Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-02-2017
Executado por Rodrix (administrador) em SAMUEL-PC (21-02-2017 17:00:14)
Executando a partir de C:\Users\Rodrix\Downloads
Perfis Carregados: Rodrix (Perfis Disponíveis: Rodrix & xamu)
Platform: Windows 10 Pro Versão 1607 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Edge)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4E0D59CC-6F6A-4448-8BBC-DF71CDB9B9B9}\NvCplSetupInt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoSMMyDocs] 0
HKLM\...\Policies\Explorer: [NoSMMyPictures] 0
HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\S-1-5-21-2908037372-2171883679-1737146749-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-23] (Microsoft Corporation)
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [43520 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [43520 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5723e0c0-b791-43f6-a0da-cf6e9cc16698}: [NameServer] 4.2.2.1,4.2.2.2
Tcpip\..\Interfaces\{5723e0c0-b791-43f6-a0da-cf6e9cc16698}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2908037372-2171883679-1737146749-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2908037372-2171883679-1737146749-1000 -> {791E1555-2EF7-4CC4-8163-936AE58F230A} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-28] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-01-04] (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-28] (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Nenhum Arquivo
FireFox:
========
FF DefaultProfile: r7hjvm62.default
FF ProfilePath: C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default [2017-02-21]
FF NewTab: Mozilla\Firefox\Profiles\r7hjvm62.default -> hxxp://games.onesearch.org?uid=5a8343cb-f9de-96f2-7569-6a046abeda15&uc=20161227&ap=&source=&page=newtab&implementation_id=games_0.2.0
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r7hjvm62.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\r7hjvm62.default -> www.google.com.br/
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-12-28]
FF Extension: (Adblock Plus) - C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-08]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default\features\{8baffb4e-f39c-46fa-8f84-672a45d69586}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-01-04] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default [2017-02-20]
CHR Extension: (Google Docs) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-12]
CHR Extension: (Google Drive) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-12]
CHR Extension: (YouTube) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-12]
CHR Extension: (Documentos Google off-line) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-12]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-01-04] (Perfect World Entertainment Inc)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395536 2017-01-15] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [Arquivo não assinado]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [33592 2017-01-14] (Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [230712 2017-01-14] (Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-01-11] ()
S3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; não ImagePath
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
U3 wpcsvc; não ImagePath
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-21 17:00 - 2017-02-21 17:00 - 00019751 _____ C:\Users\Rodrix\Downloads\FRST.txt
2017-02-21 17:00 - 2017-02-21 17:00 - 00000000 ____D C:\FRST
2017-02-21 16:59 - 2017-02-21 16:59 - 02422784 _____ (Farbar) C:\Users\Rodrix\Desktop\FRST64.exe
2017-02-21 16:36 - 2017-02-21 16:36 - 02641920 _____ C:\Users\Rodrix\Downloads\SDM_PT.msi
2017-02-21 16:31 - 2017-02-21 16:31 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Logitech
2017-02-21 16:31 - 2017-02-21 16:31 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Logishrd
