Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 29-06-2017
Executado por Nicolas (29-06-2017 00:37:44)
Executando a partir de D:\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-01-06 01:59:06)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-2614604237-3008651893-2323847120-500 - Administrator - Disabled)
Convidado (S-1-5-21-2614604237-3008651893-2323847120-501 - Limited - Disabled)
Nicolas (S-1-5-21-2614604237-3008651893-2323847120-1000 - Administrator - Enabled) => C:\Users\Nicolas
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
µTorrent (HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.13.0 - Asmedia Technology)
Atualizações da NVIDIA 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.7.4.10 - NVIDIA Corporation)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\BitTorrent) (Version: 7.9.9.42607 - BitTorrent Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version: - Blue Mammoth Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dota 2 (HKLM\...\Steam App 570) (Version: - Valve)
Dragon Age Inquisition Deluxe Edition version 1.11.0.0 (HKLM-x32\...\Dragon Age Inquisition Deluxe Edition_is1) (Version: 1.11.0.0 - Mr DJ)
Facebook Gameroom 1.4.1.0 (HKLM-x32\...\{BF83FC65-8072-4850-A4CE-969A5F3570DA}) (Version: 1.4.1.0 - Facebook)
Galeria de Fotos (HKLM-x32\...\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Jogos Level Up (HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\6d7bdf9c3c2a31f9) (Version: 0.9.4.29 - Level Up)
K-Lite Mega Codec Pack 11.5.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.5 - )
League of Legends (HKLM-x32\...\{8CCCD0E7-56E4-45FB-B3FB-9F5183C2F4F0}) (Version: 4.1.2 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{C05F4139-CB6B-4272-A0BF-861FEB667F27}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 pt-BR)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.5 - Black Tree Gaming)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.1.0 - Duodian Technology Co. Ltd.)
NVIDIA Driver de gráficos 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office Tab FreeEdition 9.10 (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: - Detong Technology Ltd.)
osu! (HKLM-x32\...\{837df969-d3b1-4290-8125-bb9368a4808c}) (Version: latest - ppy Pty Ltd)
Painel de controle da NVIDIA 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 359.06 - NVIDIA Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PaintTool SAI (HKLM-x32\...\PaintTool SAI1.1.0) (Version: 1.1.0 - Eddie Sekiguchi Softwares)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Photoshop CS6 versão 13.0.1.1 (HKLM-x32\...\{8BAE51ED-8545-40C4-AD88-22C92A2D5518}_is1) (Version: 13.0.1.1 - Adobe)
Pokémon Trading Card Game Online (HKLM-x32\...\{B1190819-66FF-4C39-BFC0-E83086CE3318}) (Version: 2.38.0 - The Pokémon Company International)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{B434F1A9-553D-4C01-BDC2-E309B37EFB3F}) (Version: 12.1.4013.4013 - Symantec Corporation)
The Elder Scrolls V Skyrim Legendary Edition version 1.9.32.8 (HKLM-x32\...\The Elder Scrolls V Skyrim Legendary Edition_is1) (Version: 1.9.32.8 - Mr DJ)
Trove (HKLM\...\Steam App 304050) (Version: - Trion Worlds)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unturned (HKLM\...\Steam App 304930) (Version: - Smartly Dressed Games)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {154272FD-EC74-41A9-98C6-27C639C8BDAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28] (Google Inc.)
Task: {311CEA84-11CD-4808-BD33-63B21CD292EB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-URT => C:\Windows\system32\GWX\GWX.exe
Task: {3695C303-293A-4462-A7E1-EB8CD6AB777D} - System32\Tasks\{208FAA54-B579-42FF-BD1D-F4DDA5159B82} => pcalua.exe -a C:\Users\Nicolas\AppData\Roaming\Nox\bin\Nox_unload.exe
Task: {4659A0C4-5BB4-4ADF-862C-4D80FA674AFD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe
Task: {4FC1F21E-2663-4874-A1EC-846BCE38B6D2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {52E650E3-DB6E-4212-9A63-1A0ACD1075E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {5486147C-F04C-407C-AE34-885898058546} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe
Task: {57E10324-470F-4E61-B20B-0C7CD361DF6A} - System32\Tasks\{0EB9872E-558E-42E7-AC4F-3F7EE2B5630D} => pcalua.exe -a "D:\Downloads\chromeinstall-8u91 (1).exe" -d D:\Downloads
Task: {5883EC8F-D8C1-41CC-BE79-ECD347F1438E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {60A11EF8-C91E-4EE9-937D-A91E11BEAC53} - System32\Tasks\{10DEA726-2B6C-4391-AE57-37388916229D} => pcalua.exe -a C:\Users\Nicolas\AppData\Local\Temp\jre-8u111-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATENÇÃO
Task: {6828ABBA-F589-4FCC-A44B-C3138F2021D2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {6ED7B52C-A0EA-48E3-BAAD-3B9FF36200A6} - System32\Tasks\{FEA5ADF0-E6AE-4427-9634-F2A89D9D1FA7} => Chrome.exe hxxps://ui.skype.com/ui/0/7.33.0.105/pt/abandoninstall?page=tsInstall
Task: {78913E7C-0EE4-44A3-BCC8-6B93E0698AC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-28] (Google Inc.)
