Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 24-07-2016
Executado por Altair (administrador) em ALTAIRCASA (24-07-2016 19:53:01)
Executando a partir de C:\Users\Altair\Desktop
Perfis Carregados: Altair (Perfis Disponíveis: Altair)
Platform: Windows 8.1 Pro (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Altair\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Altair\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Altair\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-04-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-06-06] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-08] (Valve Corporation)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [uTorrent] => C:\Users\Altair\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [Photoshop] => wscript.exe //B "C:\Users\Altair\AppData\Roaming\Photoshop.vbs"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {28f7e7a0-112e-11e6-8264-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {3238e8bf-2024-11e6-8272-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {3238fc60-2024-11e6-8272-74d43596e8af} - "W:\Setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {3835438f-10aa-11e6-8263-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {7477585d-188b-11e6-826e-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {e3e5b579-e783-11e5-8256-74d43596e8af} - "I:\setup.exe"
Startup: C:\Users\Altair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2016-06-18]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Altair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Photoshop.vbs [2016-07-13] ()
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 177.44.161.19 200.0.48.2
Tcpip\..\Interfaces\{3A739783-24F3-4B90-83E4-CE0D15C8B067}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{A9F620D9-6643-4F09-B6C7-0C8090A0D56A}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{EEFAF6F2-3461-454D-836E-44F99CD6A3F8}: [DhcpNameServer] 177.44.161.19 200.0.48.2
Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-21] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-21] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2016-03-18] (Reto-Moto ApS)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => não encontrado (a)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Profile: C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tampermonkey) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-22]
CHR Extension: (Heroes & Generals) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2016-05-10]
CHR Extension: (AdBlock) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-05]
CHR Extension: (Steam Workshop Downloader Button) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfonkbjfloigokikgdgahcjnkkcbalde [2016-05-22]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Click&Clean App) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-07-16]
CHR Profile: C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Apresentações) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Planilhas do Google) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Documentos Google off-line) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (AdBlock) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-17]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
Opera:
=======
OPR StartupUrls: "hxxp://google.com.br/"
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [240416 2016-03-24] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-06-06] (Plays.tv, LLC)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI) [Arquivo não assinado]
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Arquivo não assinado]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [Arquivo não assinado]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [111128 2016-03-07] (Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-03-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-03-11] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
S3 mcdevice; C:\Windows\system32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2016-04-05] (SlimWare Utilities, Inc.)
S3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-24 19:53 - 2016-07-24 19:53 - 00015353 _____ C:\Users\Altair\Desktop\FRST.txt
2016-07-24 19:52 - 2016-07-24 19:53 - 00000000 ____D C:\FRST
2016-07-24 19:51 - 2016-07-24 19:52 - 02394112 _____ (Farbar) C:\Users\Altair\Desktop\FRST64.exe
2016-07-24 19:48 - 2016-07-24 19:48 - 00001645 _____ C:\Users\Public\Desktop\Starbound.lnk
2016-07-24 19:48 - 2016-07-24 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starbound [GOG.com]
2016-07-24 18:49 - 2016-07-24 18:49 - 00000000 ____D C:\Users\Altair\AppData\LocalLow\uTorrent
2016-07-21 12:53 - 2016-07-24 13:06 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\LogMeIn Hamachi
2016-07-21 12:53 - 2016-07-24 13:06 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-07-21 12:53 - 2016-07-24 13:06 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-07-21 12:52 - 2016-07-21 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-07-21 12:52 - 2016-07-21 12:52 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-07-20 12:04 - 2016-07-20 12:04 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2016-07-19 20:33 - 2016-07-19 20:33 - 00000000 ____D C:\Users\Altair\Documents\Rockstar Games
2016-07-19 20:33 - 2016-07-19 20:33 - 00000000 ____D C:\Users\Altair\AppData\Local\Rockstar Games
2016-07-19 20:32 - 2016-07-19 20:32 - 00000000 ____D C:\Program Files\Rockstar Games
