Yeriah Posted February 4, 2017 ID:1099056 Share Posted February 4, 2017 Hello, my computer is taking alot of time to turn on/off and most aplications have became really slower, even games fps has gone down, i reall think i'm infected with something. Here are the farbar results Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 29-01-2017 Executado por Yeriah (administrador) em PC-DO-ALEX (04-02-2017 14:13:45) Executando a partir de C:\Users\Yeriah\Downloads Perfis Carregados: Yeriah (Perfis Disponíveis: Yeriah) Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe () C:\Windows\SysWOW64\WIN8_MBIM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Huawei Technologies Co., Ltd.) C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET\ouc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-08] (Power Software Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26219896 2017-01-30] (Dropbox, Inc.) HKLM-x32\...\Run: [DeathTaker] => C:\Program Files (x86)\Genius\DeathTaker\mousehid.exe [303616 2013-04-03] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60408 2016-12-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginScd: C:\Program Files (x86)\GbPlugin\gbiehScd.dll [2015-10-06] (Sicredi) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Discord] => C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a600027-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a60005b-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {94453256-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {9445328c-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {ae31608b-dc6e-11e4-824f-806e6f6e6963} - "D:\CDViewer.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254191-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254c66-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {fb37d97a-4c61-11e5-8277-7429afa47974} - "F:\EMP_UDSe.exe" /autorun HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll [1839640 2015-10-06] (Sicredi) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-02-21] ShortcutTarget: Curse.lnk -> C:\Users\Yeriah\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-29] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 189.7.120.16 189.7.120.15 Tcpip\..\Interfaces\{58ECD54B-5CDD-4A30-8A5F-7BE4B3782272}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{E2D45466-7876-4A81-A298-32DC60763DD4}: [DhcpNameServer] 189.7.120.16 189.7.120.15 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll => Nenhum Arquivo BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL => Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540011} -> C:\Program Files (x86)\GbPlugin\gbiehscd.dll [2015-10-06] (Sicredi) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL Nenhum Arquivo FireFox: ======== FF ProfilePath: C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default [2017-02-04] FF Extension: (Avira Browser Safety) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\Extensions\abs@avira.com [2016-12-22] FF Extension: (Diagnostics) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\features\{dd383f65-f2ee-491b-91de-e4124ba573d3}\diagnostics@mozilla.org.xpi [2017-02-03] FF Extension: (Send HSTS Priming Requests) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\features\{dd383f65-f2ee-491b-91de-e4124ba573d3}\hsts-priming@mozilla.org.xpi [2017-02-03] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-4078040627-3876670005-1468608263-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Yeriah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-29] (Citrix Online) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default [2017-02-04] CHR Extension: (Google Apresentações) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02] CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02] CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02] CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Planilhas do Google) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02] CHR Extension: (Documentos Google off-line) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02] CHR Extension: (Chrome Media Router) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [Arquivo não assinado] R2 AutoRun_MBIM; C:\Windows\SysWOW64\WIN8_MBIM.exe [163840 2014-03-07] () [Arquivo não assinado] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-30] (Dropbox, Inc.) S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-10-06] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) U5 EMAC Secure; C:\Users\Yeriah\AppData\Local\Temp\GCSecure.sys [794248 2017-02-04] (Gamers Club) R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-03] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [Arquivo não assinado] R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-12] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-04 14:13 - 2017-02-04 14:13 - 00030920 _____ C:\Users\Yeriah\Downloads\FRST.txt 2017-02-04 00:42 - 2017-02-04 00:46 - 00000000 ____D C:\Users\Yeriah\Downloads\ygopro-percy 2017-02-04 00:42 - 2017-02-04 00:42 - 00000930 _____ C:\Users\Yeriah\Desktop\Ygopro.lnk 2017-02-04 00:41 - 2017-02-04 00:42 - 40482992 _____ C:\Users\Yeriah\Downloads\ygopro-1.033.D-Percy.exe 2017-02-03 23:39 - 2017-02-03 23:45 - 00000000 ____D C:\Users\Yeriah\Downloads\The Prestige (2006) 2017-02-03 23:39 - 2017-02-03 23:39 - 00000000 ____D C:\Users\Yeriah\Downloads\La.La.Land.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-02-03 23:38 - 2017-02-03 23:38 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\uTorrent 2017-02-03 22:19 - 2017-02-03 22:19 - 02420736 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe 2017-02-03 22:06 - 2017-02-03 22:06 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-02-03 13:49 - 2017-02-03 13:49 - 00001150 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-02-03 13:49 - 2017-02-03 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-02-03 13:45 - 2017-02-04 00:49 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\Mozilla 2017-02-03 13:44 - 2017-02-03 13:51 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Mozilla 2017-02-03 13:44 - 2017-02-03 13:44 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-03 13:42 - 2017-02-03 13:43 - 00245584 _____ C:\Users\Yeriah\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-02 18:56 - 2017-02-02 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-02 01:42 - 2017-02-02 01:43 - 04121760 _____ (Husdawg, LLC) C:\Users\Yeriah\Downloads\Detection.exe 2017-02-01 22:17 - 2017-02-01 22:44 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Tera_Awesomium 2017-02-01 04:15 - 2017-02-01 14:02 - 00000000 ____D C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN 2017-02-01 04:14 - 2017-02-01 04:14 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN (1).torrent 2017-02-01 04:10 - 2017-02-01 04:10 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN.torrent 2017-01-30 12:02 - 2017-01-30 12:02 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-01-27 14:17 - 2017-01-27 14:18 - 00730192 _____ C:\Users\Yeriah\Downloads\download (1).htm 2017-01-26 14:11 - 2017-01-26 14:11 - 00072999 _____ C:\Users\Yeriah\Downloads\Índice-de-trabalhos.xlsx 2017-01-26 02:26 - 2016-05-22 23:37 - 00032299 ____N C:\Users\Yeriah\Downloads\Game.of.Thrones.S06E05.WEBRip.1080p.x264-NOGRP.srt 2017-01-26 02:25 - 2017-01-26 02:25 - 00014552 _____ C:\Users\Yeriah\Downloads\game-of-thrones-season-6-episode-5-arabic-21123.zip 2017-01-25 21:43 - 2017-01-25 21:43 - 00003166 _____ C:\Windows\System32\Tasks\klcp_update 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-01-25 21:39 - 2017-01-25 21:40 - 14306797 _____ (KLCP ) C:\Users\Yeriah\Downloads\K-Lite_Codec_Pack_1285_Basic.exe 2017-01-25 21:39 - 2017-01-25 21:39 - 00712340 _____ ( ) C:\Users\Yeriah\Downloads\klcp_update_1282_20170119.exe 2017-01-25 21:17 - 2017-01-25 21:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones Season 6 S06 Complete 1080p WEB DL x265 HEVC SUJAIDR 2017-01-25 18:21 - 2017-01-25 18:28 - 637577727 _____ (Brytenwalda Dev. ) C:\Users\Yeriah\Downloads\brytenwalda139.exe 2017-01-25 02:49 - 2017-02-01 17:52 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG 2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Yeriah\Downloads\(2016) Minha Mãe é uma peça 2 HD-TS 2017-01-24 15:15 - 2017-01-24 15:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 5 2017-01-24 15:13 - 2017-01-26 01:07 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 6 2017-01-23 17:48 - 2017-01-23 17:48 - 00008829 _____ C:\Users\Yeriah\Desktop\Novo(a) Planilha do Microsoft Excel.xlsx 2017-01-22 17:40 - 2017-01-22 17:40 - 00000000 ____D C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions 2017-01-22 15:52 - 2017-01-22 16:20 - 00000000 ____D C:\Users\Yeriah\Downloads\Arrival.2016.DVDScr.x264-4RRIVED 2017-01-22 15:52 - 2017-01-22 16:19 - 00000000 ____D C:\Users\Yeriah\Downloads\[ www.torrenting.me ] - Hacksaw.Ridge.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-01-22 00:50 - 2017-01-22 01:36 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 4 [HDTV] 2017-01-21 00:12 - 2017-01-21 00:12 - 00000744 _____ C:\Users\Yeriah\Desktop\Jogar Live-RO.lnk 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:08 - 2017-01-21 00:08 - 210479692 _____ () C:\Users\Yeriah\Downloads\Instalador_Live-RO_2.0.exe 2017-01-20 01:18 - 2017-01-20 01:37 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part02.rar 2017-01-20 01:18 - 2017-01-20 01:26 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part03.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part04.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part01.rar 2017-01-20 01:18 - 2017-01-20 01:22 - 114291302 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part05.rar 2017-01-19 22:21 - 2017-01-19 22:42 - 275294916 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 01.mp4 2017-01-19 22:21 - 2017-01-19 22:28 - 323760185 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 02.mp4 2017-01-19 22:21 - 2017-01-19 22:28 - 269260586 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 03.mp4 2017-01-19 19:58 - 2017-01-20 21:48 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 3 [HDTV] 2017-01-19 19:58 - 2017-01-19 23:17 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.S02 2017-01-18 18:50 - 2017-01-18 18:50 - 37503157 _____ C:\Users\Yeriah\Downloads\Professora Adriana Figueiredo - Falando em Português - Crase nas Locuções Femininas.mp4 2017-01-18 16:33 - 2017-01-18 16:34 - 00868962 _____ C:\Users\Yeriah\Downloads\Agente_Penitenciario_FUNDATEC_2014.zip 2017-01-18 02:25 - 2017-01-18 02:26 - 00000000 ____D C:\Users\Yeriah\Downloads\Game Of Thrones.S01.