Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14.03.2018
Executado por Guillermo (administrador) em GUILLERMO-PC (14-03-2018 20:10:33)
Executando a partir de C:\Users\Guillermo\Pictures
Perfis Carregados: Guillermo (Perfis Disponíveis: Guillermo & Gabriel)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
() C:\Windows\System32\hale.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Guillermo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2018-01-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [549600 2018-03-14] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [308888 2018-03-14] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2448480 2018-03-14] ()
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1813384 2017-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Discord] => C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Spotify] => C:\Users\Guillermo\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-03] (Spotify Ltd)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [uTorrent] => C:\Users\Guillermo\AppData\Roaming\uTorrent\uTorrent.exe [2234808 2018-03-14] ()
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Spotify Web Helper] => C:\Users\Guillermo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-03] (Spotify Ltd)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\MountPoints2: {9ba9c5d8-e3e5-11e7-8f77-408d5c8a26f0} - E:\AutoRun.exe
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\MountPoints2: {9ba9c5e3-e3e5-11e7-8f77-408d5c8a26f0} - E:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BA36D997-DBF4-47B1-A4D4-475BA796CCF4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default [2018-03-14]
CHR Extension: (Apresentações) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10]
CHR Extension: (Documentos) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10]
CHR Extension: (Google Drive) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10]
CHR Extension: (Chamada pelo Skype) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-12-10]
CHR Extension: (YouTube) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10]
CHR Extension: (Avast Passwords) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-03-02]
CHR Extension: (Planilhas) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-10]
CHR Extension: (AdBlock) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-10]
CHR Extension: (Gmail) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-10]
CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-01]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7054344 2018-03-14] () [Arquivo não assinado]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [609832 2018-03-14] () [Arquivo não assinado]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-14] () [Arquivo não assinado]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-14] () [Arquivo não assinado]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [Arquivo não assinado]
S3 NGS; C:\Windows\NGService.exe [2994248 2017-12-27] (NEXON Korea Corporation)
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2018-01-09] (Microsoft Corporation) [Arquivo não assinado]
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
U5 EMAC Secure; C:\Users\Guillermo\AppData\Local\Temp\GCSecure.sys [2409464 2018-01-09] (Gamers Club) <==== ATENÇÃO
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-03-14 20:10 - 2018-03-14 20:10 - 000000000 ____D C:\FRST
2018-03-14 20:04 - 2018-03-14 20:04 - 000003206 _____ C:\Windows\System32\Tasks\{491F6F1A-F544-44E2-9186-285EC05399FA}
2018-03-14 19:45 - 2018-03-14 19:45 - 000000132 _____ C:\Users\Guillermo\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2018-03-14 19:28 - 2018-03-14 19:28 - 000000040 ____H C:\A6A575895142
2018-03-14 19:27 - 2018-03-14 19:27 - 000000000 ____D C:\Users\Guillermo\Desktop\PCS
2018-03-14 19:09 - 2018-03-14 20:10 - 000000039 _____ C:\Windows\directx.sys
2018-03-14 19:09 - 2018-03-14 19:09 - 000041472 _____ C:\Windows\svchost.com
2018-03-14 19:08 - 2018-03-14 19:46 - 000000033 _____ C:\Users\Guillermo\AppData\Roaming\AdobeWLCMCache.dat
