Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14.03.2018 Executado por Guillermo (administrador) em GUILLERMO-PC (14-03-2018 20:10:33) Executando a partir de C:\Users\Guillermo\Pictures Perfis Carregados: Guillermo (Perfis Disponíveis: Guillermo & Gabriel) Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe () C:\Windows\System32\hale.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe (Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Spotify Ltd) C:\Users\Guillermo\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe (Discord Inc.) C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor) HKLM\...\Run: [Chew7Hale] => C:\Windows\System32\hale.exe [2169856 2018-01-09] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [549600 2018-03-14] () HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [308888 2018-03-14] () HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2448480 2018-03-14] () HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1813384 2017-12-06] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Discord] => C:\Users\Guillermo\AppData\Local\Discord\app-0.0.300\Discord.exe [57821176 2018-01-08] (Discord Inc.) HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Spotify] => C:\Users\Guillermo\AppData\Roaming\Spotify\Spotify.exe [21894544 2018-03-03] (Spotify Ltd) HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [uTorrent] => C:\Users\Guillermo\AppData\Roaming\uTorrent\uTorrent.exe [2234808 2018-03-14] () HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3111712 2017-12-15] (Valve Corporation) HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\Run: [Spotify Web Helper] => C:\Users\Guillermo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-03] (Spotify Ltd) HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\MountPoints2: {9ba9c5d8-e3e5-11e7-8f77-408d5c8a26f0} - E:\AutoRun.exe HKU\S-1-5-21-139893100-1412922815-2400554056-1000\...\MountPoints2: {9ba9c5e3-e3e5-11e7-8f77-408d5c8a26f0} - E:\AutoRun.exe ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BA36D997-DBF4-47B1-A4D4-475BA796CCF4}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-139893100-1412922815-2400554056-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com.br/ CHR StartupUrls: Default -> "hxxp://www.google.com.br/" CHR Profile: C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default [2018-03-14] CHR Extension: (Apresentações) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-10] CHR Extension: (Documentos) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-10] CHR Extension: (Google Drive) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-10] CHR Extension: (Chamada pelo Skype) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-12-10] CHR Extension: (YouTube) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-10] CHR Extension: (Avast Passwords) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-03-02] CHR Extension: (Planilhas) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-10] CHR Extension: (Documentos Google off-line) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-10] CHR Extension: (AdBlock) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-13] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-10] CHR Extension: (Gmail) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-10] CHR Extension: (Chrome Media Router) - C:\Users\Guillermo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-01] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [Arquivo não assinado] S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7054344 2018-03-14] () [Arquivo não assinado] S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [609832 2018-03-14] () [Arquivo não assinado] S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-14] () [Arquivo não assinado] S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [194640 2018-03-14] () [Arquivo não assinado] U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [Arquivo não assinado] S3 NGS; C:\Windows\NGService.exe [2994248 2017-12-27] (NEXON Korea Corporation) R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2018-01-09] (Microsoft Corporation) [Arquivo não assinado] R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [186512 2012-11-01] (Paltiosoft Inc.) [Arquivo não assinado] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) U5 EMAC Secure; C:\Users\Guillermo\AppData\Local\Temp\GCSecure.sys [2409464 