[Complete Season 1].BRRip.XviD-VLiS 2017-01-13 23:37 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\That Awkward Moment (2014) 2017-01-13 23:32 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Brothers.Grimsby.2016.HDRip.XViD-ETRG 2017-01-13 23:29 - 2017-01-16 16:58 - 00000000 ____D C:\Users\Yeriah\Downloads\Superbad Unrated (2007) 2017-01-13 22:50 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Yeriah\Downloads\Downfall [2004] 2017-01-13 22:49 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Hunt.2012.720p.BluRay.x264-x0r 2017-01-13 22:44 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\The Pianist (2002) 2017-01-13 22:42 - 2017-01-14 09:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Forrest Gump (1994) 2017-01-13 22:42 - 2017-01-13 22:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Schindlers List (1993) 2017-01-13 14:09 - 2017-01-13 14:09 - 00264160 _____ C:\Users\Yeriah\Downloads\b0f80a228ec00c32ba202d12f7e5bc99.pdf 2017-01-13 01:36 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Accountant.2016.HC.HDRip.X264.AC3-EVO 2017-01-12 00:45 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The Departed (2006) 2017-01-12 00:45 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\Reservoir Dogs (1992) [1080p] 2017-01-12 00:43 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\The Shawshank Redemption (1994) 2017-01-12 00:31 - 2017-01-12 00:31 - 00000000 ____D C:\Users\Yeriah\Downloads\I Am Bolt 2016 720p BRRip 800 MB - iExTV 2017-01-11 23:00 - 2017-01-12 10:26 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG 2017-01-07 14:49 - 2017-01-07 14:49 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\SmartSteamEmu 2017-01-05 18:55 - 2017-01-05 21:17 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Glyph 2017-01-05 18:55 - 2017-01-05 21:07 - 00000000 ____D C:\Program Files (x86)\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\Users\Todos os Usuários\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\ProgramData\Glyph 2017-01-05 18:55 - 2017-01-05 18:55 - 00001015 _____ C:\Users\Yeriah\Desktop\Glyph.lnk 2017-01-05 18:51 - 2017-01-05 18:54 - 72398296 _____ (Trion Worlds Inc.) C:\Users\Yeriah\Downloads\GlyphInstall-0-160.exe 2017-01-05 18:03 - 2017-01-05 18:03 - 00000219 _____ C:\Users\Yeriah\Desktop\Left 4 Dead 2.url ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-04 14:13 - 2015-06-16 23:08 - 00000000 ____D C:\FRST 2017-02-04 04:24 - 2016-06-16 20:54 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-04 04:20 - 2016-06-16 20:54 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-04 03:53 - 2016-05-31 12:30 - 00001042 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-04 02:26 - 2015-04-10 21:24 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-04 00:30 - 2015-07-31 01:21 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\uTorrent 2017-02-04 00:06 - 2015-04-10 21:23 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-02-03 22:16 - 2015-04-06 13:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-02-03 22:09 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\discord 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-03 22:05 - 2015-04-10 21:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive 2017-02-03 22:03 - 2016-05-31 12:30 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-03 22:03 - 2016-01-28 19:41 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-02-03 22:03 - 2016-01-28 19:41 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-02-03 22:02 - 2016-04-23 15:28 - 00000296 _____ C:\Windows\Tasks\AutoKMS.job 2017-02-03 22:02 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-03 19:45 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-03 13:45 - 2016-12-22 21:42 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Mozilla 2017-02-02 18:57 - 2016-05-31 12:30 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-01 22:56 - 2015-04-10 21:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps 2017-02-01 19:20 - 2015-04-06 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-01-27 21:43 - 2014-11-22 00:43 - 01827170 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-27 21:43 - 2014-11-21 23:52 - 00784992 _____ C:\Windows\system32\prfh0416.dat 2017-01-27 21:43 - 2014-11-21 23:52 - 00163734 _____ C:\Windows\system32\prfc0416.dat 2017-01-27 21:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf 2017-01-27 02:33 - 2016-07-29 02:30 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time 2017-01-25 20:09 - 2015-07-31 03:59 - 00000000 ____D C:\Users\Yeriah\Documents\Mount&Blade Warband Savegames 2017-01-25 03:13 - 2015-05-13 21:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer 2017-01-22 17:08 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 01:33 - 2016-12-15 01:47 - 00003178 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-19 01:33 - 2016-04-23 15:30 - 00002313 _____ C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-01-19 01:33 - 2015-07-23 21:54 - 00003186 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-01-16 22:11 - 2017-01-02 14:45 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET 2017-01-15 21:20 - 2016-06-16 20:54 - 00003934 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-01-15 21:20 - 2016-06-16 20:54 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-14 15:55 - 2015-05-24 00:34 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype 2017-01-14 15:53 - 2015-04-12 14:00 - 00000000 ____D C:\Users\Yeriah\AppData\Local\osu! 2017-01-13 17:23 - 2015-12-04 18:41 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time-Community 2017-01-13 17:10 - 2017-01-01 22:32 - 00000000 ____D C:\Users\Yeriah\Downloads\Cities - Skylines [FitGirl Repack] 2017-01-13 12:45 - 2016-12-22 20:38 - 00000078 _____ C:\Users\Yeriah\Desktop\Novo Documento de Texto (3).txt 2017-01-12 10:22 - 2015-04-10 21:17 - 00000000 ____D C:\Users\Yeriah 2017-01-12 10:19 - 2015-04-10 21:18 - 00000000 ____D C:\Users\Yeriah\Documents\Bluetooth Folder 2017-01-11 19:19 - 2016-08-01 03:08 - 00002179 _____ C:\Users\Yeriah\Desktop\Discord.lnk 2017-01-11 19:19 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-11 19:18 - 2016-08-01 03:07 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Discord 2017-01-11 14:47 - 2016-05-31 11:45 - 00000000 ____D C:\Users\Yeriah\Desktop\Its all fun and games 2017-01-11 14:43 - 2015-12-27 22:54 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\DarkSoulsII 2017-01-11 12:14 - 2015-04-13 20:52 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 12:12 - 2015-04-13 20:52 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 15:07 - 2016-12-07 19:01 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ElevatedDiagnostics 2017-01-09 14:07 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\ModemLogs 2017-01-05 18:03 - 2015-04-10 21:30 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-23 00:58 - 2016-05-23 00:58 - 0000094 _____ () C:\Users\Yeriah\AppData\Local\fusioncache.dat 2015-04-06 13:10 - 2015-04-06 13:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-03 20:42 - 2015-11-04 20:42 - 0000032 ____R () C:\ProgramData\hash.dat 2015-04-06 13:37 - 2015-04-06 13:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-11-02 00:25 - 2015-11-02 00:25 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-04-06 13:32 - 2015-04-06 13:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-04-06 13:33 - 2015-04-06 13:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-04-06 13:35 - 2015-04-06 13:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-04-06 13:31 - 2015-04-06 13:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\hash.dat C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\hash.dat C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns arquivos em TEMP: ==================== 2016-12-31 00:25 - 2017-02-04 01:16 - 2077184 _____ () C:\Users\Yeriah\AppData\Local\Temp\GCAC.dll 2016-12-29 13:24 - 2016-12-29 13:24 - 43872728 _____ (Skype Technologies S.A.) C:\Users\Yeriah\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-28 20:26 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 29-01-2017 Executado por Yeriah (04-02-2017 14:16:11) Executando a partir de C:\Users\Yeriah\Downloads Windows 8.1 Single Language (Update) (X64) (2015-04-10 23:17:14) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled) ASPNET (S-1-5-21-4078040627-3876670005-1468608263-1003 - Limited - Enabled) Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled) Yeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Agarest - Generations of War Zero (HKLM-x32\...\1426762679_is1) (Version: 2.0.0.2 - GOG.com) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Atualizações da NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Auditorium (HKLM-x32\...\com.cipherprime.auditorium) (Version: 1.5.0 - UNKNOWN) Auditorium (x32 Version: 1.5.0 - UNKNOWN) Hidden Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden Brytenwalda versão 1.39 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.39 - Brytenwalda Dev.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.) Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc) DeathTaker Gaming Mouse (HKLM-x32\...\{0614BCA9-3613-4171-8128-621991A9FBF2}}_is1) (Version: - ) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell System Detect (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Discord (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.24+4.8 - DjVuZone) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.12 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION) Ethernal Ragnarok Online (HKLM-x32\...\Ethernal Ragnarok Online) (Version: - ) Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio) Gamersclub Anti Cheat (HKLM-x32\...\{C14C05CA-F9F5-45C3-9C23-43E10AF71897}) (Version: 1.00 - EMACLab) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Infestation: The New Z (HKLM\...\Steam App 555570) (Version: - Fredaikis AB) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jogos Level Up (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\bda992e0694a5bbb) (Version: 0.9.4.4 - Level Up) K-Lite Codec Pack 12.8.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Live-RO v2.0 (HKLM-x32\...\Live-RO v2.0) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 15.0.4815.1001 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - ) Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA Driver de gráficos 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd) Painel de controle da NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Popcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official) <==== ATENÇÃO Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATENÇÃO Popcorn-Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.1.0 - ShareX Team) SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.) The Duel (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\The Duel) (Version: 10.00.00.00 - The Duel) TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo) VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.18.149 - Huawei Technologies Co.,Ltd) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{ea60f6df-ac6e-42a0-8d11-bad1341c1037}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0E5B5B44-5BE0-41F3-8641-A03E90C6DF3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {1CC4B002-A4C5-4761-8772-3291E9A6D8C0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {4C83B209-A421-45F9-907C-34B8C6819A65} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {6D5066B8-652C-461E-8D14-54D5375979F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {96A504DD-E0C2-4AC7-93F4-14EA6214BBF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated) Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated) Task: {A4D3BE19-9D0F-4016-8713-52470D410404} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) Task: {B1DB07FC-B0FF-4FBB-901F-942BD79AB160} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.) Task: {C245F196-52B8-4EDD-934D-64186B21A306} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation) Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CA2E9BE7-143D-40CF-8BBC-3C7891C83805} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-01-23] () Task: {CEB42939-C3D8-472D-B274-C4E928D799C0} - System32\Tasks\{F481EC1B-7C67-470A-B66C-3072BEA38EE8} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/pt/abandoninstall?page=tsMain Task: {D2721FD9-119F-49C5-A20A-5CF5FDBB4716} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated) Task: {ECADC4F5-E83C-417F-852A-3B5A1BE8D6C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: Shortcut: C:\Users\Yeriah\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1768213486_pt-br.