2018-03-14 19:08 - 2018-03-14 19:12 - 000000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
2018-03-14 19:08 - 2018-03-14 19:12 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-03-14 19:08 - 2018-03-14 19:08 - 000003518 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Guillermo-PC-Guillermo
2018-03-14 19:06 - 2018-03-14 19:06 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk
2018-03-14 19:06 - 2018-03-14 19:06 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-03-14 19:05 - 2018-03-14 19:05 - 000000000 ____D C:\Program Files\Adobe
2018-03-14 19:04 - 2018-03-14 19:04 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-03-14 19:04 - 2018-03-14 19:04 - 000001209 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-03-13 19:49 - 2018-03-13 19:49 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Macromedia
2018-03-13 19:49 - 2018-03-13 19:49 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Macromedia
2018-03-13 19:43 - 2018-03-13 19:43 - 000001922 _____ C:\Users\Public\Desktop\Macromedia Flash 8.lnk
2018-03-13 19:42 - 2018-03-13 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Windows\SysWOW64\QuickTime
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Users\Todos os Usuários\Macromedia
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\ProgramData\Macromedia
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Program Files (x86)\Macromedia
2018-03-13 19:41 - 2018-03-13 19:41 - 000000000 ____D C:\Windows\Downloaded Installations
2018-03-13 19:26 - 2018-03-13 19:37 - 113060248 _____ (Macromedia, Inc. ) C:\Users\Guillermo\Downloads\Flash_Professional_8.exe
2018-03-13 19:18 - 2018-03-13 19:21 - 000000000 ____D C:\Users\Guillermo\Downloads\Adobe Illustrator CC 2018 v22.0.0.243 + Patch [CracksNow]
2018-03-03 14:25 - 2016-04-09 01:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-03-03 14:25 - 2016-04-09 00:52 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-03-03 14:19 - 2015-02-04 00:16 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2018-03-03 14:19 - 2015-02-03 23:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2018-03-02 22:39 - 2018-03-02 22:39 - 000000222 _____ C:\Users\Guillermo\Desktop\Battlerite.url
2018-03-02 22:38 - 2018-03-02 22:38 - 000000222 _____ C:\Users\Guillermo\Desktop\Tom Clancy's Rainbow Six Siege.url
2018-03-02 22:38 - 2018-03-02 22:38 - 000000219 _____ C:\Users\Guillermo\Desktop\Counter-Strike Global Offensive.url
2018-03-02 22:31 - 2018-03-02 22:31 - 000000222 _____ C:\Users\Guillermo\Desktop\Transistor.url
2018-03-02 22:31 - 2018-03-02 22:31 - 000000222 _____ C:\Users\Guillermo\Desktop\Titan Souls.url
2018-03-02 22:31 - 2018-03-02 22:31 - 000000221 _____ C:\Users\Guillermo\Desktop\Ultra Street Fighter IV.url
2018-03-02 22:25 - 2018-03-14 18:49 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 22:25 - 2018-03-02 22:25 - 000000963 _____ C:\Users\Public\Desktop\Steam.lnk
2018-03-02 22:25 - 2018-03-02 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-02 22:24 - 2018-03-14 19:12 - 001529736 _____ C:\Users\Guillermo\Downloads\SteamSetup.exe
2018-03-02 22:13 - 2018-03-02 22:14 - 000000000 ____D C:\Users\Guillermo\Downloads\Dead_Cells_v2018.02.28
2018-03-02 22:11 - 2018-03-02 22:13 - 405772175 _____ C:\Users\Guillermo\Downloads\Dead_Cells_v2018.02.28.rar
2018-03-01 20:04 - 2018-03-02 22:12 - 000000000 ____D C:\Users\Guillermo\Downloads\3DMGAME-DRAGON.BALL.FighterZ.Ultimate.Edition-3DM
2018-03-01 20:01 - 2018-03-01 20:01 - 000000859 _____ C:\Users\Guillermo\Desktop\µTorrent.lnk
2018-03-01 20:01 - 2018-03-01 20:01 - 000000839 _____ C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-03-01 20:00 - 2018-03-14 19:12 - 003197232 _____ C:\Users\Guillermo\Downloads\uTorrent.exe
2018-02-25 19:57 - 2018-02-25 19:57 - 001393474 _____ C:\Users\Gabriel\Downloads\VID-20180225-WA0025.mp4
2018-02-25 14:54 - 2018-02-25 14:57 - 000000000 ____D C:\Users\Todos os Usuários\Paltiosoft
2018-02-25 14:54 - 2018-02-25 14:57 - 000000000 ____D C:\ProgramData\Paltiosoft
