation)
R2 SparkSvc; C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe [97080 2016-01-19] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe [1371960 2015-06-23] (Baidu.com, Inc.)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe [153224 2015-12-10] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 XBox; C:\Users\Maxwel\AppData\Roaming\XBox\XBLive.exe [7142328 2015-12-08] ()
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [334384 2010-01-20] (Symantec Corporation)
R1 ccHP; C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [561800 2015-12-11] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-12-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-12-09] (Symantec Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-09-03] (GAS Tecnologia)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20160104.001\IDSvia64.sys [767224 2015-12-08] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20160104.002\ENG64.SYS [138488 2015-12-09] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20160104.002\EX64.SYS [2148080 2015-12-09] (Symantec Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-01] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS [476720 2009-11-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS [32304 2009-11-05] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1008030.006\SYMEFA64.SYS [402992 2009-11-05] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2015-12-10] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMFW.SYS [120952 2011-09-21] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [31280 2009-11-05] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [56952 2011-09-21] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS [279160 2011-09-21] (Symantec Corporation)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-09-03] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-07 15:17 - 2016-02-07 15:17 - 00020661 _____ C:\Users\Maxwel\Desktop\FRST.txt
2016-02-07 15:17 - 2016-02-07 15:17 - 00000000 ____D C:\FRST
2016-02-07 15:16 - 2016-02-07 15:16 - 02370560 _____ (Farbar) C:\Users\Maxwel\Desktop\FRST64.exe
2016-02-07 15:14 - 2016-02-07 15:15 - 01721344 _____ (Farbar) C:\Users\Maxwel\Downloads\FRST.exe
2016-02-07 09:09 - 2016-02-05 11:35 - 01132808 _____ C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160205_2135.exe
2016-02-06 22:39 - 2016-02-07 00:27 - 931970592 _____ C:\Users\Maxwel\Downloads\Pânico na Floresta 5 - (Terror) Filme Completo Dublado.mp4
2016-02-06 22:36 - 2016-02-07 00:46 - 954173704 _____ C:\Users\Maxwel\Downloads\Pânico na Floresta ( Wrong Turn ) - DUBLADO HD -.mp4
2016-02-06 22:34 - 2016-02-06 22:37 - 291292158 _____ C:\Users\Maxwel\Downloads\Pânico Na Floresta 1 Dublado Completo.mp3.downloading
2016-02-06 21:06 - 2016-02-06 21:35 - 210009981 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .11 - gloria.tv.mp4
2016-02-06 21:06 - 2016-02-06 21:32 - 207169524 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .12 - gloria.tv.mp4
2016-02-06 20:36 - 2016-02-06 21:04 - 202362166 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .9 - gloria.tv.mp4