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=eps&cc=BR&setlang=pt-BR&inlang=pt-BR&adlt=moderate&scale=100&contrast=none&hw=900%2C1600&CVID=87BF19B5AC4A4A5F865D827F18F3C32 ShortcutWithArgument: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.facebook.com\https_80\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.facebook.com/ ==================== Módulos Carregados (Whitelisted) ============== 2015-04-06 13:28 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:29 - 2013-10-23 06:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-23 17:57 - 2014-03-07 00:23 - 00163840 _____ () C:\Windows\SysWOW64\WIN8_MBIM.exe 2015-07-23 21:47 - 2015-10-13 06:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-03-14 13:27 - 2011-03-14 13:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-30 12:48 - 2016-05-02 03:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-08 22:32 - 2016-05-02 03:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-05-30 12:48 - 2016-05-02 03:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2015-04-06 13:40 - 2014-06-04 16:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2015-04-06 13:40 - 2014-06-04 16:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-05-30 12:48 - 2016-05-02 03:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-08 22:33 - 2016-05-02 03:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2014-11-30 20:59 - 2014-11-30 20:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-11-30 20:56 - 2014-11-30 20:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-11-30 21:02 - 2014-11-30 21:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-04-06 13:40 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2016-05-30 12:47 - 2016-05-02 03:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-30 12:47 - 2016-05-02 03:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-04-06 13:33 - 2013-03-05 01:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-12-02 17:25 - 2016-05-02 04:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-12-14 19:23 - 2016-12-08 05:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-14 19:23 - 2016-12-08 05:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2016-02-29 15:21 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:21 - 2013-09-17 10:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-04-06 13:40 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-04-06 13:40 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-04-06 13:39 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2015-06-05 00:15 - 2016-12-23 16:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-04-10 21:27 - 2017-01-18 23:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 17:30 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-17 00:38 - 2017-01-05 01:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-04-10 21:27 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:38800886_Scd.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicredi.com.br -> correspondente.sicredi.com.br IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicreditotal.com.br -> internet.sicreditotal.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 11:25 - 2016-04-21 17:00 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Yeriah\Pictures\Camera Roll\WIN_20160801_155757.JPG DNS Servers: 189.7.120.16 - 189.7.120.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DeathTaker" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "KSS" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [UDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{A50394C2-A2C8-42D1-9913-B788465D4B71}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8A9E4633-0220-49A1-AD38-3A8BEF6773E9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8DDB9F28-1DFF-4E22-BE48-E3B745E81393}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{FDAF8DF1-7C19-4079-8FB3-EE13E0933252}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1BF6C2B7-9894-4AAF-99F4-8EACF367DAAE}] => C:\Users\Yeriah\Downloads\Client19-04\MiniA.exe FirewallRules: [{C5802C00-234F-4260-BDDF-937D01A18514}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{ECADBAD9-DED3-4A5D-ADF0-5001265A1903}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{FF655954-4826-4750-8DB2-BE32D1215562}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{FDF80600-A36E-4410-AF7D-BFC702033C3A}] => C:\Users\Yeriah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{39027F61-95F8-42ED-A430-A3AFBB5029B1}] => C:\WarThunder\launcher.exe FirewallRules: [{6BB2BAED-6F82-4375-8B5D-53D44C081281}] => C:\WarThunder\launcher.exe FirewallRules: [{2BEADD49-A308-428E-A350-62A3B0AB956D}] => C:\WarThunder\bpreport.exe FirewallRules: [{02FE9A07-E173-4084-ABD8-D5E5C0A8377A}] => C:\WarThunder\bpreport.exe FirewallRules: [{B3951357-658F-4BF1-9E04-DE61068E3257}] => C:\WarThunder\bpreport.exe FirewallRules: [{FCC9C62F-688C-4C27-ABA8-1057110932DA}] => C:\WarThunder\bpreport.exe FirewallRules: [{8AAEB9BB-2474-4930-B6EF-503360BB5E53}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CEF379B0-0539-4968-8FA2-0E38355A4E0B}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{C68278C5-37A4-439C-9F8C-E44E904C8995}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{BD230D35-67A7-42EE-86E3-76D8122E7050}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{53394B0C-C290-402C-AB8D-B1A7C0425D43}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{BC9052AC-993E-4707-8BFB-11C5E6ED14B4}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{C749D356-0608-4A09-A8CD-4567226B2FED}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [UDP Query User{1F48A2AC-1E29-453E-A42E-75DC7D0E3E37}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [{197AF25F-FB06-4356-84B5-A78E426E29B3}] => C:\warthunder\aces.exe FirewallRules: [{1FB98CF2-872E-49B4-B4E3-D1442FB6D7F0}] => C:\warthunder\aces.exe FirewallRules: [{FC710CD5-CE45-474F-896A-1FCB1C6F69FA}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{CA2AA8BC-CA4C-45C7-85B6-D80CE7A143FE}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{685514C9-3F4E-414C-B020-7E829457D36C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CFE8B538-3AF6-4482-A056-37E235384927}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{53AA33B9-CFA5-4C90-AB6B-65ED4128B74C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{82313A54-8DF5-4275-94C2-73D80567F3CF}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3082165F-B22A-43E6-89DB-8A39498F2F81}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8AE76FFF-3740-4D7F-B0F3-3D53C5D72BB0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{22D952A1-B7BE-4BD2-848B-9403564FB5F1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9B574E13-8687-4B01-80B2-AB6F829C0858}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{10B7BA3A-324B-4CEA-9CB0-31D9DCAF9261}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{A90EC4A2-CE9B-4E0B-A8E5-7E0CB9650A8A}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [UDP Query User{EEB0D4DE-0ED1-44B7-8272-0AFCF129834D}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [{12ECF169-5DDB-4103-87D6-C965DF9E1B82}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{5AA28CC5-D000-4F63-8EB1-BC5461B25E60}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{DCF0D338-0F1D-477B-96F8-53C248AEB096}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{B1619273-C2E4-41F5-A5FC-602B027CBDD2}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{DD197B50-9EFD-4307-939C-C2F71A3D374E}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E9765AAF-28F7-4963-96A6-A737F6A3F2B5}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{4A22EDC7-66FA-48EA-9EE4-B52A33E9B6A6}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{F6F5946F-0382-442D-9F82-C7DF6E03A243}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{03C81E77-685E-4CFE-AF85-E5D30AD3FD24}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [UDP Query User{8E08222C-B8B1-4BBA-BEE4-CEBA65AA5875}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{EB066444-8F9A-4031-823D-276917AA9EFE}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{5973F6B9-C809-4D52-AEA4-B2CC02B578BD}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [TCP Query User{205B53D8-C279-4532-967A-A1FE813FC821}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{0A236397-E0FA-4BCD-A151-5B3F973063A4}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{DFA1C7FF-4B49-4947-A770-6B836F2C7343}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{E075125C-DF2D-4428-8AC3-B8DA718F1AB9}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{41EF1CF8-A36B-4595-9B31-3186EAABBC10}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [{FB72A7B5-DD7F-4C86-9139-F82E0828B6C4}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [TCP Query User{33B17861-98D2-4961-AAA4-8C11E3ECBCBE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F17972EF-E18D-4150-8C1D-8CF80453F8BE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{EEAAC134-C2C4-4052-8FA3-D9413A1E67DB}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{71EB2023-5E95-44A0-BCD1-02C0DA499CF0}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{FED30E57-20A6-4C56-80BF-CA0A562943BC}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{C01647E1-BAA5-411D-B752-1CCA59D4A3FE}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{C9FF5578-4947-4FF8-AFEB-2B9063D1053F}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{75CC8D15-3E4A-4624-BE51-54516B7AC77B}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{342447EF-FA7F-44E9-8DA0-80DEC3345D6B}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{96FC42AB-D7D8-42A3-989E-EF391D5A2FE5}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{0E696DE2-9DC0-483C-88F4-BD39FAE89033}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [UDP Query User{A331AC7B-6DFF-4FEF-BE16-94250F765220}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{0CA0176B-1463-4AE2-9000-0AC96F1BBBE0}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{FDBC7881-C61A-4F2F-A00E-43818B833559}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{08241F7F-8302-47C9-882F-02DD2EB40A07}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{9EFCDD09-7CB0-4295-8718-79DFCC8363A1}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{6D016F01-6ABB-4068-B814-F9C93BA05DC2}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{B58051DC-A0B0-4C3E-9106-C4A88055E790}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [TCP Query User{6E6A3DBF-F86E-4C15-900D-7A9DEF34018F}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [UDP Query User{C4F63F50-F2C7-4998-B6D7-4D05D69E347E}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{67AD6FD2-2B9A-491D-98AC-9234CC3B360D}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{7B40F75A-E65B-4F86-B104-43057222D502}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{BC8C6A8E-3391-43F0-A8F6-FBD756312430}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{E5989D0A-3E75-4794-91CA-BD742625B87E}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{99DF59A5-5914-424C-B5C7-339251DA6E47}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{B23EC8C8-4CCB-4D63-AFAB-2B1067C70456}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{6F240318-6852-42A2-8830-1414FFA7A32D}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{78BE5F88-35CD-45FA-9FDD-4B7C3100D24F}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [TCP Query User{DD86E353-70F9-4D48-B2CF-1333C4AA02C6}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [UDP Query User{8522E945-BE92-4FAB-8513-BBB798DC42F8}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{EBE5CB3C-15D6-4FB9-B93B-B1ADA93E12BE}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{CD409AEA-FC03-4620-A1B7-31858B1D1457}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{2D4FBBE8-83BD-438D-A315-45A916A0F685}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{92AA8FE7-FBCD-4748-A024-B289C857835D}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{CFF9BA8C-4230-4760-A0EA-5BB2F4906FA4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{84120510-4803-4D38-868C-3A7F6928EB24}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E7E361D1-D253-42C3-AB7C-4F8B4A0EE2A0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EA234F39-9B58-4DDA-9704-F83FA922D2E8}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [UDP Query User{4C030473-4740-468D-8871-B067EDB0C7EC}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [TCP Query User{62CE4C19-6D79-45E2-8617-591D4F9784DD}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [UDP Query User{540D1B1B-8621-4C34-811F-48CA94CEE4C3}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [TCP Query User{19003352-5DC6-4D52-8518-8B145BE8A34A}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [UDP Query User{FE0AB68A-4919-46E3-B6FC-9C7B5E2CC4F6}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [{18676C17-2F3D-4EA5-918A-99D6FCC0FFDE}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7EDFC0B2-B342-40BC-BCAA-DFE6F315B7FF}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{DB8435E3-09C5-414E-A743-02064EDE2967}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{46326887-570E-473E-A082-A4E8B0085FDC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE8EECB4-7CFE-4C95-AC0F-9518E262EEB3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Pontos de Restauração ========================= 03-02-2017 19:42:20 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: LogMeIn Hamachi Virtual Ethernet Adapter Description: LogMeIn Hamachi Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn Inc. Service: Hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/04/2017 12:30:37 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa uTorrent.exe versão 3.4.9.43085 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1560 Hora de Início: 01d27e876512ebd9 Hora de Término: 15 Caminho do Aplicativo: C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe ID do Relatório: e1dea44a-ea81-11e6-82c9-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/03/2017 10:09:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 12b0 Hora de Início: 01d27e7a31148157 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe ID do Relatório: 27547f54-ea6e-11e6-82c9-7429afa47974 Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/03/2017 10:02:37 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/02/2017 06:56:56 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/02/2017 06:56:55 PM) (Source: DbxSvc) (EventID: 270) (User: ) Description: Filter Unload failed with: (-2145452013) O sistema não pôde localizar o filtro especificado. Error: (02/02/2017 04:16:32 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa left4dead2.