2017-02-21 16:29 - 2017-02-21 16:31 - 99147752 _____ (Logitech Inc.) C:\Users\Rodrix\Downloads\LGS_8.91.48_x64_Logitech.exe
2017-02-20 12:14 - 2017-02-20 12:14 - 15972467 _____ C:\Users\Rodrix\Downloads\2016 - Apostila Arquitetura de Computadores.pdf
2017-02-19 21:17 - 2017-02-19 21:17 - 00060356 _____ C:\Users\Rodrix\Downloads\PLANO DE ENSINO - ARQUITETURA DE COMPUTADORES.pdf
2017-02-18 21:53 - 2017-02-18 21:56 - 41285901 _____ C:\Users\Rodrix\Documents\juke.wmv
2017-02-17 16:01 - 2017-02-17 16:03 - 18757793 _____ C:\Users\Rodrix\Documents\finalziao.wmv
2017-02-17 14:47 - 2017-02-17 14:47 - 00001135 _____ C:\Users\Rodrix\Desktop\Vegas Pro 13.0 (64-bit).lnk
2017-02-17 14:46 - 2017-02-17 14:47 - 00006078 _____ C:\WINDOWS\system32\--traceoff
2017-02-17 14:46 - 2017-02-17 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-02-17 14:46 - 2017-02-17 14:46 - 00000000 _____ C:\WINDOWS\system32\--debugoff
2017-02-17 14:45 - 2016-04-26 15:29 - 00000000 ____D C:\Users\Rodrix\Desktop\Sony Vegas Pro 13.0 - LefyTutors
2017-02-17 12:00 - 2017-02-17 12:01 - 00000000 ____D C:\Users\Rodrix\Desktop\FUmec
2017-02-17 11:29 - 2017-02-17 11:29 - 00000000 ____D C:\Users\Rodrix\Desktop\Trab
2017-02-16 15:51 - 2017-02-16 15:51 - 00162896 _____ C:\Users\Rodrix\Downloads\Kitsune^2 - Rainbow Tylenol(1).mp3.sfk
2017-02-16 15:50 - 2017-02-16 15:51 - 624230400 _____ C:\Users\Rodrix\Downloads\Perfect World Fidelity Update 101.rar
2017-02-16 15:50 - 2017-02-16 15:50 - 01891005 _____ C:\Users\Rodrix\Downloads\Kitsune^2 - Rainbow Tylenol(1).mp3
2017-02-16 15:46 - 2017-02-16 15:46 - 01891005 _____ C:\Users\Rodrix\Downloads\Kitsune^2 - Rainbow Tylenol.mp3
2017-02-16 15:46 - 2017-02-16 15:46 - 00000000 ____D C:\Users\Todos os Usuários\IsolatedStorage
2017-02-16 15:46 - 2017-02-16 15:46 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-02-15 19:49 - 2017-02-15 19:49 - 00019496 _____ C:\Users\Rodrix\Documents\Untitled.veg
2017-02-15 19:14 - 2017-02-17 11:35 - 00000000 ____D C:\Users\Todos os Usuários\Vegasaur
2017-02-15 19:14 - 2017-02-17 11:35 - 00000000 ____D C:\ProgramData\Vegasaur
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\Users\Todos os Usuários\VEGAS Pro
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\Users\Rodrix\Documents\OFX Presets
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Vegasaur
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\ProgramData\VEGAS Pro
2017-02-15 19:13 - 2017-02-15 19:13 - 33054344 _____ (Vegasaur.com ) C:\Users\Rodrix\Downloads\Vegasaur_Setup_2.7.1.exe
2017-02-15 18:25 - 2017-02-15 18:25 - 00414176 _____ C:\Users\Rodrix\Downloads\DragonForce - Through the Fire and Flames (HQ Official Video).mp3.sfk
2017-02-15 18:22 - 2017-02-15 18:22 - 20359768 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-02-13 17:40 - 2017-02-20 14:31 - 00000000 ____D C:\Users\Rodrix\Desktop\MEMES
2017-02-10 08:22 - 2017-02-10 08:22 - 00001495 _____ C:\Users\Public\Desktop\Resident Evil 7 - Biohazard.lnk
2017-02-10 02:04 - 2017-02-10 02:04 - 00000345 _____ C:\Users\Rodrix\Downloads\pt_windows_10_education_version_1607_updated_jul_2016_x64_dvd_9055973.iso
2017-02-10 00:01 - 2017-02-10 01:08 - 3834084698 _____ C:\Users\Rodrix\Downloads\setup_v04072016.rar
2017-02-09 17:52 - 2017-02-09 17:52 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\Local\Apple
2017-02-09 17:49 - 2017-02-09 17:50 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\Roaming\obs-studio
2017-02-09 17:49 - 2017-02-09 17:49 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\Documents\Electronic Arts
2017-02-09 17:44 - 2017-02-09 17:52 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Todos os Usuários\Socialclub
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Rodrix\Documents\Rockstar Games
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Rodrix\AppData\Local\Rockstar Games
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\ProgramData\Steam
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\ProgramData\Socialclub
