Jump to content

Yeriah

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

615 profile views
  1. Done. It has deleted 3.34gb of temporary files Should i do anything else?
  2. Ok. Here are the results ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 8.1 Single Language x64 Ran by Yeriah (Administrator) on 07/02/2017 at 12:34:54,50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 3 Successfully deleted: C:\users\Public\Documents\guid (Folder) Successfully deleted: C:\Users\Yeriah\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07/02/2017 at 12:58:10,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.043 - Relatório criado 07/02/2017 às 14:15:52 # Atualizado em 27/01/2017 por Malwarebytes # Banco de dados : 2017-02-03.2 [Servidor] # Sistema operacional : Windows 8.1 Single Language (X64) # Usuário : Yeriah - PC-DO-ALEX # Executando de : C:\Users\Yeriah\Downloads\AdwCleaner.exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta excluída:C:\Users\Yeriah\AppData\LocalLow\.acestream [-] Pasta excluída:C:\Users\Yeriah\AppData\Roaming\.acestream [-] Pasta excluída:C:\Users\Yeriah\AppData\Roaming\acestream [-] Pasta excluída:C:\_acestream_cache_ ***** [ Arquivos ] ***** [-] Arquivo excluído:C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat [#] Arquivo excluído:C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** [-] Chave excluída:HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Classes\acestream [#] Chave excluída na reinicialização:HKCU\Software\Classes\acestream [#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\acestream [-] Chave excluída:HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Conduit [#] Chave excluída na reinicialização:HKCU\Software\Conduit [#] Chave excluída na reinicialização:[x64] HKCU\Software\Conduit [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com ***** [ Verificando navegadores ... ] ***** ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2115 Bytes] - [07/02/2017 14:15:52] C:\AdwCleaner\AdwCleaner[R0].txt - [1832 Bytes] - [14/06/2015 16:59:36] C:\AdwCleaner\AdwCleaner[S0].txt - [1821 Bytes] - [14/06/2015 17:04:50] C:\AdwCleaner\AdwCleaner[S1].txt - [2502 Bytes] - [07/02/2017 13:37:42] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2407 Bytes] ########## 2017-02-07 16:32:25.650 Sophos Virus Removal Tool version 2.5.6 2017-02-07 16:32:25.650 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2017-02-07 16:32:25.650 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2017-02-07 16:32:25.650 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2017-02-07 16:32:25.650 Checking for updates... 2017-02-07 16:32:26.129 Update progress: proxy server not available 2017-02-07 16:32:40.489 Option all = no 2017-02-07 16:32:40.489 Option recurse = yes 2017-02-07 16:32:40.489 Option archive = no 2017-02-07 16:32:40.489 Option service = yes 2017-02-07 16:32:40.489 Option confirm = yes 2017-02-07 16:32:40.489 Option sxl = yes 2017-02-07 16:32:40.490 Option max-data-age = 35 2017-02-07 16:32:40.490 Option vdl-logging = yes 2017-02-07 16:32:40.499 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-02-07 16:32:40.499 Machine ID: c49517429cb54134ae25654c3a549d9f 2017-02-07 16:32:40.499 Component SVRTcli.exe version 2.5.6 2017-02-07 16:32:40.499 Component control.dll version 2.5.6 2017-02-07 16:32:40.499 Component SVRTservice.exe version 2.5.6 2017-02-07 16:32:40.499 Component engine\osdp.dll version 1.44.1.2270 2017-02-07 16:32:40.499 Component engine\veex.dll version 3.67.0.2270 2017-02-07 16:32:40.499 Component engine\savi.dll version 9.0.5.2270 2017-02-07 16:32:40.499 Component rkdisk.dll version 1.5.31.1 2017-02-07 16:32:40.499 Version info: Product version 2.5.6 2017-02-07 16:32:40.499 Version info: Detection engine 3.67.0 2017-02-07 16:32:40.499 Version info: Detection data 5.32 2017-02-07 16:32:40.499 Version info: Build date 04/10/2016 2017-02-07 16:32:40.499 Version info: Data files added 766 2017-02-07 16:32:40.499 Version info: Last successful update (not yet updated) 2017-02-07 16:32:49.417 Downloading updates... 2017-02-07 16:32:49.420 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product IDE536 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path= 2017-02-07 16:32:49.421 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path= 2017-02-07 16:32:49.421 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:50.105 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2017-02-07 16:32:50.105 Update progress: [I19463] Product download size 156130248 bytes 2017-02-07 16:33:28.689 Update progress: [I19463] Syncing product IDE536 LATEST path= 2017-02-07 16:33:28.689 Update progress: [I19463] Product download size 3527452 bytes 2017-02-07 16:33:30.925 Update progress: [I19463] Syncing product IDE537 LATEST path= 2017-02-07 16:33:30.925 Update progress: [I19463] Product download size 2537599 bytes 2017-02-07 16:33:32.550 Update progress: [I19463] Syncing product IDE538 LATEST path= 2017-02-07 16:33:32.675 Installing updates... 2017-02-07 16:33:33.296 Error level 1 2017-02-07 16:34:33.974 Update successful 2017-02-07 16:34:47.415 Option all = no 2017-02-07 16:34:47.415 Option recurse = yes 2017-02-07 16:34:47.415 Option archive = no 2017-02-07 16:34:47.415 Option service = yes 2017-02-07 16:34:47.415 Option confirm = yes 2017-02-07 16:34:47.415 Option sxl = yes 2017-02-07 16:34:47.415 Option max-data-age = 35 2017-02-07 16:34:47.415 Option vdl-logging = yes 2017-02-07 16:34:47.415 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-02-07 16:34:47.415 Machine ID: c49517429cb54134ae25654c3a549d9f 2017-02-07 16:34:47.415 Component SVRTcli.exe version 2.5.6 2017-02-07 16:34:47.415 Component control.dll version 2.5.6 2017-02-07 16:34:47.415 Component SVRTservice.exe version 2.5.6 2017-02-07 16:34:47.415 Component engine\osdp.dll version 1.44.1.2280 2017-02-07 16:34:47.415 Component engine\veex.dll version 3.68.0.2280 2017-02-07 16:34:47.415 Component engine\savi.dll version 9.0.7.2280 2017-02-07 16:34:47.415 Component rkdisk.dll version 1.5.31.1 2017-02-07 16:34:47.415 Version info: Product version 2.5.6 2017-02-07 16:34:47.415 Version info: Detection engine 3.68.0 2017-02-07 16:34:47.415 Version info: Detection data 5.35 2017-02-07 16:34:47.415 Version info: Build date 10/01/2017 2017-02-07 16:34:47.415 Version info: Data files added 346 2017-02-07 16:34:47.415 Version info: Last successful update 07/02/2017 14:34:33 2017-02-07 20:08:13.352 Could not open C:\hiberfil.sys 2017-02-07 20:08:50.093 >>> Virus 'Mal/VMProtBad-A' found in file C:\Level Up\Ragnarok\gepard.dll 2017-02-07 20:09:23.529 Could not open C:\pagefile.sys 2017-02-07 20:13:17.983 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files\SHILDBRO V3\gepard.dll 2017-02-07 20:59:40.105 >>> Virus 'Mal/VMProtBad-A' found in file C:\ragnarok\gepard.dll 2017-02-07 21:05:29.048 Could not open C:\swapfile.sys 2017-02-07 21:05:29.407 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:05:29.408 Could not open C:\System Volume Information\{436c5f75-eccf-11e6-82ca-7429afa47974}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:05:29.408 Could not open C:\System Volume Information\{48d83ae0-ea24-11e6-82c8-7429afa47974}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:07:31.648 Could not open C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Current Session 2017-02-07 21:07:31.648 Could not open C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2017-02-07 21:24:48.339 >>> Virus 'Mal/EncPk-AAL' found in file C:\Users\Yeriah\AppData\Local\Temp\GCAC.dll 2017-02-07 21:53:57.615 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2017-02-07 21:53:57.616 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2017-02-07 21:54:05.877 Could not open C:\Windows\System32\config\BBI 2017-02-07 21:54:06.454 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2017-02-07 21:54:06.485 Could not open C:\Windows\System32\config\RegBack\SAM 2017-02-07 21:54:06.490 Could not open C:\Windows\System32\config\RegBack\SECURITY 2017-02-07 21:54:06.514 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2017-02-07 21:54:06.544 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2017-02-07 22:27:11.273 The following items will be cleaned up: 2017-02-07 22:27:11.273 Mal/VMProtBad-A 2017-02-07 22:27:11.273 Mal/EncPk-AAL Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 05-02-2017 Executado por Yeriah (administrador) em PC-DO-ALEX (08-02-2017 15:31:51) Executando a partir de C:\Users\Yeriah\Downloads Perfis Carregados: Yeriah (Perfis Disponíveis: Yeriah) Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe () C:\Windows\SysWOW64\WIN8_MBIM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe.bak (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Huawei Technologies Co., Ltd.) C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET\ouc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ShareX Team) C:\Program Files\ShareX\ShareX.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Farbar) C:\Users\Yeriah\Downloads\FRST64 (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphCrashHandler.exe (Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphClientApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-08] (Power Software Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.) HKLM-x32\...\Run: [DeathTaker] => C:\Program Files (x86)\Genius\DeathTaker\mousehid.exe [303616 2013-04-03] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60408 2016-12-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginScd: C:\Program Files (x86)\GbPlugin\gbiehScd.dll [2015-10-06] (Sicredi) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Discord] => C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a600027-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a60005b-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {94453256-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {9445328c-cce0-11e6-82c4-7429afa47974} - "F:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {ae31608b-dc6e-11e4-824f-806e6f6e6963} - "D:\CDViewer.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254191-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254c66-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {fb37d97a-4c61-11e5-8277-7429afa47974} - "F:\EMP_UDSe.exe" /autorun HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll [1839640 2015-10-06] (Sicredi) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-02-21] ShortcutTarget: Curse.lnk -> C:\Users\Yeriah\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-29] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 189.7.120.16 189.7.120.15 Tcpip\..\Interfaces\{58ECD54B-5CDD-4A30-8A5F-7BE4B3782272}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{E2D45466-7876-4A81-A298-32DC60763DD4}: [DhcpNameServer] 189.7.120.16 189.7.120.15 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Sem Nome -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation) BHO-x32: Sem Nome -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Nenhum Arquivo BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540011} -> C:\Program Files (x86)\GbPlugin\gbiehscd.dll [2015-10-06] (Sicredi) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default [2017-02-05] FF Extension: (Avira Browser Safety) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\Extensions\abs@avira.com [2016-12-22] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-4078040627-3876670005-1468608263-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Yeriah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-29] (Citrix Online) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default [2017-02-08] CHR Extension: (Google Apresentações) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02] CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02] CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02] CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Planilhas do Google) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02] CHR Extension: (Documentos Google off-line) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02] CHR Extension: (Chrome Media Router) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [Arquivo não assinado] R2 AutoRun_MBIM; C:\Windows\SysWOW64\WIN8_MBIM.exe [163840 2014-03-07] () [Arquivo não assinado] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-10-06] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) U5 EMAC Secure; C:\Users\Yeriah\AppData\Local\Temp\GCSecure.sys [794248 2017-02-04] (Gamers Club) R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-07] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [Arquivo não assinado] R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-12] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-08 00:26 - 2017-02-08 00:26 - 00059938 _____ C:\Users\Yeriah\Desktop\Addition.txt 2017-02-08 00:11 - 2017-02-08 00:11 - 02421248 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64 (1).exe 2017-02-07 22:58 - 2017-02-07 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-07 18:35 - 2017-02-07 18:35 - 00107775 _____ C:\Users\Yeriah\Downloads\gabarito.pdf 2017-02-07 16:06 - 2017-02-07 16:06 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-02-07 16:00 - 2017-02-07 16:00 - 00414137 _____ C:\Users\Yeriah\Downloads\aula_06_-_taxa_nominal_-_capital_e_equivalencia_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00403620 _____ C:\Users\Yeriah\Downloads\aula_05_-_taxa_nominal_-_capital_e_equivalencia_-_parte_i.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00376439 _____ C:\Users\Yeriah\Downloads\aula_02_-_juros_simples_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00367674 _____ C:\Users\Yeriah\Downloads\aula_01_-_juros_simples_-_parte_i.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00367674 _____ C:\Users\Yeriah\Downloads\aula_01_-_juros_simples_-_parte_i (1).pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00262316 _____ C:\Users\Yeriah\Downloads\aula_04_-_taxas_de_rendimento_-_inflacao_e_real_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00254206 _____ C:\Users\Yeriah\Downloads\aula_03_-_taxas_de_rendimento_-_inflacao_e_real_-_parte_i.pdf 2017-02-07 15:49 - 2017-02-07 15:49 - 00662208 _____ () C:\Users\Yeriah\Downloads\puush-installer.exe 2017-02-07 15:49 - 2017-02-07 15:49 - 00000798 _____ C:\Users\Yeriah\Desktop\ShareX.lnk 2017-02-07 14:32 - 2017-02-07 14:32 - 00000000 ____D C:\Users\Todos os Usuários\Sophos 2017-02-07 14:32 - 2017-02-07 14:32 - 00000000 ____D C:\ProgramData\Sophos 2017-02-07 14:31 - 2017-02-07 14:31 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-02-07 14:31 - 2017-02-07 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-02-07 14:31 - 2017-02-07 14:31 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-02-07 14:26 - 2017-02-07 14:28 - 162703984 _____ (Sophos Limited) C:\Users\Yeriah\Downloads\Sophos Virus Removal Tool.exe 2017-02-07 14:21 - 2017-02-07 14:21 - 00002505 _____ C:\Users\Yeriah\Desktop\AdwCleaner[C0].txt 2017-02-07 13:35 - 2017-02-07 13:35 - 04015056 _____ C:\Users\Yeriah\Downloads\AdwCleaner.exe 2017-02-07 12:58 - 2017-02-07 12:58 - 00000773 _____ C:\Users\Yeriah\Desktop\JRT.txt 2017-02-07 12:29 - 2017-02-07 12:29 - 01663040 _____ (Malwarebytes) C:\Users\Yeriah\Downloads\JRT.exe 2017-02-07 02:38 - 2017-02-07 02:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-02-06 13:28 - 2017-02-08 13:47 - 00000000 ____D C:\Users\Yeriah\Documents\ArcheAge 2017-02-06 13:28 - 2017-02-06 13:28 - 00000000 ____D C:\ArcheAge 2017-02-04 23:32 - 2017-02-04 23:32 - 00001918 _____ C:\Users\Yeriah\Desktop\Archeage.lnk 2017-02-04 14:16 - 2017-02-08 00:25 - 00059935 _____ C:\Users\Yeriah\Downloads\Addition.txt 2017-02-04 14:13 - 2017-02-08 15:32 - 00030041 _____ C:\Users\Yeriah\Downloads\FRST.txt 2017-02-04 00:42 - 2017-02-04 00:46 - 00000000 ____D C:\Users\Yeriah\Downloads\ygopro-percy 2017-02-04 00:42 - 2017-02-04 00:42 - 00000930 _____ C:\Users\Yeriah\Desktop\Ygopro.lnk 2017-02-04 00:41 - 2017-02-04 00:42 - 40482992 _____ C:\Users\Yeriah\Downloads\ygopro-1.033.D-Percy.exe 2017-02-03 23:39 - 2017-02-05 16:34 - 00000000 ____D C:\Users\Yeriah\Downloads\La.La.Land.