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1cdc Hora de Início: 01d27d195dddb631 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe ID do Relatório: 2361c07e-e90f-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/01/2017 10:55:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: TERA-Launcher.exe, versão: 3.5.3.2, carimbo de data/hora: 0x5236e244 Nome do módulo com falha: gbiehScd.dll, versão: 4.14.0.106, carimbo de data/hora: 0x55cce4d4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x00160a5b ID do processo com falha: 0x20cc Hora de início do aplicativo com falha: 0x01d27ce96a2da0d5 Caminho do aplicativo com falha: C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe Caminho do módulo com falha: C:\Program Files (x86)\GbPlugin\gbiehScd.dll ID do Relatório: 5a1485bb-e8e2-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/01/2017 07:41:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1c8c Hora de Início: 01d27cd32f911972 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe ID do Relatório: 22546f8c-e8c7-11e6-82c8-7429afa47974 Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/01/2017 08:24:15 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem enviados para a Microsoft, (Erro 80070005). Error: (02/01/2017 02:43:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa csgo.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 2ca4 Hora de Início: 01d27c45a5ec7e46 Hora de Término: 12 Caminho do Aplicativo: C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe ID do Relatório: f4b82d96-e838-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (02/03/2017 10:09:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Intel(R) Management and Security Application Local Management Service suspenso ao iniciar. Error: (02/03/2017 10:07:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Dell Digital Delivery Service devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:07:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Digital Delivery Service. Error: (02/03/2017 10:07:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Dell Foundation Services devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:07:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Foundation Services. Error: (02/03/2017 10:03:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço LogMeIn Hamachi Tunneling Engine devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:03:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço LogMeIn Hamachi Tunneling Engine. Error: (02/03/2017 10:02:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço LibUsb-Win32 - Daemon, Version 0.1.10.1 devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (02/03/2017 10:02:03 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\drivers\libusb0.sys Error: (02/03/2017 10:01:58 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\drivers\libusb0.sys CodeIntegrity: =================================== Date: 2017-02-02 22:18:32.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-16 15:11:43.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-13 14:36:36.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 12:11:02.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-03 18:05:28.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-02 02:13:56.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-19 17:38:40.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-11 16:27:40.146 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-06 21:41:12.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-20 08:08:56.210 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentagem de memória em uso: 49% RAM física total: 8096.46 MB RAM física disponível: 4074.86 MB Virtual Total: 11168.46 MB Virtual disponível: 7012.63 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:547.18 GB) NTFS Drive d: (CDROM) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT. ==================== Fim de Addition.txt ============================ Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 5, 2017 Root Admin ID:1099172 Share Posted February 5, 2017 Hello @Yeriah Please restart the computer first and then run the following steps and post back the logs when ready and we'll see about getting you cleaned up.STEP 01 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 02 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner STEP 03 Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View Log file (bottom left-hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found, please confirm that result. STEP 04 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Link to post Share on other sites More sharing options...
Yeriah Posted February 8, 2017 Author ID:1100057 Share Posted February 8, 2017 Ok. Here are the results ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 8.1 Single Language x64 Ran by Yeriah (Administrator) on 07/02/2017 at 12:34:54,50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 3 Successfully deleted: C:\users\Public\Documents\guid (Folder) Successfully deleted: C:\Users\Yeriah\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07/02/2017 at 12:58:10,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.043 - Relatório criado 07/02/2017 às 14:15:52 # Atualizado em 27/01/2017 por Malwarebytes # Banco de dados : 2017-02-03.2 [Servidor] # Sistema operacional : Windows 8.1 Single Language (X64) # Usuário : Yeriah - PC-DO-ALEX # Executando de : C:\Users\Yeriah\Downloads\AdwCleaner.exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta excluída:C:\Users\Yeriah\AppData\LocalLow\.acestream [-] Pasta excluída:C:\Users\Yeriah\AppData\Roaming\.acestream [-] Pasta excluída:C:\Users\Yeriah\AppData\Roaming\acestream [-] Pasta excluída:C:\_acestream_cache_ ***** [ Arquivos ] ***** [-] Arquivo excluído:C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat [#] Arquivo excluído:C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** [-] Chave excluída:HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Classes\acestream [#] Chave excluída na reinicialização:HKCU\Software\Classes\acestream [#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\acestream [-] Chave excluída:HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Conduit [#] Chave excluída na reinicialização:HKCU\Software\Conduit [#] Chave excluída na reinicialização:[x64] HKCU\Software\Conduit [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com ***** [ Verificando navegadores ... ] ***** ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2115 Bytes] - [07/02/2017 14:15:52] C:\AdwCleaner\AdwCleaner[R0].txt - [1832 Bytes] - [14/06/2015 16:59:36] C:\AdwCleaner\AdwCleaner[S0].txt - [1821 Bytes] - [14/06/2015 17:04:50] C:\AdwCleaner\AdwCleaner[S1].txt - [2502 Bytes] - [07/02/2017 13:37:42] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2407 Bytes] ########## 2017-02-07 16:32:25.650 Sophos Virus Removal Tool version 2.5.6 2017-02-07 16:32:25.650 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2017-02-07 16:32:25.650 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2017-02-07 16:32:25.650 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2017-02-07 16:32:25.650 Checking for updates... 2017-02-07 16:32:26.129 Update progress: proxy server not available 2017-02-07 16:32:40.489 Option all = no 2017-02-07 16:32:40.489 Option recurse = yes 2017-02-07 16:32:40.489 Option archive = no 2017-02-07 16:32:40.489 Option service = yes 2017-02-07 16:32:40.489 Option confirm = yes 2017-02-07 16:32:40.489 Option sxl = yes 2017-02-07 16:32:40.490 Option max-data-age = 35 2017-02-07 16:32:40.490 Option vdl-logging = yes 2017-02-07 16:32:40.499 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-02-07 16:32:40.499 Machine ID: c49517429cb54134ae25654c3a549d9f 2017-02-07 16:32:40.499 Component SVRTcli.exe version 2.5.6 2017-02-07 16:32:40.499 Component control.dll version 2.5.6 2017-02-07 16:32:40.499 Component SVRTservice.exe version 2.5.6 2017-02-07 16:32:40.499 Component engine\osdp.dll version 1.44.1.2270 2017-02-07 16:32:40.499 Component engine\veex.dll version 3.67.0.2270 2017-02-07 16:32:40.499 Component engine\savi.dll version 9.0.5.2270 2017-02-07 16:32:40.499 Component rkdisk.dll version 1.5.31.1 2017-02-07 16:32:40.499 Version info: Product version 2.5.6 2017-02-07 16:32:40.499 Version info: Detection engine 3.67.0 2017-02-07 16:32:40.499 Version info: Detection data 5.32 2017-02-07 16:32:40.499 Version info: Build date 04/10/2016 2017-02-07 16:32:40.499 Version info: Data files added 766 2017-02-07 16:32:40.499 Version info: Last successful update (not yet updated) 2017-02-07 16:32:49.417 Downloading updates... 2017-02-07 16:32:49.420 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product IDE536 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path= 2017-02-07 16:32:49.421 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path= 2017-02-07 16:32:49.421 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:50.105 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2017-02-07 16:32:50.105 Update progress: [I19463] Product download size 156130248 bytes 2017-02-07 16:33:28.689 Update progress: [I19463] Syncing product IDE536 LATEST path= 2017-02-07 16:33:28.689 Update progress: [I19463] Product download size 3527452 bytes 2017-02-07 16:33:30.925 Update progress: [I19463] Syncing product IDE537 LATEST path= 2017-02-07 16:33:30.925 Update progress: [I19463] Product download size 2537599 bytes 2017-02-07 16:33:32.550 Update progress: [I19463] Syncing product IDE538 LATEST path= 2017-02-07 16:33:32.675 Installing updates... 