Task: {95D9EB59-85C6-4BBD-99A8-51FCECDCA926} - System32\Tasks\update-S-1-5-21-2614604237-3008651893-2323847120-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: )
Task: {98D1451D-238D-4991-9226-2BA4DDBBBAD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-05] (Adobe Systems Incorporated)
Task: {9BF2E5ED-1842-46DE-901A-B4525D83C789} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: )
Task: {9F2670AD-E982-40E2-A20A-FA7EB4665059} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {A3DD854F-1824-412C-B2D3-5B7AD3671273} - System32\Tasks\{354880FF-2DBE-47AB-8009-222420231879} => Firefox.exe hxxp://ui.skype.com/ui/0/7.21.85.100/pt/abandoninstall?page=tsProgressBar
Task: {B09387C9-0C35-4575-BAB9-C2738A0510F8} - System32\Tasks\{C27AC6F7-1123-4F5D-A1C0-13D79E3F698E} => pcalua.exe -a C:\Users\Nicolas\AppData\Local\Temp\jre-8u131-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATENÇÃO
Task: {B3F27D51-5AEC-43A4-B53C-90A592449521} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {B68D57FF-24DF-4641-A968-16A44BD1F649} - System32\Tasks\{A552316A-6EF8-4B8A-99FC-F6CAD09116A0} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.85.106/pt/abandoninstall?page=tsMain
Task: {CA8D914C-134C-47C2-9B74-36E2768E638B} - System32\Tasks\{35FBD3C6-944F-486F-BF25-976D96CB41B6} => pcalua.exe -a D:\Downloads\chromeinstall-8u91.exe -d D:\Downloads
Task: {CC3AB893-D5B1-43D3-BF70-BFA59C1DD4B7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe
Task: {D61C1210-4D1B-4692-A187-D6AE463A33FD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe
Task: {DCF17A60-9D33-4FAB-B90B-AD977AA77866} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe
Task: {DD69B9DF-AE42-4C94-BF6B-4E369FBFDCB5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {DEC06381-CFB3-4491-A3CD-B14CE970DB9E} - System32\Tasks\{508F4BDD-7573-4163-A9C2-68B5F16295D7} => Chrome.exe hxxp://ui.skype.com/ui/0/7.25.0.106/pt/abandoninstall?page=tsProgressBar
Task: {F0A670DB-4AD9-4FAA-98E2-CCC337E42B05} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe
Task: {FA5A9808-A8BD-461B-A0A2-4AF7C8DF59A8} - System32\Tasks\{B56A5E98-9016-46AD-8D30-2DAB0BBAD42C} => Chrome.exe hxxps://ui.skype.com/ui/0/7.30.64.105/pt/abandoninstall?page=tsProgressBar
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2614604237-3008651893-2323847120-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Atalhos & WMI ========================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\Nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.portalcriativa.com.br/portal
ShortcutWithArgument: C:\Users\Nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (3).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.portalcriativa.com.br/portal
ShortcutWithArgument: C:\Users\Nicolas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.portalcriativa.com.br/portal
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.portalcriativa.com.br/portal
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.portalcriativa.com.br/portal
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.portalcriativa.com.br/portal
==================== Módulos Carregados (Whitelisted) ==============
2016-01-05 23:39 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2010-07-15 01:44 - 2010-07-15 01:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-20 17:26 - 2014-08-19 16:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-01-05 23:46 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2017-06-13 10:08 - 2017-06-13 10:08 - 00073728 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2017-05-15 20:35 - 2017-05-09 06:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 20:35 - 2017-05-09 06:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-01-05 23:46 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2016-04-03 11:01 - 2017-05-16 22:54 - 00678176 _____ () D:\Steam\SDL2.dll
2016-04-03 11:01 - 2016-08-31 22:02 - 04969248 _____ () D:\Steam\v8.dll
2016-04-03 11:01 - 2016-08-31 22:02 - 01563936 _____ () D:\Steam\icui18n.dll
2016-04-03 11:01 - 2016-08-31 22:02 - 01195296 _____ () D:\Steam\icuuc.dll
2016-04-03 11:01 - 2017-06-08 02:42 - 02485536 _____ () D:\Steam\video.dll
2016-04-03 11:01 - 2016-01-27 04:49 - 02549760 _____ () D:\Steam\libavcodec-56.dll
2016-04-03 11:01 - 2016-01-27 04:49 - 00442880 _____ () D:\Steam\libavutil-54.dll