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Windows\ucharge
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftDenchi
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Program Files\SoftDenchi
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Program Files (x86)\SoftDenchi
2018-02-25 14:28 - 2018-02-25 15:12 - 000000000 ____D C:\Users\Guillermo\Desktop\Steins Gate
2018-02-24 22:06 - 2018-02-24 22:16 - 000000000 ____D C:\Users\Guillermo\Downloads\DDLC MOD
2018-02-18 15:05 - 2018-02-18 17:05 - 000000000 ____D C:\Users\Gabriel\Desktop\Slay_the_Spire_v15.02.2018
2018-02-18 15:03 - 2018-02-18 15:03 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
2018-02-18 15:03 - 2018-02-18 15:03 - 000000000 ____D C:\ProgramData\Oracle
2018-02-18 15:02 - 2018-02-18 14:46 - 388410838 _____ C:\Users\Gabriel\Desktop\Slay_the_Spire_v15.02.2018.rar
2018-02-18 14:45 - 2018-02-18 14:46 - 388410838 _____ C:\Users\Gabriel\Downloads\Slay_the_Spire_v15.02.2018.rar
2018-02-17 19:06 - 2018-02-17 19:06 - 000000000 ____D C:\Users\Guillermo\AppData\LocalLow\8floor
2018-02-17 12:13 - 2018-03-14 19:11 - 000766960 _____ C:\Users\Gabriel\Downloads\SpotifySetup.exe
2018-02-17 12:13 - 2018-03-11 16:38 - 000000000 ____D C:\Users\Gabriel\AppData\Local\Spotify
2018-02-17 12:13 - 2018-03-11 16:36 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Spotify
2018-02-17 12:13 - 2018-02-17 12:13 - 000001819 _____ C:\Users\Gabriel\Desktop\Spotify.lnk
2018-02-17 12:13 - 2018-02-17 12:13 - 000001805 _____ C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2018-02-14 19:36 - 2018-02-14 19:36 - 000276864 _____ C:\Windows\Minidump\021418-16426-01.dmp
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-03-14 19:20 - 2017-12-16 22:24 - 000000392 _____ C:\Windows\Tasks\update-S-1-5-21-139893100-1412922815-2400554056-1004.job
2018-03-14 19:20 - 2017-12-15 09:38 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Adobe
2018-03-14 19:12 - 2018-02-11 19:46 - 000808432 _____ C:\Users\Guillermo\Downloads\SpotifySetup.exe
2018-03-14 19:12 - 2018-02-11 19:46 - 000510976 _____ C:\Users\Guillermo\Downloads\Felix Sem Noção Sem anuncios.exe
2018-03-14 19:12 - 2017-12-25 22:06 - 003972080 _____ C:\Users\Guillermo\Downloads\Battle.net-Setup.exe
2018-03-14 19:12 - 2017-12-13 22:37 - 004122096 _____ C:\Users\Guillermo\Downloads\Hearthstone-Setup (1).exe
2018-03-14 19:11 - 2017-12-16 22:23 - 002814096 _____ C:\Users\Gabriel\Downloads\setup-lightshot.exe
2018-03-14 19:08 - 2017-12-15 09:36 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Adobe
2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\Users\Todos os Usuários\Adobe
2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\ProgramData\Adobe
2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-14 19:06 - 2017-12-10 15:02 - 000000000 ____D C:\Users\Guillermo
2018-03-14 18:51 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\tracing
2018-03-14 18:49 - 2018-02-11 19:47 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Spotify
2018-03-14 18:48 - 2018-02-11 19:47 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Spotify
2018-03-14 18:48 - 2017-12-13 22:16 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\uTorrent
2018-03-14 18:47 - 2017-12-29 22:31 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-03-14 18:47 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-13 19:56 - 2017-12-10 15:39 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-13 19:56 - 2009-07-14 01:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-13 19:56 - 2009-07-14 01:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-11 20:17 - 2017-12-16 22:24 - 000000392 _____ C:\Windows\Tasks\update-sys.job
2018-03-11 10:39 - 2017-12-17 11:04 - 000001011 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2018-03-08 20:08 - 2017-12-11 12:34 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Ubisoft Game Launcher
2018-03-08 18:02 - 2018-01-25 21:12 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Skype
2018-03-04 13:16 - 2018-01-17 23:08 - 000000000 ____D C:\Users\Guillermo\Downloads\[160826] [5pb./ホビボックス] STEINS;GATE 0 豪華限定版 for Windows PC