2017-02-08 21:34 - 2017-02-08 21:35 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 16:34 - 2017-02-08 16:34 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\StepMania 5
2017-02-08 16:34 - 2017-02-08 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StepMania 5.0.12
2017-02-08 16:32 - 2017-02-08 16:33 - 51790237 _____ C:\Users\Rodrix\Downloads\StepMania-5.0.12-win32.exe
2017-02-08 13:29 - 2017-02-08 13:29 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 13:27 - 2017-02-08 13:28 - 01129376 _____ (Google Inc.) C:\Users\Rodrix\Downloads\ChromeSetup.exe
2017-02-07 18:48 - 2017-02-17 14:45 - 00000000 ____D C:\Users\Rodrix\Desktop\Geral
2017-02-02 12:57 - 2017-02-13 17:08 - 00000000 ____D C:\Users\Rodrix\Downloads\The.Flash.2014.S03E11.720p.HDTV.X264-DIMENSION[rarbg]
2017-01-30 14:05 - 2017-01-30 14:05 - 00057321 _____ C:\Users\Rodrix\Downloads\servicosDetran.pdf
2017-01-30 12:31 - 2017-01-30 12:31 - 00119103 _____ C:\Users\Rodrix\Downloads\comprovante-quero-bolsa-Samuel.pdf
2017-01-28 09:09 - 2017-01-28 09:09 - 00000000 ____D C:\Users\Rodrix\Documents\WB Games
2017-01-27 23:35 - 2017-01-27 23:35 - 00001347 _____ C:\Users\Public\Desktop\Mad Max Launcher.lnk
2017-01-27 23:35 - 2017-01-27 23:35 - 00001337 _____ C:\Users\Public\Desktop\Mad Max.lnk
2017-01-26 01:58 - 2017-02-13 17:08 - 00000000 ____D C:\Users\Rodrix\Downloads\The.Flash.2014.S03E10.720p.HDTV.X264-DIMENSION[ettv]
2017-01-25 17:55 - 2017-01-25 17:55 - 00000000 ____D C:\Users\Rodrix\Documents\CPY_SAVES
2017-01-25 17:55 - 2017-01-25 17:55 - 00000000 ____D C:\Users\Rodrix\AppData\Local\BANDAI NAMCO GAMES
2017-01-25 16:46 - 2017-01-25 16:46 - 00001483 _____ C:\Users\Public\Desktop\God Eater 2 - Rage Burst.lnk
2017-01-25 06:59 - 2017-01-25 06:59 - 00000000 ____D C:\Users\Rodrix\Documents\Electronic Arts
2017-01-25 00:46 - 2017-01-25 00:46 - 00001571 _____ C:\Users\Public\Desktop\The Sims 4 x64.lnk
2017-01-25 00:46 - 2017-01-25 00:46 - 00001551 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2017-01-24 20:26 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 20:26 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 19:37 - 2017-01-24 19:52 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Audacity
2017-01-24 19:36 - 2017-01-24 19:37 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-01-24 19:36 - 2017-01-24 19:36 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-01-24 18:58 - 2017-01-24 18:59 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\DarkSoulsIII
2017-01-24 17:49 - 2017-01-24 17:49 - 00001535 _____ C:\Users\Public\Desktop\Dark Souls 3.lnk
2017-01-23 09:55 - 2017-01-27 11:48 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2017-01-23 09:55 - 2017-01-27 11:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-23 09:55 - 2017-01-23 09:55 - 00000000 ____D C:\Users\Rodrix\AppData\Local\TERA
2017-01-22 18:43 - 2017-01-22 18:43 - 00000222 _____ C:\Users\Rodrix\Desktop\TERA.url
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-21 16:56 - 2016-12-17 16:51 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-02-21 16:56 - 2016-12-17 16:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 16:56 - 2016-12-17 16:31 - 00000000 ____D C:\Users\Rodrix\AppData\LocalLow\Mozilla
2017-02-21 16:45 - 2017-01-12 01:08 - 01939494 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 16:45 - 2016-07-16 20:10 - 00558400 _____ C:\WINDOWS\system32\prfh0416.dat
2017-02-21 16:45 - 2016-07-16 20:10 - 00184180 _____ C:\WINDOWS\system32\prfc0416.dat
2017-02-21 12:10 - 2016-12-28 20:24 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2017-02-21 12:10 - 2016-12-28 20:24 - 00000000 ____D C:\ProgramData\MFAData
2017-02-21 00:02 - 2016-12-26 19:44 - 00000000 ____D C:\Users\Rodrix\Desktop\lol
2017-02-20 23:57 - 2016-07-16 03:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-20 23:28 - 2017-01-12 01:20 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-20 21:14 - 2016-12-26 20:09 - 00000000 ____D C:\Users\Rodrix\AppData\Local\osu!