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-02-03 23:39 - 2017-02-03 23:45 - 00000000 ____D C:\Users\Yeriah\Downloads\The Prestige (2006) 2017-02-03 23:38 - 2017-02-03 23:38 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\uTorrent 2017-02-03 22:19 - 2017-02-03 22:19 - 02420736 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe 2017-02-03 13:49 - 2017-02-03 13:49 - 00001150 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-02-03 13:49 - 2017-02-03 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-02-03 13:45 - 2017-02-05 16:27 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\Mozilla 2017-02-03 13:44 - 2017-02-03 13:51 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Mozilla 2017-02-03 13:44 - 2017-02-03 13:44 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-03 13:42 - 2017-02-03 13:43 - 00245584 _____ C:\Users\Yeriah\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-02 01:42 - 2017-02-02 01:43 - 04121760 _____ (Husdawg, LLC) C:\Users\Yeriah\Downloads\Detection.exe 2017-02-01 22:17 - 2017-02-01 22:44 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Tera_Awesomium 2017-02-01 04:15 - 2017-02-01 14:02 - 00000000 ____D C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN 2017-02-01 04:14 - 2017-02-01 04:14 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN (1).torrent 2017-02-01 04:10 - 2017-02-01 04:10 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN.torrent 2017-01-27 14:17 - 2017-01-27 14:18 - 00730192 _____ C:\Users\Yeriah\Downloads\download (1).htm 2017-01-26 14:11 - 2017-01-26 14:11 - 00072999 _____ C:\Users\Yeriah\Downloads\Índice-de-trabalhos.xlsx 2017-01-26 02:26 - 2016-05-22 23:37 - 00032299 ____N C:\Users\Yeriah\Downloads\Game.of.Thrones.S06E05.WEBRip.1080p.x264-NOGRP.srt 2017-01-26 02:25 - 2017-01-26 02:25 - 00014552 _____ C:\Users\Yeriah\Downloads\game-of-thrones-season-6-episode-5-arabic-21123.zip 2017-01-25 21:43 - 2017-01-25 21:43 - 00003166 _____ C:\Windows\System32\Tasks\klcp_update 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-01-25 21:39 - 2017-01-25 21:40 - 14306797 _____ (KLCP ) C:\Users\Yeriah\Downloads\K-Lite_Codec_Pack_1285_Basic.exe 2017-01-25 21:39 - 2017-01-25 21:39 - 00712340 _____ ( ) C:\Users\Yeriah\Downloads\klcp_update_1282_20170119.exe 2017-01-25 21:17 - 2017-01-25 21:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones Season 6 S06 Complete 1080p WEB DL x265 HEVC SUJAIDR 2017-01-25 18:21 - 2017-01-25 18:28 - 637577727 _____ (Brytenwalda Dev. ) C:\Users\Yeriah\Downloads\brytenwalda139.exe 2017-01-25 02:49 - 2017-02-01 17:52 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG 2017-01-24 15:15 - 2017-01-24 15:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 5 2017-01-24 15:13 - 2017-01-26 01:07 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 6 2017-01-23 17:48 - 2017-01-23 17:48 - 00008829 _____ C:\Users\Yeriah\Desktop\Novo(a) Planilha do Microsoft Excel.xlsx 2017-01-22 17:40 - 2017-01-22 17:40 - 00000000 ____D C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions 2017-01-22 15:52 - 2017-01-22 16:20 - 00000000 ____D C:\Users\Yeriah\Downloads\Arrival.2016.DVDScr.x264-4RRIVED 2017-01-22 15:52 - 2017-01-22 16:19 - 00000000 ____D C:\Users\Yeriah\Downloads\[ www.torrenting.me ] - Hacksaw.Ridge.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-01-22 00:50 - 2017-01-22 01:36 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 4 [HDTV] 2017-01-21 00:12 - 2017-01-21 00:12 - 00000744 _____ C:\Users\Yeriah\Desktop\Jogar Live-RO.lnk 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:08 - 2017-01-21 00:08 - 210479692 _____ () C:\Users\Yeriah\Downloads\Instalador_Live-RO_2.0.exe 2017-01-20 01:18 - 2017-01-20 01:37 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part02.rar 2017-01-20 01:18 - 2017-01-20 01:26 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part03.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part04.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part01.rar 2017-01-20 01:18 - 2017-01-20 01:22 - 114291302 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part05.rar 2017-01-19 19:58 - 2017-01-20 21:48 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 3 [HDTV] 2017-01-19 19:58 - 2017-01-19 23:17 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.S02 2017-01-18 18:50 - 2017-01-18 18:50 - 37503157 _____ C:\Users\Yeriah\Downloads\Professora Adriana Figueiredo - Falando em Português - Crase nas Locuções Femininas.mp4 2017-01-18 16:33 - 2017-01-18 16:34 - 00868962 _____ C:\Users\Yeriah\Downloads\Agente_Penitenciario_FUNDATEC_2014.zip 2017-01-18 02:25 - 2017-01-18 02:26 - 00000000 ____D C:\Users\Yeriah\Downloads\Game Of Thrones.S01.[Complete Season 1].BRRip.XviD-VLiS 2017-01-13 23:37 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\That Awkward Moment (2014) 2017-01-13 23:32 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Brothers.Grimsby.2016.HDRip.XViD-ETRG 2017-01-13 23:29 - 2017-01-16 16:58 - 00000000 ____D C:\Users\Yeriah\Downloads\Superbad Unrated (2007) 2017-01-13 22:50 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Yeriah\Downloads\Downfall [2004] 2017-01-13 22:49 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Hunt.2012.720p.BluRay.x264-x0r 2017-01-13 22:44 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\The Pianist (2002) 2017-01-13 22:42 - 2017-01-14 09:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Forrest Gump (1994) 2017-01-13 22:42 - 2017-01-13 22:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Schindlers List (1993) 2017-01-13 14:09 - 2017-01-13 14:09 - 00264160 _____ C:\Users\Yeriah\Downloads\b0f80a228ec00c32ba202d12f7e5bc99.pdf 2017-01-13 01:36 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Accountant.2016.HC.HDRip.X264.AC3-EVO 2017-01-12 00:45 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The Departed (2006) 2017-01-12 00:45 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\Reservoir Dogs (1992) [1080p] 2017-01-12 00:43 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\The Shawshank Redemption (1994) 2017-01-11 23:00 - 2017-01-12 10:26 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-08 15:31 - 2015-06-16 23:08 - 00000000 ____D C:\FRST 2017-02-08 15:20 - 2016-06-16 20:54 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-08 15:05 - 2016-04-23 15:28 - 00000296 _____ C:\Windows\Tasks\AutoKMS.job 2017-02-08 14:53 - 2016-05-31 12:30 - 00001042 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-08 14:52 - 2017-01-05 18:55 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Glyph 2017-02-08 14:52 - 2017-01-05 18:55 - 00000000 ____D C:\Program Files (x86)\Glyph 2017-02-08 14:15 - 2015-04-10 21:24 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-08 14:07 - 2015-04-10 21:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-02-08 01:12 - 2016-08-18 00:25 - 00000000 ____D C:\Users\Yeriah\Documents\ShareX 2017-02-08 00:11 - 2015-04-10 21:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps 2017-02-08 00:10 - 2016-10-27 23:07 - 00000000 ____D C:\Program Files\SHILDBRO V3 2017-02-08 00:10 - 2016-10-27 22:51 - 00000000 ____D C:\ragnarok 2017-02-07 22:59 - 2016-05-31 12:30 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-07 21:52 - 2016-05-31 12:30 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-07 16:06 - 2015-04-10 21:18 - 00000000 ____D C:\Users\Yeriah\Documents\Bluetooth Folder 2017-02-07 15:49 - 2016-08-18 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX 2017-02-07 15:49 - 2016-08-18 00:24 - 00000000 ____D C:\Program Files\ShareX 2017-02-07 14:26 - 2015-04-06 13:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-02-07 14:19 - 2015-04-10 21:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive 2017-02-07 14:18 - 2016-08-08 18:39 - 00000000 ____D C:\Users\Yeriah\AppData\Local\LogMeIn Hamachi 2017-02-07 14:18 - 2016-01-28 19:41 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-02-07 14:18 - 2016-01-28 19:41 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-02-07 14:17 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-07 14:16 - 2013-08-22 11:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-02-07 14:15 - 2015-06-14 16:58 - 00000000 ____D C:\AdwCleaner 2017-02-07 14:15 - 2013-08-22 13:36 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2017-02-07 14:15 - 2013-08-22 13:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-02-07 12:33 - 2015-04-10 21:24 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 12:33 - 2015-04-10 21:24 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 22:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf 2017-02-06 22:48 - 2015-04-10 21:17 - 00000000 ____D C:\Users\Yeriah 2017-02-05 16:31 - 2014-11-22 00:43 - 01827170 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-05 16:31 - 2014-11-21 23:52 - 00784992 _____ C:\Windows\system32\prfh0416.dat 2017-02-05 16:31 - 2014-11-21 23:52 - 00163734 _____ C:\Windows\system32\prfc0416.dat 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Glyph 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\ProgramData\Glyph 2017-02-04 22:24 - 2016-06-16 20:54 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-04 00:30 - 2015-07-31 01:21 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\uTorrent 2017-02-03 22:09 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\discord 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-03 19:45 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-03 13:45 - 2016-12-22 21:42 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Mozilla 2017-02-01 19:20 - 2015-04-06 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-01-27 02:33 - 2016-07-29 02:30 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time 2017-01-25 20:09 - 2015-07-31 03:59 - 00000000 ____D C:\Users\Yeriah\Documents\Mount&Blade Warband Savegames 2017-01-25 03:13 - 2015-05-13 21:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer 2017-01-22 17:08 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 01:33 - 2016-12-15 01:47 - 00003178 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-19 01:33 - 2016-04-23 15:30 - 00002313 _____ C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-01-19 01:33 - 2015-07-23 21:54 - 00003186 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-01-16 22:11 - 2017-01-02 14:45 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET 2017-01-15 21:20 - 2016-06-16 20:54 - 00003934 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-01-15 21:20 - 2016-06-16 20:54 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-14 15:55 - 2015-05-24 00:34 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype 2017-01-14 15:53 - 2015-04-12 14:00 - 00000000 ____D C:\Users\Yeriah\AppData\Local\osu! 2017-01-13 17:23 - 2015-12-04 18:41 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time-Community 2017-01-13 17:10 - 2017-01-01 22:32 - 00000000 ____D C:\Users\Yeriah\Downloads\Cities - Skylines [FitGirl Repack] 2017-01-13 12:45 - 2016-12-22 20:38 - 00000078 _____ C:\Users\Yeriah\Desktop\Novo Documento de Texto (3).txt 2017-01-11 19:19 - 2016-08-01 03:08 - 00002179 _____ C:\Users\Yeriah\Desktop\Discord.lnk 2017-01-11 19:19 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-11 19:18 - 2016-08-01 03:07 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Discord 2017-01-11 14:47 - 2016-05-31 11:45 - 00000000 ____D C:\Users\Yeriah\Desktop\Its all fun and games 2017-01-11 14:43 - 2015-12-27 22:54 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\DarkSoulsII 2017-01-11 12:14 - 2015-04-13 20:52 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 12:12 - 2015-04-13 20:52 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 15:07 - 2016-12-07 19:01 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ElevatedDiagnostics 2017-01-09 14:07 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\ModemLogs ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-23 00:58 - 2016-05-23 00:58 - 0000094 _____ () C:\Users\Yeriah\AppData\Local\fusioncache.dat 2015-04-06 13:10 - 2015-04-06 13:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-03 20:42 - 2015-11-04 20:42 - 0000032 ____R () C:\ProgramData\hash.dat 2015-04-06 13:37 - 2015-04-06 13:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-04-06 13:32 - 2015-04-06 13:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-04-06 13:33 - 2015-04-06 13:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-04-06 13:35 - 2015-04-06 13:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-04-06 13:31 - 2015-04-06 13:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\hash.dat C:\Users\Todos os Usuários\hash.dat Alguns arquivos em TEMP: ==================== 2016-12-29 13:24 - 2016-12-29 13:24 - 43872728 _____ (Skype Technologies S.A.) C:\Users\Yeriah\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-28 20:26 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 05-02-2017 Executado por Yeriah (08-02-2017 15:34:39) Executando a partir de C:\Users\Yeriah\Downloads Windows 8.1 Single Language (Update) (X64) (2015-04-10 23:17:14) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled) ASPNET (S-1-5-21-4078040627-3876670005-1468608263-1003 - Limited - Enabled) Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled) Yeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Agarest - Generations of War Zero (HKLM-x32\...\1426762679_is1) (Version: 2.0.0.2 - GOG.com) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.) Atualizações da NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Auditorium (HKLM-x32\...\com.cipherprime.auditorium) (Version: 1.5.0 - UNKNOWN) Auditorium (x32 Version: 1.5.0 - UNKNOWN) Hidden Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden Brytenwalda versão 1.39 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.39 - Brytenwalda Dev.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.) Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc) DeathTaker Gaming Mouse (HKLM-x32\...\{0614BCA9-3613-4171-8128-621991A9FBF2}}_is1) (Version: - ) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell System Detect (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Discord (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.24+4.8 - DjVuZone) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION) Ethernal Ragnarok Online (HKLM-x32\...\Ethernal Ragnarok Online) (Version: - ) Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio) Gamersclub Anti Cheat (HKLM-x32\...\{C14C05CA-F9F5-45C3-9C23-43E10AF71897}) (Version: 1.00 - EMACLab) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Infestation: The New Z (HKLM\...\Steam App 555570) (Version: - Fredaikis AB) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jogos Level Up (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\bda992e0694a5bbb) (Version: 0.9.4.4 - Level Up) K-Lite Codec Pack 12.8.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Live-RO v2.0 (HKLM-x32\...\Live-RO v2.0) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - ) Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA Driver de gráficos 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation) osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd) Painel de controle da NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Popcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official) <==== ATENÇÃO Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATENÇÃO Popcorn-Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.5.0 - ShareX Team) SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.) The Duel (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\The Duel) (Version: 10.00.00.00 - The Duel) TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo) VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.18.149 - Huawei Technologies Co.,Ltd) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{ea60f6df-ac6e-42a0-8d11-bad1341c1037}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0E5B5B44-5BE0-41F3-8641-A03E90C6DF3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {1CC4B002-A4C5-4761-8772-3291E9A6D8C0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {4C83B209-A421-45F9-907C-34B8C6819A65} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {6D5066B8-652C-461E-8D14-54D5375979F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {96A504DD-E0C2-4AC7-93F4-14EA6214BBF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated) Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated) Task: {A4D3BE19-9D0F-4016-8713-52470D410404} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) Task: {C245F196-52B8-4EDD-934D-64186B21A306} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation) Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CA2E9BE7-143D-40CF-8BBC-3C7891C83805} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-01-23] () Task: {CEB42939-C3D8-472D-B274-C4E928D799C0} - System32\Tasks\{F481EC1B-7C67-470A-B66C-3072BEA38EE8} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/pt/abandoninstall?page=tsMain Task: {D2721FD9-119F-49C5-A20A-5CF5FDBB4716} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated) Task: {ECADC4F5-E83C-417F-852A-3B5A1BE8D6C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: Shortcut: C:\Users\Yeriah\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1768213486_pt-br.