2016-07-19 20:32 - 2016-07-19 20:32 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-07-15 18:36 - 2016-07-16 20:23 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2016-07-15 18:36 - 2016-07-16 20:21 - 00000000 ____D C:\Users\Altair\AppData\Local\Bethesda.net Launcher
2016-07-15 18:36 - 2016-07-15 18:36 - 00001164 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2016-07-15 18:36 - 2016-07-15 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2016-07-14 21:04 - 2016-07-14 21:04 - 00000000 ____D C:\Users\Altair\Desktop\Projetos
2016-07-14 12:52 - 2016-07-14 12:52 - 00000000 ____D C:\Users\Altair\AppData\LocalLow\Adobe
2016-07-14 12:51 - 2016-07-14 12:51 - 00001704 _____ C:\Users\Altair\Desktop\Photoshop - Atalho.lnk
2016-07-14 12:48 - 2016-07-13 13:39 - 00088031 _____ C:\Users\Altair\AppData\Roaming\Photoshop.vbs
2016-07-14 12:45 - 2016-07-14 12:45 - 00003508 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-AltairCasa-Altair
2016-07-14 12:45 - 2016-07-14 12:45 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-07-14 12:45 - 2016-07-14 12:45 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
2016-07-14 12:45 - 2016-07-14 12:45 - 00000000 ____D C:\Users\Altair\Documents\Adobe
2016-07-14 12:45 - 2016-07-14 12:45 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-14 12:42 - 2016-07-14 12:42 - 00001558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-07-14 12:41 - 2016-07-14 12:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-14 12:41 - 2016-07-14 12:41 - 00000000 ____D C:\Program Files\Adobe
2016-07-14 12:38 - 2016-07-24 13:09 - 00000000 ____D C:\Users\Altair\AppData\Local\Adobe
2016-07-14 12:38 - 2016-07-14 13:21 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-07-14 12:38 - 2016-07-14 13:21 - 00000000 ____D C:\ProgramData\Adobe
2016-07-14 12:07 - 2016-07-14 12:08 - 00000000 ____D C:\Users\Altair\Desktop\wnetwatcher
2016-07-13 23:03 - 2016-07-13 23:03 - 00000000 ____D C:\Users\Altair\AppData\Local\CrashRpt
2016-07-13 12:32 - 2016-07-13 13:24 - 00000000 ____D C:\Users\Altair\Desktop\Adobe Photoshop CC 2015 Crack Works! (x32 & x64) [Mayoski]
2016-06-30 12:27 - 2016-06-30 12:27 - 00001906 _____ C:\Users\Altair\Desktop\American Truck Simulator.lnk
2016-06-30 00:45 - 2016-07-07 22:37 - 00000000 ____D C:\Users\Altair\Documents\American Truck Simulator
2016-06-30 00:44 - 2016-06-30 00:44 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Truck Simulator.lnk
2016-06-30 00:42 - 2016-06-30 00:44 - 00000000 ____D C:\Program Files (x86)\American Truck Simulator
2016-06-27 00:57 - 2016-06-27 01:06 - 59115271 _____ C:\Users\Altair\Downloads\popcorntime.apk
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-24 19:53 - 2016-02-26 22:07 - 00000000 ____D C:\Users\Altair\AppData\Roaming\uTorrent
2016-07-24 19:48 - 2016-02-14 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-07-24 19:48 - 2016-02-14 18:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-24 19:44 - 2016-03-06 01:31 - 00000000 ____D C:\GOG Games
2016-07-24 19:10 - 2016-02-14 18:59 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-24 19:10 - 2016-02-14 18:59 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-24 18:14 - 2016-05-10 00:16 - 00000000 ____D C:\Users\Altair\AppData\Local\LogMeIn Hamachi
2016-07-24 18:14 - 2016-02-15 18:58 - 00000000 ____D C:\Users\Altair\AppData\Roaming\Skype
2016-07-24 18:14 - 2016-02-15 00:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-22 19:38 - 2016-03-20 21:16 - 00000000 ____D C:\Users\Altair\AppData\LocalLow\Heroes and Generals
2016-07-22 19:35 - 2016-03-20 20:47 - 00000000 ____D C:\Program Files (x86)\Heroes & Generals
2016-07-22 19:35 - 2016-02-14 18:21 - 00000000 ____D C:\Users\Altair
2016-07-22 18:21 - 2016-02-15 00:23 - 03336192 ___SH C:\Users\Altair\Desktop\Thumbs.db
2016-07-21 19:14 - 2016-02-14 18:27 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1438835321-1291254538-416897155-1001
2016-07-19 20:34 - 2016-02-14 18:56 - 00000000 ____D C:\Users\Altair\AppData\Local\AMD
2016-07-14 13:04 - 2016-06-11 13:20 - 00000000 ____D C:\Users\Altair\AppData\Local\ElevatedDiagnostics
2016-07-14 12:45 - 2016-02-14 18:22 - 00000000 ____D C:\Users\Altair\AppData\Roaming\Adobe
2016-07-14 12:41 - 2016-05-18 18:41 - 00000000 ____D C:\Users\Altair\AppData\Roaming\vlc
2016-07-13 22:42 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-12 23:21 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
2016-07-07 21:48 - 2016-02-28 12:32 - 00000000 ____D C:\Users\Altair\Downloads\PopcornTime
2016-06-26 23:48 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-26 23:19 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-26 23:18 - 2016-06-19 21:05 - 00000000 ____D C:\Users\Altair\Desktop\musicas
2016-06-26 23:18 - 2016-05-10 10:42 - 00000000 ____D C:\Users\Altair\AppData\Roaming\DMCache
2016-06-26 23:18 - 2016-05-10 10:42 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-06-26 15:44 - 2016-03-13 02:12 - 00000000 ____D C:\Program Files\DiRT Rally
2016-06-24 18:23 - 2016-02-15 18:57 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-06-24 18:23 - 2016-02-15 18:57 - 00000000 ____D C:\ProgramData\Skype
2016-06-24 12:17 - 2016-02-14 19:02 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-24 12:17 - 2016-02-14 19:02 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-07-14 12:48 - 2016-07-13 13:39 - 0088031 _____ () C:\Users\Altair\AppData\Roaming\Photoshop.vbs
Arquivos para serem movidos ou deletados:
====================