2017-02-20 20:46 - 2016-12-27 10:28 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\obs-studio
2017-02-20 11:56 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 21:34 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 16:43 - 2017-01-12 01:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 14:46 - 2017-01-15 15:02 - 00000000 ____D C:\Program Files\Sony
2017-02-17 14:46 - 2016-12-29 00:00 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Sony
2017-02-17 13:47 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 11:44 - 2017-01-15 15:02 - 00001026 _____ C:\Users\Rodrix\AppData\Roaming\Microsoft\Windows\Start Menu\Vegas Pro 12.0 (64-bit).lnk
2017-02-17 00:33 - 2017-01-11 18:57 - 00000000 ____D C:\Users\Rodrix\AppData\Local\ElevatedDiagnostics
2017-02-16 15:52 - 2017-01-17 17:47 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\qBittorrent
2017-02-15 21:13 - 2016-12-17 16:23 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-15 18:22 - 2017-01-12 01:20 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-15 18:22 - 2016-12-28 20:04 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 18:22 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 18:22 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-10 09:44 - 2016-12-17 16:50 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-02-10 09:44 - 2016-12-17 16:50 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 09:43 - 2017-01-19 13:31 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-10 09:42 - 2017-01-19 13:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-10 08:22 - 2017-01-19 12:31 - 00000000 ____D C:\Games
2017-02-10 05:11 - 2017-01-12 01:08 - 00000000 ____D C:\Users\xamu.SAMUEL-PC
2017-02-09 17:57 - 2017-01-12 07:53 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\Local\Packages
2017-02-09 17:52 - 2016-12-17 16:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 17:52 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-09 17:49 - 2017-01-11 21:00 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\LocalLow\Mozilla
2017-02-09 17:48 - 2017-01-12 07:58 - 00002439 _____ C:\Users\xamu.SAMUEL-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-09 17:48 - 2017-01-12 07:58 - 00000000 ___RD C:\Users\xamu.SAMUEL-PC\OneDrive
2017-02-09 17:43 - 2017-01-15 19:19 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-09 17:43 - 2017-01-12 01:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-09 17:34 - 2016-12-17 20:47 - 00014273 _____ C:\Users\Todos os Usuários\NvTelemetryContainer.log_backup1
2017-02-09 17:34 - 2016-12-17 20:47 - 00014273 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-08 13:29 - 2017-01-12 08:16 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 08:54 - 2016-12-28 21:33 - 00000000 ___RD C:\Users\Rodrix\OneDrive
2017-01-30 10:44 - 2017-01-12 01:08 - 00000000 ____D C:\Users\Rodrix
2017-01-29 12:09 - 2016-12-17 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 12:09 - 2016-12-17 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 10:28 - 2016-12-26 20:56 - 00000944 _____ C:\Users\Rodrix\Desktop\osu!.lnk
2017-01-27 08:48 - 2017-01-12 05:41 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-24 22:29 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 19:18 - 2017-01-12 05:45 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-23 19:18 - 2017-01-12 05:44 - 00002415 _____ C:\Users\Rodrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-22 18:43 - 2016-12-17 16:34 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Arquivos na raiz de alguns diretórios =======
2017-01-14 20:47 - 2017-01-15 12:22 - 0000033 _____ () C:\ProgramData\droidcam-settings
2016-12-17 20:47 - 2017-02-21 16:28 - 0021264 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-17 20:47 - 2017-02-09 17:34 - 0014273 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Alguns arquivos em TEMP:
====================
2017-02-17 11:35 - 2017-02-17 11:44 - 0398373 _____ () C:\Users\Rodrix\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-02-17 00:32
==================== Fim de FRST.txt ============================
Executado por Rodrix (administrador) em SAMUEL-PC (21-02-2017 17:00:14)
Executando a partir de C:\Users\Rodrix\Downloads
Perfis Carregados: Rodrix (Perfis Disponíveis: Rodrix & xamu)