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=eps&cc=BR&setlang=pt-BR&inlang=pt-BR&adlt=moderate&scale=100&contrast=none&hw=900%2C1600&CVID=87BF19B5AC4A4A5F865D827F18F3C32 ShortcutWithArgument: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.facebook.com\https_80\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.facebook.com/ ==================== Módulos Carregados (Whitelisted) ============== 2015-04-06 13:28 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:29 - 2013-10-23 06:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-23 17:57 - 2014-03-07 00:23 - 00163840 _____ () C:\Windows\SysWOW64\WIN8_MBIM.exe 2015-07-23 21:47 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-03-14 13:27 - 2011-03-14 13:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-30 12:48 - 2016-05-02 03:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-08 22:32 - 2016-05-02 03:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-05-30 12:48 - 2016-05-02 03:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-08 22:33 - 2016-05-02 03:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2014-11-30 20:59 - 2014-11-30 20:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-11-30 20:56 - 2014-11-30 20:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-11-30 21:02 - 2014-11-30 21:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-04-06 13:40 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2016-05-30 12:47 - 2016-05-02 03:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-30 12:47 - 2016-05-02 03:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-04-06 13:33 - 2013-03-05 01:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-12-02 17:25 - 2016-05-02 04:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-04-06 13:21 - 2013-09-17 10:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-02-07 12:33 - 2017-02-01 07:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 12:33 - 2017-02-01 07:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2016-02-29 15:21 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:40 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-04-06 13:40 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-04-06 13:39 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2017-01-11 19:19 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-12 10:26 - 2017-01-12 10:26 - 01082880 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-12 10:26 - 2017-01-12 10:26 - 03750400 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-12 10:26 - 2017-01-12 10:26 - 00914432 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-12 10:26 - 2017-01-12 10:26 - 01127424 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2017-01-11 19:19 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-11 19:19 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-02-07 22:17 - 2017-02-07 22:17 - 00148992 _____ () \\?\C:\Users\Yeriah\AppData\Local\Temp\B510.tmp.node 2017-01-12 10:26 - 2017-01-12 10:26 - 02658304 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-01-12 10:26 - 2017-01-12 10:26 - 02130432 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node 2017-01-05 18:55 - 2017-02-04 23:22 - 01019904 _____ () C:\Program Files (x86)\Glyph\xlpack.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 00010752 _____ () C:\Program Files (x86)\Glyph\libEGL.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 01293824 _____ () C:\Program Files (x86)\Glyph\libGLESv2.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 00702464 _____ () C:\Program Files (x86)\Glyph\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-05 00:15 - 2016-12-23 16:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-04-10 21:27 - 2017-01-18 23:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 17:30 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-17 00:38 - 2017-01-05 01:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-04-10 21:27 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:38800886_Scd.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicredi.com.br -> correspondente.sicredi.com.br IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicreditotal.com.br -> internet.sicreditotal.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 11:25 - 2016-04-21 17:00 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Yeriah\Pictures\Camera Roll\WIN_20160801_155757.JPG DNS Servers: 189.7.120.16 - 189.7.120.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DeathTaker" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "KSS" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [UDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{A50394C2-A2C8-42D1-9913-B788465D4B71}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8A9E4633-0220-49A1-AD38-3A8BEF6773E9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8DDB9F28-1DFF-4E22-BE48-E3B745E81393}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{FDAF8DF1-7C19-4079-8FB3-EE13E0933252}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1BF6C2B7-9894-4AAF-99F4-8EACF367DAAE}] => C:\Users\Yeriah\Downloads\Client19-04\MiniA.exe FirewallRules: [{C5802C00-234F-4260-BDDF-937D01A18514}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{ECADBAD9-DED3-4A5D-ADF0-5001265A1903}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{FF655954-4826-4750-8DB2-BE32D1215562}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{FDF80600-A36E-4410-AF7D-BFC702033C3A}] => C:\Users\Yeriah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{39027F61-95F8-42ED-A430-A3AFBB5029B1}] => C:\WarThunder\launcher.exe FirewallRules: [{6BB2BAED-6F82-4375-8B5D-53D44C081281}] => C:\WarThunder\launcher.exe FirewallRules: [{2BEADD49-A308-428E-A350-62A3B0AB956D}] => C:\WarThunder\bpreport.exe FirewallRules: [{02FE9A07-E173-4084-ABD8-D5E5C0A8377A}] => C:\WarThunder\bpreport.exe FirewallRules: [{B3951357-658F-4BF1-9E04-DE61068E3257}] => C:\WarThunder\bpreport.exe FirewallRules: [{FCC9C62F-688C-4C27-ABA8-1057110932DA}] => C:\WarThunder\bpreport.exe FirewallRules: [{8AAEB9BB-2474-4930-B6EF-503360BB5E53}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CEF379B0-0539-4968-8FA2-0E38355A4E0B}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{C68278C5-37A4-439C-9F8C-E44E904C8995}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{BD230D35-67A7-42EE-86E3-76D8122E7050}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{53394B0C-C290-402C-AB8D-B1A7C0425D43}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{BC9052AC-993E-4707-8BFB-11C5E6ED14B4}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{C749D356-0608-4A09-A8CD-4567226B2FED}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [UDP Query User{1F48A2AC-1E29-453E-A42E-75DC7D0E3E37}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [{197AF25F-FB06-4356-84B5-A78E426E29B3}] => C:\warthunder\aces.exe FirewallRules: [{1FB98CF2-872E-49B4-B4E3-D1442FB6D7F0}] => C:\warthunder\aces.exe FirewallRules: [{FC710CD5-CE45-474F-896A-1FCB1C6F69FA}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{CA2AA8BC-CA4C-45C7-85B6-D80CE7A143FE}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{685514C9-3F4E-414C-B020-7E829457D36C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CFE8B538-3AF6-4482-A056-37E235384927}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{53AA33B9-CFA5-4C90-AB6B-65ED4128B74C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{82313A54-8DF5-4275-94C2-73D80567F3CF}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3082165F-B22A-43E6-89DB-8A39498F2F81}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8AE76FFF-3740-4D7F-B0F3-3D53C5D72BB0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{22D952A1-B7BE-4BD2-848B-9403564FB5F1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9B574E13-8687-4B01-80B2-AB6F829C0858}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{10B7BA3A-324B-4CEA-9CB0-31D9DCAF9261}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{A90EC4A2-CE9B-4E0B-A8E5-7E0CB9650A8A}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [UDP Query User{EEB0D4DE-0ED1-44B7-8272-0AFCF129834D}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [{12ECF169-5DDB-4103-87D6-C965DF9E1B82}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{5AA28CC5-D000-4F63-8EB1-BC5461B25E60}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{DCF0D338-0F1D-477B-96F8-53C248AEB096}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{B1619273-C2E4-41F5-A5FC-602B027CBDD2}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{DD197B50-9EFD-4307-939C-C2F71A3D374E}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E9765AAF-28F7-4963-96A6-A737F6A3F2B5}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{4A22EDC7-66FA-48EA-9EE4-B52A33E9B6A6}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{F6F5946F-0382-442D-9F82-C7DF6E03A243}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{03C81E77-685E-4CFE-AF85-E5D30AD3FD24}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [UDP Query User{8E08222C-B8B1-4BBA-BEE4-CEBA65AA5875}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{EB066444-8F9A-4031-823D-276917AA9EFE}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{5973F6B9-C809-4D52-AEA4-B2CC02B578BD}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [TCP Query User{205B53D8-C279-4532-967A-A1FE813FC821}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{0A236397-E0FA-4BCD-A151-5B3F973063A4}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{DFA1C7FF-4B49-4947-A770-6B836F2C7343}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{E075125C-DF2D-4428-8AC3-B8DA718F1AB9}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{41EF1CF8-A36B-4595-9B31-3186EAABBC10}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [{FB72A7B5-DD7F-4C86-9139-F82E0828B6C4}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [TCP Query User{33B17861-98D2-4961-AAA4-8C11E3ECBCBE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F17972EF-E18D-4150-8C1D-8CF80453F8BE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{EEAAC134-C2C4-4052-8FA3-D9413A1E67DB}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{71EB2023-5E95-44A0-BCD1-02C0DA499CF0}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{FED30E57-20A6-4C56-80BF-CA0A562943BC}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{C01647E1-BAA5-411D-B752-1CCA59D4A3FE}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{C9FF5578-4947-4FF8-AFEB-2B9063D1053F}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{75CC8D15-3E4A-4624-BE51-54516B7AC77B}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{342447EF-FA7F-44E9-8DA0-80DEC3345D6B}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{96FC42AB-D7D8-42A3-989E-EF391D5A2FE5}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{0E696DE2-9DC0-483C-88F4-BD39FAE89033}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [UDP Query User{A331AC7B-6DFF-4FEF-BE16-94250F765220}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{0CA0176B-1463-4AE2-9000-0AC96F1BBBE0}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{FDBC7881-C61A-4F2F-A00E-43818B833559}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{08241F7F-8302-47C9-882F-02DD2EB40A07}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{9EFCDD09-7CB0-4295-8718-79DFCC8363A1}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{6D016F01-6ABB-4068-B814-F9C93BA05DC2}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{B58051DC-A0B0-4C3E-9106-C4A88055E790}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [TCP Query User{6E6A3DBF-F86E-4C15-900D-7A9DEF34018F}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [UDP Query User{C4F63F50-F2C7-4998-B6D7-4D05D69E347E}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{67AD6FD2-2B9A-491D-98AC-9234CC3B360D}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{7B40F75A-E65B-4F86-B104-43057222D502}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{BC8C6A8E-3391-43F0-A8F6-FBD756312430}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{E5989D0A-3E75-4794-91CA-BD742625B87E}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{99DF59A5-5914-424C-B5C7-339251DA6E47}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{B23EC8C8-4CCB-4D63-AFAB-2B1067C70456}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{6F240318-6852-42A2-8830-1414FFA7A32D}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{78BE5F88-35CD-45FA-9FDD-4B7C3100D24F}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [TCP Query User{DD86E353-70F9-4D48-B2CF-1333C4AA02C6}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [UDP Query User{8522E945-BE92-4FAB-8513-BBB798DC42F8}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{EBE5CB3C-15D6-4FB9-B93B-B1ADA93E12BE}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{CD409AEA-FC03-4620-A1B7-31858B1D1457}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{2D4FBBE8-83BD-438D-A315-45A916A0F685}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{92AA8FE7-FBCD-4748-A024-B289C857835D}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{84120510-4803-4D38-868C-3A7F6928EB24}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E7E361D1-D253-42C3-AB7C-4F8B4A0EE2A0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EA234F39-9B58-4DDA-9704-F83FA922D2E8}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [UDP Query User{4C030473-4740-468D-8871-B067EDB0C7EC}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [TCP Query User{62CE4C19-6D79-45E2-8617-591D4F9784DD}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [UDP Query User{540D1B1B-8621-4C34-811F-48CA94CEE4C3}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [TCP Query User{19003352-5DC6-4D52-8518-8B145BE8A34A}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [UDP Query User{FE0AB68A-4919-46E3-B6FC-9C7B5E2CC4F6}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [{18676C17-2F3D-4EA5-918A-99D6FCC0FFDE}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7EDFC0B2-B342-40BC-BCAA-DFE6F315B7FF}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{46326887-570E-473E-A082-A4E8B0085FDC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE8EECB4-7CFE-4C95-AC0F-9518E262EEB3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4B2FA29C-E6C1-4900-8A3E-1B728A0D983B}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8360386B-7F6F-469D-A47C-7B00B125AFC2}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Pontos de Restauração ========================= 03-02-2017 19:42:20 Windows Update 07-02-2017 12:34:55 JRT Pre-Junkware Removal ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/08/2017 02:19:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem enviados para a Microsoft, (Erro 80070005). Error: (02/08/2017 02:06:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Explorer.EXE versão 6.3.9600.18460 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: be8 Hora de Início: 01d2815dbad36ed5 Hora de Término: 0 Caminho do Aplicativo: C:\Windows\Explorer.EXE ID do Relatório: dd417026-ee17-11e6-82cb-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/08/2017 12:11:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ERUNT.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e19 Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.18233, carimbo de data/hora: 0x56bb4e1d Código de exceção: 0xc0000005 Deslocamento da falha: 0x00060665 ID do processo com falha: 0x2384 Hora de início do aplicativo com falha: 0x01d281b0ad1a9753 Caminho do aplicativo com falha: C:\Windows\ERUNT.exe Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll ID do Relatório: eb5a792b-eda3-11e6-82cb-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/07/2017 10:58:49 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/07/2017 10:58:48 PM) (Source: DbxSvc) (EventID: 270) (User: ) Description: Filter Unload failed with: (-2145452013) O sistema não pôde localizar o filtro especificado. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Erros de Sistema: ============= Error: (02/08/2017 01:59:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Atualização de Definição Windows Defender – KB2267602 (Definição 1.235.2358.0). Error: (02/08/2017 06:59:11 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Houve falha na inicialização porque não foi possível criar o dispositivo de driver. Use a cadeia de caracteres "7A791964F500" para identificar a interface para a qual houve falha na inicialização. A cadeia de caracteres representa o endereço MAC da interface que falhou ou a GUID se o NetBT não conseguir mapear da GUID para o endereço MAC. Se nem o endereço MAC, nem a GUID estavam disponíveis, a cadeia de caracteres representará um nome de dispositivo de cluster. Error: (02/08/2017 06:59:11 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Houve falha na inicialização porque não foi possível criar o dispositivo de driver. Use a cadeia de caracteres "7A791964F500" para identificar a interface para a qual houve falha na inicialização. A cadeia de caracteres representa o endereço MAC da interface que falhou ou a GUID se o NetBT não conseguir mapear da GUID para o endereço MAC. Se nem o endereço MAC, nem a GUID estavam disponíveis, a cadeia de caracteres representará um nome de dispositivo de cluster. Error: (02/07/2017 04:06:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Serviço de Dispositivos de Interface Humana, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:05:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Serviço de Associação de Dispositivo, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:04:32 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Agente de Conexão de Rede, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Driver Foundation - Estrutura do Driver de Modo de Usuário foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Configuração Automática de WLAN foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Host do Sistema de Diagnósticos foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Cliente de rastreamento de link distribuído foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2017-02-04 23:34:51.991 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-02 22:18:32.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-16 15:11:43.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-13 14:36:36.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 12:11:02.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-03 18:05:28.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-02 02:13:56.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-19 17:38:40.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-11 16:27:40.146 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-06 21:41:12.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentagem de memória em uso: 64% RAM física total: 8096.46 MB RAM física disponível: 2882.49 MB Virtual Total: 11168.46 MB Virtual disponível: 3844.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:512.37 GB) NTFS Drive d: (CDROM) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT. ==================== Fim de Addition.txt ============================