2016-02-06 20:36 - 2016-02-06 21:02 - 201723837 _____ C:\Users\Maxwel\Downloads\JOSÉ DO EGITO CAP .10 - gloria.tv.mp4
2016-02-06 19:39 - 2016-02-06 19:41 - 70084544 _____ C:\Users\Maxwel\Downloads\CD_Chrystian_e_Ralf_-_As_20_Mais.rar
2016-02-06 13:21 - 2016-02-06 13:21 - 00000000 _____ C:\Users\Maxwel\Downloads\Eduardo Costa 2015 - Vivendo e Aprendendo [CD Completo].mp3.downloading
2016-02-05 09:41 - 2016-02-05 09:41 - 00000000 ____D C:\Users\Maxwel\Desktop\CATOLICAS
2016-02-04 21:38 - 2016-02-04 22:25 - 645278650 _____ C:\Users\Maxwel\Downloads\Assistir O Auto da Compadecida Online HD Completo Grátis.mp4
2016-02-04 16:12 - 2016-02-04 16:32 - 00000000 ____D C:\Users\Maxwel\Downloads\Discografia - João Paulo & Daniel
2016-02-04 16:12 - 2016-02-04 16:12 - 00014609 _____ C:\Users\Maxwel\Downloads\Discografia-João-Paulo-Daniel.rar
2016-02-04 16:10 - 2016-02-04 18:36 - 00000000 ____D C:\Users\Maxwel\Downloads\Chitãozinho e Xororó - Discografia
2016-02-03 19:13 - 2016-02-06 21:18 - 00000000 ____D C:\Users\Maxwel\Downloads\Pânico na Floresta 5 [2012 DUAL AUDIO] 720p
2016-02-03 19:06 - 2016-02-03 23:12 - 421777143 _____ C:\Users\Maxwel\Downloads\Pânico Na Floresta – BluRay Rip 720p Dual Áudio (2003).mp4
2016-02-03 11:06 - 2016-02-02 01:28 - 01132808 _____ C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160202_1128.exe
2016-02-03 11:01 - 2016-02-03 11:01 - 394111521 _____ C:\Windows\MEMORY.DMP
2016-02-01 11:31 - 2016-02-01 11:32 - 00000000 ____D C:\Users\Maxwel\Desktop\sertanejo coletanea
2016-01-30 15:43 - 2016-01-30 17:30 - 651647495 _____ C:\Users\Maxwel\Downloads\KARAOKE SERTANEJO UNIVERSITÁRIO SELEÇAO AGNALDO MINEIRO.mp4
2016-01-30 11:43 - 2016-01-30 11:54 - 00000000 ____D C:\Program Files (x86)\Total Video Converter
2016-01-30 11:43 - 2016-01-30 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video Converter
2016-01-30 11:43 - 2000-05-22 22:58 - 00608448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx
2016-01-27 10:32 - 2016-01-27 10:32 - 00277184 _____ C:\Windows\Minidump\012716-33056-01.dmp
2016-01-25 16:54 - 2016-02-06 16:28 - 00000000 ____D C:\Users\Maxwel\Downloads\SERTANEJO 2
2016-01-25 16:36 - 2016-02-06 16:39 - 00000000 ____D C:\Users\Maxwel\Downloads\SERTANEJO 1
2016-01-24 15:48 - 2016-01-24 15:49 - 00000000 ____D C:\Users\Maxwel\Desktop\RITMO TECLADO
2016-01-24 12:30 - 2016-01-24 12:30 - 36500732 _____ C:\Users\Maxwel\Documents\Track No12.wav
2016-01-24 12:30 - 2016-01-24 12:30 - 33969980 _____ C:\Users\Maxwel\Documents\Track No14.wav
2016-01-24 12:30 - 2016-01-24 12:30 - 26255420 _____ C:\Users\Maxwel\Documents\Track No13.wav
2016-01-24 12:30 - 2016-01-24 12:30 - 01401672 _____ C:\Users\Maxwel\Documents\Track No15.nrg
2016-01-24 12:29 - 2016-01-24 12:30 - 35235356 _____ C:\Users\Maxwel\Documents\Track No11.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 30630140 _____ C:\Users\Maxwel\Documents\Track No09.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 30244412 _____ C:\Users\Maxwel\Documents\Track No10.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 30037436 _____ C:\Users\Maxwel\Documents\Track No08.wav
2016-01-24 12:29 - 2016-01-24 12:29 - 29418860 _____ C:\Users\Maxwel\Documents\Track No07.wav