Platform: Windows 10 Pro Versão 1607 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Edge)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\SETUP.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{4E0D59CC-6F6A-4448-8BBC-DF71CDB9B9B9}\NvCplSetupInt.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0
HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoSMMyDocs] 0
HKLM\...\Policies\Explorer: [NoSMMyPictures] 0
HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0
HKU\S-1-5-21-2908037372-2171883679-1737146749-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rodrix\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-23] (Microsoft Corporation)
GroupPolicyScripts: Restrição <======= ATENÇÃO
GroupPolicyScripts\User: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [43520 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5 09 C:\WINDOWS\SysWOW64\wlidNSP.dll [43520 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\WINDOWS\system32\wlidnsp.dll [66048 2016-07-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5723e0c0-b791-43f6-a0da-cf6e9cc16698}: [NameServer] 4.2.2.1,4.2.2.2
Tcpip\..\Interfaces\{5723e0c0-b791-43f6-a0da-cf6e9cc16698}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-2908037372-2171883679-1737146749-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2908037372-2171883679-1737146749-1000 -> {791E1555-2EF7-4CC4-8163-936AE58F230A} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-28] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2017-01-04] (Perfect World Entertainment Inc)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-28] (Oracle Corporation)
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Nenhum Arquivo
FireFox:
========
FF DefaultProfile: r7hjvm62.default
FF ProfilePath: C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default [2017-02-21]
FF NewTab: Mozilla\Firefox\Profiles\r7hjvm62.default -> hxxp://games.onesearch.org?uid=5a8343cb-f9de-96f2-7569-6a046abeda15&uc=20161227&ap=&source=&page=newtab&implementation_id=games_0.2.0
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r7hjvm62.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\r7hjvm62.default -> www.google.com.br/
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-12-28]
FF Extension: (Adblock Plus) - C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-08]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Rodrix\AppData\Roaming\Mozilla\Firefox\Profiles\r7hjvm62.default\features\{8baffb4e-f39c-46fa-8f84-672a45d69586}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2017-01-04] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default [2017-02-20]
CHR Extension: (Google Docs) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-12]
CHR Extension: (Google Drive) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-12]
CHR Extension: (YouTube) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-12]
CHR Extension: (Documentos Google off-line) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-12]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rodrix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-17]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [87064 2017-01-04] (Perfect World Entertainment Inc)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [395536 2017-01-15] (EasyAntiCheat Ltd)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [Arquivo não assinado]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-12] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-12] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-12] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
R3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [33592 2017-01-14] (Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [230712 2017-01-14] (Windows (R) Win 7 DDK provider)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-01-11] ()
S3 KINONI_Wave; C:\WINDOWS\system32\drivers\kinonivad.sys [32360 2016-04-17] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-11] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-12] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; não ImagePath
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
U3 wpcsvc; não ImagePath
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-21 17:00 - 2017-02-21 17:00 - 00019751 _____ C:\Users\Rodrix\Downloads\FRST.txt