  3. Hello, my computer is taking alot of time to turn on/off and most aplications have became really slower, even games fps has gone down, i reall think i'm infected with something. Here are the farbar results Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 29-01-2017 Executado por Yeriah (administrador) em PC-DO-ALEX (04-02-2017 14:13:45) Executando a partir de C:\Users\Yeriah\Downloads Perfis Carregados: Yeriah (Perfis Disponíveis: Yeriah) Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe () C:\Windows\SysWOW64\WIN8_MBIM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Huawei Technologies Co., Ltd.) C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET\ouc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-08] (Power Software Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26219896 2017-01-30] (Dropbox, Inc.) HKLM-x32\...\Run: [DeathTaker] => C:\Program Files (x86)\Genius\DeathTaker\mousehid.exe [303616 2013-04-03] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60408 2016-12-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginScd: C:\Program Files (x86)\GbPlugin\gbiehScd.dll [2015-10-06] (Sicredi) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Discord] => C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a600027-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a60005b-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {94453256-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {9445328c-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {ae31608b-dc6e-11e4-824f-806e6f6e6963} - "D:\CDViewer.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254191-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254c66-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {fb37d97a-4c61-11e5-8277-7429afa47974} - "F:\EMP_UDSe.exe" /autorun HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll [1839640 2015-10-06] (Sicredi) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-02-21] ShortcutTarget: Curse.lnk -> C:\Users\Yeriah\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-29] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 189.7.120.16 189.7.120.15 Tcpip\..\Interfaces\{58ECD54B-5CDD-4A30-8A5F-7BE4B3782272}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{E2D45466-7876-4A81-A298-32DC60763DD4}: [DhcpNameServer] 189.7.120.16 189.7.120.15 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll => Nenhum Arquivo BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL => Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540011} -> C:\Program Files (x86)\GbPlugin\gbiehscd.dll [2015-10-06] (Sicredi) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL Nenhum Arquivo FireFox: ======== FF ProfilePath: C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default [2017-02-04] FF Extension: (Avira Browser Safety) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\Extensions\abs@avira.com [2016-12-22] FF Extension: (Diagnostics) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\features\{dd383f65-f2ee-491b-91de-e4124ba573d3}\diagnostics@mozilla.org.xpi [2017-02-03] FF Extension: (Send HSTS Priming Requests) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\features\{dd383f65-f2ee-491b-91de-e4124ba573d3}\hsts-priming@mozilla.org.xpi [2017-02-03] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-4078040627-3876670005-1468608263-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Yeriah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-29] (Citrix Online) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default [2017-02-04] CHR Extension: (Google Apresentações) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02] CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02] CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02] CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Planilhas do Google) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02] CHR Extension: (Documentos Google off-line) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02] CHR Extension: (Chrome Media Router) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [Arquivo não assinado] R2 AutoRun_MBIM; C:\Windows\SysWOW64\WIN8_MBIM.exe [163840 2014-03-07] () [Arquivo não assinado] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-30] (Dropbox, Inc.) S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-10-06] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) U5 EMAC Secure; C:\Users\Yeriah\AppData\Local\Temp\GCSecure.sys [794248 2017-02-04] (Gamers Club) R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-03] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [Arquivo não assinado] R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-12] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-04 14:13 - 2017-02-04 14:13 - 00030920 _____ C:\Users\Yeriah\Downloads\FRST.txt 2017-02-04 00:42 - 2017-02-04 00:46 - 00000000 ____D C:\Users\Yeriah\Downloads\ygopro-percy 2017-02-04 00:42 - 2017-02-04 00:42 - 00000930 _____ C:\Users\Yeriah\Desktop\Ygopro.lnk 2017-02-04 00:41 - 2017-02-04 00:42 - 40482992 _____ C:\Users\Yeriah\Downloads\ygopro-1.033.D-Percy.exe 2017-02-03 23:39 - 2017-02-03 23:45 - 00000000 ____D C:\Users\Yeriah\Downloads\The Prestige (2006) 2017-02-03 23:39 - 2017-02-03 23:39 - 00000000 ____D C:\Users\Yeriah\Downloads\La.La.Land.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-02-03 23:38 - 2017-02-03 23:38 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\uTorrent 2017-02-03 22:19 - 2017-02-03 22:19 - 02420736 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe 2017-02-03 22:06 - 2017-02-03 22:06 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-02-03 13:49 - 2017-02-03 13:49 - 00001150 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-02-03 13:49 - 2017-02-03 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-02-03 13:45 - 2017-02-04 00:49 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\Mozilla 2017-02-03 13:44 - 2017-02-03 13:51 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Mozilla 2017-02-03 13:44 - 2017-02-03 13:44 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-03 13:42 - 2017-02-03 13:43 - 00245584 _____ C:\Users\Yeriah\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-02 18:56 - 2017-02-02 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-02 01:42 - 2017-02-02 01:43 - 04121760 _____ (Husdawg, LLC) C:\Users\Yeriah\Downloads\Detection.exe 2017-02-01 22:17 - 2017-02-01 22:44 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Tera_Awesomium 2017-02-01 04:15 - 2017-02-01 14:02 - 00000000 ____D C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN 2017-02-01 04:14 - 2017-02-01 04:14 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN (1).torrent 2017-02-01 04:10 - 2017-02-01 04:10 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN.torrent 2017-01-30 12:02 - 2017-01-30 12:02 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-01-27 14:17 - 2017-01-27 14:18 - 00730192 _____ C:\Users\Yeriah\Downloads\download (1).htm 2017-01-26 14:11 - 2017-01-26 14:11 - 00072999 _____ C:\Users\Yeriah\Downloads\Índice-de-trabalhos.xlsx 2017-01-26 02:26 - 2016-05-22 23:37 - 00032299 ____N C:\Users\Yeriah\Downloads\Game.of.Thrones.S06E05.WEBRip.1080p.x264-NOGRP.srt 2017-01-26 02:25 - 2017-01-26 02:25 - 00014552 _____ C:\Users\Yeriah\Downloads\game-of-thrones-season-6-episode-5-arabic-21123.zip 2017-01-25 21:43 - 2017-01-25 21:43 - 00003166 _____ C:\Windows\System32\Tasks\klcp_update 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-01-25 21:39 - 2017-01-25 21:40 - 14306797 _____ (KLCP ) C:\Users\Yeriah\Downloads\K-Lite_Codec_Pack_1285_Basic.exe 2017-01-25 21:39 - 2017-01-25 21:39 - 00712340 _____ ( ) C:\Users\Yeriah\Downloads\klcp_update_1282_20170119.exe 2017-01-25 21:17 - 2017-01-25 21:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones Season 6 S06 Complete 1080p WEB DL x265 HEVC SUJAIDR 2017-01-25 18:21 - 2017-01-25 18:28 - 637577727 _____ (Brytenwalda Dev. ) C:\Users\Yeriah\Downloads\brytenwalda139.exe 2017-01-25 02:49 - 2017-02-01 17:52 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG 2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Yeriah\Downloads\(2016) Minha Mãe é uma peça 2 HD-TS 2017-01-24 15:15 - 2017-01-24 15:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 5 2017-01-24 15:13 - 2017-01-26 01:07 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 6 2017-01-23 17:48 - 2017-01-23 17:48 - 00008829 _____ C:\Users\Yeriah\Desktop\Novo(a) Planilha do Microsoft Excel.xlsx 2017-01-22 17:40 - 2017-01-22 17:40 - 00000000 ____D C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions 2017-01-22 15:52 - 2017-01-22 16:20 - 00000000 ____D C:\Users\Yeriah\Downloads\Arrival.2016.DVDScr.x264-4RRIVED 2017-01-22 15:52 - 2017-01-22 16:19 - 00000000 ____D C:\Users\Yeriah\Downloads\[ www.torrenting.me ] - Hacksaw.Ridge.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-01-22 00:50 - 2017-01-22 01:36 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 4 [HDTV] 2017-01-21 00:12 - 2017-01-21 00:12 - 00000744 _____ C:\Users\Yeriah\Desktop\Jogar Live-RO.lnk 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:08 - 2017-01-21 00:08 - 210479692 _____ () C:\Users\Yeriah\Downloads\Instalador_Live-RO_2.0.exe 2017-01-20 01:18 - 2017-01-20 01:37 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part02.rar 2017-01-20 01:18 - 2017-01-20 01:26 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part03.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part04.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part01.rar 2017-01-20 01:18 - 2017-01-20 01:22 - 114291302 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part05.rar 2017-01-19 22:21 - 2017-01-19 22:42 - 275294916 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 01.mp4 2017-01-19 22:21 - 2017-01-19 22:28 - 323760185 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 02.mp4 2017-01-19 22:21 - 2017-01-19 22:28 - 269260586 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 03.mp4 2017-01-19 19:58 - 2017-01-20 21:48 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 3 [HDTV] 2017-01-19 19:58 - 2017-01-19 23:17 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.S02 2017-01-18 18:50 - 2017-01-18 18:50 - 37503157 _____ C:\Users\Yeriah\Downloads\Professora Adriana Figueiredo - Falando em Português - Crase nas Locuções Femininas.mp4 2017-01-18 16:33 - 2017-01-18 16:34 - 00868962 _____ C:\Users\Yeriah\Downloads\Agente_Penitenciario_FUNDATEC_2014.zip 2017-01-18 02:25 - 2017-01-18 02:26 - 00000000 ____D C:\Users\Yeriah\Downloads\Game Of Thrones.S01.[Complete Season 1].BRRip.XviD-VLiS 2017-01-13 23:37 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\That Awkward Moment (2014) 2017-01-13 23:32 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Brothers.Grimsby.2016.HDRip.XViD-ETRG 2017-01-13 23:29 - 2017-01-16 16:58 - 00000000 ____D C:\Users\Yeriah\Downloads\Superbad Unrated (2007) 2017-01-13 22:50 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Yeriah\Downloads\Downfall [2004] 2017-01-13 22:49 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Hunt.2012.720p.BluRay.x264-x0r 2017-01-13 22:44 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\The Pianist (2002) 2017-01-13 22:42 - 2017-01-14 09:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Forrest Gump (1994) 2017-01-13 22:42 - 2017-01-13 22:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Schindlers List (1993) 2017-01-13 14:09 - 2017-01-13 14:09 - 00264160 _____ C:\Users\Yeriah\Downloads\b0f80a228ec00c32ba202d12f7e5bc99.pdf 2017-01-13 01:36 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Accountant.2016.HC.HDRip.X264.AC3-EVO 2017-01-12 00:45 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The Departed (2006) 2017-01-12 00:45 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\Reservoir Dogs (1992) [1080p] 2017-01-12 00:43 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\The Shawshank Redemption (1994) 2017-01-12 00:31 - 2017-01-12 00:31 - 00000000 ____D C:\Users\Yeriah\Downloads\I Am Bolt 2016 720p BRRip 800 MB - iExTV 2017-01-11 23:00 - 2017-01-12 10:26 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG 2017-01-07 14:49 - 2017-01-07 14:49 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\SmartSteamEmu 2017-01-05 18:55 - 2017-01-05 21:17 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Glyph 2017-01-05 18:55 - 2017-01-05 21:07 - 00000000 ____D C:\Program Files (x86)\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\Users\Todos os Usuários\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\ProgramData\Glyph 2017-01-05 18:55 - 2017-01-05 18:55 - 00001015 _____ C:\Users\Yeriah\Desktop\Glyph.lnk 2017-01-05 18:51 - 2017-01-05 18:54 - 72398296 _____ (Trion Worlds Inc.) C:\Users\Yeriah\Downloads\GlyphInstall-0-160.exe 2017-01-05 18:03 - 2017-01-05 18:03 - 00000219 _____ C:\Users\Yeriah\Desktop\Left 4 Dead 2.url ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-04 14:13 - 2015-06-16 23:08 - 00000000 ____D C:\FRST 2017-02-04 04:24 - 2016-06-16 20:54 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-04 04:20 - 2016-06-16 20:54 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-04 03:53 - 2016-05-31 12:30 - 00001042 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-04 02:26 - 2015-04-10 21:24 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-04 00:30 - 2015-07-31 01:21 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\uTorrent 2017-02-04 00:06 - 2015-04-10 21:23 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-02-03 22:16 - 2015-04-06 13:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-02-03 22:09 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\discord 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-03 22:05 - 2015-04-10 21:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive 2017-02-03 22:03 - 2016-05-31 12:30 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-03 22:03 - 2016-01-28 19:41 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-02-03 22:03 - 2016-01-28 19:41 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-02-03 22:02 - 2016-04-23 15:28 - 00000296 _____ C:\Windows\Tasks\AutoKMS.job 2017-02-03 22:02 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-03 19:45 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-03 13:45 - 2016-12-22 21:42 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Mozilla 2017-02-02 18:57 - 2016-05-31 12:30 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-01 22:56 - 2015-04-10 21:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps 2017-02-01 19:20 - 2015-04-06 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-01-27 21:43 - 2014-11-22 00:43 - 01827170 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-27 21:43 - 2014-11-21 23:52 - 00784992 _____ C:\Windows\system32\prfh0416.dat 2017-01-27 21:43 - 2014-11-21 23:52 - 00163734 _____ C:\Windows\system32\prfc0416.dat 2017-01-27 21:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf 2017-01-27 02:33 - 2016-07-29 02:30 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time 2017-01-25 20:09 - 2015-07-31 03:59 - 00000000 ____D C:\Users\Yeriah\Documents\Mount&Blade Warband Savegames 2017-01-25 03:13 - 2015-05-13 21:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer 2017-01-22 17:08 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 01:33 - 2016-12-15 01:47 - 00003178 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-19 01:33 - 2016-04-23 15:30 - 00002313 _____ C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-01-19 01:33 - 2015-07-23 21:54 - 00003186 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-01-16 22:11 - 2017-01-02 14:45 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET 2017-01-15 21:20 - 2016-06-16 20:54 - 00003934 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-01-15 21:20 - 2016-06-16 20:54 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-14 15:55 - 2015-05-24 00:34 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype 2017-01-14 15:53 - 2015-04-12 14:00 - 00000000 ____D C:\Users\Yeriah\AppData\Local\osu! 2017-01-13 17:23 - 2015-12-04 18:41 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time-Community 2017-01-13 17:10 - 2017-01-01 22:32 - 00000000 ____D C:\Users\Yeriah\Downloads\Cities - Skylines [FitGirl Repack] 2017-01-13 12:45 - 2016-12-22 20:38 - 00000078 _____ C:\Users\Yeriah\Desktop\Novo Documento de Texto (3).txt 2017-01-12 10:22 - 2015-04-10 21:17 - 00000000 ____D C:\Users\Yeriah 2017-01-12 10:19 - 2015-04-10 21:18 - 00000000 ____D C:\Users\Yeriah\Documents\Bluetooth Folder 2017-01-11 19:19 - 2016-08-01 03:08 - 00002179 _____ C:\Users\Yeriah\Desktop\Discord.lnk 2017-01-11 19:19 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-11 19:18 - 2016-08-01 03:07 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Discord 2017-01-11 14:47 - 2016-05-31 11:45 - 00000000 ____D C:\Users\Yeriah\Desktop\Its all fun and games 2017-01-11 14:43 - 2015-12-27 22:54 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\DarkSoulsII 2017-01-11 12:14 - 2015-04-13 20:52 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 12:12 - 2015-04-13 20:52 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 15:07 - 2016-12-07 19:01 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ElevatedDiagnostics 2017-01-09 14:07 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\ModemLogs 2017-01-05 18:03 - 2015-04-10 21:30 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-23 00:58 - 2016-05-23 00:58 - 0000094 _____ () C:\Users\Yeriah\AppData\Local\fusioncache.dat 2015-04-06 13:10 - 2015-04-06 13:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-03 20:42 - 2015-11-04 20:42 - 0000032 ____R () C:\ProgramData\hash.dat 2015-04-06 13:37 - 2015-04-06 13:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-11-02 00:25 - 2015-11-02 00:25 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-04-06 13:32 - 2015-04-06 13:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-04-06 13:33 - 2015-04-06 13:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-04-06 13:35 - 2015-04-06 13:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-04-06 13:31 - 2015-04-06 13:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\hash.dat C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\hash.dat C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns arquivos em TEMP: ==================== 2016-12-31 00:25 - 2017-02-04 01:16 - 2077184 _____ () C:\Users\Yeriah\AppData\Local\Temp\GCAC.dll 2016-12-29 13:24 - 2016-12-29 13:24 - 43872728 _____ (Skype Technologies S.A.) C:\Users\Yeriah\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-28 20:26 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 29-01-2017 Executado por Yeriah (04-02-2017 14:16:11) Executando a partir de C:\Users\Yeriah\Downloads Windows 8.1 Single Language (Update) (X64) (2015-04-10 23:17:14) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled) ASPNET (S-1-5-21-4078040627-3876670005-1468608263-1003 - Limited - Enabled) Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled) Yeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Agarest - Generations of War Zero (HKLM-x32\...\1426762679_is1) (Version: 2.0.0.2 - GOG.com) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Atualizações da NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Auditorium (HKLM-x32\...\com.cipherprime.auditorium) (Version: 1.5.0 - UNKNOWN) Auditorium (x32 Version: 1.5.0 - UNKNOWN) Hidden Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden Brytenwalda versão 1.39 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.39 - Brytenwalda Dev.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.) Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc) DeathTaker Gaming Mouse (HKLM-x32\...\{0614BCA9-3613-4171-8128-621991A9FBF2}}_is1) (Version: - ) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell System Detect (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Discord (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.24+4.8 - DjVuZone) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.12 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION) Ethernal Ragnarok Online (HKLM-x32\...\Ethernal Ragnarok Online) (Version: - ) Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio) Gamersclub Anti Cheat (HKLM-x32\...\{C14C05CA-F9F5-45C3-9C23-43E10AF71897}) (Version: 1.00 - EMACLab) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Infestation: The New Z (HKLM\...\Steam App 555570) (Version: - Fredaikis AB) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jogos Level Up (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\bda992e0694a5bbb) (Version: 0.9.4.4 - Level Up) K-Lite Codec Pack 12.8.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Live-RO v2.0 (HKLM-x32\...\Live-RO v2.0) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 15.0.4815.1001 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - ) Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA Driver de gráficos 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd) Painel de controle da NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Popcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official) <==== ATENÇÃO Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATENÇÃO Popcorn-Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.1.0 - ShareX Team) SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.) The Duel (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\The Duel) (Version: 10.00.00.00 - The Duel) TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo) VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.18.149 - Huawei Technologies Co.,Ltd) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{ea60f6df-ac6e-42a0-8d11-bad1341c1037}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0E5B5B44-5BE0-41F3-8641-A03E90C6DF3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {1CC4B002-A4C5-4761-8772-3291E9A6D8C0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {4C83B209-A421-45F9-907C-34B8C6819A65} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {6D5066B8-652C-461E-8D14-54D5375979F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {96A504DD-E0C2-4AC7-93F4-14EA6214BBF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated) Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated) Task: {A4D3BE19-9D0F-4016-8713-52470D410404} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) Task: {B1DB07FC-B0FF-4FBB-901F-942BD79AB160} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.) Task: {C245F196-52B8-4EDD-934D-64186B21A306} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation) Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CA2E9BE7-143D-40CF-8BBC-3C7891C83805} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-01-23] () Task: {CEB42939-C3D8-472D-B274-C4E928D799C0} - System32\Tasks\{F481EC1B-7C67-470A-B66C-3072BEA38EE8} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/pt/abandoninstall?page=tsMain Task: {D2721FD9-119F-49C5-A20A-5CF5FDBB4716} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated) Task: {ECADC4F5-E83C-417F-852A-3B5A1BE8D6C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: Shortcut: C:\Users\Yeriah\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1768213486_pt-br.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=eps&cc=BR&setlang=pt-BR&inlang=pt-BR&adlt=moderate&scale=100&contrast=none&hw=900%2C1600&CVID=87BF19B5AC4A4A5F865D827F18F3C32 ShortcutWithArgument: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.facebook.com\https_80\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.facebook.com/ ==================== Módulos Carregados (Whitelisted) ============== 2015-04-06 13:28 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:29 - 2013-10-23 06:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-23 17:57 - 2014-03-07 00:23 - 00163840 _____ () C:\Windows\SysWOW64\WIN8_MBIM.exe 2015-07-23 21:47 - 2015-10-13 06:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-03-14 13:27 - 2011-03-14 13:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-30 12:48 - 2016-05-02 03:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-08 22:32 - 2016-05-02 03:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-05-30 12:48 - 2016-05-02 03:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2015-04-06 13:40 - 2014-06-04 16:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2015-04-06 13:40 - 2014-06-04 16:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-05-30 12:48 - 2016-05-02 03:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-08 22:33 - 2016-05-02 03:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2014-11-30 20:59 - 2014-11-30 20:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-11-30 20:56 - 2014-11-30 20:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-11-30 21:02 - 2014-11-30 21:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-04-06 13:40 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2016-05-30 12:47 - 2016-05-02 03:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-30 12:47 - 2016-05-02 03:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-04-06 13:33 - 2013-03-05 01:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-12-02 17:25 - 2016-05-02 04:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-12-14 19:23 - 2016-12-08 05:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-14 19:23 - 2016-12-08 05:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2016-02-29 15:21 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:21 - 2013-09-17 10:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-04-06 13:40 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-04-06 13:40 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-04-06 13:39 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2015-06-05 00:15 - 2016-12-23 16:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-04-10 21:27 - 2017-01-18 23:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 17:30 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-17 00:38 - 2017-01-05 01:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-04-10 21:27 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:38800886_Scd.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicredi.com.br -> correspondente.sicredi.com.br IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicreditotal.com.br -> internet.sicreditotal.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 11:25 - 2016-04-21 17:00 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Yeriah\Pictures\Camera Roll\WIN_20160801_155757.JPG DNS Servers: 189.7.120.16 - 189.7.120.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DeathTaker" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "KSS" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [UDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{A50394C2-A2C8-42D1-9913-B788465D4B71}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8A9E4633-0220-49A1-AD38-3A8BEF6773E9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8DDB9F28-1DFF-4E22-BE48-E3B745E81393}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{FDAF8DF1-7C19-4079-8FB3-EE13E0933252}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1BF6C2B7-9894-4AAF-99F4-8EACF367DAAE}] => C:\Users\Yeriah\Downloads\Client19-04\MiniA.exe FirewallRules: [{C5802C00-234F-4260-BDDF-937D01A18514}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{ECADBAD9-DED3-4A5D-ADF0-5001265A1903}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{FF655954-4826-4750-8DB2-BE32D1215562}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{FDF80600-A36E-4410-AF7D-BFC702033C3A}] => C:\Users\Yeriah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{39027F61-95F8-42ED-A430-A3AFBB5029B1}] => C:\WarThunder\launcher.exe FirewallRules: [{6BB2BAED-6F82-4375-8B5D-53D44C081281}] => C:\WarThunder\launcher.exe FirewallRules: [{2BEADD49-A308-428E-A350-62A3B0AB956D}] => C:\WarThunder\bpreport.exe FirewallRules: [{02FE9A07-E173-4084-ABD8-D5E5C0A8377A}] => C:\WarThunder\bpreport.exe FirewallRules: [{B3951357-658F-4BF1-9E04-DE61068E3257}] => C:\WarThunder\bpreport.exe FirewallRules: [{FCC9C62F-688C-4C27-ABA8-1057110932DA}] => C:\WarThunder\bpreport.exe FirewallRules: [{8AAEB9BB-2474-4930-B6EF-503360BB5E53}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CEF379B0-0539-4968-8FA2-0E38355A4E0B}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{C68278C5-37A4-439C-9F8C-E44E904C8995}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{BD230D35-67A7-42EE-86E3-76D8122E7050}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{53394B0C-C290-402C-AB8D-B1A7C0425D43}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{BC9052AC-993E-4707-8BFB-11C5E6ED14B4}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{C749D356-0608-4A09-A8CD-4567226B2FED}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [UDP Query User{1F48A2AC-1E29-453E-A42E-75DC7D0E3E37}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [{197AF25F-FB06-4356-84B5-A78E426E29B3}] => C:\warthunder\aces.exe FirewallRules: [{1FB98CF2-872E-49B4-B4E3-D1442FB6D7F0}] => C:\warthunder\aces.exe FirewallRules: [{FC710CD5-CE45-474F-896A-1FCB1C6F69FA}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{CA2AA8BC-CA4C-45C7-85B6-D80CE7A143FE}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{685514C9-3F4E-414C-B020-7E829457D36C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CFE8B538-3AF6-4482-A056-37E235384927}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{53AA33B9-CFA5-4C90-AB6B-65ED4128B74C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{82313A54-8DF5-4275-94C2-73D80567F3CF}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3082165F-B22A-43E6-89DB-8A39498F2F81}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8AE76FFF-3740-4D7F-B0F3-3D53C5D72BB0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{22D952A1-B7BE-4BD2-848B-9403564FB5F1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9B574E13-8687-4B01-80B2-AB6F829C0858}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{10B7BA3A-324B-4CEA-9CB0-31D9DCAF9261}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{A90EC4A2-CE9B-4E0B-A8E5-7E0CB9650A8A}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [UDP Query User{EEB0D4DE-0ED1-44B7-8272-0AFCF129834D}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [{12ECF169-5DDB-4103-87D6-C965DF9E1B82}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{5AA28CC5-D000-4F63-8EB1-BC5461B25E60}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{DCF0D338-0F1D-477B-96F8-53C248AEB096}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{B1619273-C2E4-41F5-A5FC-602B027CBDD2}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{DD197B50-9EFD-4307-939C-C2F71A3D374E}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E9765AAF-28F7-4963-96A6-A737F6A3F2B5}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{4A22EDC7-66FA-48EA-9EE4-B52A33E9B6A6}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{F6F5946F-0382-442D-9F82-C7DF6E03A243}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{03C81E77-685E-4CFE-AF85-E5D30AD3FD24}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [UDP Query User{8E08222C-B8B1-4BBA-BEE4-CEBA65AA5875}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{EB066444-8F9A-4031-823D-276917AA9EFE}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{5973F6B9-C809-4D52-AEA4-B2CC02B578BD}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [TCP Query