2016-01-24 12:28 - 2016-01-24 12:29 - 35811596 _____ C:\Users\Maxwel\Documents\Track No06.wav
2016-01-24 12:28 - 2016-01-24 12:28 - 40115756 _____ C:\Users\Maxwel\Documents\Track No03.wav
2016-01-24 12:28 - 2016-01-24 12:28 - 37251020 _____ C:\Users\Maxwel\Documents\Track No05.wav
2016-01-24 12:28 - 2016-01-24 12:28 - 34877852 _____ C:\Users\Maxwel\Documents\Track No04.wav
2016-01-24 12:27 - 2016-01-24 12:28 - 42797036 _____ C:\Users\Maxwel\Documents\Track No02.wav
2016-01-24 12:27 - 2016-01-24 12:27 - 31733228 _____ C:\Users\Maxwel\Documents\Track No01.wav
2016-01-24 11:58 - 2016-01-24 11:58 - 00000000 ____D C:\Users\Maxwel\Desktop\FOTOS
2016-01-24 11:49 - 2016-01-24 11:54 - 00000000 ____D C:\Users\Maxwel\Desktop\MINHAS COMPOSICOES
2016-01-23 23:52 - 2016-01-25 12:23 - 00000000 ____D C:\Users\Maxwel\Downloads\Belchior - 1977 - Coracao Selvagem (LP Rip MP3 at 320) [jarax4u]
2016-01-23 23:44 - 2016-01-24 17:03 - 00000000 ____D C:\Users\Maxwel\Downloads\Belchior - [CD As Melhores][Sempre 2009] - Movienet
2016-01-23 23:34 - 2016-01-25 11:03 - 00000000 ____D C:\Users\Maxwel\Downloads\Moacyr Franco
2016-01-23 21:40 - 2016-01-23 23:06 - 00000000 ____D C:\Users\Maxwel\Downloads\Fagner - discografia
2016-01-23 19:59 - 2016-01-23 20:12 - 00000000 ____D C:\Users\Maxwel\Downloads\ROCK N'2
2016-01-23 17:58 - 2016-01-23 18:28 - 00000000 ____D C:\Users\Maxwel\Downloads\ROCK
2016-01-23 17:13 - 2016-01-23 20:23 - 00000000 ____D C:\Users\Maxwel\Downloads\Va.Ultimate.Trance.2015.Progressive.Edition.[2016]-TDG
2016-01-23 17:05 - 2016-01-23 17:27 - 00000000 ____D C:\Users\Maxwel\Downloads\Summer Eletrohits 2016
2016-01-23 17:03 - 2016-01-23 19:41 - 00000000 ____D C:\Users\Maxwel\Downloads\VA - Progressive Bounce Products Shock (2015)
2016-01-23 16:47 - 2016-01-30 10:42 - 00000000 ____D C:\Users\Maxwel\Downloads\GOSPEL - VARIOS ARTISTAS
2016-01-23 11:54 - 2016-02-03 22:19 - 00000000 ____D C:\Users\Maxwel\Downloads\Discografia Raul Seixas - 38 Álbuns
2016-01-22 16:08 - 2016-01-22 16:08 - 00001072 _____ C:\Users\Public\Desktop\WinRAR.lnk
2016-01-20 10:08 - 2016-01-24 04:47 - 00000000 ____D C:\Users\Maxwel\Downloads\PornoLab{утопая в похоти}Brazil
2016-01-20 09:31 - 2016-01-20 12:10 - 00000000 ____D C:\Users\Maxwel\Downloads\The Submission Of Emma Marx_ Boundaries XXX (2015) DVDRip
2016-01-20 09:28 - 2016-01-20 13:37 - 00000000 ____D C:\Users\Maxwel\Downloads\Alex Romero - Female Prison Guards - SS
2016-01-19 17:23 - 2016-01-19 17:46 - 00000000 ____D C:\Users\Maxwel\Downloads\Piano Bar .2008 [8 CD Box Set][www.lokotorrents.com][mp3]
2016-01-19 11:12 - 2016-01-19 11:12 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\EncryptStick
2016-01-18 18:55 - 2016-01-18 05:55 - 02412032 _____ C:\Users\Maxwel\AppData\Roaming\popnew.exe
2016-01-17 12:19 - 2016-01-17 12:19 - 00004090 _____ C:\Windows\System32\Tasks\SparkUpdater
2016-01-17 12:18 - 2016-01-17 12:18 - 00002206 _____ C:\Users\Public\Desktop\Facebook.lnk
2016-01-17 12:18 - 2016-01-17 12:18 - 00002190 _____ C:\Users\Public\Desktop\Google.lnk
2016-01-17 12:18 - 2016-01-17 12:18 - 00002158 _____ C:\Users\Public\Desktop\Baidu Browser.lnk