C:\Users\Altair\Windows_10+8.x_MouseFix_ItemsSize=100%_Scale=1-to-1_@6-of-11.reg
Alguns arquivos em TEMP:
====================
C:\Users\Altair\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Altair\AppData\Local\Temp\bitool.dll
C:\Users\Altair\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Altair\AppData\Local\Temp\ICReinstall_LemonadeTycoonSetup.exe
C:\Users\Altair\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Altair\AppData\Local\Temp\playstv_patch.exe
C:\Users\Altair\AppData\Local\Temp\raptrpatch.exe
C:\Users\Altair\AppData\Local\Temp\raptr_stub.exe
C:\Users\Altair\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Altair\AppData\Local\Temp\_is274C.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-07-18 13:13
==================== Fim de FRST.txt ============================
Executado por Altair (administrador) em ALTAIRCASA (24-07-2016 19:53:01)
Executando a partir de C:\Users\Altair\Desktop
Perfis Carregados: Altair (Perfis Disponíveis: Altair)
Platform: Windows 8.1 Pro (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Altair\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Altair\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Altair\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13876952 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-04-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-06-06] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-08] (Valve Corporation)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [uTorrent] => C:\Users\Altair\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\Run: [Photoshop] => wscript.exe //B "C:\Users\Altair\AppData\Roaming\Photoshop.vbs"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {28f7e7a0-112e-11e6-8264-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {3238e8bf-2024-11e6-8272-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {3238fc60-2024-11e6-8272-74d43596e8af} - "W:\Setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {3835438f-10aa-11e6-8263-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {7477585d-188b-11e6-826e-74d43596e8af} - "V:\setup.exe"
HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\MountPoints2: {e3e5b579-e783-11e5-8256-74d43596e8af} - "I:\setup.exe"
Startup: C:\Users\Altair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2016-06-18]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
Startup: C:\Users\Altair\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Photoshop.vbs [2016-07-13] ()
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 177.44.161.19 200.0.48.2
Tcpip\..\Interfaces\{3A739783-24F3-4B90-83E4-CE0D15C8B067}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{A9F620D9-6643-4F09-B6C7-0C8090A0D56A}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{EEFAF6F2-3461-454D-836E-44F99CD6A3F8}: [DhcpNameServer] 177.44.161.19 200.0.48.2
Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-26] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-21] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-21] (Oracle Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-26] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-21] (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll [2016-03-18] (Reto-Moto ApS)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF HKU\S-1-5-21-1438835321-1291254538-416897155-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => não encontrado (a)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Profile: C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tampermonkey) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-07-22]
CHR Extension: (Heroes & Generals) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbophcdhblbipoaacgchllkobdaolpge [2016-05-10]
CHR Extension: (AdBlock) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-05]
CHR Extension: (Steam Workshop Downloader Button) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfonkbjfloigokikgdgahcjnkkcbalde [2016-05-22]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Click&Clean App) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-07-16]
CHR Profile: C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Apresentações) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Planilhas do Google) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Documentos Google off-line) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-18]
CHR Extension: (AdBlock) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-17]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Altair\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
Opera:
=======
OPR StartupUrls: "hxxp://google.com.br/"
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [240416 2016-03-24] (EasyAntiCheat Ltd)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-06-06] (Plays.tv, LLC)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-11] (@ByELDI) [Arquivo não assinado]
S4 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Arquivo não assinado]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc) [Arquivo não assinado]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [111128 2016-03-07] (Advanced Micro Devices)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-03-11] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-03-11] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
S3 mcdevice; C:\Windows\system32\DRIVERS\mcdevice.sys [334400 2011-05-19] (ShiningMorning Inc.)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2016-04-05] (SlimWare Utilities, Inc.)