2017-02-07 16:33:33.296 Error level 1 2017-02-07 16:34:33.974 Update successful 2017-02-07 16:34:47.415 Option all = no 2017-02-07 16:34:47.415 Option recurse = yes 2017-02-07 16:34:47.415 Option archive = no 2017-02-07 16:34:47.415 Option service = yes 2017-02-07 16:34:47.415 Option confirm = yes 2017-02-07 16:34:47.415 Option sxl = yes 2017-02-07 16:34:47.415 Option max-data-age = 35 2017-02-07 16:34:47.415 Option vdl-logging = yes 2017-02-07 16:34:47.415 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-02-07 16:34:47.415 Machine ID: c49517429cb54134ae25654c3a549d9f 2017-02-07 16:34:47.415 Component SVRTcli.exe version 2.5.6 2017-02-07 16:34:47.415 Component control.dll version 2.5.6 2017-02-07 16:34:47.415 Component SVRTservice.exe version 2.5.6 2017-02-07 16:34:47.415 Component engine\osdp.dll version 1.44.1.2280 2017-02-07 16:34:47.415 Component engine\veex.dll version 3.68.0.2280 2017-02-07 16:34:47.415 Component engine\savi.dll version 9.0.7.2280 2017-02-07 16:34:47.415 Component rkdisk.dll version 1.5.31.1 2017-02-07 16:34:47.415 Version info: Product version 2.5.6 2017-02-07 16:34:47.415 Version info: Detection engine 3.68.0 2017-02-07 16:34:47.415 Version info: Detection data 5.35 2017-02-07 16:34:47.415 Version info: Build date 10/01/2017 2017-02-07 16:34:47.415 Version info: Data files added 346 2017-02-07 16:34:47.415 Version info: Last successful update 07/02/2017 14:34:33 2017-02-07 20:08:13.352 Could not open C:\hiberfil.sys 2017-02-07 20:08:50.093 >>> Virus 'Mal/VMProtBad-A' found in file C:\Level Up\Ragnarok\gepard.dll 2017-02-07 20:09:23.529 Could not open C:\pagefile.sys 2017-02-07 20:13:17.983 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files\SHILDBRO V3\gepard.dll 2017-02-07 20:59:40.105 >>> Virus 'Mal/VMProtBad-A' found in file C:\ragnarok\gepard.dll 2017-02-07 21:05:29.048 Could not open C:\swapfile.sys 2017-02-07 21:05:29.407 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:05:29.408 Could not open C:\System Volume Information\{436c5f75-eccf-11e6-82ca-7429afa47974}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:05:29.408 Could not open C:\System Volume Information\{48d83ae0-ea24-11e6-82c8-7429afa47974}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:07:31.648 Could not open C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Current Session 2017-02-07 21:07:31.648 Could not open C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2017-02-07 21:24:48.339 >>> Virus 'Mal/EncPk-AAL' found in file C:\Users\Yeriah\AppData\Local\Temp\GCAC.dll 2017-02-07 21:53:57.615 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2017-02-07 21:53:57.616 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2017-02-07 21:54:05.877 Could not open C:\Windows\System32\config\BBI 2017-02-07 21:54:06.454 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2017-02-07 21:54:06.485 Could not open C:\Windows\System32\config\RegBack\SAM 2017-02-07 21:54:06.490 Could not open C:\Windows\System32\config\RegBack\SECURITY 2017-02-07 21:54:06.514 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2017-02-07 21:54:06.544 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2017-02-07 22:27:11.273 The following items will be cleaned up: 2017-02-07 22:27:11.273 Mal/VMProtBad-A 2017-02-07 22:27:11.273 Mal/EncPk-AAL Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 05-02-2017 Executado por Yeriah (administrador) em PC-DO-ALEX (08-02-2017 15:31:51) Executando a partir de C:\Users\Yeriah\Downloads Perfis Carregados: Yeriah (Perfis Disponíveis: Yeriah) Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe () C:\Windows\SysWOW64\WIN8_MBIM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe.bak (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Huawei Technologies Co., Ltd.) C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET\ouc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ShareX Team) C:\Program Files\ShareX\ShareX.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Farbar) C:\Users\Yeriah\Downloads\FRST64 (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphCrashHandler.exe (Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphClientApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-08] (Power Software Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.) HKLM-x32\...\Run: [DeathTaker] => C:\Program Files (x86)\Genius\DeathTaker\mousehid.exe [303616 2013-04-03] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60408 2016-12-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginScd: C:\Program Files (x86)\GbPlugin\gbiehScd.dll [2015-10-06] (Sicredi) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Discord] => C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a600027-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a60005b-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {94453256-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {9445328c-cce0-11e6-82c4-7429afa47974} - "F:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {ae31608b-dc6e-11e4-824f-806e6f6e6963} - "D:\CDViewer.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254191-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254c66-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {fb37d97a-4c61-11e5-8277-7429afa47974} - "F:\EMP_UDSe.exe" /autorun HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll [1839640 2015-10-06] (Sicredi) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-02-21] ShortcutTarget: Curse.lnk -> C:\Users\Yeriah\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-29] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 189.7.120.16 189.7.120.15 Tcpip\..\Interfaces\{58ECD54B-5CDD-4A30-8A5F-7BE4B3782272}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{E2D45466-7876-4A81-A298-32DC60763DD4}: [DhcpNameServer] 189.7.120.16 189.7.120.15 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Sem Nome -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation) BHO-x32: Sem Nome -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Nenhum Arquivo BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540011} -> C:\Program Files (x86)\GbPlugin\gbiehscd.dll [2015-10-06] (Sicredi) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default [2017-02-05] FF Extension: (Avira Browser Safety) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\Extensions\abs@avira.com [2016-12-22] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-4078040627-3876670005-1468608263-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Yeriah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-29] (Citrix Online) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default [2017-02-08] CHR Extension: (Google Apresentações) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02] CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02] CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02] CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Planilhas do Google) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02] CHR Extension: (Documentos Google off-line) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02] CHR Extension: (Chrome Media Router) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [Arquivo não assinado] R2 AutoRun_MBIM; C:\Windows\SysWOW64\WIN8_MBIM.exe [163840 2014-03-07] () [Arquivo não assinado] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-10-06] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) U5 EMAC Secure; C:\Users\Yeriah\AppData\Local\Temp\GCSecure.sys [794248 2017-02-04] (Gamers Club) R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-07] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [Arquivo não assinado] R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-12] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-08 00:26 - 2017-02-08 00:26 - 00059938 _____ C:\Users\Yeriah\Desktop\Addition.txt 2017-02-08 00:11 - 2017-02-08 00:11 - 02421248 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64 (1).exe 2017-02-07 22:58 - 2017-02-07 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-07 18:35 - 2017-02-07 18:35 - 00107775 _____ C:\Users\Yeriah\Downloads\gabarito.pdf 2017-02-07 16:06 - 2017-02-07 16:06 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-02-07 16:00 - 2017-02-07 16:00 - 00414137 _____ C:\Users\Yeriah\Downloads\aula_06_-_taxa_nominal_-_capital_e_equivalencia_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00403620 _____ C:\Users\Yeriah\Downloads\aula_05_-_taxa_nominal_-_capital_e_equivalencia_-_parte_i.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00376439 _____ C:\Users\Yeriah\Downloads\aula_02_-_juros_simples_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00367674 _____ C:\Users\Yeriah\Downloads\aula_01_-_juros_simples_-_parte_i.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00367674 _____ C:\Users\Yeriah\Downloads\aula_01_-_juros_simples_-_parte_i (1).pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00262316 _____ C:\Users\Yeriah\Downloads\aula_04_-_taxas_de_rendimento_-_inflacao_e_real_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00254206 _____ C:\Users\Yeriah\Downloads\aula_03_-_taxas_de_rendimento_-_inflacao_e_real_-_parte_i.pdf 2017-02-07 15:49 - 2017-02-07 15:49 - 00662208 _____ () C:\Users\Yeriah\Downloads\puush-installer.exe 2017-02-07 15:49 - 2017-02-07 15:49 - 00000798 _____ C:\Users\Yeriah\Desktop\ShareX.lnk 2017-02-07 14:32 - 2017-02-07 14:32 - 00000000 ____D C:\Users\Todos os Usuários\Sophos 2017-02-07 14:32 - 2017-02-07 14:32 - 00000000 ____D C:\ProgramData\Sophos 2017-02-07 14:31 - 2017-02-07 14:31 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-02-07 14:31 - 2017-02-07 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-02-07 14:31 - 2017-02-07 14:31 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-02-07 14:26 - 2017-02-07 14:28 - 162703984 _____ (Sophos Limited) C:\Users\Yeriah\Downloads\Sophos Virus Removal Tool.exe 2017-02-07 14:21 - 2017-02-07 14:21 - 00002505 _____ C:\Users\Yeriah\Desktop\AdwCleaner[C0].txt 2017-02-07 13:35 - 2017-02-07 13:35 - 04015056 _____ C:\Users\Yeriah\Downloads\AdwCleaner.exe 2017-02-07 12:58 - 2017-02-07 12:58 - 00000773 _____ C:\Users\Yeriah\Desktop\JRT.txt 2017-02-07 12:29 - 2017-02-07 12:29 - 01663040 _____ (Malwarebytes) C:\Users\Yeriah\Downloads\JRT.exe 2017-02-07 02:38 - 2017-02-07 02:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-02-06 13:28 - 2017-02-08 13:47 - 00000000 ____D C:\Users\Yeriah\Documents\ArcheAge 2017-02-06 13:28 - 2017-02-06 13:28 - 00000000 ____D C:\ArcheAge 2017-02-04 23:32 - 2017-02-04 23:32 - 00001918 _____ C:\Users\Yeriah\Desktop\Archeage.lnk 2017-02-04 14:16 - 2017-02-08 00:25 - 00059935 _____ C:\Users\Yeriah\Downloads\Addition.txt 2017-02-04 14:13 - 2017-02-08 15:32 - 00030041 _____ C:\Users\Yeriah\Downloads\FRST.txt 2017-02-04 00:42 - 2017-02-04 00:46 - 00000000 ____D C:\Users\Yeriah\Downloads\ygopro-percy 2017-02-04 00:42 - 2017-02-04 00:42 - 00000930 _____ C:\Users\Yeriah\Desktop\Ygopro.lnk 2017-02-04 00:41 - 2017-02-04 00:42 - 40482992 _____ C:\Users\Yeriah\Downloads\ygopro-1.033.D-Percy.exe 2017-02-03 23:39 - 2017-02-05 16:34 - 00000000 ____D C:\Users\Yeriah\Downloads\La.La.Land.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-02-03 23:39 - 2017-02-03 23:45 - 00000000 ____D C:\Users\Yeriah\Downloads\The Prestige (2006) 2017-02-03 23:38 - 2017-02-03 23:38 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\uTorrent 2017-02-03 22:19 - 2017-02-03 22:19 - 02420736 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe 2017-02-03 13:49 - 2017-02-03 13:49 - 00001150 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-02-03 13:49 - 2017-02-03 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-02-03 13:45 - 2017-02-05 16:27 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\Mozilla 2017-02-03 13:44 - 2017-02-03 13:51 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Mozilla 2017-02-03 13:44 - 2017-02-03 13:44 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-03 13:42 - 2017-02-03 13:43 - 00245584 _____ C:\Users\Yeriah\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-02 01:42 - 2017-02-02 01:43 - 04121760 _____ (Husdawg, LLC) C:\Users\Yeriah\Downloads\Detection.exe 2017-02-01 22:17 - 2017-02-01 22:44 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Tera_Awesomium 2017-02-01 04:15 - 2017-02-01 14:02 - 00000000 ____D C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN 2017-02-01 04:14 - 2017-02-01 04:14 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN (1).torrent 2017-02-01 04:10 - 2017-02-01 04:10 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN.torrent 2017-01-27 14:17 - 2017-01-27 14:18 - 00730192 _____ C:\Users\Yeriah\Downloads\download (1).htm 2017-01-26 14:11 - 2017-01-26 14:11 - 00072999 _____ C:\Users\Yeriah\Downloads\Índice-de-trabalhos.xlsx 2017-01-26 02:26 - 2016-05-22 23:37 - 00032299 ____N C:\Users\Yeriah\Downloads\Game.of.Thrones.S06E05.WEBRip.1080p.x264-NOGRP.srt 2017-01-26 02:25 - 2017-01-26 02:25 - 00014552 _____ C:\Users\Yeriah\Downloads\game-of-thrones-season-6-episode-5-arabic-21123.zip 2017-01-25 21:43 - 2017-01-25 21:43 - 00003166 _____ C:\Windows\System32\Tasks\klcp_update 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-01-25 21:39 - 2017-01-25 21:40 - 14306797 _____ (KLCP ) C:\Users\Yeriah\Downloads\K-Lite_Codec_Pack_1285_Basic.exe 2017-01-25 21:39 - 2017-01-25 21:39 - 00712340 _____ ( ) C:\Users\Yeriah\Downloads\klcp_update_1282_20170119.exe 2017-01-25 21:17 - 2017-01-25 21:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones Season 6 S06 Complete 1080p WEB DL x265 HEVC SUJAIDR 2017-01-25 18:21 - 2017-01-25 18:28 - 637577727 _____ (Brytenwalda Dev. ) C:\Users\Yeriah\Downloads\brytenwalda139.exe 2017-01-25 02:49 - 2017-02-01 17:52 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG 2017-01-24 15:15 - 2017-01-24 15:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 5 2017-01-24 15:13 - 2017-01-26 01:07 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 6 2017-01-23 17:48 - 2017-01-23 17:48 - 00008829 _____ C:\Users\Yeriah\Desktop\Novo(a) Planilha do Microsoft Excel.xlsx 2017-01-22 17:40 - 2017-01-22 17:40 - 00000000 ____D C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions 2017-01-22 15:52 - 2017-01-22 16:20 - 00000000 ____D C:\Users\Yeriah\Downloads\Arrival.2016.DVDScr.x264-4RRIVED 2017-01-22 15:52 - 2017-01-22 16:19 - 00000000 ____D C:\Users\Yeriah\Downloads\[ www.torrenting.me ] - Hacksaw.Ridge.