2018-03-03 14:51 - 2017-12-17 12:15 - 000000000 ____D C:\Windows\system32\MRT
2018-03-03 14:49 - 2017-12-17 12:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-03 14:49 - 2017-12-17 12:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-02 22:39 - 2017-12-10 16:36 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-02 22:16 - 2017-12-29 22:36 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\EasyAntiCheat
2018-03-01 19:43 - 2017-12-10 16:36 - 000000000 ____D C:\Users\Guillermo\Documents\League of Legends
2018-03-01 18:50 - 2017-12-10 16:33 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Steam
2018-02-28 18:29 - 2017-12-18 10:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-28 18:29 - 2017-12-10 15:46 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 18:29 - 2017-12-10 15:46 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 14:28 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-24 22:45 - 2017-12-31 11:16 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\RenPy
2018-02-24 21:00 - 2017-12-18 10:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-23 17:40 - 2011-04-12 10:40 - 000705070 _____ C:\Windows\system32\prfh0416.dat
2018-02-23 17:40 - 2011-04-12 10:40 - 000146910 _____ C:\Windows\system32\prfc0416.dat
2018-02-23 17:40 - 2009-07-14 02:13 - 001633534 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-23 17:40 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-02-17 11:03 - 2017-12-17 11:03 - 000000414 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-02-14 19:37 - 2017-12-10 16:52 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\discord
2018-02-14 19:36 - 2017-12-16 18:48 - 582412804 _____ C:\Windows\MEMORY.DMP
2018-02-14 19:36 - 2017-12-12 14:27 - 000000000 ____D C:\Windows\Minidump
2018-02-14 19:34 - 2018-01-09 15:24 - 011363400 _____ (EMACLAB) C:\Users\Guillermo\Downloads\GCLauncher.exe
2018-02-13 21:29 - 2018-01-26 18:41 - 000000000 ____D C:\Users\Gabriel\AppData\Local\Battle.net
2018-02-13 17:30 - 2018-01-26 18:43 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2018-02-13 17:29 - 2017-12-13 22:38 - 000000000 ____D C:\Program Files (x86)\Battle.net
==================== Arquivos na raiz de alguns diretórios =======
2017-12-25 20:58 - 2017-12-25 20:58 - 000066790 _____ () C:\Program Files (x86)\hyxd_license.htm
2018-03-14 19:08 - 2018-03-14 19:46 - 000000033 _____ () C:\Users\Guillermo\AppData\Roaming\AdobeWLCMCache.dat
2018-03-14 19:45 - 2018-03-14 19:45 - 000000132 _____ () C:\Users\Guillermo\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
Alguns arquivos em TEMP:
====================
2017-12-27 17:51 - 2017-12-27 17:51 - 000000180 _____ () C:\Users\Gabriel\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-18 13:31 - 2017-12-18 13:31 - 000000180 _____ () C:\Users\Gabriel\AppData\Local\Temp\33968ec9ed0abde4ce703a532c809fc9.dll
2017-12-27 17:51 - 2017-12-27 18:05 - 000000016 _____ () C:\Users\Gabriel\AppData\Local\Temp\586953e58e5481889a1b5db04346166d.dll
2017-12-18 13:31 - 2017-12-18 13:31 - 000000029 _____ () C:\Users\Gabriel\AppData\Local\Temp\68acb008c3c1da84e3d9ecea5f5c98bb.dll
2017-12-27 22:27 - 2017-12-27 22:27 - 000000180 _____ () C:\Users\Guillermo\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-27 22:27 - 2018-01-01 20:17 - 000000016 _____ () C:\Users\Guillermo\AppData\Local\Temp\586953e58e5481889a1b5db04346166d.dll
2017-12-25 22:00 - 2017-12-25 22:00 - 032965288 _____ (ArenaNet) C:\Users\Guillermo\AppData\Local\Temp\Gw2.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe
[2017-12-17 11:43] - [2018-01-09 17:36] - 000389632 _____ (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll
[2017-12-17 11:46] - [2018-01-09 17:37] - 001009152 _____ (Microsoft Corporation) 012D0454BABE8AE5574C4622C55F875D
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2018-02-23 18:22
==================== Fim de FRST.txt ============================
Executado por Guillermo (administrador) em GUILLERMO-PC (14-03-2018 20:10:33)
Executando a partir de C:\Users\Guillermo\Pictures