S3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [47736 2015-12-21] (Tunngle.net)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-24 19:53 - 2016-07-24 19:53 - 00015353 _____ C:\Users\Altair\Desktop\FRST.txt
2016-07-24 19:52 - 2016-07-24 19:53 - 00000000 ____D C:\FRST
2016-07-24 19:51 - 2016-07-24 19:52 - 02394112 _____ (Farbar) C:\Users\Altair\Desktop\FRST64.exe
2016-07-24 19:48 - 2016-07-24 19:48 - 00001645 _____ C:\Users\Public\Desktop\Starbound.lnk
2016-07-24 19:48 - 2016-07-24 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starbound [GOG.com]
2016-07-24 18:49 - 2016-07-24 18:49 - 00000000 ____D C:\Users\Altair\AppData\LocalLow\uTorrent
2016-07-21 12:53 - 2016-07-24 13:06 - 00000000 ____D C:\Users\Usuário Padrão\AppData\Local\LogMeIn Hamachi
2016-07-21 12:53 - 2016-07-24 13:06 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-07-21 12:53 - 2016-07-24 13:06 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-07-21 12:52 - 2016-07-21 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-07-21 12:52 - 2016-07-21 12:52 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-07-20 12:04 - 2016-07-20 12:04 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2016-07-19 20:33 - 2016-07-19 20:33 - 00000000 ____D C:\Users\Altair\Documents\Rockstar Games
2016-07-19 20:33 - 2016-07-19 20:33 - 00000000 ____D C:\Users\Altair\AppData\Local\Rockstar Games
2016-07-19 20:32 - 2016-07-19 20:32 - 00000000 ____D C:\Program Files\Rockstar Games
2016-07-19 20:32 - 2016-07-19 20:32 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-07-15 18:36 - 2016-07-16 20:23 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2016-07-15 18:36 - 2016-07-16 20:21 - 00000000 ____D C:\Users\Altair\AppData\Local\Bethesda.net Launcher
2016-07-15 18:36 - 2016-07-15 18:36 - 00001164 _____ C:\Users\Public\Desktop\Bethesda.net Launcher.lnk
2016-07-15 18:36 - 2016-07-15 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2016-07-14 21:04 - 2016-07-14 21:04 - 00000000 ____D C:\Users\Altair\Desktop\Projetos
2016-07-14 12:52 - 2016-07-14 12:52 - 00000000 ____D C:\Users\Altair\AppData\LocalLow\Adobe
2016-07-14 12:51 - 2016-07-14 12:51 - 00001704 _____ C:\Users\Altair\Desktop\Photoshop - Atalho.lnk
2016-07-14 12:48 - 2016-07-13 13:39 - 00088031 _____ C:\Users\Altair\AppData\Roaming\Photoshop.vbs
2016-07-14 12:45 - 2016-07-14 12:45 - 00003508 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-AltairCasa-Altair
2016-07-14 12:45 - 2016-07-14 12:45 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2016-07-14 12:45 - 2016-07-14 12:45 - 00000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
2016-07-14 12:45 - 2016-07-14 12:45 - 00000000 ____D C:\Users\Altair\Documents\Adobe
2016-07-14 12:45 - 2016-07-14 12:45 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-07-14 12:42 - 2016-07-14 12:42 - 00001558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-07-14 12:41 - 2016-07-14 12:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-07-14 12:41 - 2016-07-14 12:41 - 00000000 ____D C:\Program Files\Adobe
2016-07-14 12:38 - 2016-07-24 13:09 - 00000000 ____D C:\Users\Altair\AppData\Local\Adobe
2016-07-14 12:38 - 2016-07-14 13:21 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-07-14 12:38 - 2016-07-14 13:21 - 00000000 ____D C:\ProgramData\Adobe
2016-07-14 12:07 - 2016-07-14 12:08 - 00000000 ____D C:\Users\Altair\Desktop\wnetwatcher
2016-07-13 23:03 - 2016-07-13 23:03 - 00000000 ____D C:\Users\Altair\AppData\Local\CrashRpt
2016-07-13 12:32 - 2016-07-13 13:24 - 00000000 ____D C:\Users\Altair\Desktop\Adobe Photoshop CC 2015 Crack Works! (x32 & x64) [Mayoski]
2016-06-30 12:27 - 2016-06-30 12:27 - 00001906 _____ C:\Users\Altair\Desktop\American Truck Simulator.lnk
2016-06-30 00:45 - 2016-07-07 22:37 - 00000000 ____D C:\Users\Altair\Documents\American Truck Simulator
2016-06-30 00:44 - 2016-06-30 00:44 - 00001143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\American Truck Simulator.lnk