2016-01-17 12:18 - 2016-01-17 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Browser
2016-01-17 12:17 - 2016-01-17 12:19 - 00000000 ____D C:\Program Files (x86)\baidu
2016-01-16 12:56 - 2016-01-16 13:49 - 00000000 ____D C:\Users\Maxwel\Downloads\52 Marchinhas de Carnaval
2016-01-15 16:12 - 2016-01-15 16:12 - 00000000 ____D C:\Users\Maxwel\Downloads\Erasmo Carlos
2016-01-15 15:50 - 2016-01-15 15:52 - 00000000 ____D C:\Users\Maxwel\Downloads\Barto Galeno- bolero-
2016-01-15 15:46 - 2016-01-15 15:48 - 00000000 ____D C:\Users\Maxwel\Downloads\Trio Nordestino -forro-
2016-01-15 15:45 - 2016-01-15 15:46 - 00000000 ____D C:\Users\Maxwel\Downloads\sampa crew
2016-01-15 15:41 - 2016-01-15 15:44 - 00000000 ____D C:\Users\Maxwel\Downloads\Sela Rasgada forro
2016-01-14 15:04 - 2016-01-14 15:04 - 00000000 ____D C:\Users\Maxwel\Downloads\Carlos Gardel
2016-01-13 17:33 - 2016-01-14 22:22 - 00000000 ____D C:\Users\Maxwel\Downloads\Nelson Gonçalves
2016-01-12 19:47 - 2016-01-14 18:20 - 00000000 ____D C:\Users\Maxwel\Downloads\Duo Milla Viljamaa and Johanna Juhola - Tango Diary - 2013
2016-01-12 18:04 - 2016-01-12 18:35 - 00000000 ____D C:\Users\Maxwel\Downloads\As Melhores de Bezerra da Silva
2016-01-12 06:21 - 2016-01-15 18:12 - 00000000 ____D C:\Users\Maxwel\Downloads\Tango Chill out (Buenos Aires Sessions)
2016-01-11 22:25 - 2016-01-16 16:10 - 00000000 ____D C:\Users\Maxwel\Downloads\Mana-MTV-Unplugged-1999
2016-01-11 22:09 - 2016-01-15 18:16 - 00000000 ____D C:\Users\Maxwel\Downloads\TrioLosPanchos-69-189
2016-01-11 21:43 - 2016-01-14 10:16 - 00000000 ____D C:\Users\Maxwel\Downloads\Boleros-Cantineros-Vol-1
2016-01-11 19:25 - 2016-01-14 15:27 - 00000000 ____D C:\Users\Maxwel\Downloads\VA - 100% Tango (2015)
2016-01-11 10:13 - 2016-02-07 09:07 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-11 10:13 - 2016-02-07 09:07 - 00000000 ____D C:\Program Files (x86)\osTip
2016-01-11 10:12 - 2016-01-11 10:12 - 00651168 _____ C:\Windows\Minidump\011116-28610-01.dmp
2016-01-10 12:49 - 2016-01-10 12:49 - 00000000 ____D C:\idioma
2016-01-10 12:47 - 2016-01-10 12:47 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-09 15:02 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\Mc Pedrinho - Dom Dom Dom (2015) - www.musicasparabaixar.org
2016-01-09 15:02 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\Funk Paredao 2015 - www.musicasparabaixar.org
2016-01-09 15:02 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\DJ W O MELHOR DO FUNK 2015
2016-01-09 15:01 - 2016-01-09 15:02 - 00000000 ____D C:\Users\Maxwel\Desktop\Balada Funk (2015) - www.musicasparabaixar.org
2016-01-09 13:11 - 2016-02-03 16:01 - 02786816 _____ (TODO: ) C:\Users\Maxwel\AppData\Roaming\svrupg.exe
2016-01-09 13:09 - 2016-01-08 11:10 - 02413056 _____ C:\Users\Maxwel\AppData\Roaming\msiql.exe
2016-01-09 09:49 - 2016-02-07 09:08 - 00000000 ____D C:\Users\Maxwel\AppData\LocalLow\uTorrent
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-07 15:17 - 2015-11-07 12:22 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\uTorrent
2016-02-07 14:40 - 2015-11-06 01:58 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-07 13:27 - 2015-12-20 22:46 - 00000186 _____ C:\Users\Maxwel\AppData\default.pls