2016-04-03 11:01 - 2016-01-27 04:49 - 00491008 _____ () D:\Steam\libavformat-56.dll
2016-04-03 11:01 - 2016-01-27 04:49 - 00332800 _____ () D:\Steam\libavresample-2.dll
2016-04-03 11:01 - 2016-01-27 04:49 - 00485888 _____ () D:\Steam\libswscale-3.dll
2016-04-03 11:01 - 2017-06-08 02:42 - 00877856 _____ () D:\Steam\bin\chromehtml.DLL
2016-12-30 11:58 - 2017-05-08 16:45 - 69516064 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
2017-06-11 17:51 - 2017-05-16 22:54 - 00678176 _____ () D:\Steam\bin\cef\cef.win7\SDL2.dll
2016-04-03 11:01 - 2017-06-08 02:42 - 00385312 _____ () D:\Steam\steam.dll
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D [158]
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:58A5270D [158]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\...\100sexlinks.com -> 100sexlinks.com
Existem ainda 4788 sites a mais.
==================== Hosts Conteúdo: ===============================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2009-07-13 23:34 - 2016-09-09 22:14 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall do Windows está desabilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [TCP Query User{ED016EC7-A7CD-4375-B2E2-53A92DC10AD8}E:\sdi_r326.exe] => (Block) E:\sdi_r326.exe
FirewallRules: [UDP Query User{39B6BF76-1EB0-48AB-88FE-6CB9C88FBD96}E:\sdi_r326.exe] => (Block) E:\sdi_r326.exe
FirewallRules: [{BB7642C4-BB8F-4BE4-8C31-4D28557CEE40}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F1BB9D50-EFC0-400D-940E-9B054B374DB8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BBE68F5B-22BE-416D-9C6D-86D2D0B2D03D}] => (Allow) LPort=2869
FirewallRules: [{5DDD7EAB-8435-4EE0-8456-ED83FC3A760D}] => (Allow) LPort=1900
FirewallRules: [{181AB267-4094-45E2-9272-3B2E1E25FEA4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{186A8796-2ABF-4267-98C6-F746E860D8E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8711A24B-86E3-414D-85DF-2FCB80507F40}] => (Allow) C:\Program Files (x86)\Microsoft Office 2007\Office12\outlook.exe
FirewallRules: [{50C6CC99-6398-491A-98B0-A1CC6BC16753}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{2CF44DE4-468F-4D9F-A47A-C65C7721E374}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{7E6CEE5A-41C0-400A-8783-44CE42190612}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{AAEA29CB-7E95-44C1-B3EE-37FE009F3274}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [TCP Query User{EE6F2C1E-F19A-4413-965E-8519AFBEF5FD}C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{E0795B02-414F-467D-8691-866B5C9CA9EE}C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{E396A5AC-0F89-4DEB-AA2E-69B9487142FF}C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE6010C8-5C8D-419C-BD52-9936A5805B6C}C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nicolas\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{685E9164-A8B0-4C17-A2DF-732A91714B41}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C8D75DF1-9DFD-4A73-B307-0B0AB0142B91}] => (Allow) D:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{207A7196-B889-405E-BE10-41CECB4CA547}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{8AB6AE81-C81D-470C-A29F-62479519D4F9}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{961F98F9-D95D-4498-9024-D9597EE9900F}] => (Allow) D:\Jogos\Dragon Age Inquisition Deluxe Edition\DragonAgeInquisition.exe
FirewallRules: [{FD50B1FA-868A-40E7-BB5E-7F8ECE4E1BA6}] => (Allow) D:\Jogos\Dragon Age Inquisition Deluxe Edition\DragonAgeInquisition.exe
FirewallRules: [{FBF37091-17E4-463B-8597-3D12CDB89331}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8348C7B2-E4DE-40DB-A58C-48F65580C1E7}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8F6F342F-4D8E-41B5-AE3A-C490589C2C45}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{C7AA4C1A-CF7A-4036-89BA-FD236BD66CAA}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned_BE.exe