User{205B53D8-C279-4532-967A-A1FE813FC821}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{0A236397-E0FA-4BCD-A151-5B3F973063A4}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{DFA1C7FF-4B49-4947-A770-6B836F2C7343}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{E075125C-DF2D-4428-8AC3-B8DA718F1AB9}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{41EF1CF8-A36B-4595-9B31-3186EAABBC10}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [{FB72A7B5-DD7F-4C86-9139-F82E0828B6C4}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [TCP Query User{33B17861-98D2-4961-AAA4-8C11E3ECBCBE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F17972EF-E18D-4150-8C1D-8CF80453F8BE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{EEAAC134-C2C4-4052-8FA3-D9413A1E67DB}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{71EB2023-5E95-44A0-BCD1-02C0DA499CF0}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{FED30E57-20A6-4C56-80BF-CA0A562943BC}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{C01647E1-BAA5-411D-B752-1CCA59D4A3FE}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{C9FF5578-4947-4FF8-AFEB-2B9063D1053F}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{75CC8D15-3E4A-4624-BE51-54516B7AC77B}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{342447EF-FA7F-44E9-8DA0-80DEC3345D6B}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{96FC42AB-D7D8-42A3-989E-EF391D5A2FE5}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{0E696DE2-9DC0-483C-88F4-BD39FAE89033}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [UDP Query User{A331AC7B-6DFF-4FEF-BE16-94250F765220}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{0CA0176B-1463-4AE2-9000-0AC96F1BBBE0}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{FDBC7881-C61A-4F2F-A00E-43818B833559}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{08241F7F-8302-47C9-882F-02DD2EB40A07}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{9EFCDD09-7CB0-4295-8718-79DFCC8363A1}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{6D016F01-6ABB-4068-B814-F9C93BA05DC2}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{B58051DC-A0B0-4C3E-9106-C4A88055E790}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [TCP Query User{6E6A3DBF-F86E-4C15-900D-7A9DEF34018F}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [UDP Query User{C4F63F50-F2C7-4998-B6D7-4D05D69E347E}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{67AD6FD2-2B9A-491D-98AC-9234CC3B360D}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{7B40F75A-E65B-4F86-B104-43057222D502}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{BC8C6A8E-3391-43F0-A8F6-FBD756312430}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{E5989D0A-3E75-4794-91CA-BD742625B87E}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{99DF59A5-5914-424C-B5C7-339251DA6E47}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{B23EC8C8-4CCB-4D63-AFAB-2B1067C70456}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{6F240318-6852-42A2-8830-1414FFA7A32D}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{78BE5F88-35CD-45FA-9FDD-4B7C3100D24F}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [TCP Query User{DD86E353-70F9-4D48-B2CF-1333C4AA02C6}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [UDP Query User{8522E945-BE92-4FAB-8513-BBB798DC42F8}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{EBE5CB3C-15D6-4FB9-B93B-B1ADA93E12BE}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{CD409AEA-FC03-4620-A1B7-31858B1D1457}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{2D4FBBE8-83BD-438D-A315-45A916A0F685}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{92AA8FE7-FBCD-4748-A024-B289C857835D}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{CFF9BA8C-4230-4760-A0EA-5BB2F4906FA4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{84120510-4803-4D38-868C-3A7F6928EB24}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E7E361D1-D253-42C3-AB7C-4F8B4A0EE2A0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EA234F39-9B58-4DDA-9704-F83FA922D2E8}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [UDP Query User{4C030473-4740-468D-8871-B067EDB0C7EC}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [TCP Query User{62CE4C19-6D79-45E2-8617-591D4F9784DD}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [UDP Query User{540D1B1B-8621-4C34-811F-48CA94CEE4C3}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [TCP Query User{19003352-5DC6-4D52-8518-8B145BE8A34A}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [UDP Query User{FE0AB68A-4919-46E3-B6FC-9C7B5E2CC4F6}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [{18676C17-2F3D-4EA5-918A-99D6FCC0FFDE}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7EDFC0B2-B342-40BC-BCAA-DFE6F315B7FF}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{DB8435E3-09C5-414E-A743-02064EDE2967}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{46326887-570E-473E-A082-A4E8B0085FDC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE8EECB4-7CFE-4C95-AC0F-9518E262EEB3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Pontos de Restauração ========================= 03-02-2017 19:42:20 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: LogMeIn Hamachi Virtual Ethernet Adapter Description: LogMeIn Hamachi Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn Inc. Service: Hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/04/2017 12:30:37 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa uTorrent.exe versão 3.4.9.43085 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1560 Hora de Início: 01d27e876512ebd9 Hora de Término: 15 Caminho do Aplicativo: C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe ID do Relatório: e1dea44a-ea81-11e6-82c9-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/03/2017 10:09:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 12b0 Hora de Início: 01d27e7a31148157 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe ID do Relatório: 27547f54-ea6e-11e6-82c9-7429afa47974 Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/03/2017 10:02:37 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/02/2017 06:56:56 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/02/2017 06:56:55 PM) (Source: DbxSvc) (EventID: 270) (User: ) Description: Filter Unload failed with: (-2145452013) O sistema não pôde localizar o filtro especificado. Error: (02/02/2017 04:16:32 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa left4dead2.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1cdc Hora de Início: 01d27d195dddb631 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe ID do Relatório: 2361c07e-e90f-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/01/2017 10:55:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: TERA-Launcher.exe, versão: 3.5.3.2, carimbo de data/hora: 0x5236e244 Nome do módulo com falha: gbiehScd.dll, versão: 4.14.0.106, carimbo de data/hora: 0x55cce4d4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x00160a5b ID do processo com falha: 0x20cc Hora de início do aplicativo com falha: 0x01d27ce96a2da0d5 Caminho do aplicativo com falha: C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe Caminho do módulo com falha: C:\Program Files (x86)\GbPlugin\gbiehScd.dll ID do Relatório: 5a1485bb-e8e2-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/01/2017 07:41:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1c8c Hora de Início: 01d27cd32f911972 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe ID do Relatório: 22546f8c-e8c7-11e6-82c8-7429afa47974 Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/01/2017 08:24:15 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem enviados para a Microsoft, (Erro 80070005). Error: (02/01/2017 02:43:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa csgo.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 2ca4 Hora de Início: 01d27c45a5ec7e46 Hora de Término: 12 Caminho do Aplicativo: C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe ID do Relatório: f4b82d96-e838-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (02/03/2017 10:09:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Intel(R) Management and Security Application Local Management Service suspenso ao iniciar. Error: (02/03/2017 10:07:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Dell Digital Delivery Service devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:07:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Digital Delivery Service. Error: (02/03/2017 10:07:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Dell Foundation Services devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:07:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Foundation Services. Error: (02/03/2017 10:03:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço LogMeIn Hamachi Tunneling Engine devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:03:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço LogMeIn Hamachi Tunneling Engine. Error: (02/03/2017 10:02:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço LibUsb-Win32 - Daemon, Version 0.1.10.1 devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (02/03/2017 10:02:03 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\drivers\libusb0.sys Error: (02/03/2017 10:01:58 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\drivers\libusb0.sys CodeIntegrity: =================================== Date: 2017-02-02 22:18:32.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-16 15:11:43.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-13 14:36:36.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 12:11:02.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-03 18:05:28.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-02 02:13:56.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-19 17:38:40.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-11 16:27:40.146 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-06 21:41:12.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-20 08:08:56.210 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentagem de memória em uso: 49% RAM física total: 8096.46 MB RAM física disponível: 4074.86 MB Virtual Total: 11168.46 MB Virtual disponível: 7012.63 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:547.18 GB) NTFS Drive d: (CDROM) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT. ==================== Fim de Addition.txt ============================ Thanks!
  4. Hello guys, my computer is showing some realy weird comportament, after i've scanned with Malwarebytes it found somewhat like 3000 itens, most with the same name. As soon as i start it it is ok, but sometime later my notebook goes damn slow (Somewhat like 10min working well), stop opening some sites and stuff. Ty for any help. Addition.txt FRST.txt
  5. Actually was an AD from the own site, it seems that is everything ok now! I thank you very much Borislav.
  6. Hum.. Ads seems to be gone, but still, sometimes when i click somewhere in page and "ad-page" opens, not sure if normal. Ty anyway!
  7. Sorry for the delay. Here it is. C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting - quarantined
  8. Hello, here are the logs. Malwarebytes Anti-Malwarewww.malwarebytes.org Data da Verificação: 17/06/2015Hora da Verificação: 23:23:01Arquivo de Log: ddd.txtAdministrador: Sim Versão: 2.01.6.1022Base de Dados de Malware: v2015.06.17.05Base de Dados de Rootkit: v2015.06.15.01Licença: GrátisProteção de Malware: DesabilitadoProteção de Site Malicioso: DesabilitadoAuto-Proteção: Desabilitado SO: Windows 8.1Processador: x64Sistema de Arquivos: NTFSUsuário: Yeriah Tipo da Verificação: Verificar AmeaçaResultado: TerminadoObjetos Verificados: 381450Tempo Decorrido: 13 min, 33 seg Memória: HabilitadoInicialização: HabilitadoSistema de Arquivos: HabilitadoArquivos Compactados: HabilitadoRootkits: DesabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 0(Nenhum item malicioso detectado) Módulos: 0(Nenhum item malicioso detectado) Chaves de Registro: 0(Nenhum item malicioso detectado) Valores de Registro: 0(Nenhum item malicioso detectado) Dados de Registro: 0(Nenhum item malicioso detectado) Pastas: 0(Nenhum item malicioso detectado) Arquivos: 1PUP.Optional.OpenCandy, C:\Users\Yeriah\Downloads\PowerISO6-x64.exe, , [498006b58901d1651efe5e0f57af1be5], Setores Físicos: 0(Nenhum item malicioso detectado) (end) Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015Ran by Yeriah at 2015-06-17 23:14:07 Run:1Running from C:\Users\Yeriah\DownloadsLoaded Profiles: UpdatusUser & Yeriah (Available Profiles: UpdatusUser & Yeriah)Boot Mode: Normal============================================== fixlist content:*****************startCloseProcesses:FirewallRules: [{B885A1E5-DD6C-44A9-B35E-3CB4E2A47590}] => (Allow) C:\Program Files\BitComet\BitComet.exeFirewallRules: [{63BB8BEF-0CF7-4CC5-8543-B34ACD0B5B3A}] => (Allow) C:\Program Files\BitComet\BitComet.exeC:\Program Files\BitCometURLSearchHook: [s-1-5-21-4078040627-3876670005-1468608263-1001] ATTENTION ==> Default URLSearchHook is missingSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =2015-06-16 22:06 - 2015-05-13 20:09 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BitComet2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\Users\Todos os Usuários\softthinks2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\ProgramData\softthinksC:\Users\Yeriah\AppData\Local\Temp\i4jdel0.exeEmptyTemp:end***************** Processes closed successfully.HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B885A1E5-DD6C-44A9-B35E-3CB4E2A47590} => value removed successfullyHKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63BB8BEF-0CF7-4CC5-8543-B34ACD0B5B3A} => value removed successfully"C:\Program Files\BitComet" => File/Folder not found.Could not restore Default URLSearchHook.HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyC:\Users\Yeriah\AppData\Roaming\BitComet => moved successfully. "C:\Users\Todos os Usuários\softthinks" folder move: Could not move "C:\Users\Todos os Usuários\softthinks" folder => Scheduled to move on reboot. "C:\ProgramData\softthinks" folder move: Could not move "C:\ProgramData\softthinks" folder => Scheduled to move on reboot. C:\Users\Yeriah\AppData\Local\Temp\i4jdel0.exe => moved successfully.EmptyTemp: => 3.9 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-17 23:17:38)<= C:\Users\Todos os Usuários\softthinks => Is moved successfullyC:\ProgramData\softthinks => Is moved successfully ==== End of Fixlog 23:17:38 ====
  9. Hello guys, it has been some time since some popups started to shown everywhere, in my browser, and even inside a game (Dota2). I'd be glad if you could help me on this. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015Ran by Yeriah (administrator) on PC-DO-ALEX on 16-06-2015 22:08:19Running from C:\Users\Yeriah\DownloadsLoaded Profiles: UpdatusUser & Yeriah (Available Profiles: UpdatusUser & Yeriah)Platform: Windows 8.1 Single Language (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-07] (Power Software Ltd)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications)HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28920448 2015-05-14] (Skype Technologies S.A.)HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: E - "E:\Setup.