2016-02-07 13:11 - 2015-12-24 23:36 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\CalendarTool
2016-02-07 12:42 - 2009-07-14 03:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-07 12:42 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-02-07 11:59 - 2015-12-18 19:22 - 00000000 ____D C:\Users\Maxwel\Documents\ConvertXtoDVD
2016-02-07 10:40 - 2015-11-06 01:58 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 09:14 - 2009-07-14 02:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-07 09:14 - 2009-07-14 02:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-07 09:08 - 2016-01-02 11:11 - 00009441 _____ C:\Users\Maxwel\AppData\Roaming\webad.xml
2016-02-07 09:07 - 2015-11-07 00:39 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-02-07 09:07 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-06 19:42 - 2015-12-11 08:54 - 00000000 ____D C:\Users\Maxwel\Downloads\New folder (2)
2016-02-05 10:18 - 2015-12-26 14:01 - 00000000 ____D C:\Users\Maxwel\Desktop\FUNK
2016-02-04 21:42 - 2015-11-06 01:59 - 00002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 21:42 - 2015-11-06 01:59 - 00002326 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-03 22:48 - 2015-12-13 10:36 - 00000000 ____D C:\Users\Maxwel\Downloads\Discografia de Ze Ramalho
2016-02-03 16:12 - 2015-12-25 00:52 - 00002898 _____ C:\Users\Maxwel\AppData\Roaming\xcgui_debug.txt
2016-02-03 11:02 - 2015-12-03 19:33 - 00000000 ____D C:\Windows\Minidump
2016-02-01 10:35 - 2015-11-06 01:58 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 10:35 - 2015-11-06 01:58 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 13:12 - 2009-07-14 02:45 - 00343552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-30 11:50 - 2015-11-06 01:37 - 00079544 _____ C:\Users\Maxwel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-23 10:06 - 2015-12-15 22:10 - 00000000 ____D C:\Users\Maxwel\Downloads\Titãs
2016-01-22 16:08 - 2015-11-07 12:35 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-22 16:08 - 2015-11-07 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-22 16:08 - 2015-11-07 12:34 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-01-18 11:14 - 2015-12-20 22:37 - 00000000 ____D C:\Users\Maxwel\Downloads\Street Fighter II Victory Completo[Dublado][HDTV]
2016-01-18 11:03 - 2015-12-20 12:10 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-17 12:20 - 2015-12-13 15:39 - 00000000 ____D C:\Users\Maxwel\AppData\Roaming\Baidu
2016-01-17 09:00 - 2015-11-07 00:38 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-01-14 18:19 - 2015-11-06 01:36 - 00000000 ____D C:\Users\Maxwel
2016-01-11 10:17 - 2009-07-14 02:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-11 05:40 - 2016-01-05 08:53 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-01-10 13:07 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-10 12:26 - 2009-11-05 16:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-01-08 14:44 - 2015-11-07 00:38 - 00000000 ____D C:\ProgramData\boost_interprocess
==================== Files in the root of some directories =======
