cjoint

Publicité


Publicité

Commentaire : http://www.cjoint.com/c/FGxuGdgwLQF

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 23-07-2016 02
Executado por Paulo (administrador) em PAULO-PC (23-07-2016 17:25:22)
Executando a partir de C:\Users\Paulo\Downloads
Perfis Carregados: Paulo (Perfis Disponíveis: Paulo)
Platform: Windows 7 Professional (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [conhost.exe -start] => C:\Users\Paulo\AppData\Local\Temp\26537\conhost.exe [2363392 2016-04-16] () <===== ATENÇÃO
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {4cfc1ff6-3426-11e6-a6ef-c89cdccee77b} - E:\startme.exe
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {69afc046-80bd-11e5-a370-c89cdccee77b} - G:\_aom.exe
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {69afc049-80bd-11e5-a370-c89cdccee77b} - H:\_aom.exe
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {69afc04c-80bd-11e5-a370-c89cdccee77b} - I:\setup.exe
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {69afc05f-80bd-11e5-a370-c89cdccee77b} - F:\Setup.exe
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {7de9c92b-56db-11e5-b206-c89cdccee77b} - E:\startme.exe
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {83014077-49ce-11e5-89b9-c89cdccee77b} - F:\SETUP.EXE
HKU\S-1-5-21-1851996391-1849897294-2707022934-1000\...\MountPoints2: {f5aafdd9-7f4f-11e5-8afd-c89cdccee77b} - F:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DB877DB1-D07B-413C-8AF1-36DE16668380}: [DhcpNameServer] 192.168.0.1
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-1851996391-1849897294-2707022934-1000 -> DefaultScope {7D0AC796-F8C5-4CB1-BA47-843B8A6DB2CC} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1851996391-1849897294-2707022934-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1851996391-1849897294-2707022934-1000 -> {64D9D73B-A1DF-418F-A848-9D07AF88CED6} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1851996391-1849897294-2707022934-1000 -> {7D0AC796-F8C5-4CB1-BA47-843B8A6DB2CC} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-07] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-07] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Paulo\AppData\Roaming\raidcall\plugins\nprcplugin.dll [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR Profile: C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-03]
CHR Extension: (YouTube) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-03]
CHR Extension: (Avatar the Last Airbender) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\camndjlpgaamhclcnlffceakhdocidkd [2016-04-19]
CHR Extension: (Google Search) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-03]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Meu tema do Chrome) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2016-01-03]
CHR Extension: (Gmail) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-03]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [125440 2016-02-04] (Dassault Systèmes) [Arquivo não assinado]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-08-23] () [Arquivo não assinado]
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-08-30] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 clcmanagersrv; "C:\Program Files (x86)\Clcegh\clcmanagersrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2015-11-15] (Dev47Apps)
S3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2015-11-15] (Dev47Apps)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-30] (Disc Soft Ltd)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2015-08-23] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2015-08-23] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-03] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-30] (REALiX(tm))
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8222312 2012-03-07] (Realtek Semiconductor Corp.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-23 17:25 - 2016-07-23 17:25 - 00014547 _____ C:\Users\Paulo\Downloads\FRST.txt
2016-07-23 17:25 - 2016-07-23 17:25 - 00000000 ____D C:\FRST
2016-07-23 17:24 - 2016-07-23 17:24 - 02394112 _____ (Farbar) C:\Users\Paulo\Downloads\FRST64.exe
2016-07-22 06:24 - 2016-07-22 06:38 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-07-22 06:24 - 2016-07-22 06:38 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-22 03:02 - 2016-07-22 03:02 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\Microsoft Help
2016-07-22 03:02 - 2016-07-22 03:02 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-07-22 03:02 - 2016-07-22 03:02 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-07-21 23:41 - 2016-06-25 13:03 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2016-07-21 23:23 - 2016-07-22 03:02 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-07-21 23:23 - 2016-07-22 03:02 - 00001912 _____ C:\Windows\epplauncher.mif
2016-07-21 23:23 - 2016-07-22 03:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-07-21 23:23 - 2016-07-22 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-07-21 23:22 - 2016-07-21 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-21 23:22 - 2010-04-09 08:06 - 01898376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-07-21 23:22 - 2010-04-09 08:06 - 00374664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-07-21 23:21 - 2016-07-21 23:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-21 23:21 - 2016-07-21 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-21 23:14 - 2016-07-21 23:14 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2016-07-21 22:44 - 2016-01-12 01:40 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-07-21 22:44 - 2015-12-18 03:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-07-21 22:44 - 2015-12-18 03:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-07-21 22:44 - 2015-12-18 03:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-07-19 19:55 - 2016-07-19 19:55 - 00002089 _____ C:\Users\Paulo\Desktop\Hearthstone Deck Tracker - Atalho.lnk
2016-07-19 19:53 - 2016-07-21 22:52 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\HearthstoneDeckTracker
2016-07-19 19:42 - 2016-07-19 20:23 - 00000000 ____D C:\Users\Paulo\AppData\Local\Innkeeper
2016-07-19 19:42 - 2016-07-19 19:42 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\InnkeeperUI
2016-07-19 19:42 - 2016-07-19 19:42 - 00000000 ____D C:\Users\Paulo\AppData\Local\SquirrelTemp
2016-07-19 19:23 - 2016-07-19 19:23 - 00000000 ____D C:\Users\Paulo\Downloads\Hearthstone.Deck.Tracker-v0.15.10
2016-07-16 14:00 - 2016-07-15 19:51 - 156846745 _____ C:\Users\Paulo\Desktop\MOV_0131.mp4
2016-07-16 13:54 - 2016-07-15 19:41 - 435790881 _____ C:\Users\Paulo\Desktop\MOV_0130.mp4
2016-07-16 13:41 - 2016-07-15 19:35 - 894291501 _____ C:\Users\Paulo\Desktop\MOV_0129.mp4
2016-07-16 13:04 - 2016-07-15 19:24 - 2640232865 _____ C:\Users\Paulo\Desktop\MOV_0128.mp4
2016-07-12 19:38 - 2016-07-12 19:38 - 00000000 ____D C:\Users\Paulo\AppData\LocalLow\Blizzard Entertainment