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-02] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [326224 2013-08-02] (NVIDIA Corporation)ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=genHKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=genURLSearchHook: [s-1-5-21-4078040627-3876670005-1468608263-1001] ATTENTION ==> Default URLSearchHook is missingSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation)Tcpip\Parameters: [DhcpNameServer] 89.248.171.33 8.8.8.8 FireFox:========FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) Chrome: =======CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]CHR Extension: (Google Sheets) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]CHR Extension: (Google Wallet) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows ® Win 7 DDK provider) [File not signed]S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] ()S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated)S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 22:08 - 2015-06-16 22:08 - 00015787 _____ C:\Users\Yeriah\Downloads\FRST.txt2015-06-16 22:08 - 2015-06-16 22:08 - 00000000 ____D C:\FRST2015-06-16 22:07 - 2015-06-16 22:07 - 02109952 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe2015-06-16 22:05 - 2015-06-16 22:06 - 01148416 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST.exe2015-06-16 22:04 - 2015-06-16 22:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-16 22:03 - 2015-06-16 22:03 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-16 22:03 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-16 22:03 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-16 22:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-16 22:00 - 2015-06-16 22:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yeriah\Downloads\mbam-setup-2.1.6.1022.exe2015-06-16 17:11 - 2015-06-16 17:11 - 00000000 ____D C:\Users\Yeriah\Documents\Amnesia2015-06-16 16:13 - 2015-06-16 16:13 - 00002198 _____ C:\Users\Yeriah\Desktop\Amnesia.lnk2015-06-16 16:13 - 2015-06-16 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent2015-06-16 16:07 - 2015-06-16 16:13 - 00000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent2015-06-14 16:56 - 2015-06-14 16:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-06-14 16:56 - 2015-06-14 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-06-14 16:56 - 2015-06-14 16:56 - 00000000 ____D C:\Program Files (x86)\Java2015-06-14 16:46 - 2015-06-14 16:46 - 00562272 _____ (Oracle Corporation) C:\Users\Yeriah\Downloads\chromeinstall-8u45 (1).exe2015-06-14 16:38 - 2015-06-14 16:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\Yeriah\Downloads\HijackThis.exe2015-06-14 16:34 - 2015-06-14 16:34 - 00001286 _____ C:\Users\Yeriah\Desktop\Revo Uninstaller.lnk2015-06-14 16:34 - 2015-06-14 16:34 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2015-06-14 16:32 - 2015-06-14 16:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Yeriah\Downloads\revosetup.exe2015-06-14 16:29 - 2015-06-14 16:29 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2015-06-14 16:27 - 2015-06-14 16:27 - 00000000 ____D C:\_OTL2015-06-14 16:22 - 2015-06-14 16:22 - 00071004 _____ C:\Users\Yeriah\Downloads\Extras.Txt2015-06-14 16:21 - 2015-06-14 16:21 - 00102608 _____ C:\Users\Yeriah\Downloads\OTL.Txt2015-06-14 16:15 - 2015-06-14 16:15 - 00602112 _____ (OldTimer Tools) C:\Users\Yeriah\Downloads\OTL.exe2015-06-14 16:13 - 2015-06-14 16:13 - 00001682 _____ C:\Users\Yeriah\Desktop\JRT.txt2015-06-14 16:12 - 2015-06-14 16:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PC-DO-ALEX-Windows-8.1-Single-Language-(64-bit).dat2015-06-14 16:12 - 2015-06-14 16:12 - 00000000 ____D C:\RegBackup2015-06-14 16:10 - 2015-06-14 16:10 - 02944147 _____ (Thisisu) C:\Users\Yeriah\Downloads\JRT.exe2015-06-14 15:58 - 2015-06-14 16:04 - 00000000 ____D C:\AdwCleaner2015-06-14 15:57 - 2015-06-14 15:58 - 02231296 _____ C:\Users\Yeriah\Downloads\AdwCleaner.exe2015-06-09 19:47 - 2015-05-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll2015-06-09 19:47 - 2015-05-25 10:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll2015-06-09 19:47 - 2015-04-08 19:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll2015-06-09 19:47 - 2015-04-08 19:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml2015-06-09 19:47 - 2015-04-01 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2015-06-09 19:47 - 2015-04-01 19:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2015-06-09 19:47 - 2015-03-20 00:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll2015-06-09 19:47 - 2015-03-20 00:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll2015-06-09 19:47 - 2015-03-19 23:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2015-06-09 19:47 - 2015-03-19 23:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2015-06-09 19:47 - 2015-03-01 22:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll2015-06-09 19:47 - 2015-03-01 22:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll2015-06-09 19:46 - 2015-05-27 11:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-06-09 19:46 - 2015-05-27 11:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-06-09 19:46 - 2015-05-23 00:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-06-09 19:46 - 2015-05-23 00:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-06-09 19:46 - 2015-05-23 00:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-06-09 19:46 - 2015-05-23 00:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-06-09 19:46 - 2015-05-23 00:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-06-09 19:46 - 2015-05-22 23:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-06-09 19:46 - 2015-05-22 23:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-06-09 19:46 - 2015-05-22 23:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-06-09 19:46 - 2015-05-22 23:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-06-09 19:46 - 2015-05-22 23:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-06-09 19:46 - 2015-05-22 23:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-06-09 19:46 - 2015-05-22 23:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-06-09 19:46 - 2015-05-22 23:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-06-09 19:46 - 2015-05-22 23:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-06-09 19:46 - 2015-05-22 23:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2015-06-09 19:46 - 2015-05-22 23:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-06-09 19:46 - 2015-05-22 23:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-06-09 19:46 - 2015-05-22 23:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-06-09 19:46 - 2015-05-22 16:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-06-09 19:46 - 2015-05-22 16:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-06-09 19:46 - 2015-05-22 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-06-09 19:46 - 2015-05-22 15:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-06-09 19:46 - 2015-05-22 15:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-06-09 19:46 - 2015-05-22 15:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-06-09 19:46 - 2015-05-22 15:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-06-09 19:46 - 2015-05-22 15:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-06-09 19:46 - 2015-05-22 15:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-06-09 19:46 - 2015-05-22 15:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-06-09 19:46 - 2015-05-22 15:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-06-09 19:46 - 2015-05-22 15:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-06-09 19:46 - 2015-05-22 15:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-06-09 19:46 - 2015-05-22 15:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-06-09 19:46 - 2015-05-22 15:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-06-09 19:46 - 2015-05-22 14:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-06-09 19:46 - 2015-05-22 14:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-06-09 19:46 - 2015-05-22 14:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-06-09 19:46 - 2015-05-22 14:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-06-09 19:46 - 2015-05-22 14:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-06-09 19:46 - 2015-04-24 23:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2015-06-09 19:46 - 2015-04-24 23:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll2015-06-09 19:46 - 2015-04-16 03:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS2015-06-09 19:46 - 2015-04-13 19:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll2015-06-09 19:46 - 2015-04-13 19:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll2015-06-09 19:46 - 2015-04-09 21:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll2015-06-09 19:46 - 2015-04-09 21:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll2015-06-09 19:46 - 2015-04-01 01:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe2015-06-09 19:46 - 2015-04-01 01:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll2015-06-09 19:46 - 2015-04-01 01:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll2015-06-09 19:46 - 2015-04-01 01:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll2015-06-09 19:46 - 2015-04-01 00:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll2015-06-09 19:46 - 2015-04-01 00:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll2015-06-09 19:46 - 2015-04-01 00:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe2015-06-09 19:46 - 2015-03-31 23:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll2015-06-09 19:46 - 2015-03-31 23:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe2015-06-09 19:46 - 2015-03-31 23:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll2015-06-09 19:46 - 2015-03-31 23:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll2015-06-09 19:46 - 2015-03-31 23:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll2015-06-09 19:46 - 2015-03-31 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe2015-06-09 19:45 - 2015-05-21 13:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-06-08 00:11 - 2015-06-08 00:20 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\OBS2015-06-08 00:11 - 2015-06-08 00:11 - 00000953 _____ C:\Users\Yeriah\Desktop\Open Broadcaster Software.lnk2015-06-08 00:11 - 2015-06-08 00:11 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software2015-06-08 00:11 - 2015-06-08 00:11 - 00000000 ____D C:\Program Files\OBS2015-06-08 00:11 - 2015-06-08 00:11 - 00000000 ____D C:\Program Files (x86)\OBS2015-06-08 00:10 - 2015-06-08 00:11 - 07072745 _____ C:\Users\Yeriah\Downloads\OBS_0_651b_Installer.exe2015-06-08 00:08 - 2015-06-08 00:08 - 00000000 ____D C:\Users\Yeriah\Downloads\Converter2015-06-08 00:06 - 2015-06-08 00:07 - 11299041 _____ C:\Users\Yeriah\Downloads\Converter.zip2015-06-07 19:10 - 2015-06-07 19:38 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Knights Saves2015-06-07 19:04 - 2015-06-07 19:04 - 00000222 _____ C:\Users\Yeriah\Desktop\Knights and Merchants.url2015-06-07 17:33 - 2015-06-07 17:33 - 00000000 ____D C:\Users\Yeriah\AppData\Local\GWX2015-06-06 22:55 - 2015-06-07 02:55 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\.minecraft2015-06-06 22:55 - 2015-06-06 22:55 - 00160088 _____ C:\Users\Yeriah\Downloads\Minecraft (1).rar2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\Users\Todos os Usuários\Sun2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\Users\Todos os Usuários\Oracle2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\ProgramData\Sun2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\ProgramData\Oracle2015-06-06 22:51 - 2015-06-06 22:52 - 00562272 _____ (Oracle Corporation) C:\Users\Yeriah\Downloads\chromeinstall-8u45.exe2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\Users\Yeriah\Downloads\Minecraft2015-06-06 17:11 - 2015-06-06 17:11 - 00001172 _____ C:\Users\Public\Desktop\Battle.net.lnk2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Battle.net2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Blizzard Entertainment2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Battle.net2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Todos os Usuários\Blizzard Entertainment2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\ProgramData\Blizzard Entertainment2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Program Files (x86)\Battle.net2015-06-06 17:08 - 2015-06-06 21:40 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ArmA 2 OA2015-06-06 17:08 - 2015-06-06 17:10 - 00000000 ____D C:\Users\Yeriah\Documents\ArmA 22015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\Users\Todos os Usuários\Bohemia Interactive Studio2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\Users\Todos os Usuários\Battle.net2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\ProgramData\Battle.net2015-06-06 15:27 - 2015-06-06 15:27 - 00000222 _____ C:\Users\Yeriah\Desktop\Arma 2 DayZ Mod.url2015-06-06 14:08 - 2015-06-06 14:08 - 03080760 _____ (Blizzard Entertainment) C:\Users\Yeriah\Downloads\Heroes-of-the-Storm-Setup-ptBR.exe2015-06-06 14:06 - 2015-06-06 14:06 - 00000221 _____ C:\Users\Yeriah\Desktop\Arma 2 Operation Arrowhead.url2015-06-05 23:33 - 2015-06-05 23:33 - 00160088 _____ C:\Users\Yeriah\Downloads\Minecraft.rar2015-06-04 23:28 - 2015-05-22 10:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-06-04 23:28 - 2015-05-21 10:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-06-04 23:28 - 2015-05-21 10:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-06-04 23:28 - 2015-04-16 19:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-05-30 17:35 - 2015-05-30 17:36 - 627681016 _____ C:\Users\Yeriah\Downloads\Life 01.avi2015-05-29 23:46 - 2015-05-30 14:52 - 00000136 _____ C:\Windows\ODBC.INI2015-05-25 13:55 - 2015-05-25 13:55 - 00000000 ____D C:\Users\Yeriah\AppData\Local\SKIDROW2015-05-25 13:17 - 2015-05-25 13:17 - 08552448 _____ C:\Users\Yeriah\Downloads\hamachi (1).msi2015-05-23 23:36 - 2015-05-23 23:36 - 00000000 ____D C:\Users\Yeriah\Tracing2015-05-23 23:34 - 2015-06-16 13:58 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ___RD C:\Program Files (x86)\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\Users\Todos os Usuários\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\ProgramData\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-05-23 23:31 - 2015-05-23 23:34 - 43028096 _____ (Skype Technologies S.A.) C:\Users\Yeriah\Downloads\SkypeSetupFull.exe2015-05-20 19:35 - 2015-05-20 19:35 - 00002321 _____ C:\Users\Public\Desktop\Europa Universalis IV El Dorado.lnk2015-05-20 19:35 - 2015-05-20 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive2015-05-20 19:32 - 2015-05-20 19:32 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive2015-05-20 19:30 - 2015-05-20 19:30 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\PowerISO2015-05-20 18:48 - 2015-05-20 18:48 - 00000826 _____ C:\Users\Public\Desktop\PowerISO.lnk2015-05-20 18:48 - 2015-05-20 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO2015-05-20 18:48 - 2015-05-20 18:48 - 00000000 ____D C:\Program Files\PowerISO2015-05-20 18:48 - 2015-04-07 23:01 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys2015-05-20 18:47 - 2015-05-20 18:47 - 02814520 _____ (Power Software Ltd) C:\Users\Yeriah\Downloads\PowerISO6-x64.exe2015-05-20 18:47 - 2015-05-20 18:47 - 00171768 _____ C:\Users\Yeriah\Downloads\[kat.cr]europa.universalis.iv.el.dorado.skidrow.torrent2015-05-20 18:00 - 2015-05-20 18:00 - 00000000 ____D C:\Users\Yeriah\Documents\Paradox Interactive2015-05-17 14:47 - 2015-05-17 14:47 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes2015-05-17 14:47 - 2015-05-17 14:47 - 00000000 ____D C:\ProgramData\Malwarebytes2015-05-17 14:45 - 2015-05-17 14:45 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Yeriah\Downloads\mbam-setup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 22:08 - 2015-04-10 20:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps2015-06-16 22:08 - 2015-04-10 20:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-10022015-06-16 22:08 - 2015-04-06 12:28 - 01583072 _____ C:\Windows\WindowsUpdate.log2015-06-16 22:06 - 2015-05-13 20:09 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BitComet2015-06-16 22:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru2015-06-16 21:34 - 2015-04-10 20:23 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-16 20:24 - 2015-04-18 22:19 - 00000000 ____D C:\Users\Yeriah\AppData\Local\LogMeIn Hamachi2015-06-16 20:06 - 2015-04-10 20:24 - 00000000 ____D C:\Program Files (x86)\Steam2015-06-16 19:05 - 2015-04-21 16:38 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time2015-06-14 22:20 - 2015-04-06 12:19 - 00000000 ____D C:\Program Files\Dell2015-06-14 20:37 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness2015-06-14 16:57 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache2015-06-14 16:41 - 2015-04-10 20:17 - 00000000 ____D C:\Users\Yeriah\AppData\Local\VirtualStore2015-06-14 16:37 - 2015-04-06 12:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery2015-06-14 16:30 - 2015-04-10 20:23 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-06-14 16:28 - 2015-04-10 20:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive2015-06-14 16:28 - 2013-08-22 11:46 - 00026006 _____ C:\Windows\setupact.log2015-06-14 16:28 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-14 16:27 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI2015-06-14 16:05 - 2014-11-21 17:32 - 00051864 _____ C:\Windows\PFRO.log2015-06-13 17:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF2015-06-13 15:55 - 2013-08-22 11:44 - 00346864 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-13 15:53 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ToastData2015-06-13 15:53 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions2015-06-09 22:14 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp2015-06-09 22:13 - 2015-04-13 19:52 - 00000000 ____D C:\Windows\system32\MRT2015-06-09 22:09 - 2015-04-13 19:52 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-06-09 20:35 - 2015-04-10 20:24 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-06-08 21:16 - 2014-11-22 00:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll2015-06-08 21:16 - 2014-11-22 00:16 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll2015-06-08 21:16 - 2014-11-22 00:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe2015-06-08 21:16 - 2014-11-22 00:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll2015-06-08 21:16 - 2013-08-22 08:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll2015-06-08 