FirewallRules: [{3D2AE1FF-D7D7-4CDB-BDC7-4FD9ED104863}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{C08D28C0-B2FE-400B-8533-F24C3607218E}] => (Allow) D:\SteamLibrary\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{E566EA4D-D420-40BB-8DA7-3BDD9C7016AC}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{CFCF764E-8BAD-4765-84DB-1E8537F34DEC}] => (Allow) D:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{596F3D9B-2369-4416-BEF3-88750E9EE813}] => (Allow) D:\SteamLibrary\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{6BCBC3D0-4980-4111-B032-98EEC3EB438A}] => (Allow) D:\SteamLibrary\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{9C5C72A9-3002-49DA-9F78-A157F43B6CBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AC356EBE-C37A-4014-9C77-8F72E529BB21}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{FD4E952F-4459-4C5D-97D0-20FB807046A6}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{99E1BF4A-9FAD-43CC-BECC-4902E567F2A0}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{04B14454-95FA-4DA4-B414-04BA175405CF}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [{13206E28-B92D-4C2B-8859-57BC9715CDC1}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{CB464E52-FEFF-4C05-A208-2940FA66EB9A}] => (Allow) C:\Program Files (x86)\Mr DJ\The Elder Scrolls V Skyrim Legendary Edition\SkyrimLauncher.exe
FirewallRules: [{AAE7D5B1-6D9C-4179-8088-C068949F51BE}] => (Allow) C:\Users\Nicolas\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{F6658A06-B77A-48E7-8F3E-ED1F5B488E92}] => (Allow) C:\Users\Nicolas\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{475AFF36-A295-4590-9EDA-674E661B360F}] => (Allow) C:\Users\Nicolas\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{F1819C0D-1766-4C99-BFB3-7ABD3175A066}] => (Allow) C:\Users\Nicolas\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{646729C9-3EFA-4860-A5E5-305A4F6DAC79}] => (Allow) D:\Desktop\Steam.exe
FirewallRules: [{D798DBB8-45DC-4A3C-9596-3942DAAE2E8F}] => (Allow) D:\Desktop\Steam.exe
FirewallRules: [{980A8D1D-5DBB-4F39-8A95-32E7E52BF804}] => (Allow) D:\Downloads\Steam.exe
FirewallRules: [{4E80339A-1067-44E0-A7C8-7AFCD3315C37}] => (Allow) D:\Downloads\Steam.exe
FirewallRules: [{0B22DBD5-2D83-4705-BCDE-0E52B3E78018}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{17F36F71-E682-4EE7-92FA-FE06E02B8B12}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A2F03C7-3405-4FD7-AAE3-8649F0E2DDD3}] => (Allow) D:\download\Steam.exe
FirewallRules: [{0677EDB4-E818-4877-85D8-AD2D48F16AC0}] => (Allow) D:\download\Steam.exe
FirewallRules: [{01CC66FD-3868-4826-9C31-91D32B84BCB5}] => (Allow) D:\Documents\Downloads\Steam.exe
FirewallRules: [{B8146633-B4A8-4024-9B77-2837E77A7621}] => (Allow) D:\Documents\Downloads\Steam.exe
FirewallRules: [{38DAF5E5-02C6-4267-B3E2-96339F49EA43}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{451A6DC4-1EB3-472E-88E2-0BA84C4E03DC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F1589C69-A759-48B2-B143-324C7F1E4E54}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{7D4E29A0-9207-46BB-93A7-B10372127E2E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B223E870-109A-421F-A961-BAC6DE9E8C36}] => (Allow) C:\Users\Nicolas\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{8F811B69-8958-479A-BC6C-9A874F6194DD}] => (Allow) C:\Users\Nicolas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{61EECB00-FC9D-411B-8FE5-ED37FAD02E4F}] => (Allow) C:\Users\Nicolas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D872A7F3-F797-4E6F-9E66-6DCAD67C4F49}] => (Allow) C:\Users\Nicolas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{95909D3C-AD89-43DE-9341-A46629710B43}] => (Allow) C:\Users\Nicolas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7A6342D5-5144-4065-8520-BD216F7C64E9}] => (Allow) C:\Users\Nicolas\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5CD45630-CCCD-4754-A4D0-7D343CF70508}] => (Allow) C:\Users\Nicolas\AppData\Roaming\BitTorrent\BitTorrent.exe
==================== Pontos de Restauração =========================
25-12-2016 22:31:21 Ponto de Verificação Agendado
24-01-2017 14:05:39 Ponto de Verificação Agendado
13-02-2017 13:17:39 Ponto de Verificação Agendado
06-03-2017 16:38:31 Ponto de Verificação Agendado
15-03-2017 12:32:56 Ponto de Verificação Agendado
28-03-2017 13:58:42 Ponto de Verificação Agendado
04-04-2017 14:03:35 Ponto de Verificação Agendado
20-04-2017 07:49:39 Ponto de Verificação Agendado
06-05-2017 19:43:52 Ponto de Verificação Agendado
18-05-2017 23:50:38 Ponto de Verificação Agendado
12-06-2017 01:30:52 Ponto de Verificação Agendado
20-06-2017 21:21:42 Ponto de Verificação Agendado
28-06-2017 21:32:51 Removed LogMeIn Hamachi