2018-01-09] (Gamers Club) <==== ATENÇÃO S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-03-14 20:10 - 2018-03-14 20:10 - 000000000 ____D C:\FRST 2018-03-14 20:04 - 2018-03-14 20:04 - 000003206 _____ C:\Windows\System32\Tasks\{491F6F1A-F544-44E2-9186-285EC05399FA} 2018-03-14 19:45 - 2018-03-14 19:45 - 000000132 _____ C:\Users\Guillermo\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2018-03-14 19:28 - 2018-03-14 19:28 - 000000040 ____H C:\A6A575895142 2018-03-14 19:27 - 2018-03-14 19:27 - 000000000 ____D C:\Users\Guillermo\Desktop\PCS 2018-03-14 19:09 - 2018-03-14 20:10 - 000000039 _____ C:\Windows\directx.sys 2018-03-14 19:09 - 2018-03-14 19:09 - 000041472 _____ C:\Windows\svchost.com 2018-03-14 19:08 - 2018-03-14 19:46 - 000000033 _____ C:\Users\Guillermo\AppData\Roaming\AdobeWLCMCache.dat 2018-03-14 19:08 - 2018-03-14 19:12 - 000000000 ____D C:\Users\Todos os Usuários\regid.1986-12.com.adobe 2018-03-14 19:08 - 2018-03-14 19:12 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2018-03-14 19:08 - 2018-03-14 19:08 - 000003518 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Guillermo-PC-Guillermo 2018-03-14 19:06 - 2018-03-14 19:06 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2018.lnk 2018-03-14 19:06 - 2018-03-14 19:06 - 000000000 ____D C:\Program Files\Common Files\Adobe 2018-03-14 19:05 - 2018-03-14 19:05 - 000000000 ____D C:\Program Files\Adobe 2018-03-14 19:04 - 2018-03-14 19:04 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2018-03-14 19:04 - 2018-03-14 19:04 - 000001209 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2018-03-13 19:49 - 2018-03-13 19:49 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Macromedia 2018-03-13 19:49 - 2018-03-13 19:49 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Macromedia 2018-03-13 19:43 - 2018-03-13 19:43 - 000001922 _____ C:\Users\Public\Desktop\Macromedia Flash 8.lnk 2018-03-13 19:42 - 2018-03-13 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia 2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Windows\SysWOW64\QuickTime 2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Users\Todos os Usuários\Macromedia 2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\ProgramData\Macromedia 2018-03-13 19:42 - 2018-03-13 19:42 - 000000000 ____D C:\Program Files (x86)\Macromedia 2018-03-13 19:41 - 2018-03-13 19:41 - 000000000 ____D C:\Windows\Downloaded Installations 2018-03-13 19:26 - 2018-03-13 19:37 - 113060248 _____ (Macromedia, Inc. ) C:\Users\Guillermo\Downloads\Flash_Professional_8.exe 2018-03-13 19:18 - 2018-03-13 19:21 - 000000000 ____D C:\Users\Guillermo\Downloads\Adobe Illustrator CC 2018 v22.0.0.243 + Patch [CracksNow] 2018-03-03 14:25 - 2016-04-09 01:20 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2018-03-03 14:25 - 2016-04-09 00:52 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2018-03-03 14:19 - 2015-02-04 00:16 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2018-03-03 14:19 - 2015-02-03 23:54 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2018-03-02 22:39 - 2018-03-02 22:39 - 000000222 _____ C:\Users\Guillermo\Desktop\Battlerite.url 2018-03-02 22:38 - 2018-03-02 22:38 - 000000222 _____ C:\Users\Guillermo\Desktop\Tom Clancy's Rainbow Six Siege.url 2018-03-02 22:38 - 2018-03-02 22:38 - 000000219 _____ C:\Users\Guillermo\Desktop\Counter-Strike Global Offensive.url 2018-03-02 22:31 - 2018-03-02 22:31 - 000000222 _____ C:\Users\Guillermo\Desktop\Transistor.url 2018-03-02 22:31 - 2018-03-02 22:31 - 000000222 _____ C:\Users\Guillermo\Desktop\Titan Souls.url 2018-03-02 22:31 - 2018-03-02 22:31 - 000000221 _____ C:\Users\Guillermo\Desktop\Ultra Street Fighter IV.url 2018-03-02 22:25 - 2018-03-14 18:49 - 000000000 ____D C:\Program Files (x86)\Steam 2018-03-02 22:25 - 2018-03-02 22:25 - 000000963 _____ C:\Users\Public\Desktop\Steam.lnk 2018-03-02 22:25 - 2018-03-02 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2018-03-02 22:24 - 2018-03-14 19:12 - 001529736 _____ C:\Users\Guillermo\Downloads\SteamSetup.exe 2018-03-02 22:13 - 2018-03-02 22:14 - 000000000 ____D C:\Users\Guillermo\Downloads\Dead_Cells_v2018.02.28 2018-03-02 22:11 - 2018-03-02 22:13 - 405772175 _____ C:\Users\Guillermo\Downloads\Dead_Cells_v2018.02.28.rar 2018-03-01 20:04 - 2018-03-02 22:12 - 000000000 ____D C:\Users\Guillermo\Downloads\3DMGAME-DRAGON.BALL.FighterZ.Ultimate.Edition-3DM 2018-03-01 20:01 - 2018-03-01 20:01 - 000000859 _____ C:\Users\Guillermo\Desktop\µTorrent.lnk 2018-03-01 20:01 - 2018-03-01 20:01 - 000000839 _____ C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2018-03-01 20:00 - 2018-03-14 19:12 - 003197232 _____ C:\Users\Guillermo\Downloads\uTorrent.exe 2018-02-25 19:57 - 2018-02-25 19:57 - 001393474 _____ C:\Users\Gabriel\Downloads\VID-20180225-WA0025.mp4 2018-02-25 14:54 - 2018-02-25 14:57 - 000000000 ____D C:\Users\Todos os Usuários\Paltiosoft 2018-02-25 14:54 - 2018-02-25 14:57 - 000000000 ____D C:\ProgramData\Paltiosoft 2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Windows\ucharge 2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftDenchi 2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Program Files\SoftDenchi 2018-02-25 14:54 - 2018-02-25 14:54 - 000000000 ____D C:\Program Files (x86)\SoftDenchi 2018-02-25 14:28 - 2018-02-25 15:12 - 000000000 ____D C:\Users\Guillermo\Desktop\Steins Gate 2018-02-24 22:06 - 2018-02-24 22:16 - 000000000 ____D C:\Users\Guillermo\Downloads\DDLC MOD 2018-02-18 15:05 - 2018-02-18 17:05 - 000000000 ____D C:\Users\Gabriel\Desktop\Slay_the_Spire_v15.02.2018 2018-02-18 15:03 - 2018-02-18 15:03 - 000000000 ____D C:\Users\Todos os Usuários\Oracle 2018-02-18 15:03 - 2018-02-18 15:03 - 000000000 ____D C:\ProgramData\Oracle 2018-02-18 15:02 - 2018-02-18 14:46 - 388410838 _____ C:\Users\Gabriel\Desktop\Slay_the_Spire_v15.02.2018.rar 2018-02-18 14:45 - 2018-02-18 14:46 - 388410838 _____ C:\Users\Gabriel\Downloads\Slay_the_Spire_v15.02.2018.rar 2018-02-17 19:06 - 2018-02-17 19:06 - 000000000 ____D C:\Users\Guillermo\AppData\LocalLow\8floor 2018-02-17 12:13 - 2018-03-14 19:11 - 000766960 _____ C:\Users\Gabriel\Downloads\SpotifySetup.exe 2018-02-17 12:13 - 2018-03-11 16:38 - 000000000 ____D C:\Users\Gabriel\AppData\Local\Spotify 2018-02-17 12:13 - 2018-03-11 16:36 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Spotify 2018-02-17 12:13 - 2018-02-17 12:13 - 000001819 _____ C:\Users\Gabriel\Desktop\Spotify.lnk 2018-02-17 12:13 - 2018-02-17 12:13 - 000001805 _____ C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2018-02-14 19:36 - 2018-02-14 19:36 - 000276864 _____ C:\Windows\Minidump\021418-16426-01.dmp ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-03-14 19:20 - 2017-12-16 22:24 - 000000392 _____ C:\Windows\Tasks\update-S-1-5-21-139893100-1412922815-2400554056-1004.job 2018-03-14 19:20 - 2017-12-15 09:38 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Adobe 2018-03-14 19:12 - 2018-02-11 19:46 - 000808432 _____ C:\Users\Guillermo\Downloads\SpotifySetup.exe 2018-03-14 19:12 - 2018-02-11 19:46 - 000510976 _____ C:\Users\Guillermo\Downloads\Felix Sem Noção Sem anuncios.exe 2018-03-14 19:12 - 2017-12-25 22:06 - 003972080 _____ C:\Users\Guillermo\Downloads\Battle.net-Setup.exe 2018-03-14 19:12 - 2017-12-13 22:37 - 004122096 _____ C:\Users\Guillermo\Downloads\Hearthstone-Setup (1).exe 2018-03-14 19:11 - 2017-12-16 22:23 - 002814096 _____ C:\Users\Gabriel\Downloads\setup-lightshot.exe 2018-03-14 19:08 - 2017-12-15 09:36 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Adobe 2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\Users\Todos os Usuários\Adobe 2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\ProgramData\Adobe 2018-03-14 19:06 - 2017-12-15 09:37 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-03-14 19:06 - 2017-12-10 15:02 - 000000000 ____D C:\Users\Guillermo 2018-03-14 18:51 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\tracing 2018-03-14 18:49 - 2018-02-11 19:47 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Spotify 2018-03-14 18:48 - 2018-02-11 19:47 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Spotify 2018-03-14 18:48 - 2017-12-13 22:16 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\uTorrent 2018-03-14 18:47 - 2017-12-29 22:31 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios 2018-03-14 18:47 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-13 19:56 - 2017-12-10 15:39 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2018-03-13 19:56 - 2009-07-14 01:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-13 19:56 - 2009-07-14 01:45 - 000020880 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-11 20:17 - 2017-12-16 22:24 - 000000392 _____ C:\Windows\Tasks\update-sys.job 2018-03-11 10:39 - 2017-12-17 11:04 - 000001011 _____ C:\Users\Public\Desktop\Driver Easy.lnk 2018-03-08 