21:16 - 2013-08-22 08:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe2015-06-08 21:16 - 2013-08-22 08:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll2015-06-08 21:16 - 2013-08-22 08:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll2015-06-08 21:16 - 2013-08-22 08:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll2015-06-08 21:16 - 2013-08-22 00:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll2015-06-08 21:16 - 2013-08-22 00:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe2015-06-08 21:16 - 2013-08-22 00:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll2015-06-08 21:16 - 2013-08-22 00:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll2015-06-08 21:16 - 2013-08-22 00:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll2015-06-07 19:04 - 2015-04-10 20:30 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-06-07 17:35 - 2015-04-19 12:51 - 00000000 ____D C:\Windows\system32\appraiser2015-06-07 17:35 - 2014-11-22 07:35 - 00000000 ___SD C:\Windows\system32\CompatTel2015-06-06 17:08 - 2015-04-10 22:18 - 00027598 _____ C:\Windows\DirectX.log2015-06-04 23:11 - 2015-04-10 20:17 - 00000000 ____D C:\Users\Yeriah2015-06-03 13:18 - 2014-11-22 07:44 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-06-03 13:18 - 2014-11-22 07:44 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-05-30 17:53 - 2015-05-13 20:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\Users\Todos os Usuários\softthinks2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\ProgramData\softthinks2015-05-20 19:29 - 2015-04-06 12:31 - 00000000 ____D C:\Users\Todos os Usuários\CyberLink2015-05-20 19:29 - 2015-04-06 12:31 - 00000000 ____D C:\ProgramData\CyberLink2015-05-19 23:52 - 2015-04-19 12:50 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-05-19 23:52 - 2015-04-19 12:50 - 00000000 ___SD C:\Windows\system32\GWX2015-05-19 12:08 - 2014-11-21 23:43 - 01800588 _____ C:\Windows\system32\PerfStringBackup.INI2015-05-19 12:08 - 2014-11-21 22:52 - 00775938 _____ C:\Windows\system32\prfh0416.dat2015-05-19 12:08 - 2014-11-21 22:52 - 00159030 _____ C:\Windows\system32\prfc0416.dat2015-05-19 11:55 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel2015-05-19 11:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers ==================== Files in the root of some directories ======= 2015-04-06 12:10 - 2015-04-06 12:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2015-04-06 12:37 - 2015-04-06 12:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log2015-04-06 12:32 - 2015-04-06 12:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log2015-04-06 12:33 - 2015-04-06 12:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log2015-04-06 12:35 - 2015-04-06 12:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log2015-04-06 12:31 - 2015-04-06 12:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP:====================C:\Users\Yeriah\AppData\Local\Temp\i4jdel0.exeC:\Users\Yeriah\AppData\Local\Temp\Quarantine.exeC:\Users\Yeriah\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-06 14:12 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015Ran by Yeriah at 2015-06-16 22:09:08Running from C:\Users\Yeriah\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled)Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled)UpdatusUser (S-1-5-21-4078040627-3876670005-1468608263-1001 - Limited - Enabled) => C:\Users\UpdatusUserYeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)Atualizações da NVIDIA 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) HiddenBattle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.)CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)Dell Foundation Services (HKLM\...\{90B2EE35-59D0-4A1F-B125-9F678D46A955}) (Version: 2.1.125.0 - Dell Inc.)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Europa Universalis IV El Dorado (HKLM-x32\...\Europa Universalis IV El Dorado_is1) (Version: - )Fraps (HKLM-x32\...\Fraps) (Version: - )Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Knights and Merchants (HKLM-x32\...\Steam App 253900) (Version: - Topware Interactive)LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) HiddenMalwarebytes Anti-Malware versão 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)NVIDIA Driver de gráficos 326.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.49 - NVIDIA Corporation)NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd)Painel de controle da NVIDIA 326.49 (Version: 326.49 - NVIDIA Corporation) HiddenPopcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official)PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.)Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 19-05-2015 23:51:01 Windows Update06-06-2015 12:41:10 Windows Update08-06-2015 21:16:33 Instalador de Módulos do Windows14-06-2015 16:35:10 Revo Uninstaller's restore point - Geeks3D FurMark 1.14.116-06-2015 22:06:01 Revo Uninstaller's restore point - BitComet 1.38 64-bit ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D38A464-134F-45C2-9B44-4939B4AD4C29} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)Task: {2AE09075-FB53-4A98-A624-623F2A7715D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)Task: {53A59D03-B3DE-4CE9-A3B8-1EF14DAEE6BE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)Task: {63DAF388-63D6-4C61-BC69-81E3CA74754E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)Task: {A06293AC-5DF6-443A-90C0-A027D0623E81} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated)Task: {B52C1A44-819C-4F99-B74B-BBB04ABE82B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)Task: {D3A0A38B-D40F-4EE1-9189-0953647F706A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasksTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-06 12:28 - 2013-08-02 04:10 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2015-04-06 12:29 - 2013-08-01 10:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-04-06 12:40 - 2014-06-04 15:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll2015-04-06 12:40 - 2014-06-04 15:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll2015-04-06 12:40 - 2014-06-04 15:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll2014-11-30 19:59 - 2014-11-30 19:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2014-11-30 19:56 - 2014-11-30 19:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll2014-11-30 20:02 - 2014-11-30 20:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe2015-04-06 12:40 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe2015-06-04 23:15 - 2015-04-16 14:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-06-04 23:15 - 2015-04-22 23:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll2015-06-04 23:15 - 2015-06-04 15:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll2015-06-04 23:15 - 2015-04-22 23:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-06-04 23:15 - 2015-04-22 23:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll2015-04-10 20:27 - 2014-12-01 18:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2015-04-10 20:27 - 2015-06-04 15:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2015-04-06 12:33 - 2013-03-05 00:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2015-04-10 20:27 - 2015-05-11 16:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2015-04-06 12:21 - 2013-09-17 09:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2015-04-06 12:40 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll2015-04-06 12:40 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll2015-04-06 12:39 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll2015-06-09 20:35 - 2015-06-05 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll2015-06-09 20:35 - 2015-06-05 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll2015-06-09 20:35 - 2015-06-05 15:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll2015-05-19 12:04 - 2015-05-11 16:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Yeriah\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpgDNS Servers: 89.248.171.33 - 8.8.8.8 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{A77C0DB9-39AE-4AFA-9E74-E5145A107663}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{5AEC61D9-A259-4DF2-A8C3-B16A50C96CE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exeFirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exeFirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exeFirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeFirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeFirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [uDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => (Block) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => (Block) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [{B885A1E5-DD6C-44A9-B35E-3CB4E2A47590}] => (Allow) C:\Program Files\BitComet\BitComet.exeFirewallRules: [{63BB8BEF-0CF7-4CC5-8543-B34ACD0B5B3A}] => (Allow) C:\Program Files\BitComet\BitComet.exeFirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => (Allow) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [uDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => (Allow) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => (Block) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => (Block) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [{21B5650D-27F8-4707-928E-456BE8746D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exeFirewallRules: [{D8CF4E9E-DD00-48BD-98B0-180D64DB54A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exeFirewallRules: [{70A52FD1-2788-457F-A46C-8309CCC813AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exeFirewallRules: [{C263DD9D-93E8-45E6-9E5F-1CA61AF60BF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exeFirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exeFirewallRules: [uDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exeFirewallRules: [{B9CBC7B9-E61A-4D78-966F-5BA69E48F7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\KM_TPR.exeFirewallRules: [{103AFE67-C2EF-449B-AD99-28909F11424B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\KM_TPR.exeFirewallRules: [{4C9D8F2E-F54C-4588-B4FC-6979EC7C627C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exeFirewallRules: [{4B9770E2-61C7-4E8D-9BEA-B911E9E1651A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exeFirewallRules: [{1CD95820-D464-49ED-8DDD-A11BDDC83465}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/16/2015 10:08:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: ERUNT.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e19Nome do módulo com falha: uxtheme.dll, versão: 6.3.9600.17415, carimbo de data/hora: 0x54503957Código de exceção: 0xc0000005Deslocamento da falha: 0x000322ffID do processo com falha: 0x191cHora de início do aplicativo com falha: 0xERUNT.exe0Caminho do aplicativo com falha: ERUNT.exe1Caminho do módulo com falha: ERUNT.exe2ID do Relatório: ERUNT.exe3Nome completo do pacote com falha: ERUNT.exe4ID do aplicativo relativo ao pacote com falha: ERUNT.exe5 Error: (06/16/2015 05:13:26 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: O programa Amnesia.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1d7c Hora de Início: 01d0a870b56a9209 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Amnesia.exe ID do Relatório: 24ca2263-1464-11e5-8265-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (06/16/2015 02:46:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/15/2015 06:55:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 05:26:19 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (06/14/2015 02:48:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 01:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: hl2.exe, versão: 0.0.0.0, carimbo de data/hora: 0x552d15e0Nome do módulo com falha: client.dll, versão: 1.0.0.1, carimbo de data/hora: 0x556b2796Código de exceção: 0xc0000005Deslocamento da falha: 0x0015f34aID do processo com falha: 0x490Hora de início do aplicativo com falha: 0xhl2.exe0Caminho do aplicativo com falha: hl2.exe1Caminho do módulo com falha: hl2.exe2ID do Relatório: hl2.exe3Nome completo do pacote com falha: hl2.exe4ID do aplicativo relativo ao pacote com falha: hl2.exe5 Error: (06/13/2015 05:27:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: hl2.exe, versão: 0.0.0.0, carimbo de data/hora: 0x552d15e0Nome do módulo com falha: client.dll, versão: 1.0.0.1, carimbo de data/hora: 0x556b2796Código de exceção: 0xc0000005Deslocamento da falha: 0x0015f34aID do processo com falha: 0x1d7cHora de início do aplicativo com falha: 0xhl2.exe0Caminho do aplicativo com falha: hl2.exe1Caminho do módulo com falha: hl2.exe2ID do Relatório: hl2.exe3Nome completo do pacote com falha: hl2.exe4ID do aplicativo relativo ao pacote com falha: hl2.exe5 Error: (06/13/2015 05:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: hl2.exe, versão: 0.0.0.0, carimbo de data/hora: 0x552d15e0Nome do módulo com falha: client.dll, versão: 1.0.0.1, carimbo de data/hora: 0x556b2796Código de exceção: 0xc0000005Deslocamento da falha: 0x0015f34aID do processo com falha: 0x200cHora de início do aplicativo com falha: 0xhl2.exe0Caminho do aplicativo com falha: hl2.exe1Caminho do módulo com falha: hl2.exe2ID do Relatório: hl2.exe3Nome completo do pacote com falha: hl2.exe4ID do aplicativo relativo ao pacote com falha: hl2.exe5 Error: (06/13/2015 04:47:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 System errors:=============Error: (06/14/2015 04:27:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\athihvs.dll Error: (06/14/2015 04:27:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\athihvs.dll Error: (06/14/2015 04:27:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\athihvs.dll Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço SoftThinks Agent Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Cyberlink RichVideo Service(CRVS) foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Steam Client Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Intel® Dynamic Application Loader Host Interface Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Intel® Rapid Storage Technology foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço LogMeIn Hamachi Tunneling Engine foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço NVIDIA Update Service Daemon foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Microsoft Office:=========================Error: (06/16/2015 10:08:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: ERUNT.exe0.0.0.02a425e19uxtheme.dll6.3.9600.1741554503957c0000005000322ff191c01d0a89a0f37a7a9C:\Windows\ERUNT.exeC:\Windows\system32\uxtheme.dll4d08462b-148d-11e5-8265-7429afa47974 Error: (06/16/2015 05:13:26 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Amnesia.exe0.0.0.01d7c01d0a870b56a92094294967295C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Amnesia.exe24ca2263-1464-11e5-8265-7429afa47974 Error: (06/16/2015 02:46:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/15/2015 06:55:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 05:26:19 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (06/14/2015 02:48:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 01:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )Description: hl2.exe0.0.0.0552d15e0client.dll1.0.0.1556b2796c00000050015f34a49001d0a6484907789cC:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exec:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\client.dlle8045810-1249-11e5-8263-7429afa47974 Error: (06/13/2015 05:27:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: hl2.exe0.0.0.0552d15e0client.dll1.0.0.1556b2796c00000050015f34a1d7c01d0a616e8a3c0d2C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exec:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\client.dlla5aa9f92-120a-11e5-8263-7429afa47974 Error: (06/13/2015 05:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )Description: hl2.exe0.0.0.0552d15e0client.dll1.0.0.1556b2796c00000050015f34a200c01d0a6150757ffbfC:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exec:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\client.dlle2c373c8-1209-11e5-8263-7429afa47974 Error: (06/13/2015 04:47:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 ==================== Memory info =========================== Processor: Intel® Core i7-4510U CPU @ 2.00GHzPercentage of memory in use: 44%Total physical RAM: 8096.46 MBAvailable physical RAM: 4477.27 MBTotal Pagefile: 9376.46 MBAvailable Pagefile: 4997.4 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:826.41 GB) NTFSDrive e: (Amnesia - The Da) (CDROM) (Total:0.95 GB) (Free:0 GB) CDFSDrive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFSDrive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT Partition Type. ==================== End of log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.