Perfis Carregados: Guillermo (Perfis Disponíveis: Guillermo & Gabriel)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
() C:\Windows\System32\hale.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Guillermo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe
(Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2018-01-09] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [549600 2018-03-14] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [308888 2018-03-14] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2448480 2018-03-14] ()
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1813384 2017-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Discord] => C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Spotify] => C:\Users\Guillermo\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-03] (Spotify Ltd)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [uTorrent] => C:\Users\Guillermo\AppData\Roaming\uTorrent\uTorrent.exe [2234808 2018-03-14] ()
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Spotify Web Helper] => C:\Users\Guillermo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-03] (Spotify Ltd)
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\MountPoints2: {9ba9c5d8-e3e5-11e7-8f77-408d5c8a26f0} - E:\AutoRun.exe
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\MountPoints2: {9ba9c5e3-e3e5-11e7-8f77-408d5c8a26f0} - E:\AutoRun.exe
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BA36D997-DBF4-47B1-A4D4-475BA796CCF4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-139893100-1412922815-2400554056-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default [2018-03-14]
CHR Extension: (Apresentações) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10]
CHR Extension: (Documentos) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10]
CHR Extension: (Google Drive) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10]
CHR Extension: (Chamada pelo Skype) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-12-10]
CHR Extension: (YouTube) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10]
CHR Extension: (Avast Passwords) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-03-02]
CHR Extension: (Planilhas) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-10]
CHR Extension: (AdBlock) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-10]
CHR Extension: (Gmail) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-10]
CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-01]
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [Arquivo não assinado]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7054344 2018-03-14] () [Arquivo não assinado]
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [609832 2018-03-14] () [Arquivo não assinado]
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-14] () [Arquivo não assinado]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-14] () [Arquivo não assinado]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [Arquivo não assinado]
S3 NGS; C:\Windows\NGService.exe [2994248 2017-12-27] (NEXON Korea Corporation)
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2018-01-09] (Microsoft Corporation) [Arquivo não assinado]
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
U5 EMAC Secure; C:\Users\Guillermo\AppData\Local\Temp\GCSecure.sys [2409464 2018-01-09] (Gamers Club) <==== ATENÇÃO
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-03-14 20:10 - 2018-03-14 20:10 - 000000000 ____D C:\FRST
2018-03-14 20:04 - 2018-03-14 20:04 - 000003206 _____ C:\Windows\System32\Tasks\{491F6F1A-F544-44E2-9186-285EC05399FA}
2018-03-14 19:45 - 2018-03-14 19:45 - 000000132 _____ C:\Users\Guillermo\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2018-03-14 19:28 - 2018-03-14 19:28 - 000000040 ____H C:\A6A575895142
2018-03-14 19:27 - 2018-03-14 19:27 - 000000000 ____D C:\Users\Guillermo\Desktop\PCS
2018-03-14 19:09 - 2018-03-14 20:10 - 000000039 _____ C:\Windows\directx.sys
2018-03-14 19:09 - 2018-03-14 19:09 - 000041472 _____ C:\Windows\svchost.com