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-01-22 00:50 - 2017-01-22 01:36 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 4 [HDTV] 2017-01-21 00:12 - 2017-01-21 00:12 - 00000744 _____ C:\Users\Yeriah\Desktop\Jogar Live-RO.lnk 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:08 - 2017-01-21 00:08 - 210479692 _____ () C:\Users\Yeriah\Downloads\Instalador_Live-RO_2.0.exe 2017-01-20 01:18 - 2017-01-20 01:37 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part02.rar 2017-01-20 01:18 - 2017-01-20 01:26 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part03.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part04.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part01.rar 2017-01-20 01:18 - 2017-01-20 01:22 - 114291302 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part05.rar 2017-01-19 19:58 - 2017-01-20 21:48 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 3 [HDTV] 2017-01-19 19:58 - 2017-01-19 23:17 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.S02 2017-01-18 18:50 - 2017-01-18 18:50 - 37503157 _____ C:\Users\Yeriah\Downloads\Professora Adriana Figueiredo - Falando em Português - Crase nas Locuções Femininas.mp4 2017-01-18 16:33 - 2017-01-18 16:34 - 00868962 _____ C:\Users\Yeriah\Downloads\Agente_Penitenciario_FUNDATEC_2014.zip 2017-01-18 02:25 - 2017-01-18 02:26 - 00000000 ____D C:\Users\Yeriah\Downloads\Game Of Thrones.S01.[Complete Season 1].BRRip.XviD-VLiS 2017-01-13 23:37 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\That Awkward Moment (2014) 2017-01-13 23:32 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Brothers.Grimsby.2016.HDRip.XViD-ETRG 2017-01-13 23:29 - 2017-01-16 16:58 - 00000000 ____D C:\Users\Yeriah\Downloads\Superbad Unrated (2007) 2017-01-13 22:50 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Yeriah\Downloads\Downfall [2004] 2017-01-13 22:49 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Hunt.2012.720p.BluRay.x264-x0r 2017-01-13 22:44 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\The Pianist (2002) 2017-01-13 22:42 - 2017-01-14 09:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Forrest Gump (1994) 2017-01-13 22:42 - 2017-01-13 22:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Schindlers List (1993) 2017-01-13 14:09 - 2017-01-13 14:09 - 00264160 _____ C:\Users\Yeriah\Downloads\b0f80a228ec00c32ba202d12f7e5bc99.pdf 2017-01-13 01:36 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Accountant.2016.HC.HDRip.X264.AC3-EVO 2017-01-12 00:45 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The Departed (2006) 2017-01-12 00:45 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\Reservoir Dogs (1992) [1080p] 2017-01-12 00:43 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\The Shawshank Redemption (1994) 2017-01-11 23:00 - 2017-01-12 10:26 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-08 15:31 - 2015-06-16 23:08 - 00000000 ____D C:\FRST 2017-02-08 15:20 - 2016-06-16 20:54 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-08 15:05 - 2016-04-23 15:28 - 00000296 _____ C:\Windows\Tasks\AutoKMS.job 2017-02-08 14:53 - 2016-05-31 12:30 - 00001042 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-08 14:52 - 2017-01-05 18:55 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Glyph 2017-02-08 14:52 - 2017-01-05 18:55 - 00000000 ____D C:\Program Files (x86)\Glyph 2017-02-08 14:15 - 2015-04-10 21:24 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-08 14:07 - 2015-04-10 21:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-02-08 01:12 - 2016-08-18 00:25 - 00000000 ____D C:\Users\Yeriah\Documents\ShareX 2017-02-08 00:11 - 2015-04-10 21:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps 2017-02-08 00:10 - 2016-10-27 23:07 - 00000000 ____D C:\Program Files\SHILDBRO V3 2017-02-08 00:10 - 2016-10-27 22:51 - 00000000 ____D C:\ragnarok 2017-02-07 22:59 - 2016-05-31 12:30 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-07 21:52 - 2016-05-31 12:30 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-07 16:06 - 2015-04-10 21:18 - 00000000 ____D C:\Users\Yeriah\Documents\Bluetooth Folder 2017-02-07 15:49 - 2016-08-18 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX 2017-02-07 15:49 - 2016-08-18 00:24 - 00000000 ____D C:\Program Files\ShareX 2017-02-07 14:26 - 2015-04-06 13:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-02-07 14:19 - 2015-04-10 21:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive 2017-02-07 14:18 - 2016-08-08 18:39 - 00000000 ____D C:\Users\Yeriah\AppData\Local\LogMeIn Hamachi 2017-02-07 14:18 - 2016-01-28 19:41 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-02-07 14:18 - 2016-01-28 19:41 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-02-07 14:17 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-07 14:16 - 2013-08-22 11:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-02-07 14:15 - 2015-06-14 16:58 - 00000000 ____D C:\AdwCleaner 2017-02-07 14:15 - 2013-08-22 13:36 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2017-02-07 14:15 - 2013-08-22 13:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-02-07 12:33 - 2015-04-10 21:24 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 12:33 - 2015-04-10 21:24 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 22:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf 2017-02-06 22:48 - 2015-04-10 21:17 - 00000000 ____D C:\Users\Yeriah 2017-02-05 16:31 - 2014-11-22 00:43 - 01827170 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-05 16:31 - 2014-11-21 23:52 - 00784992 _____ C:\Windows\system32\prfh0416.dat 2017-02-05 16:31 - 2014-11-21 23:52 - 00163734 _____ C:\Windows\system32\prfc0416.dat 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Glyph 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\ProgramData\Glyph 2017-02-04 22:24 - 2016-06-16 20:54 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-04 00:30 - 2015-07-31 01:21 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\uTorrent 2017-02-03 22:09 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\discord 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-03 19:45 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-03 13:45 - 2016-12-22 21:42 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Mozilla 2017-02-01 19:20 - 2015-04-06 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-01-27 02:33 - 2016-07-29 02:30 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time 2017-01-25 20:09 - 2015-07-31 03:59 - 00000000 ____D C:\Users\Yeriah\Documents\Mount&Blade Warband Savegames 2017-01-25 03:13 - 2015-05-13 21:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer 2017-01-22 17:08 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 01:33 - 2016-12-15 01:47 - 00003178 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-19 01:33 - 2016-04-23 15:30 - 00002313 _____ C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-01-19 01:33 - 2015-07-23 21:54 - 00003186 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-01-16 22:11 - 2017-01-02 14:45 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET 2017-01-15 21:20 - 2016-06-16 20:54 - 00003934 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-01-15 21:20 - 2016-06-16 20:54 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-14 15:55 - 2015-05-24 00:34 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype 2017-01-14 15:53 - 2015-04-12 14:00 - 00000000 ____D C:\Users\Yeriah\AppData\Local\osu! 2017-01-13 17:23 - 2015-12-04 18:41 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time-Community 2017-01-13 17:10 - 2017-01-01 22:32 - 00000000 ____D C:\Users\Yeriah\Downloads\Cities - Skylines [FitGirl Repack] 2017-01-13 12:45 - 2016-12-22 20:38 - 00000078 _____ C:\Users\Yeriah\Desktop\Novo Documento de Texto (3).txt 2017-01-11 19:19 - 2016-08-01 03:08 - 00002179 _____ C:\Users\Yeriah\Desktop\Discord.lnk 2017-01-11 19:19 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-11 19:18 - 2016-08-01 03:07 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Discord 2017-01-11 14:47 - 2016-05-31 11:45 - 00000000 ____D C:\Users\Yeriah\Desktop\Its all fun and games 2017-01-11 14:43 - 2015-12-27 22:54 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\DarkSoulsII 2017-01-11 12:14 - 2015-04-13 20:52 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 12:12 - 2015-04-13 20:52 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 15:07 - 2016-12-07 19:01 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ElevatedDiagnostics 2017-01-09 14:07 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\ModemLogs ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-23 00:58 - 2016-05-23 00:58 - 0000094 _____ () C:\Users\Yeriah\AppData\Local\fusioncache.dat 2015-04-06 13:10 - 2015-04-06 13:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-03 20:42 - 2015-11-04 20:42 - 0000032 ____R () C:\ProgramData\hash.dat 2015-04-06 13:37 - 2015-04-06 13:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-04-06 13:32 - 2015-04-06 13:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-04-06 13:33 - 2015-04-06 13:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-04-06 13:35 - 2015-04-06 13:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-04-06 13:31 - 2015-04-06 13:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\hash.dat C:\Users\Todos os Usuários\hash.dat Alguns arquivos em TEMP: ==================== 2016-12-29 13:24 - 2016-12-29 13:24 - 43872728 _____ (Skype Technologies S.A.) C:\Users\Yeriah\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-28 20:26 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 05-02-2017 Executado por Yeriah (08-02-2017 15:34:39) Executando a partir de C:\Users\Yeriah\Downloads Windows 8.1 Single Language (Update) (X64) (2015-04-10 23:17:14) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled) ASPNET (S-1-5-21-4078040627-3876670005-1468608263-1003 - Limited - Enabled) Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled) Yeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Agarest - Generations of War Zero (HKLM-x32\...\1426762679_is1) (Version: 2.0.0.2 - GOG.com) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.) Atualizações da NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Auditorium (HKLM-x32\...\com.cipherprime.auditorium) (Version: 1.5.0 - UNKNOWN) Auditorium (x32 Version: 1.5.0 - UNKNOWN) Hidden Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden Brytenwalda versão 1.39 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.39 - Brytenwalda Dev.