2017-02-21 17:00 - 2017-02-21 17:00 - 00000000 ____D C:\FRST
2017-02-21 16:59 - 2017-02-21 16:59 - 02422784 _____ (Farbar) C:\Users\Rodrix\Desktop\FRST64.exe
2017-02-21 16:36 - 2017-02-21 16:36 - 02641920 _____ C:\Users\Rodrix\Downloads\SDM_PT.msi
2017-02-21 16:31 - 2017-02-21 16:31 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Logitech
2017-02-21 16:31 - 2017-02-21 16:31 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Logishrd
2017-02-21 16:29 - 2017-02-21 16:31 - 99147752 _____ (Logitech Inc.) C:\Users\Rodrix\Downloads\LGS_8.91.48_x64_Logitech.exe
2017-02-20 12:14 - 2017-02-20 12:14 - 15972467 _____ C:\Users\Rodrix\Downloads\2016 - Apostila Arquitetura de Computadores.pdf
2017-02-19 21:17 - 2017-02-19 21:17 - 00060356 _____ C:\Users\Rodrix\Downloads\PLANO DE ENSINO - ARQUITETURA DE COMPUTADORES.pdf
2017-02-18 21:53 - 2017-02-18 21:56 - 41285901 _____ C:\Users\Rodrix\Documents\juke.wmv
2017-02-17 16:01 - 2017-02-17 16:03 - 18757793 _____ C:\Users\Rodrix\Documents\finalziao.wmv
2017-02-17 14:47 - 2017-02-17 14:47 - 00001135 _____ C:\Users\Rodrix\Desktop\Vegas Pro 13.0 (64-bit).lnk
2017-02-17 14:46 - 2017-02-17 14:47 - 00006078 _____ C:\WINDOWS\system32\--traceoff
2017-02-17 14:46 - 2017-02-17 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2017-02-17 14:46 - 2017-02-17 14:46 - 00000000 _____ C:\WINDOWS\system32\--debugoff
2017-02-17 14:45 - 2016-04-26 15:29 - 00000000 ____D C:\Users\Rodrix\Desktop\Sony Vegas Pro 13.0 - LefyTutors
2017-02-17 12:00 - 2017-02-17 12:01 - 00000000 ____D C:\Users\Rodrix\Desktop\FUmec
2017-02-17 11:29 - 2017-02-17 11:29 - 00000000 ____D C:\Users\Rodrix\Desktop\Trab
2017-02-16 15:51 - 2017-02-16 15:51 - 00162896 _____ C:\Users\Rodrix\Downloads\Kitsune^2 - Rainbow Tylenol(1).mp3.sfk
2017-02-16 15:50 - 2017-02-16 15:51 - 624230400 _____ C:\Users\Rodrix\Downloads\Perfect World Fidelity Update 101.rar
2017-02-16 15:50 - 2017-02-16 15:50 - 01891005 _____ C:\Users\Rodrix\Downloads\Kitsune^2 - Rainbow Tylenol(1).mp3
2017-02-16 15:46 - 2017-02-16 15:46 - 01891005 _____ C:\Users\Rodrix\Downloads\Kitsune^2 - Rainbow Tylenol.mp3
2017-02-16 15:46 - 2017-02-16 15:46 - 00000000 ____D C:\Users\Todos os Usuários\IsolatedStorage
2017-02-16 15:46 - 2017-02-16 15:46 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-02-15 19:49 - 2017-02-15 19:49 - 00019496 _____ C:\Users\Rodrix\Documents\Untitled.veg
2017-02-15 19:14 - 2017-02-17 11:35 - 00000000 ____D C:\Users\Todos os Usuários\Vegasaur
2017-02-15 19:14 - 2017-02-17 11:35 - 00000000 ____D C:\ProgramData\Vegasaur
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\Users\Todos os Usuários\VEGAS Pro
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\Users\Rodrix\Documents\OFX Presets
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Vegasaur
2017-02-15 19:14 - 2017-02-15 19:14 - 00000000 ____D C:\ProgramData\VEGAS Pro
2017-02-15 19:13 - 2017-02-15 19:13 - 33054344 _____ (Vegasaur.com ) C:\Users\Rodrix\Downloads\Vegasaur_Setup_2.7.1.exe
2017-02-15 18:25 - 2017-02-15 18:25 - 00414176 _____ C:\Users\Rodrix\Downloads\DragonForce - Through the Fire and Flames (HQ Official Video).mp3.sfk
2017-02-15 18:22 - 2017-02-15 18:22 - 20359768 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-02-13 17:40 - 2017-02-20 14:31 - 00000000 ____D C:\Users\Rodrix\Desktop\MEMES
2017-02-10 08:22 - 2017-02-10 08:22 - 00001495 _____ C:\Users\Public\Desktop\Resident Evil 7 - Biohazard.lnk
2017-02-10 02:04 - 2017-02-10 02:04 - 00000345 _____ C:\Users\Rodrix\Downloads\pt_windows_10_education_version_1607_updated_jul_2016_x64_dvd_9055973.iso
2017-02-10 00:01 - 2017-02-10 01:08 - 3834084698 _____ C:\Users\Rodrix\Downloads\setup_v04072016.rar
2017-02-09 17:52 - 2017-02-09 17:52 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\Local\Apple
2017-02-09 17:49 - 2017-02-09 17:50 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\Roaming\obs-studio
2017-02-09 17:49 - 2017-02-09 17:49 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\Documents\Electronic Arts
2017-02-09 17:44 - 2017-02-09 17:52 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Todos os Usuários\Steam
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Todos os Usuários\Socialclub
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Rodrix\Documents\Rockstar Games