2018-03-14 19:08 - 2018-03-14 19:46 - 000000033 _____ C:\Users\Guillermo\AppData\Roaming\AdobeWLCMCache.dat
2018-03-14 19:08 - 2018-03-14 19:12 - 000000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe
2018-03-14 19:08 - 2018-03-14 19:12 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-03-14 19:08 - 2018-03-14 19:08 - 000003518 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Guillermo-PC-Guillermo
2018-03-14 19:06 - 2018-03-14 19:06 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk
2018-03-14 19:06 - 2018-03-14 19:06 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-03-14 19:05 - 2018-03-14 19:05 - 000000000 ____D C:\Program Files\Adobe
2018-03-14 19:04 - 2018-03-14 19:04 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-03-14 19:04 - 2018-03-14 19:04 - 000001209 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-03-13 19:49 - 2018-03-13 19:49 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Macromedia
2018-03-13 19:49 - 2018-03-13 19:49 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Macromedia
2018-03-13 19:43 - 2018-03-13 19:43 - 000001922 _____ C:\Users\Public\Desktop\Macromedia Flash 8.lnk
2018-03-13 19:42 - 2018-03-13 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Windows\SysWOW64\QuickTime
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Users\Todos os Usuários\Macromedia
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\ProgramData\Macromedia
2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Program Files (x86)\Macromedia
2018-03-13 19:41 - 2018-03-13 19:41 - 000000000 ____D C:\Windows\Downloaded Installations
2018-03-13 19:26 - 2018-03-13 19:37 - 113060248 _____ (Macromedia, Inc. ) C:\Users\Guillermo\Downloads\Flash_Professional_8.exe
2018-03-13 19:18 - 2018-03-13 19:21 - 000000000 ____D C:\Users\Guillermo\Downloads\Adobe Illustrator CC 2018 v22.0.0.243 + Patch [CracksNow]
2018-03-03 14:25 - 2016-04-09 01:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-03-03 14:25 - 2016-04-09 00:52 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2018-03-03 14:19 - 2015-02-04 00:16 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2018-03-03 14:19 - 2015-02-03 23:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2018-03-02 22:39 - 2018-03-02 22:39 - 000000222 _____ C:\Users\Guillermo\Desktop\Battlerite.url
2018-03-02 22:38 - 2018-03-02 22:38 - 000000222 _____ C:\Users\Guillermo\Desktop\Tom Clancy's Rainbow Six Siege.url
2018-03-02 22:38 - 2018-03-02 22:38 - 000000219 _____ C:\Users\Guillermo\Desktop\Counter-Strike Global Offensive.url
2018-03-02 22:31 - 2018-03-02 22:31 - 000000222 _____ C:\Users\Guillermo\Desktop\Transistor.url
2018-03-02 22:31 - 2018-03-02 22:31 - 000000222 _____ C:\Users\Guillermo\Desktop\Titan Souls.url
2018-03-02 22:31 - 2018-03-02 22:31 - 000000221 _____ C:\Users\Guillermo\Desktop\Ultra Street Fighter IV.url
2018-03-02 22:25 - 2018-03-14 18:49 - 000000000 ____D C:\Program Files (x86)\Steam
2018-03-02 22:25 - 2018-03-02 22:25 - 000000963 _____ C:\Users\Public\Desktop\Steam.lnk
2018-03-02 22:25 - 2018-03-02 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-02 22:24 - 2018-03-14 19:12 - 001529736 _____ C:\Users\Guillermo\Downloads\SteamSetup.exe
2018-03-02 22:13 - 2018-03-02 22:14 - 000000000 ____D C:\Users\Guillermo\Downloads\Dead_Cells_v2018.02.28
2018-03-02 22:11 - 2018-03-02 22:13 - 405772175 _____ C:\Users\Guillermo\Downloads\Dead_Cells_v2018.02.28.rar
2018-03-01 20:04 - 2018-03-02 22:12 - 000000000 ____D C:\Users\Guillermo\Downloads\3DMGAME-DRAGON.BALL.FighterZ.Ultimate.Edition-3DM
2018-03-01 20:01 - 2018-03-01 20:01 - 000000859 _____ C:\Users\Guillermo\Desktop\µTorrent.lnk
2018-03-01 20:01 - 2018-03-01 20:01 - 000000839 _____ C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-03-01 20:00 - 2018-03-14 19:12 - 003197232 _____ C:\Users\Guillermo\Downloads\uTorrent.exe
2018-02-25 19:57 - 2018-02-25 19:57 - 001393474 _____ C:\Users\Gabriel\Downloads\VID-20180225-WA0025.mp4
2018-02-25 14:54 - 2018-02-25 14:57 - 000000000 ____D C:\Users\Todos os Usuários\Paltiosoft
2018-02-25 14:54 - 2018-02-25 14:57 - 000000000 ____D C:\ProgramData\Paltiosoft
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Windows\ucharge
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftDenchi
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Program Files\SoftDenchi
2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Program Files (x86)\SoftDenchi
2018-02-25 14:28 - 2018-02-25 15:12 - 000000000 ____D C:\Users\Guillermo\Desktop\Steins Gate
2018-02-24 22:06 - 2018-02-24 22:16 - 000000000 ____D C:\Users\Guillermo\Downloads\DDLC MOD
2018-02-18 15:05 - 2018-02-18 17:05 - 000000000 ____D C:\Users\Gabriel\Desktop\Slay_the_Spire_v15.02.2018
2018-02-18 15:03 - 2018-02-18 15:03 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
2018-02-18 15:03 - 2018-02-18 15:03 - 000000000 ____D C:\ProgramData\Oracle
2018-02-18 15:02 - 2018-02-18 14:46 - 388410838 _____ C:\Users\Gabriel\Desktop\Slay_the_Spire_v15.02.2018.rar
2018-02-18 14:45 - 2018-02-18 14:46 - 388410838 _____ C:\Users\Gabriel\Downloads\Slay_the_Spire_v15.02.2018.rar
2018-02-17 19:06 - 2018-02-17 19:06 - 000000000 ____D C:\Users\Guillermo\AppData\LocalLow\8floor
2018-02-17 12:13 - 2018-03-14 19:11 - 000766960 _____ C:\Users\Gabriel\Downloads\SpotifySetup.exe
2018-02-17 12:13 - 2018-03-11 16:38 - 000000000 ____D C:\Users\Gabriel\AppData\Local\Spotify
2018-02-17 12:13 - 2018-03-11 16:36 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Spotify
2018-02-17 12:13 - 2018-02-17 12:13 - 000001819 _____ C:\Users\Gabriel\Desktop\Spotify.lnk
2018-02-17 12:13 - 2018-02-17 12:13 - 000001805 _____ C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2018-02-14 19:36 - 2018-02-14 19:36 - 000276864 _____ C:\Windows\Minidump\021418-16426-01.dmp
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2018-03-14 19:20 - 2017-12-16 22:24 - 000000392 _____ C:\Windows\Tasks\update-S-1-5-21-139893100-1412922815-2400554056-1004.job
2018-03-14 19:20 - 2017-12-15 09:38 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Adobe
2018-03-14 19:12 - 2018-02-11 19:46 - 000808432 _____ C:\Users\Guillermo\Downloads\SpotifySetup.exe
2018-03-14 19:12 - 2018-02-11 19:46 - 000510976 _____ C:\Users\Guillermo\Downloads\Felix Sem Noção Sem anuncios.exe
2018-03-14 19:12 - 2017-12-25 22:06 - 003972080 _____ C:\Users\Guillermo\Downloads\Battle.net-Setup.exe
2018-03-14 19:12 - 2017-12-13 22:37 - 004122096 _____ C:\Users\Guillermo\Downloads\Hearthstone-Setup (1).exe
2018-03-14 19:11 - 2017-12-16 22:23 - 002814096 _____ C:\Users\Gabriel\Downloads\setup-lightshot.exe
2018-03-14 19:08 - 2017-12-15 09:36 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Adobe
2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\Users\Todos os Usuários\Adobe
2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\ProgramData\Adobe
2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-03-14 19:06 - 2017-12-10 15:02 - 000000000 ____D C:\Users\Guillermo
2018-03-14 18:51 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\tracing
2018-03-14 18:49 - 2018-02-11 19:47 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Spotify
2018-03-14 18:48 - 2018-02-11 19:47 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Spotify
2018-03-14 18:48 - 2017-12-13 22:16 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\uTorrent
2018-03-14 18:47 - 2017-12-29 22:31 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2018-03-14 18:47 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-13 19:56 - 2017-12-10 15:39 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2018-03-13 19:56 - 2009-07-14 01:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-13 19:56 - 2009-07-14 01:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-11 20:17 - 2017-12-16 22:24 - 000000392 _____ C:\Windows\Tasks\update-sys.job
2018-03-11 10:39 - 2017-12-17 11:04 - 000001011 _____ C:\Users\Public\Desktop\Driver Easy.lnk
2018-03-08 20:08 - 2017-12-11 12:34 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Ubisoft Game Launcher
2018-03-08 18:02 - 2018-01-25 21:12 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Skype