20:08 - 2017-12-11 12:34 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Ubisoft Game Launcher 2018-03-08 18:02 - 2018-01-25 21:12 - 000000000 ____D C:\Users\Gabriel\AppData\Roaming\Skype 2018-03-04 13:16 - 2018-01-17 23:08 - 000000000 ____D C:\Users\Guillermo\Downloads\[160826] [5pb./ホビボックス] STEINS;GATE 0 豪華限定版 for Windows PC 2018-03-03 14:51 - 2017-12-17 12:15 - 000000000 ____D C:\Windows\system32\MRT 2018-03-03 14:49 - 2017-12-17 12:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe 2018-03-03 14:49 - 2017-12-17 12:15 - 130067560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-03-02 22:39 - 2017-12-10 16:36 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2018-03-02 22:16 - 2017-12-29 22:36 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\EasyAntiCheat 2018-03-01 19:43 - 2017-12-10 16:36 - 000000000 ____D C:\Users\Guillermo\Documents\League of Legends 2018-03-01 18:50 - 2017-12-10 16:33 - 000000000 ____D C:\Users\Guillermo\AppData\Local\Steam 2018-02-28 18:29 - 2017-12-18 10:30 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-02-28 18:29 - 2017-12-10 15:46 - 000002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-28 18:29 - 2017-12-10 15:46 - 000002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-25 14:28 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF 2018-02-24 22:45 - 2017-12-31 11:16 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\RenPy 2018-02-24 21:00 - 2017-12-18 10:30 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-02-23 17:40 - 2011-04-12 10:40 - 000705070 _____ C:\Windows\system32\prfh0416.dat 2018-02-23 17:40 - 2011-04-12 10:40 - 000146910 _____ C:\Windows\system32\prfc0416.dat 2018-02-23 17:40 - 2009-07-14 02:13 - 001633534 _____ C:\Windows\system32\PerfStringBackup.INI 2018-02-23 17:40 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf 2018-02-17 11:03 - 2017-12-17 11:03 - 000000414 _____ C:\Windows\Tasks\Driver Easy Scheduled Scan.job 2018-02-14 19:37 - 2017-12-10 16:52 - 000000000 ____D C:\Users\Guillermo\AppData\Roaming\discord 2018-02-14 19:36 - 2017-12-16 18:48 - 582412804 _____ C:\Windows\MEMORY.DMP 2018-02-14 19:36 - 2017-12-12 14:27 - 000000000 ____D C:\Windows\Minidump 2018-02-14 19:34 - 2018-01-09 15:24 - 011363400 _____ (EMACLAB) C:\Users\Guillermo\Downloads\GCLauncher.exe 2018-02-13 21:29 - 2018-01-26 18:41 - 000000000 ____D C:\Users\Gabriel\AppData\Local\Battle.net 2018-02-13 17:30 - 2018-01-26 18:43 - 000000000 ____D C:\Program Files (x86)\StarCraft II 2018-02-13 17:29 - 2017-12-13 22:38 - 000000000 ____D C:\Program Files (x86)\Battle.net ==================== Arquivos na raiz de alguns diretórios ======= 2017-12-25 20:58 - 2017-12-25 20:58 - 000066790 _____ () C:\Program Files (x86)\hyxd_license.htm 2018-03-14 19:08 - 2018-03-14 19:46 - 000000033 _____ () C:\Users\Guillermo\AppData\Roaming\AdobeWLCMCache.dat 2018-03-14 19:45 - 2018-03-14 19:45 - 000000132 _____ () C:\Users\Guillermo\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 Alguns arquivos em TEMP: ==================== 2017-12-27 17:51 - 2017-12-27 17:51 - 000000180 _____ () C:\Users\Gabriel\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll 2017-12-18 13:31 - 2017-12-18 13:31 - 000000180 _____ () C:\Users\Gabriel\AppData\Local\Temp\33968ec9ed0abde4ce703a532c809fc9.dll 2017-12-27 17:51 - 2017-12-27 18:05 - 000000016 _____ () C:\Users\Gabriel\AppData\Local\Temp\586953e58e5481889a1b5db04346166d.dll 2017-12-18 13:31 - 2017-12-18 13:31 - 000000029 _____ () C:\Users\Gabriel\AppData\Local\Temp\68acb008c3c1da84e3d9ecea5f5c98bb.dll 2017-12-27 22:27 - 2017-12-27 22:27 - 000000180 _____ () C:\Users\Guillermo\AppData\Local\Temp\00e481b5e22dbe1f649fcddd505d3eb7.dll 2017-12-27 22:27 - 2018-01-01 20:17 - 000000016 _____ () C:\Users\Guillermo\AppData\Local\Temp\586953e58e5481889a1b5db04346166d.dll 2017-12-25 22:00 - 2017-12-25 22:00 - 032965288 _____ (ArenaNet) C:\Users\Guillermo\AppData\Local\Temp\Gw2.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe [2017-12-17 11:43] - [2018-01-09 17:36] - 000389632 _____ (Microsoft Corporation) 87A00ED70FEC36D0DD968E5058C29AA1 C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll [2017-12-17 11:46] - [2018-01-09 17:37] - 001009152 _____ (Microsoft Corporation) 012D0454BABE8AE5574C4622C55F875D C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2018-02-23 18:22 ==================== Fim de FRST.txt ============================