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-07-23 17:22 - 2015-08-23 16:46 - 00000000 ___RD C:\League of Legends
2016-07-23 17:21 - 2016-04-19 12:53 - 00000330 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_Paulo.job
2016-07-23 17:18 - 2016-04-19 12:53 - 00000600 _____ C:\Windows\Tasks\PPTAssistantUpdateTask_Paulo.job
2016-07-23 17:18 - 2015-12-20 08:07 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Skype
2016-07-23 17:13 - 2015-08-23 16:27 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-23 17:05 - 2015-09-02 09:56 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-23 17:03 - 2016-01-03 13:33 - 00002098 _____ C:\Users\Paulo\Desktop\chrome - Atalho.lnk
2016-07-23 17:03 - 2015-08-23 16:00 - 00001461 _____ C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-23 17:03 - 2015-08-23 16:00 - 00001427 _____ C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-07-23 16:14 - 2015-09-05 16:14 - 00001022 _____ C:\Windows\Tasks\BJkeUzN0YJwgreJbaTqu8rGur.job
2016-07-23 09:09 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 09:09 - 2009-07-14 01:45 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 09:08 - 2009-07-29 12:58 - 02131094 _____ C:\Windows\system32\prfh0416.dat
2016-07-23 09:08 - 2009-07-29 12:58 - 01509368 _____ C:\Windows\system32\prfc0416.dat
2016-07-23 09:08 - 2009-07-14 02:13 - 00006210 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-23 09:02 - 2015-08-23 16:27 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-23 09:01 - 2015-08-23 16:50 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-07-23 09:01 - 2015-08-23 16:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-23 09:01 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-22 03:21 - 2009-07-14 01:45 - 00345896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-22 03:05 - 2015-08-23 16:53 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-07-22 03:04 - 2009-07-13 23:34 - 00000478 _____ C:\Windows\win.ini
2016-07-21 22:45 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-21 22:44 - 2015-08-23 16:46 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2016-07-21 22:44 - 2015-08-23 16:46 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-21 19:45 - 2015-09-26 23:43 - 00000000 ____D C:\Users\Paulo\AppData\Local\Battle.net
2016-07-21 19:45 - 2015-09-26 23:41 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-20 18:41 - 2015-10-20 19:46 - 00000000 ____D C:\Users\Paulo\AppData\Local\CrashDumps
2016-07-16 14:02 - 2015-09-26 23:43 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Battle.net
2016-07-16 13:21 - 2016-06-05 10:23 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-07-16 11:12 - 2016-06-16 10:24 - 00000000 ___RD C:\Users\Paulo\Downloads\Rafaela
2016-07-16 10:15 - 2016-02-02 19:02 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-14 22:12 - 2015-11-21 13:07 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\OBS
2016-07-14 18:11 - 2015-09-08 20:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-07-13 21:56 - 2015-08-23 21:05 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-07-13 21:56 - 2015-08-23 21:05 - 00000000 ____D C:\ProgramData\Skype
2016-07-12 18:05 - 2016-06-17 12:05 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-12 18:05 - 2015-09-02 09:56 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-12 18:05 - 2015-09-02 09:56 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 18:05 - 2015-09-02 09:56 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-12 18:05 - 2015-09-02 09:56 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 18:05 - 2015-09-02 09:56 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 17:28 - 2015-09-03 22:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 17:28 - 2015-09-03 22:55 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-10 09:21 - 2015-09-27 00:18 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-07-06 21:39 - 2015-08-23 16:57 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-27 18:19 - 2015-08-23 16:27 - 00087560 _____ C:\Users\Paulo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-26 10:54 - 2016-05-14 15:03 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\TS3Client
2016-06-25 10:29 - 2016-05-14 14:39 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

==================== Arquivos na raiz de alguns diretórios =======

2016-04-19 12:52 - 2016-04-19 12:52 - 0347956 _____ (YellowSend.com) C:\Users\Paulo\AppData\Local\nsz5FCF.tmp
2015-11-29 13:59 - 2015-11-29 14:01 - 29380776 _____ (Sony Mobile Communications ) C:\Users\Paulo\AppData\Local\pcc.exe
2016-01-20 19:17 - 2016-01-20 19:17 - 0000017 _____ () C:\Users\Paulo\AppData\Local\resmon.resmoncfg
2016-04-19 12:53 - 2016-04-19 07:39 - 0114176 _____ () C:\ProgramData\hp.exe
2016-04-19 12:53 - 2016-04-19 12:53 - 0001634 _____ () C:\ProgramData\webad.xml

Arquivos para serem movidos ou deletados:
====================
C:\Users\Paulo\AppData\Local\Temp\26537\conhost.exe
C:\ProgramData\hp.exe
C:\Users\Todos os Usuários\hp.exe


Alguns arquivos em TEMP:
====================
C:\Users\Paulo\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-07-17 06:54

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité