Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:07-02-2016 Executado por Família (administrador) em DESKTOP-TOTL86R (09-02-2016 18:47:01) Executando a partir de C:\Users\PC\Downloads Perfis Carregados: Família (Perfis Disponíveis: Família) Platform: Microsoft Windows 10 Pro (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Edge) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (F-Secure Corporation) C:\Program Files\F-Secure\Internet Security\fshoster32.exe (F-Secure Corporation) C:\Program Files\F-Secure\Internet Security\apps\CCF_Reputation\fsorsp.exe (IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe () C:\Program Files\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\10c69b1ea34ba960b60f1520598fb13a.exe (F-Secure Corporation) C:\Program Files\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) C:\Program Files\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\fsgk32.exe (GAS Tecnologia) C:\Program Files\GbPlugin\GbpSv.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (F-Secure Corporation) C:\Program Files\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe (F-Secure Corporation) C:\Program Files\F-Secure\Internet Security\fshoster32.exe (BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (BitTorrent Inc.) C:\Users\PC\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Program Files\Viva\viva.exe (IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe (Trend Micro Inc.) C:\Users\PC\Downloads\HijackThis.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3359920 2014-05-27] (VIA) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Run: [EaseUS EPM tray] => C:\Program Files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd) HKLM\...\Run: [F-Secure GUI (666)] => C:\Program Files\F-Secure\Internet Security\FsGuiStarter.exe [101928 2015-11-10] (F-Secure Corporation) Winlogon\Notify\ GbPluginCef: C:\Program Files\GbPlugin\gbiehCef.dll [2015-09-01] (Caixa Economica Federal) HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\Run: [uTorrent] => C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-22] (BitTorrent Inc.) HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit) HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [24100520 2015-06-25] (Microsoft Corporation) HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.) HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\Run: [BingSvc] => C:\Users\PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-31] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\MountPoints2: {7a768f3d-376b-11e5-93d8-002511de31af} - "I:\SETUP.EXE" ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll [1867432 2015-09-01] (Caixa Economica Federal) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [S-1-5-21-2032392148-2610944917-446654308-1001] => Proxy está habilitado. ProxyServer: [S-1-5-21-2032392148-2610944917-446654308-1001] => http=127.0.0.1:63245;https=127.0.0.1:63245 AutoConfigURL: [S-1-5-21-2032392148-2610944917-446654308-1001] => http=127.0.0.1:63245;https=127.0.0.1:63245 Hosts: 127.0.0.1 localhost Tcpip\..\Interfaces\{0792fc81-4b8a-4b10-9f0a-09b106fe8672}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{12F689D9-0C7A-4398-86C6-12103578D1B9}: [NameServer] 200.204.0.10 200.204.0.138 Tcpip\..\Interfaces\{26781c5d-7efb-4dcc-bf2c-eb2bb9764ed0}: [DhcpNameServer] 10.3.156.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2032392148-2610944917-446654308-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2032392148-2610944917-446654308-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2015-08-26] (IObit) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-24] (Oracle Corporation) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files\GbPlugin\gbiehcef.dll [2015-09-01] (Caixa Economica Federal) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-24] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fekk4ajk.default FF Homepage: google.com FF NetworkProxy: "type", 5 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] () FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-24] (Oracle Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation) FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\fekk4ajk.default\searchplugins\bing-.xml [2016-01-31] FF HKU\S-1-5-21-2032392148-2610944917-446654308-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\PC\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a) ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 COMLiveService; C:\Program Files\Viva\viva.exe [356640 2015-09-08] () R2 fshoster; C:\Program Files\F-Secure\Internet Security\fshoster32.exe [184360 2015-11-10] (F-Secure Corporation) R3 FSMA; C:\Program Files\F-Secure\Internet Security\apps\ComputerSecurity\Common\FSMA32.EXE [216104 2015-11-24] (F-Secure Corporation) R2 FSORSPClient; C:\Program Files\F-Secure\Internet Security\apps\CCF_Reputation\fsorsp.exe [60456 2015-08-15] (F-Secure Corporation) R2 GbpSv; C:\Program Files\GbPlugin\GbpSv.exe [587576 2015-08-13] (GAS Tecnologia) R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-15] (IObit) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-08-24] (Enigma Software Group USA, LLC.) R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-08-06] (VIA Technologies, Inc.) S2 VyprVPN; C:\Program Files\VyprVPN\VyprVPNService.exe [212992 2015-09-28] (Golden Frog, GmbH.) [Arquivo não assinado] R2 WaNetworkEnhancer Service; C:\Program Files\WaNetworkEnhancer\WaNetworkEnhancer Internet Enhancer\10c69b1ea34ba960b60f1520598fb13a.exe [1591296 2016-01-19] () [Arquivo não assinado] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 Atc002; C:\WINDOWS\System32\drivers\l260x86.sys [29184 2015-07-10] (Atheros Communications, Inc.) R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV.sys [174680 2015-07-29] (Qihu 360 Software Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [25016 2015-07-31] (Disc Soft Ltd) S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [14920 2013-03-07] () [Arquivo não assinado] S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-08-24] () S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [Arquivo não assinado] R3 F-Secure Gatekeeper; C:\Program Files\F-Secure\Internet Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [162808 2015-12-11] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files\F-Secure\Internet Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [95296 2016-02-03] (F-Secure Corporation) R0 fsbts; C:\WINDOWS\System32\Drivers\fsbts.sys [63680 2016-01-12] () R3 fsni; C:\Program Files\F-Secure\Internet Security\apps\CCF_Scanning\bin\fsni32.sys [80000 2016-01-11] (F-Secure Corporation) R0 GbpKm; C:\WINDOWS\System32\drivers\GbpKm.sys [49496 2015-09-03] (GAS Tecnologia) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-08-02] (REALiX(tm)) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-09] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) S1 MpKsl8d036471; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl8d036471.sys [39464 2015-07-23] () [Arquivo não assinado] R1 ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [31848 2015-07-26] (Avira Operations GmbH & Co. KG) S3 ssudobex; C:\WINDOWS\system32\DRIVERS\ssudobex.sys [184192 2015-07-24] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 tapvyprvpn; C:\WINDOWS\System32\drivers\tapvyprvpn.sys [39520 2015-09-28] (The OpenVPN Project) S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] () R3 VIAHdAudAddService; C:\WINDOWS\system32\drivers\viahduaa.sys [575184 2015-08-06] (VIA Technologies, Inc.) R1 vivadrv; C:\WINDOWS\System32\drivers\vivadrv.sys [49952 2015-08-25] (Windows (R) Win 7 DDK provider) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-09 18:43 - 2016-02-09 18:46 - 00030235 _____ C:\Users\PC\Downloads\Addition.txt 2016-02-09 18:42 - 2016-02-09 18:47 - 00015536 _____ C:\Users\PC\Downloads\FRST.txt 2016-02-09 18:41 - 2016-02-09 18:47 - 00000000 ____D C:\FRST 2016-02-09 18:40 - 2016-02-09 18:41 - 01721344 _____ (Farbar) C:\Users\PC\Downloads\FRST.exe 2016-02-09 18:29 - 2016-02-09 18:29 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-TOTL86R_Família_HistoryPrediction.bin 2016-02-09 04:18 - 2016-02-09 04:18 - 54198272 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2016-02-09 04:18 - 2016-02-09 04:18 - 00303104 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2016-02-09 04:18 - 2016-02-09 04:18 - 00073728 _____ C:\WINDOWS\system32\config\SAM.iobit 2016-02-09 04:18 - 2016-02-09 04:18 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2016-02-09 02:35 - 2016-02-09 02:35 - 00000000 ____D C:\Users\PC\AppData\Local\TomTom 2016-02-09 02:34 - 2016-02-09 18:24 - 00000000 ____D C:\Program Files\MyDrive Connect 2016-02-09 02:34 - 2016-02-09 02:34 - 02138111 _____ (TomTom International B.V.) C:\Users\PC\Downloads\InstallMyDriveConnect (1).exe.24w5lt1.partial 2016-02-06 17:22 - 2016-02-06 17:22 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-02-03 10:41 - 2016-02-09 18:30 - 00000000 ____D C:\Users\PC\AppData\LocalLow\uTorrent 2016-02-02 00:43 - 2016-02-02 00:43 - 00149160 _____ C:\WINDOWS\Minidump\020216-31140-01.dmp 2016-02-01 23:00 - 2016-02-02 00:43 - 285544774 _____ C:\WINDOWS\MEMORY.DMP 2016-02-01 23:00 - 2016-02-01 23:01 - 00149160 _____ C:\WINDOWS\Minidump\020116-28781-01.dmp 2016-02-01 22:52 - 2016-02-01 22:53 - 00149160 _____ C:\WINDOWS\Minidump\020116-38437-01.dmp 2016-01-31 23:44 - 2016-01-31 23:44 - 00000000 ____D C:\Users\PC\Tracing 2016-01-31 23:15 - 2016-02-09 18:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\Skype 2016-01-31 23:15 - 2016-01-31 23:16 - 00000000 ___RD C:\Program Files\Skype 2016-01-31 23:15 - 2016-01-31 23:15 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-01-31 23:15 - 2016-01-31 23:15 - 00000000 ____D C:\ProgramData\Skype 2016-01-31 23:15 - 2016-01-31 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-01-31 23:15 - 2016-01-31 23:15 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-01-31 23:11 - 2016-01-31 23:12 - 00000000 ____D C:\Users\PC\AppData\Roaming\Prodiance 2016-01-31 23:08 - 2016-01-31 23:09 - 01504384 _____ (Skype Technologies S.A.) C:\Users\PC\Downloads\SkypeSetup (1).exe 2016-01-31 23:08 - 2016-01-31 23:08 - 01504384 _____ (Skype Technologies S.A.) C:\Users\PC\Downloads\SkypeSetup.exe 2016-01-27 21:47 - 2016-01-27 21:47 - 00002791 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Device Recovery Tool.lnk 2016-01-27 21:47 - 2016-01-27 21:47 - 00000000 ____D C:\Users\Todos os Usuários\LGE 2016-01-27 21:47 - 2016-01-27 21:47 - 00000000 ____D C:\Users\Todos os Usuários\HTC 2016-01-27 21:47 - 2016-01-27 21:47 - 00000000 ____D C:\ProgramData\LGE 2016-01-27 21:47 - 2016-01-27 21:47 - 00000000 ____D C:\ProgramData\HTC 2016-01-27 21:47 - 2016-01-27 21:47 - 00000000 ____D C:\Program Files\Microsoft Care Suite 2016-01-27 21:39 - 2016-02-09 18:24 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-01-27 21:39 - 2016-02-09 18:24 - 00000000 ____D C:\ProgramData\Package Cache 2016-01-27 21:36 - 2016-01-27 21:38 - 02297184 _____ (Microsoft) C:\Users\PC\Downloads\WindowsPhoneRecoveryToolInstaller.exe 2016-01-27 21:28 - 2016-01-27 21:28 - 00004096 _____ C:\WINDOWS\SECOH-QAD.exe 2016-01-27 21:28 - 2016-01-27 21:28 - 00003072 _____ C:\WINDOWS\SECOH-QAD.dll 2016-01-27 21:22 - 2016-02-09 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaNetworkEnhancer 2016-01-27 21:22 - 2016-02-09 18:26 - 00000000 ____D C:\Program Files\WaNetworkEnhancer 2016-01-27 21:22 - 2016-02-09 18:26 - 00000000 ____D C:\Program Files\Wajam 2016-01-27 20:55 - 2016-01-27 20:55 - 00000000 _____ C:\Users\PC\Downloads\WindowsPhoneRecoveryToolInstaller_2.exe 2016-01-27 11:53 - 2016-01-27 11:57 - 00027390 _____ C:\Users\PC\Downloads\47276 (6).pdf 2016-01-27 11:49 - 2016-01-27 11:49 - 00027390 _____ C:\Users\PC\Downloads\47276 (5).pdf 2016-01-26 13:52 - 2016-01-26 13:52 - 00149160 _____ C:\WINDOWS\Minidump\012616-27656-01.dmp 2016-01-26 13:32 - 2016-01-26 13:32 - 00149160 _____ C:\WINDOWS\Minidump\012616-28406-01.dmp 2016-01-26 11:51 - 2016-01-26 11:51 - 00149160 _____ C:\WINDOWS\Minidump\012616-26968-01.dmp 2016-01-26 11:45 - 2016-01-26 11:45 - 00149160 _____ C:\WINDOWS\Minidump\012616-24234-01.dmp 2016-01-21 16:37 - 2016-01-23 03:26 - 00000000 ____D C:\Users\PC\Downloads\Gomorrah S01 E01 - Hardcoded Eng Subs - Sno 2016-01-21 16:05 - 2016-01-26 22:40 - 00000695 _____ C:\Users\PC\Downloads\sync 2016-01-17 14:39 - 2016-01-17 14:39 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView 2016-01-17 