2015-12-24 23:35 - 2015-12-24 23:35 - 2983664 _____ () C:\Users\Maxwel\AppData\Roaming\52beaec59969.exe
2015-12-24 23:34 - 2015-12-24 15:56 - 1888256 _____ () C:\Users\Maxwel\AppData\Roaming\carssn.exe
2016-02-03 11:06 - 2016-02-02 01:28 - 1132808 _____ () C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160202_1128.exe
2016-02-07 09:09 - 2016-02-05 11:35 - 1132808 _____ () C:\Users\Maxwel\AppData\Roaming\downloader_3.0.1330.1_341BR_258_20160205_2135.exe
2015-12-18 19:18 - 2015-12-18 19:18 - 0099384 _____ () C:\Users\Maxwel\AppData\Roaming\inst.exe
2016-01-09 13:09 - 2016-01-08 11:10 - 2413056 _____ () C:\Users\Maxwel\AppData\Roaming\msiql.exe
2015-12-18 19:18 - 2015-12-18 19:18 - 0007859 _____ () C:\Users\Maxwel\AppData\Roaming\pcouffin.cat
2015-12-18 19:18 - 2015-12-18 19:18 - 0001167 _____ () C:\Users\Maxwel\AppData\Roaming\pcouffin.inf
2015-12-18 19:18 - 2015-12-18 19:18 - 0000055 _____ () C:\Users\Maxwel\AppData\Roaming\pcouffin.log
2015-12-18 19:18 - 2015-12-18 19:18 - 0082816 _____ (VSO Software) C:\Users\Maxwel\AppData\Roaming\pcouffin.sys
2016-01-18 18:55 - 2016-01-18 05:55 - 2412032 _____ () C:\Users\Maxwel\AppData\Roaming\popnew.exe
2015-12-24 23:35 - 2015-12-23 07:13 - 4524576 _____ (${COMPANY_NAME}) C:\Users\Maxwel\AppData\Roaming\Setup.exe
2015-12-27 00:02 - 2015-12-25 07:18 - 4540096 _____ (${COMPANY_NAME}) C:\Users\Maxwel\AppData\Roaming\setup.exe@ver=1.0.0.0
2016-01-09 13:11 - 2016-02-03 16:01 - 2786816 _____ (TODO: ) C:\Users\Maxwel\AppData\Roaming\svrupg.exe
2015-11-07 00:38 - 2015-11-07 00:38 - 0017876 _____ () C:\Users\Maxwel\AppData\Roaming\unins000.dat
2015-11-07 00:38 - 2015-11-07 00:38 - 0728225 _____ () C:\Users\Maxwel\AppData\Roaming\unins000.exe
2016-01-02 11:11 - 2016-02-07 09:08 - 0009441 _____ () C:\Users\Maxwel\AppData\Roaming\webad.xml
2015-12-25 00:52 - 2016-02-03 16:12 - 0002898 _____ () C:\Users\Maxwel\AppData\Roaming\xcgui_debug.txt
2015-12-24 23:34 - 2015-11-14 21:06 - 2496403 _____ ( ) C:\Users\Maxwel\AppData\Roaming\yeaplayer_51447.exe
Files to move or delete:
====================
C:\Users\Maxwel\AppData\Local\Temp\is-VCK3T.tmp\pyeaplayer_soft_partner.exe
Some files in TEMP:
====================
C:\Users\Maxwel\AppData\Local\Temp\belchior.cd.as.melhores.sempre.2009.movienet_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\BELCHIOR_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\carssn.exe
C:\Users\Maxwel\AppData\Local\Temp\fagner.discografia_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\ICReinstall_Format-Factory_370.exe
C:\Users\Maxwel\AppData\Local\Temp\karaoke5.exe
C:\Users\Maxwel\AppData\Local\Temp\OSWALDO_MONTE_NEGRO_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\rio_negro_e_solimoes_discografia_downloader.exe
C:\Users\Maxwel\AppData\Local\Temp\spark_install(1).exe
C:\Users\Maxwel\AppData\Local\Temp\spark_install.exe
C:\Users\Maxwel\AppData\Local\Temp\uTorrent.exe
C:\Users\Maxwel\AppData\Local\Temp\wrar530br.exe
C:\Users\Maxwel\AppData\Local\Temp\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Maxwel\AppData\Local\Temp\z2D8zyAGvI.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-29 14:24
==================== End of FRST.txt ============================