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.) Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc) DeathTaker Gaming Mouse (HKLM-x32\...\{0614BCA9-3613-4171-8128-621991A9FBF2}}_is1) (Version: - ) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell System Detect (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Discord (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.24+4.8 - DjVuZone) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION) Ethernal Ragnarok Online (HKLM-x32\...\Ethernal Ragnarok Online) (Version: - ) Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio) Gamersclub Anti Cheat (HKLM-x32\...\{C14C05CA-F9F5-45C3-9C23-43E10AF71897}) (Version: 1.00 - EMACLab) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Infestation: The New Z (HKLM\...\Steam App 555570) (Version: - Fredaikis AB) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jogos Level Up (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\bda992e0694a5bbb) (Version: 0.9.4.4 - Level Up) K-Lite Codec Pack 12.8.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Live-RO v2.0 (HKLM-x32\...\Live-RO v2.0) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - ) Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA Driver de gráficos 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation) osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd) Painel de controle da NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Popcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official) <==== ATENÇÃO Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATENÇÃO Popcorn-Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.5.0 - ShareX Team) SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.) The Duel (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\The Duel) (Version: 10.00.00.00 - The Duel) TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo) VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.18.149 - Huawei Technologies Co.,Ltd) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{ea60f6df-ac6e-42a0-8d11-bad1341c1037}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0E5B5B44-5BE0-41F3-8641-A03E90C6DF3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {1CC4B002-A4C5-4761-8772-3291E9A6D8C0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {4C83B209-A421-45F9-907C-34B8C6819A65} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {6D5066B8-652C-461E-8D14-54D5375979F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {96A504DD-E0C2-4AC7-93F4-14EA6214BBF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated) Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated) Task: {A4D3BE19-9D0F-4016-8713-52470D410404} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) Task: {C245F196-52B8-4EDD-934D-64186B21A306} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation) Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CA2E9BE7-143D-40CF-8BBC-3C7891C83805} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-01-23] () Task: {CEB42939-C3D8-472D-B274-C4E928D799C0} - System32\Tasks\{F481EC1B-7C67-470A-B66C-3072BEA38EE8} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/pt/abandoninstall?page=tsMain Task: {D2721FD9-119F-49C5-A20A-5CF5FDBB4716} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated) Task: {ECADC4F5-E83C-417F-852A-3B5A1BE8D6C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: Shortcut: C:\Users\Yeriah\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1768213486_pt-br.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=eps&cc=BR&setlang=pt-BR&inlang=pt-BR&adlt=moderate&scale=100&contrast=none&hw=900%2C1600&CVID=87BF19B5AC4A4A5F865D827F18F3C32 ShortcutWithArgument: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.facebook.com\https_80\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.facebook.com/ ==================== Módulos Carregados (Whitelisted) ============== 2015-04-06 13:28 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:29 - 2013-10-23 06:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-23 17:57 - 2014-03-07 00:23 - 00163840 _____ () C:\Windows\SysWOW64\WIN8_MBIM.exe 2015-07-23 21:47 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-03-14 13:27 - 2011-03-14 13:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-30 12:48 - 2016-05-02 03:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-08 22:32 - 2016-05-02 03:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-05-30 12:48 - 2016-05-02 03:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-08 22:33 - 2016-05-02 03:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2014-11-30 20:59 - 2014-11-30 20:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-11-30 20:56 - 2014-11-30 20:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-11-30 21:02 - 2014-11-30 21:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-04-06 13:40 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2016-05-30 12:47 - 2016-05-02 03:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-30 12:47 - 2016-05-02 03:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-04-06 13:33 - 2013-03-05 01:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-12-02 17:25 - 2016-05-02 04:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-04-06 13:21 - 2013-09-17 10:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-02-07 12:33 - 2017-02-01 07:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 12:33 - 2017-02-01 07:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2016-02-29 15:21 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:40 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-04-06 13:40 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-04-06 13:39 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2017-01-11 19:19 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-12 10:26 - 2017-01-12 10:26 - 01082880 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-12 10:26 - 2017-01-12 10:26 - 03750400 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-12 10:26 - 2017-01-12 10:26 - 00914432 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-12 10:26 - 2017-01-12 10:26 - 01127424 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2017-01-11 19:19 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-11 19:19 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-02-07 22:17 - 2017-02-07 22:17 - 00148992 _____ () \\?\C:\Users\Yeriah\AppData\Local\Temp\B510.tmp.node 2017-01-12 10:26 - 2017-01-12 10:26 - 02658304 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-01-12 10:26 - 2017-01-12 10:26 - 02130432 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node 2017-01-05 18:55 - 2017-02-04 23:22 - 01019904 _____ () C:\Program Files (x86)\Glyph\xlpack.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 00010752 _____ () C:\Program Files (x86)\Glyph\libEGL.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 01293824 _____ () C:\Program Files (x86)\Glyph\libGLESv2.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 00702464 _____ () C:\Program Files (x86)\Glyph\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-05 00:15 - 2016-12-23 16:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-04-10 21:27 - 2017-01-18 23:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 17:30 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-17 00:38 - 2017-01-05 01:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-04-10 21:27 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:38800886_Scd.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicredi.com.br -> correspondente.sicredi.com.br IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicreditotal.com.br -> internet.sicreditotal.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 11:25 - 2016-04-21 17:00 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Yeriah\Pictures\Camera Roll\WIN_20160801_155757.JPG DNS Servers: 189.7.120.16 - 189.7.120.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DeathTaker" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "KSS" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [UDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{A50394C2-A2C8-42D1-9913-B788465D4B71}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8A9E4633-0220-49A1-AD38-3A8BEF6773E9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8DDB9F28-1DFF-4E22-BE48-E3B745E81393}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{FDAF8DF1-7C19-4079-8FB3-EE13E0933252}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1BF6C2B7-9894-4AAF-99F4-8EACF367DAAE}] => C:\Users\Yeriah\Downloads\Client19-04\MiniA.exe FirewallRules: [{C5802C00-234F-4260-BDDF-937D01A18514}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{ECADBAD9-DED3-4A5D-ADF0-5001265A1903}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{FF655954-4826-4750-8DB2-BE32D1215562}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{FDF80600-A36E-4410-AF7D-BFC702033C3A}] => C:\Users\Yeriah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{39027F61-95F8-42ED-A430-A3AFBB5029B1}] => C:\WarThunder\launcher.exe FirewallRules: [{6BB2BAED-6F82-4375-8B5D-53D44C081281}] => C:\WarThunder\launcher.exe FirewallRules: [{2BEADD49-A308-428E-A350-62A3B0AB956D}] => C:\WarThunder\bpreport.exe FirewallRules: [{02FE9A07-E173-4084-ABD8-D5E5C0A8377A}] => C:\WarThunder\bpreport.exe FirewallRules: [{B3951357-658F-4BF1-9E04-DE61068E3257}] => C:\WarThunder\bpreport.exe FirewallRules: [{FCC9C62F-688C-4C27-ABA8-1057110932DA}] => C:\WarThunder\bpreport.exe FirewallRules: [{8AAEB9BB-2474-4930-B6EF-503360BB5E53}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CEF379B0-0539-4968-8FA2-0E38355A4E0B}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{C68278C5-37A4-439C-9F8C-E44E904C8995}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{BD230D35-67A7-42EE-86E3-76D8122E7050}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{53394B0C-C290-402C-AB8D-B1A7C0425D43}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{BC9052AC-993E-4707-8BFB-11C5E6ED14B4}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{C749D356-0608-4A09-A8CD-4567226B2FED}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [UDP Query User{1F48A2AC-1E29-453E-A42E-75DC7D0E3E37}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [{197AF25F-FB06-4356-84B5-A78E426E29B3}] => C:\warthunder\aces.exe FirewallRules: [{1FB98CF2-872E-49B4-B4E3-D1442FB6D7F0}] => C:\warthunder\aces.exe FirewallRules: [{FC710CD5-CE45-474F-896A-1FCB1C6F69FA}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{CA2AA8BC-CA4C-45C7-85B6-D80CE7A143FE}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{685514C9-3F4E-414C-B020-7E829457D36C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CFE8B538-3AF6-4482-A056-37E235384927}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{53AA33B9-CFA5-4C90-AB6B-65ED4128B74C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{82313A54-8DF5-4275-94C2-73D80567F3CF}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3082165F-B22A-43E6-89DB-8A39498F2F81}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8AE76FFF-3740-4D7F-B0F3-3D53C5D72BB0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{22D952A1-B7BE-4BD2-848B-9403564FB5F1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9B574E13-8687-4B01-80B2-AB6F829C0858}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{10B7BA3A-324B-4CEA-9CB0-31D9DCAF9261}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{A90EC4A2-CE9B-4E0B-A8E5-7E0CB9650A8A}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [UDP Query User{EEB0D4DE-0ED1-44B7-8272-0AFCF129834D}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [{12ECF169-5DDB-4103-87D6-C965DF9E1B82}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{5AA28CC5-D000-4F63-8EB1-BC5461B25E60}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{DCF0D338-0F1D-477B-96F8-53C248AEB096}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{B1619273-C2E4-41F5-A5FC-602B027CBDD2}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{DD197B50-9EFD-4307-939C-C2F71A3D374E}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E9765AAF-28F7-4963-96A6-A737F6A3F2B5}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{4A22EDC7-66FA-48EA-9EE4-B52A33E9B6A6}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{F6F5946F-0382-442D-9F82-C7DF6E03A243}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{03C81E77-685E-4CFE-AF85-E5D30AD3FD24}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [UDP