14:39 - 2016-01-17 14:39 - 00000000 ____D C:\Program Files\NirSoft 2016-01-17 14:20 - 2016-01-17 14:21 - 00149160 _____ C:\WINDOWS\Minidump\011716-28890-01.dmp 2016-01-17 00:05 - 2016-01-17 00:05 - 00149160 _____ C:\WINDOWS\Minidump\011716-25093-01.dmp 2016-01-16 23:46 - 2016-01-16 23:46 - 00149160 _____ C:\WINDOWS\Minidump\011616-24703-01.dmp 2016-01-16 22:43 - 2016-01-16 22:43 - 00149160 _____ C:\WINDOWS\Minidump\011616-25265-01.dmp 2016-01-12 18:51 - 2016-01-05 00:30 - 06266208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-01-12 18:51 - 2016-01-05 00:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL 2016-01-12 18:51 - 2016-01-05 00:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL 2016-01-12 18:51 - 2016-01-05 00:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-01-12 18:51 - 2016-01-05 00:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-01-12 18:51 - 2016-01-05 00:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll 2016-01-12 18:51 - 2016-01-05 00:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL 2016-01-12 18:51 - 2016-01-05 00:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL 2016-01-12 18:51 - 2016-01-05 00:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL 2016-01-12 18:51 - 2016-01-05 00:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 01395560 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL 2016-01-12 18:51 - 2016-01-05 00:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2016-01-12 18:51 - 2016-01-05 00:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00637272 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL 2016-01-12 18:51 - 2016-01-05 00:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL 2016-01-12 18:51 - 2016-01-05 00:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll 2016-01-12 18:51 - 2016-01-05 00:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll 2016-01-12 18:51 - 2016-01-05 00:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-01-12 18:51 - 2016-01-05 00:14 - 00350560 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-01-12 18:51 - 2016-01-05 00:12 - 00586432 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-01-12 18:51 - 2016-01-05 00:10 - 00923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-01-12 18:51 - 2016-01-05 00:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL 2016-01-12 18:51 - 2016-01-05 00:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL 2016-01-12 18:51 - 2016-01-05 00:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL 2016-01-12 18:51 - 2016-01-04 23:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll 2016-01-12 18:51 - 2016-01-04 23:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll 2016-01-12 18:51 - 2016-01-04 23:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-01-12 18:51 - 2016-01-04 23:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2016-01-12 18:51 - 2016-01-04 23:39 - 01161216 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-01-12 18:51 - 2016-01-04 23:39 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-01-12 18:51 - 2016-01-04 23:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll 2016-01-12 18:51 - 2016-01-04 23:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-01-12 18:51 - 2016-01-04 23:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2016-01-12 18:51 - 2016-01-04 23:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2016-01-12 18:51 - 2016-01-04 23:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2016-01-12 18:51 - 2016-01-04 23:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-01-12 18:51 - 2016-01-04 23:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-01-12 18:51 - 2016-01-04 23:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-01-12 18:51 - 2016-01-04 23:26 - 00546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll 2016-01-12 18:51 - 2016-01-04 23:26 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-01-12 18:51 - 2016-01-04 23:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-01-12 18:51 - 2016-01-04 23:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-01-12 18:51 - 2016-01-04 23:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL 2016-01-12 18:51 - 2016-01-04 23:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2016-01-12 18:51 - 2016-01-04 23:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL 2016-01-12 18:51 - 2016-01-04 23:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL 2016-01-12 18:51 - 2016-01-04 23:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL 2016-01-11 00:20 - 2016-01-17 14:20 - 00000000 ____D C:\Program Files\QualityChecker 2016-01-11 00:17 - 2016-02-09 18:26 - 00000000 ____D C:\Program Files\KMSPico ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-09 18:45 - 2015-07-24 00:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent 2016-02-09 18:44 - 2015-09-25 16:57 - 00000000 ____D C:\viva 2016-02-09 18:36 - 2015-07-24 03:29 - 00000000 ____D C:\Users\PC\Desktop\PROGRAMAS 2016-02-09 18:31 - 2015-09-25 16:56 - 00000000 ____D C:\Program Files\Viva 2016-02-09 18:31 - 2015-07-23 23:49 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-02-09 18:28 - 2015-07-23 18:54 - 00000000 ____D C:\Users\PC 2016-02-09 18:28 - 2015-07-10 07:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-02-09 18:26 - 2015-09-01 09:30 - 00000000 ____D C:\Users\PC\AppData\Local\Aplicativo Itau 2016-02-09 18:26 - 2015-08-16 16:30 - 00000000 ____D C:\Users\Todos os Usuários\ProductData 2016-02-09 18:26 - 2015-08-16 16:30 - 00000000 ____D C:\ProgramData\ProductData 2016-02-09 18:26 - 2015-07-24 13:58 - 00000000 ____D C:\Users\PC\AppData\Roaming\ProductData 2016-02-09 18:26 - 2015-07-24 13:57 - 00000000 ____D C:\Users\PC\AppData\LocalLow\IObit 2016-02-09 18:26 - 2015-07-24 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 2016-02-09 18:26 - 2015-07-24 13:47 - 00000000 ____D C:\Users\PC\AppData\Roaming\IObit 2016-02-09 18:26 - 2015-07-23 23:28 - 00000000 ____D C:\WINDOWS\Minidump 2016-02-09 18:26 - 2015-07-10 06:27 - 00000000 ____D C:\WINDOWS\INF 2016-02-09 18:24 - 2015-07-23 21:49 - 00000000 ____D C:\Program Files\VIA 2016-02-09 18:23 - 2015-07-10 06:28 - 00000000 ___HD C:\Program Files\WindowsApps 2016-02-09 18:18 - 2015-08-01 17:10 - 00000000 ____D C:\zoek_backup 2016-02-09 18:18 - 2015-07-10 06:28 - 00000000 ____D C:\WINDOWS\registration 2016-02-09 18:01 - 2015-07-23 19:32 - 00000000 ____D C:\Users\PC\AppData\Local\Mozilla 2016-02-06 15:07 - 2015-07-10 06:28 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-02-06 12:15 - 2015-07-24 00:37 - 00000902 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-31 00:18 - 2015-07-23 18:53 - 01810446 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-31 00:18 - 2015-07-10 11:21 - 00781824 _____ C:\WINDOWS\system32\prfh0416.dat 2016-01-31 00:18 - 2015-07-10 11:21 - 00152812 _____ C:\WINDOWS\system32\prfc0416.dat 2016-01-30 03:17 - 2015-10-09 17:08 - 00000266 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Família.job 2016-01-27 21:21 - 2015-07-31 23:34 - 00000000 ____D C:\Users\PC\AppData\Local\Microsoft Help 2016-01-27 09:23 - 2015-08-20 02:24 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-01-27 09:23 - 2015-07-23 19:32 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-01-25 11:29 - 2015-07-10 06:28 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-01-18 21:56 - 2015-07-24 02:42 - 00000000 ____D C:\Users\PC\AppData\Roaming\PhotoScape 2016-01-17 15:33 - 2015-07-23 18:54 - 00000000 ____D C:\Users\PC\AppData\Local\Packages 2016-01-17 14:20 - 2015-07-10 06:28 - 00000000 ____D C:\WINDOWS\tracing 2016-01-16 21:34 - 2015-07-10 04:59 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-01-13 10:13 - 2015-08-19 17:34 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-01-13 10:13 - 2015-07-10 06:20 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-01-13 10:10 - 2015-08-19 17:34 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-01-12 12:09 - 2015-08-15 03:23 - 00063680 _____ C:\WINDOWS\system32\Drivers\fsbts.sys Alguns arquivos em TEMP: ==================== C:\Users\PC\AppData\Local\Temp\BingSvc.exe C:\Users\PC\AppData\Local\Temp\BSvcProcessor.exe C:\Users\PC\AppData\Local\Temp\BSvcUpdater.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-02-05 08:51 ==================== Fim de FRST.txt ============================