==================== Dispositivos Apresentando Falhas No Gerenciador =============
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (06/28/2017 11:31:47 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/28/2017 09:03:23 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/28/2017 08:18:24 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/28/2017 07:53:14 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/27/2017 01:31:14 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/26/2017 08:03:21 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/26/2017 11:08:12 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Encontrado risco à segurança!Trojan.Gen.2 no arquivo: c:\users\nicolas\appdata\local\fomc32syc.ex_ por: Verificação Manual. Ação: Quarentena bem-sucedida. Descrição da ação: O arquivo foi colocado em quarentena com êxito.
Error: (06/26/2017 09:03:08 AM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/25/2017 09:21:55 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Error: (06/23/2017 07:19:42 PM) (Source: Symantec Network Protection) (EventID: 400) (User: )
Description: A prevenção contra intrusões na rede não está protegendo o computador porque seu driver foi descarregado
Erros de Sistema:
=============
Error: (06/29/2017 12:22:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/29/2017 12:18:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/29/2017 12:14:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/28/2017 11:59:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/28/2017 11:54:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/28/2017 11:35:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/28/2017 11:33:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/28/2017 11:32:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/28/2017 09:52:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
Error: (06/28/2017 09:42:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: O serviço Provedor do Grupo Doméstico depende do serviço Host de Provedor da Descoberta de Função, mas não foi possível iniciá-lo devido ao seguinte erro:
O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz
Percentagem de memória em uso: 59%
RAM física total: 4031.99 MB
RAM física disponível: 1636.47 MB
Virtual Total: 8062.18 MB
Virtual disponível: 5685.62 MB
==================== Drives ================================
Drive c: (SYSTEM_OS.ASZ) (Fixed) (Total:100 GB) (Free:3.59 GB) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)]
Drive d: (Meus documentos) (Fixed) (Total:819.51 GB) (Free:598.76 GB) NTFS
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1AF8E1C5)
Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=819.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=05)
==================== Fim de Addition.txt ============================
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 29-06-2017
Executado por Nicolas (administrador) em NICOLAS-PC (29-06-2017 00:37:21)
Executando a partir de D:\Desktop
Perfis Carregados: Nicolas (Perfis Disponíveis: Nicolas)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
==================== Registro (Whitelisted) ====================
GroupPolicy: Restrição <==== ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyServer: [S-1-5-21-2614604237-3008651893-2323847120-1000] => 127.0.0.1:24790
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-07-07] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-07-07] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{9472DF99-E627-4CF6-BDB7-06E87A7779AB}: [NameServer] 8.8.8.4,8.8.8.8
Tcpip\..\Interfaces\{AF969A59-21E2-4045-954B-84B97AE4FC05}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF969A59-21E2-4045-954B-84B97AE4FC05}: [DhcpNameServer] 192.168.15.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://br.