2018-03-04 13:16 - 2018-01-17 23:08 - 000000000 ____D C:\Users\Guillermo\Downloads\[160826] [5pb./ホビボックス] STEINS;GATE 0 豪華限定版 for Windows PC
2018-03-03 14:51 - 2017-12-17 12:15 - 000000000 ____D C:\Windows\system32\MRT
2018-03-03 14:49 - 2017-12-17 12:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-03 14:49 - 2017-12-17 12:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-02 22:39 - 2017-12-10 16:36 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-03-02 22:16 - 2017-12-29 22:36 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\EasyAntiCheat
2018-03-01 19:43 - 2017-12-10 16:36 - 000000000 ____D C:\Users\Guillermo\Documents\League of Legends
2018-03-01 18:50 - 2017-12-10 16:33 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Steam
2018-02-28 18:29 - 2017-12-18 10:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-28 18:29 - 2017-12-10 15:46 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-28 18:29 - 2017-12-10 15:46 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-25 14:28 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2018-02-24 22:45 - 2017-12-31 11:16 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\RenPy
2018-02-24 21:00 - 2017-12-18 10:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-02-23 17:40 - 2011-04-12 10:40 - 000705070 _____ C:\Windows\system32\prfh0416.dat
2018-02-23 17:40 - 2011-04-12 10:40 - 000146910 _____ C:\Windows\system32\prfc0416.dat
2018-02-23 17:40 - 2009-07-14 02:13 - 001633534 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-23 17:40 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-02-17 11:03 - 2017-12-17 11:03 - 000000414 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job
2018-02-14 19:37 - 2017-12-10 16:52 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\discord
2018-02-14 19:36 - 2017-12-16 18:48 - 582412804 _____ C:\Windows\MEMORY.DMP
2018-02-14 19:36 - 2017-12-12 14:27 - 000000000 ____D C:\Windows\Minidump
2018-02-14 19:34 - 2018-01-09 15:24 - 011363400 _____ (EMACLAB) C:\Users\Guillermo\Downloads\GCLauncher.exe
2018-02-13 21:29 - 2018-01-26 18:41 - 000000000 ____D C:\Users\Gabriel\AppData\Local\Battle.net
2018-02-13 17:30 - 2018-01-26 18:43 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2018-02-13 17:29 - 2017-12-13 22:38 - 000000000 ____D C:\Program Files (x86)\Battle.net
==================== Arquivos na raiz de alguns diretórios =======
2017-12-25 20:58 - 2017-12-25 20:58 - 000066790 _____ () C:\Program Files (x86)\hyxd_license.htm
2018-03-14 19:08 - 2018-03-14 19:46 - 000000033 _____ () C:\Users\Guillermo\AppData\Roaming\AdobeWLCMCache.dat
2018-03-14 19:45 - 2018-03-14 19:45 - 000000132 _____ () C:\Users\Guillermo\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
Alguns arquivos em TEMP:
====================
2017-12-27 17:51 - 2017-12-27 17:51 - 000000180 _____ () C:\Users\Gabriel\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-18 13:31 - 2017-12-18 13:31 - 000000180 _____ () C:\Users\Gabriel\AppData\Local\Temp\33968ec9ed0abde4ce703a532c809fc9.dll
2017-12-27 17:51 - 2017-12-27 18:05 - 000000016 _____ () C:\Users\Gabriel\AppData\Local\Temp\586953e58e5481889a1b5db04346166d.dll
2017-12-18 13:31 - 2017-12-18 13:31 - 000000029 _____ () C:\Users\Gabriel\AppData\Local\Temp\68acb008c3c1da84e3d9ecea5f5c98bb.dll
2017-12-27 22:27 - 2017-12-27 22:27 - 000000180 _____ () C:\Users\Guillermo\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll
2017-12-27 22:27 - 2018-01-01 20:17 - 000000016 _____ () C:\Users\Guillermo\AppData\Local\Temp\586953e58e5481889a1b5db04346166d.dll
2017-12-25 22:00 - 2017-12-25 22:00 - 032965288 _____ (ArenaNet) C:\Users\Guillermo\AppData\Local\Temp\Gw2.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe
[2017-12-17 11:43] - [2018-01-09 17:36] - 000389632 _____ (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll
[2017-12-17 11:46] - [2018-01-09 17:37] - 001009152 _____ (Microsoft Corporation) 012D0454BABE8AE5574C4622C55F875D
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2018-02-23 18:22
==================== Fim de FRST.txt ============================