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\Users\Rodrix\AppData\Local\Rockstar Games
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\ProgramData\Steam
2017-02-08 21:38 - 2017-02-08 21:38 - 00000000 ____D C:\ProgramData\Socialclub
2017-02-08 21:34 - 2017-02-08 21:35 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-08 16:34 - 2017-02-08 16:34 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\StepMania 5
2017-02-08 16:34 - 2017-02-08 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StepMania 5.0.12
2017-02-08 16:32 - 2017-02-08 16:33 - 51790237 _____ C:\Users\Rodrix\Downloads\StepMania-5.0.12-win32.exe
2017-02-08 13:29 - 2017-02-08 13:29 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 13:27 - 2017-02-08 13:28 - 01129376 _____ (Google Inc.) C:\Users\Rodrix\Downloads\ChromeSetup.exe
2017-02-07 18:48 - 2017-02-17 14:45 - 00000000 ____D C:\Users\Rodrix\Desktop\Geral
2017-02-02 12:57 - 2017-02-13 17:08 - 00000000 ____D C:\Users\Rodrix\Downloads\The.Flash.2014.S03E11.720p.HDTV.X264-DIMENSION[rarbg]
2017-01-30 14:05 - 2017-01-30 14:05 - 00057321 _____ C:\Users\Rodrix\Downloads\servicosDetran.pdf
2017-01-30 12:31 - 2017-01-30 12:31 - 00119103 _____ C:\Users\Rodrix\Downloads\comprovante-quero-bolsa-Samuel.pdf
2017-01-28 09:09 - 2017-01-28 09:09 - 00000000 ____D C:\Users\Rodrix\Documents\WB Games
2017-01-27 23:35 - 2017-01-27 23:35 - 00001347 _____ C:\Users\Public\Desktop\Mad Max Launcher.lnk
2017-01-27 23:35 - 2017-01-27 23:35 - 00001337 _____ C:\Users\Public\Desktop\Mad Max.lnk
2017-01-26 01:58 - 2017-02-13 17:08 - 00000000 ____D C:\Users\Rodrix\Downloads\The.Flash.2014.S03E10.720p.HDTV.X264-DIMENSION[ettv]
2017-01-25 17:55 - 2017-01-25 17:55 - 00000000 ____D C:\Users\Rodrix\Documents\CPY_SAVES
2017-01-25 17:55 - 2017-01-25 17:55 - 00000000 ____D C:\Users\Rodrix\AppData\Local\BANDAI NAMCO GAMES
2017-01-25 16:46 - 2017-01-25 16:46 - 00001483 _____ C:\Users\Public\Desktop\God Eater 2 - Rage Burst.lnk
2017-01-25 06:59 - 2017-01-25 06:59 - 00000000 ____D C:\Users\Rodrix\Documents\Electronic Arts
2017-01-25 00:46 - 2017-01-25 00:46 - 00001571 _____ C:\Users\Public\Desktop\The Sims 4 x64.lnk
2017-01-25 00:46 - 2017-01-25 00:46 - 00001551 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2017-01-24 20:26 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 20:26 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 19:37 - 2017-01-24 19:52 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Audacity
2017-01-24 19:36 - 2017-01-24 19:37 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-01-24 19:36 - 2017-01-24 19:36 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-01-24 18:58 - 2017-01-24 18:59 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\DarkSoulsIII
2017-01-24 17:49 - 2017-01-24 17:49 - 00001535 _____ C:\Users\Public\Desktop\Dark Souls 3.lnk
2017-01-23 09:55 - 2017-01-27 11:48 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess
2017-01-23 09:55 - 2017-01-27 11:48 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-23 09:55 - 2017-01-23 09:55 - 00000000 ____D C:\Users\Rodrix\AppData\Local\TERA
2017-01-22 18:43 - 2017-01-22 18:43 - 00000222 _____ C:\Users\Rodrix\Desktop\TERA.url
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-21 16:56 - 2016-12-17 16:51 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-02-21 16:56 - 2016-12-17 16:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 16:56 - 2016-12-17 16:31 - 00000000 ____D C:\Users\Rodrix\AppData\LocalLow\Mozilla
2017-02-21 16:45 - 2017-01-12 01:08 - 01939494 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-21 16:45 - 2016-07-16 20:10 - 00558400 _____ C:\WINDOWS\system32\prfh0416.dat
2017-02-21 16:45 - 2016-07-16 20:10 - 00184180 _____ C:\WINDOWS\system32\prfc0416.dat
2017-02-21 12:10 - 2016-12-28 20:24 - 00000000 ____D C:\Users\Todos os Usuários\MFAData
2017-02-21 12:10 - 2016-12-28 20:24 - 00000000 ____D C:\ProgramData\MFAData
2017-02-21 00:02 - 2016-12-26 19:44 - 00000000 ____D C:\Users\Rodrix\Desktop\lol
2017-02-20 23:57 - 2016-07-16 03:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-20 23:28 - 2017-01-12 01:20 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-02-20 21:14 - 2016-12-26 20:09 - 00000000 ____D C:\Users\Rodrix\AppData\Local\osu!