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10281__160308__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000 -> {04E9E6A3-3F0A-4D46-9C3F-08CC9A096D02} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mncrfprj_16_37¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0AyBzytCzyzz0D0DyD0FyEyDyBzyyDtN0D0Tzu0StCyBtCtBtN1L2XzutAtFtByEtFyCtFzytN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StDyB0E0AtD0F0AzytGyCtB0DtBtG0F0C0E0CtGyByEyCzztGyCyBtAyEtDtD0E0Dzy0AtD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0BtC0Czz0Azzzy0AtGzytC0B0CtGyEtCyEyEtGzytDtDtCtGzy0AtD0D0E0BtD0EzzyDzyyB2QtN0A0LzutB%26cr%3D1137961568%26a%3Dwbf_mncrfprj_16_37%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000 -> {4FBCB092-B9C7-4934-9FAD-80ADB5089D72} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2614604237-3008651893-2323847120-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10281__160308__yaie&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-08] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-08] (Oracle Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2013-10-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\ssv.dll [2016-10-07] (Oracle Corporation)
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-10-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
FireFox:
========
FF DefaultProfile: yfr7ujli.default
FF ProfilePath: C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yfr7ujli.default [2017-06-28]
FF NewTab: Mozilla\Firefox\Profiles\yfr7ujli.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\yfr7ujli.default -> Yahoo! Powered
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\yfr7ujli.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\yfr7ujli.default -> hxxp://www.portalcriativa.com.br/portal/
FF Keyword.URL: Mozilla\Firefox\Profiles\yfr7ujli.default -> user_pref("keyword.URL", true);
FF NetworkProxy: Mozilla\Firefox\Profiles\yfr7ujli.default -> http", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\yfr7ujli.default -> http_port", 24790
FF NetworkProxy: Mozilla\Firefox\Profiles\yfr7ujli.default -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\yfr7ujli.default -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\yfr7ujli.default -> ssl_port", 24790
FF NetworkProxy: Mozilla\Firefox\Profiles\yfr7ujli.default -> type", 0
FF Extension: (Firefox Hotfix) - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yfr7ujli.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-27]
FF Extension: (Adblock Plus) - C:\Users\Nicolas\AppData\Roaming\Mozilla\Firefox\Profiles\yfr7ujli.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-27]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-05] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Arquivos de Programas\Foxit\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Arquivos de Programas\Foxit\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Arquivos de Programas\Foxit\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Arquivos de Programas\Foxit\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-10-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.portalcriativa.com.br/portal/
CHR StartupUrls: Default -> "hxxp://www.portalcriativa.com.br/portal/"
CHR DefaultSearchURL: Default -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Google Drive) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-06]
CHR Extension: (YouTube) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-06]
CHR Extension: (Google Search) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-06]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-06]
CHR Extension: (Chrome Media Router) - C:\Users\Nicolas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2614604237-3008651893-2323847120-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
===================== Drivers (Whitelisted) ======================
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-06-29 00:33 - 2017-06-29 00:37 - 00000000 ___DC C:\FRST
2017-06-28 21:29 - 2017-06-28 21:29 - 00002798 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-06-28 21:29 - 2017-06-28 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-28 21:29 - 2017-06-28 21:29 - 00000000 ____D C:\Program Files\CCleaner
2017-06-12 22:01 - 2017-06-12 22:02 - 00000000 ____D C:\Users\Nicolas\AppData\Local\PAYDAY 2
2017-06-12 22:01 - 2017-06-12 22:01 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-05-23 11:17 - 2017-06-28 21:33 - 00000153 _____ C:\Users\Nicolas\BullseyeCoverageError.txt
2017-05-23 11:16 - 2017-05-23 11:17 - 00000176 _____ C:\Users\Default\BullseyeCoverageError.txt
2017-05-22 00:59 - 2017-05-22 00:59 - 00000927 _____ C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2017-05-22 00:32 - 2017-06-13 22:47 - 00000000 ____D C:\Users\Nicolas\AppData\Local\osu!