2016-06-30 00:42 - 2016-06-30 00:44 - 00000000 ____D C:\Program Files (x86)\American Truck Simulator
2016-06-27 00:57 - 2016-06-27 01:06 - 59115271 _____ C:\Users\Altair\Downloads\popcorntime.apk
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-07-24 19:53 - 2016-02-26 22:07 - 00000000 ____D C:\Users\Altair\AppData\Roaming\uTorrent
2016-07-24 19:48 - 2016-02-14 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-07-24 19:48 - 2016-02-14 18:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-24 19:44 - 2016-03-06 01:31 - 00000000 ____D C:\GOG Games
2016-07-24 19:10 - 2016-02-14 18:59 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-24 19:10 - 2016-02-14 18:59 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-24 18:14 - 2016-05-10 00:16 - 00000000 ____D C:\Users\Altair\AppData\Local\LogMeIn Hamachi
2016-07-24 18:14 - 2016-02-15 18:58 - 00000000 ____D C:\Users\Altair\AppData\Roaming\Skype
2016-07-24 18:14 - 2016-02-15 00:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-22 19:38 - 2016-03-20 21:16 - 00000000 ____D C:\Users\Altair\AppData\LocalLow\Heroes and Generals
2016-07-22 19:35 - 2016-03-20 20:47 - 00000000 ____D C:\Program Files (x86)\Heroes & Generals
2016-07-22 19:35 - 2016-02-14 18:21 - 00000000 ____D C:\Users\Altair
2016-07-22 18:21 - 2016-02-15 00:23 - 03336192 ___SH C:\Users\Altair\Desktop\Thumbs.db
2016-07-21 19:14 - 2016-02-14 18:27 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1438835321-1291254538-416897155-1001
2016-07-19 20:34 - 2016-02-14 18:56 - 00000000 ____D C:\Users\Altair\AppData\Local\AMD
2016-07-14 13:04 - 2016-06-11 13:20 - 00000000 ____D C:\Users\Altair\AppData\Local\ElevatedDiagnostics
2016-07-14 12:45 - 2016-02-14 18:22 - 00000000 ____D C:\Users\Altair\AppData\Roaming\Adobe
2016-07-14 12:41 - 2016-05-18 18:41 - 00000000 ____D C:\Users\Altair\AppData\Roaming\vlc
2016-07-13 22:42 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-12 23:21 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
2016-07-07 21:48 - 2016-02-28 12:32 - 00000000 ____D C:\Users\Altair\Downloads\PopcornTime
2016-06-26 23:48 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-26 23:19 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-26 23:18 - 2016-06-19 21:05 - 00000000 ____D C:\Users\Altair\Desktop\musicas
2016-06-26 23:18 - 2016-05-10 10:42 - 00000000 ____D C:\Users\Altair\AppData\Roaming\DMCache
2016-06-26 23:18 - 2016-05-10 10:42 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-06-26 15:44 - 2016-03-13 02:12 - 00000000 ____D C:\Program Files\DiRT Rally
2016-06-24 18:23 - 2016-02-15 18:57 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-06-24 18:23 - 2016-02-15 18:57 - 00000000 ____D C:\ProgramData\Skype
2016-06-24 12:17 - 2016-02-14 19:02 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-24 12:17 - 2016-02-14 19:02 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-07-14 12:48 - 2016-07-13 13:39 - 0088031 _____ () C:\Users\Altair\AppData\Roaming\Photoshop.vbs
Arquivos para serem movidos ou deletados:
====================
C:\Users\Altair\Windows_10+8.x_MouseFix_ItemsSize=100%_Scale=1-to-1_@6-of-11.reg
Alguns arquivos em TEMP:
====================
C:\Users\Altair\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\Altair\AppData\Local\Temp\bitool.dll
C:\Users\Altair\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Altair\AppData\Local\Temp\ICReinstall_LemonadeTycoonSetup.exe
C:\Users\Altair\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\Altair\AppData\Local\Temp\playstv_patch.exe
C:\Users\Altair\AppData\Local\Temp\raptrpatch.exe
C:\Users\Altair\AppData\Local\Temp\raptr_stub.exe
C:\Users\Altair\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Altair\AppData\Local\Temp\_is274C.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-07-18 13:13
==================== Fim de FRST.txt ============================