Query User{8E08222C-B8B1-4BBA-BEE4-CEBA65AA5875}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{EB066444-8F9A-4031-823D-276917AA9EFE}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{5973F6B9-C809-4D52-AEA4-B2CC02B578BD}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [TCP Query User{205B53D8-C279-4532-967A-A1FE813FC821}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{0A236397-E0FA-4BCD-A151-5B3F973063A4}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{DFA1C7FF-4B49-4947-A770-6B836F2C7343}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{E075125C-DF2D-4428-8AC3-B8DA718F1AB9}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{41EF1CF8-A36B-4595-9B31-3186EAABBC10}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [{FB72A7B5-DD7F-4C86-9139-F82E0828B6C4}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [TCP Query User{33B17861-98D2-4961-AAA4-8C11E3ECBCBE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F17972EF-E18D-4150-8C1D-8CF80453F8BE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{EEAAC134-C2C4-4052-8FA3-D9413A1E67DB}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{71EB2023-5E95-44A0-BCD1-02C0DA499CF0}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{FED30E57-20A6-4C56-80BF-CA0A562943BC}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{C01647E1-BAA5-411D-B752-1CCA59D4A3FE}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{C9FF5578-4947-4FF8-AFEB-2B9063D1053F}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{75CC8D15-3E4A-4624-BE51-54516B7AC77B}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{342447EF-FA7F-44E9-8DA0-80DEC3345D6B}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{96FC42AB-D7D8-42A3-989E-EF391D5A2FE5}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{0E696DE2-9DC0-483C-88F4-BD39FAE89033}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [UDP Query User{A331AC7B-6DFF-4FEF-BE16-94250F765220}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{0CA0176B-1463-4AE2-9000-0AC96F1BBBE0}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{FDBC7881-C61A-4F2F-A00E-43818B833559}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{08241F7F-8302-47C9-882F-02DD2EB40A07}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{9EFCDD09-7CB0-4295-8718-79DFCC8363A1}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{6D016F01-6ABB-4068-B814-F9C93BA05DC2}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{B58051DC-A0B0-4C3E-9106-C4A88055E790}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [TCP Query User{6E6A3DBF-F86E-4C15-900D-7A9DEF34018F}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [UDP Query User{C4F63F50-F2C7-4998-B6D7-4D05D69E347E}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{67AD6FD2-2B9A-491D-98AC-9234CC3B360D}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{7B40F75A-E65B-4F86-B104-43057222D502}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{BC8C6A8E-3391-43F0-A8F6-FBD756312430}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{E5989D0A-3E75-4794-91CA-BD742625B87E}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{99DF59A5-5914-424C-B5C7-339251DA6E47}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{B23EC8C8-4CCB-4D63-AFAB-2B1067C70456}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{6F240318-6852-42A2-8830-1414FFA7A32D}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{78BE5F88-35CD-45FA-9FDD-4B7C3100D24F}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [TCP Query User{DD86E353-70F9-4D48-B2CF-1333C4AA02C6}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [UDP Query User{8522E945-BE92-4FAB-8513-BBB798DC42F8}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{EBE5CB3C-15D6-4FB9-B93B-B1ADA93E12BE}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{CD409AEA-FC03-4620-A1B7-31858B1D1457}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{2D4FBBE8-83BD-438D-A315-45A916A0F685}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{92AA8FE7-FBCD-4748-A024-B289C857835D}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{84120510-4803-4D38-868C-3A7F6928EB24}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E7E361D1-D253-42C3-AB7C-4F8B4A0EE2A0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EA234F39-9B58-4DDA-9704-F83FA922D2E8}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [UDP Query User{4C030473-4740-468D-8871-B067EDB0C7EC}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [TCP Query User{62CE4C19-6D79-45E2-8617-591D4F9784DD}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [UDP Query User{540D1B1B-8621-4C34-811F-48CA94CEE4C3}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [TCP Query User{19003352-5DC6-4D52-8518-8B145BE8A34A}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [UDP Query User{FE0AB68A-4919-46E3-B6FC-9C7B5E2CC4F6}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [{18676C17-2F3D-4EA5-918A-99D6FCC0FFDE}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7EDFC0B2-B342-40BC-BCAA-DFE6F315B7FF}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{46326887-570E-473E-A082-A4E8B0085FDC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE8EECB4-7CFE-4C95-AC0F-9518E262EEB3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4B2FA29C-E6C1-4900-8A3E-1B728A0D983B}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8360386B-7F6F-469D-A47C-7B00B125AFC2}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Pontos de Restauração ========================= 03-02-2017 19:42:20 Windows Update 07-02-2017 12:34:55 JRT Pre-Junkware Removal ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/08/2017 02:19:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem enviados para a Microsoft, (Erro 80070005). Error: (02/08/2017 02:06:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Explorer.EXE versão 6.3.9600.18460 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: be8 Hora de Início: 01d2815dbad36ed5 Hora de Término: 0 Caminho do Aplicativo: C:\Windows\Explorer.EXE ID do Relatório: dd417026-ee17-11e6-82cb-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/08/2017 12:11:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ERUNT.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e19 Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.18233, carimbo de data/hora: 0x56bb4e1d Código de exceção: 0xc0000005 Deslocamento da falha: 0x00060665 ID do processo com falha: 0x2384 Hora de início do aplicativo com falha: 0x01d281b0ad1a9753 Caminho do aplicativo com falha: C:\Windows\ERUNT.exe Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll ID do Relatório: eb5a792b-eda3-11e6-82cb-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/07/2017 10:58:49 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/07/2017 10:58:48 PM) (Source: DbxSvc) (EventID: 270) (User: ) Description: Filter Unload failed with: (-2145452013) O sistema não pôde localizar o filtro especificado. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Erros de Sistema: ============= Error: (02/08/2017 01:59:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Atualização de Definição Windows Defender – KB2267602 (Definição 1.235.2358.0). Error: (02/08/2017 06:59:11 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Houve falha na inicialização porque não foi possível criar o dispositivo de driver. Use a cadeia de caracteres "7A791964F500" para identificar a interface para a qual houve falha na inicialização. A cadeia de caracteres representa o endereço MAC da interface que falhou ou a GUID se o NetBT não conseguir mapear da GUID para o endereço MAC. Se nem o endereço MAC, nem a GUID estavam disponíveis, a cadeia de caracteres representará um nome de dispositivo de cluster. Error: (02/08/2017 06:59:11 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Houve falha na inicialização porque não foi possível criar o dispositivo de driver. Use a cadeia de caracteres "7A791964F500" para identificar a interface para a qual houve falha na inicialização. A cadeia de caracteres representa o endereço MAC da interface que falhou ou a GUID se o NetBT não conseguir mapear da GUID para o endereço MAC. Se nem o endereço MAC, nem a GUID estavam disponíveis, a cadeia de caracteres representará um nome de dispositivo de cluster. Error: (02/07/2017 04:06:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Serviço de Dispositivos de Interface Humana, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:05:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Serviço de Associação de Dispositivo, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:04:32 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Agente de Conexão de Rede, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Driver Foundation - Estrutura do Driver de Modo de Usuário foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Configuração Automática de WLAN foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Host do Sistema de Diagnósticos foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Cliente de rastreamento de link distribuído foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2017-02-04 23:34:51.991 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-02 22:18:32.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-16 15:11:43.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-13 14:36:36.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 12:11:02.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-03 18:05:28.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-02 02:13:56.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-19 17:38:40.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-11 16:27:40.146 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-06 21:41:12.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentagem de memória em uso: 64% RAM física total: 8096.46 MB RAM física disponível: 2882.49 MB Virtual Total: 11168.46 MB Virtual disponível: 3844.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:512.37 GB) NTFS Drive d: (CDROM) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT. ==================== Fim de Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 9, 2017 Root Admin ID:1100263 Share Posted February 9, 2017 Please Run TFC by OldTimer to clear temporary files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Link to post Share on other sites More sharing options...
Yeriah Posted February 10, 2017 Author ID:1100602 Share Posted February 10, 2017 Done. It has deleted 3.34gb of temporary files Should i do anything else? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 10, 2017 Root Admin ID:1100619 Share Posted February 10, 2017 Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues. If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in. Internet ExplorerHow to reset Internet Explorer settings Firefox Click on Help / Troubleshooting Information then click on the Reset Firefox button. Chrome I would like to reset Chrome back to defaults to completely clear out what is going on with Chrome. You can keep your “Bookmarks” if you want to keep them, but you have to export them first – >> Export Bookmarks << – Everything else should be removed. Then I need you to go to >> Google Sync << and sign into your account. Scroll down until you see the “reset sync” button and click on the button At the prompt click on “Ok”. .Reset Your Browser Settings . In the top-right corner of the browser window, click the “Chrome Menu” icon (Three horizontal lines) Select “Settings”. At the bottom, click “Show advanced settings…” Scroll down until you see “Reset settings”, Then click on the button “Reset Settings”. In the dialog that appears, click “Reset”. .Close Chrome and restart it and check it out for me please Link to post Share on other sites More sharing options...
Recommended Posts