2017-02-20 20:46 - 2016-12-27 10:28 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\obs-studio
2017-02-20 11:56 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 21:34 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 16:43 - 2017-01-12 01:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 14:46 - 2017-01-15 15:02 - 00000000 ____D C:\Program Files\Sony
2017-02-17 14:46 - 2016-12-29 00:00 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Sony
2017-02-17 13:47 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 11:44 - 2017-01-15 15:02 - 00001026 _____ C:\Users\Rodrix\AppData\Roaming\Microsoft\Windows\Start Menu\Vegas Pro 12.0 (64-bit).lnk
2017-02-17 00:33 - 2017-01-11 18:57 - 00000000 ____D C:\Users\Rodrix\AppData\Local\ElevatedDiagnostics
2017-02-16 15:52 - 2017-01-17 17:47 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\qBittorrent
2017-02-15 21:13 - 2016-12-17 16:23 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-15 18:22 - 2017-01-12 01:20 - 00003876 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-15 18:22 - 2016-12-28 20:04 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-15 18:22 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-15 18:22 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-10 09:44 - 2016-12-17 16:50 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-02-10 09:44 - 2016-12-17 16:50 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-10 09:43 - 2017-01-19 13:31 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-10 09:42 - 2017-01-19 13:31 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-10 08:22 - 2017-01-19 12:31 - 00000000 ____D C:\Games
2017-02-10 05:11 - 2017-01-12 01:08 - 00000000 ____D C:\Users\xamu.SAMUEL-PC
2017-02-09 17:57 - 2017-01-12 07:53 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\Local\Packages
2017-02-09 17:52 - 2016-12-17 16:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 17:52 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-09 17:49 - 2017-01-11 21:00 - 00000000 ____D C:\Users\xamu.SAMUEL-PC\AppData\LocalLow\Mozilla
2017-02-09 17:48 - 2017-01-12 07:58 - 00002439 _____ C:\Users\xamu.SAMUEL-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-09 17:48 - 2017-01-12 07:58 - 00000000 ___RD C:\Users\xamu.SAMUEL-PC\OneDrive
2017-02-09 17:43 - 2017-01-15 19:19 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-09 17:43 - 2017-01-12 01:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-09 17:34 - 2016-12-17 20:47 - 00014273 _____ C:\Users\Todos os Usuários\NvTelemetryContainer.log_backup1
2017-02-09 17:34 - 2016-12-17 20:47 - 00014273 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-02-08 13:29 - 2017-01-12 08:16 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-03 08:54 - 2016-12-28 21:33 - 00000000 ___RD C:\Users\Rodrix\OneDrive
2017-01-30 10:44 - 2017-01-12 01:08 - 00000000 ____D C:\Users\Rodrix
2017-01-29 12:09 - 2016-12-17 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-29 12:09 - 2016-12-17 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 10:28 - 2016-12-26 20:56 - 00000944 _____ C:\Users\Rodrix\Desktop\osu!.lnk
2017-01-27 08:48 - 2017-01-12 05:41 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-24 22:29 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 19:18 - 2017-01-12 05:45 - 00003280 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-23 19:18 - 2017-01-12 05:44 - 00002415 _____ C:\Users\Rodrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-22 18:43 - 2016-12-17 16:34 - 00000000 ____D C:\Users\Rodrix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
==================== Arquivos na raiz de alguns diretórios =======
2017-01-14 20:47 - 2017-01-15 12:22 - 0000033 _____ () C:\ProgramData\droidcam-settings
2016-12-17 20:47 - 2017-02-21 16:28 - 0021264 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-17 20:47 - 2017-02-09 17:34 - 0014273 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
Alguns arquivos em TEMP:
====================
2017-02-17 11:35 - 2017-02-17 11:44 - 0398373 _____ () C:\Users\Rodrix\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-02-17 00:32
==================== Fim de FRST.txt ============================