2017-05-20 22:43 - 2017-05-30 20:54 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-05-06 17:23 - 2017-05-06 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-04-21 09:27 - 2017-04-21 09:27 - 00003244 _____ C:\Windows\System32\Tasks\{C27AC6F7-1123-4F5D-A1C0-13D79E3F698E}
2017-03-31 23:26 - 2017-05-21 00:47 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\discord
2017-03-31 23:26 - 2017-03-31 23:26 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-03-31 23:26 - 2017-03-31 23:26 - 00000000 ____D C:\Users\Nicolas\AppData\Local\SquirrelTemp
2017-03-31 23:26 - 2017-03-31 23:26 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Discord
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-06-29 00:08 - 2016-01-05 23:42 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-06-28 23:38 - 2016-03-22 17:58 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\BitTorrent
2017-06-28 23:38 - 2016-01-12 16:57 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\uTorrent
2017-06-28 23:38 - 2016-01-06 00:05 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\MPC-HC
2017-06-28 23:38 - 2009-07-14 01:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-28 23:38 - 2009-07-14 01:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-28 23:35 - 2017-03-14 17:20 - 00000000 ____D C:\Users\Nicolas\AppData\Local\Spotify
2017-06-28 23:35 - 2017-03-14 17:18 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Spotify
2017-06-28 23:31 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-28 21:35 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-06-28 21:03 - 2016-03-06 13:35 - 00000000 ____D C:\Users\Nicolas\AppData\Local\LogMeIn Hamachi
2017-06-28 01:28 - 2016-11-03 14:38 - 00000000 ____D C:\Users\Nicolas\AppData\LocalLow\uTorrent
2017-06-27 23:13 - 2016-12-31 00:51 - 00000392 _____ C:\Windows\Tasks\update-sys.job
2017-06-27 21:55 - 2016-12-31 00:51 - 00000392 _____ C:\Windows\Tasks\update-S-1-5-21-2614604237-3008651893-2323847120-1000.job
2017-06-27 16:21 - 2011-04-12 10:40 - 00708416 _____ C:\Windows\system32\prfh0416.dat
2017-06-27 16:21 - 2011-04-12 10:40 - 00148196 _____ C:\Windows\system32\prfc0416.dat
2017-06-27 16:21 - 2009-07-14 02:13 - 01642550 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-25 23:06 - 2016-01-05 23:48 - 00000000 ____D C:\Users\Todos os Usuários\Symantec
2017-06-25 23:06 - 2016-01-05 23:48 - 00000000 ____D C:\ProgramData\Symantec
2017-06-18 21:38 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-06-14 20:45 - 2016-01-12 14:45 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Skype
2017-06-13 11:41 - 2016-01-05 23:45 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2017-06-13 11:41 - 2016-01-05 23:45 - 00000000 ____D C:\ProgramData\TEMP
2017-06-12 22:01 - 2015-01-05 23:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-11 17:08 - 2016-04-03 11:11 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-03 11:36 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-31 22:29 - 2016-11-03 16:58 - 00000000 ____D C:\Users\Nicolas\AppData\Roaming\.minecraft
==================== Arquivos na raiz de alguns diretórios =======
2016-05-17 14:29 - 2016-05-17 14:29 - 0000000 _____ () C:\Users\Nicolas\AppData\Local\JUVENTUDE
2016-08-01 01:10 - 2016-08-01 01:10 - 0000881 _____ () C:\Users\Nicolas\AppData\Local\Nox_crash.log
2016-10-08 00:01 - 2017-03-30 16:51 - 0007609 _____ () C:\Users\Nicolas\AppData\Local\Resmon.ResmonCfg
2016-05-17 14:28 - 2016-05-17 14:28 - 3942461 _____ () C:\Users\Nicolas\AppData\Local\tret
2016-12-31 00:51 - 2016-12-31 00:51 - 0000003 _____ () C:\Users\Nicolas\AppData\Local\updater.log
2016-12-31 00:51 - 2017-05-06 17:23 - 0000425 _____ () C:\Users\Nicolas\AppData\Local\UserProducts.xml
2015-01-05 23:08 - 2015-01-05 23:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Alguns arquivos em TEMP:
====================
2017-06-28 21:33 - 2017-06-28 21:33 - 0010256 _____ () C:\Users\Nicolas\AppData\Local\Temp\BullseyeCoverage-2-x64.dll
2017-06-28 20:36 - 2017-06-28 20:36 - 0739904 _____ (Oracle Corporation) C:\Users\Nicolas\AppData\Local\Temp\jre-8u131-windows-au.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-06-26 10:43
==================== Fim de FRST.txt ============================