Yeriah
Members-
Posts
9 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
615 profile views
-
Computer has suddenly became too slow
Yeriah replied to Yeriah's topic in Resolved Malware Removal Logs
Done. It has deleted 3.34gb of temporary files Should i do anything else? -
Computer has suddenly became too slow
Yeriah replied to Yeriah's topic in Resolved Malware Removal Logs
Ok. Here are the results ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 8.1 Single Language x64 Ran by Yeriah (Administrator) on 07/02/2017 at 12:34:54,50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 3 Successfully deleted: C:\users\Public\Documents\guid (Folder) Successfully deleted: C:\Users\Yeriah\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07/02/2017 at 12:58:10,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.043 - Relatório criado 07/02/2017 às 14:15:52 # Atualizado em 27/01/2017 por Malwarebytes # Banco de dados : 2017-02-03.2 [Servidor] # Sistema operacional : Windows 8.1 Single Language (X64) # Usuário : Yeriah - PC-DO-ALEX # Executando de : C:\Users\Yeriah\Downloads\AdwCleaner.exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta excluída:C:\Users\Yeriah\AppData\LocalLow\.acestream [-] Pasta excluída:C:\Users\Yeriah\AppData\Roaming\.acestream [-] Pasta excluída:C:\Users\Yeriah\AppData\Roaming\acestream [-] Pasta excluída:C:\_acestream_cache_ ***** [ Arquivos ] ***** [-] Arquivo excluído:C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat [#] Arquivo excluído:C:\ProgramData\Application Data\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** [-] Chave excluída:HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Classes\acestream [#] Chave excluída na reinicialização:HKCU\Software\Classes\acestream [#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\acestream [-] Chave excluída:HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Conduit [#] Chave excluída na reinicialização:HKCU\Software\Conduit [#] Chave excluída na reinicialização:[x64] HKCU\Software\Conduit [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com ***** [ Verificando navegadores ... ] ***** ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2115 Bytes] - [07/02/2017 14:15:52] C:\AdwCleaner\AdwCleaner[R0].txt - [1832 Bytes] - [14/06/2015 16:59:36] C:\AdwCleaner\AdwCleaner[S0].txt - [1821 Bytes] - [14/06/2015 17:04:50] C:\AdwCleaner\AdwCleaner[S1].txt - [2502 Bytes] - [07/02/2017 13:37:42] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2407 Bytes] ########## 2017-02-07 16:32:25.650 Sophos Virus Removal Tool version 2.5.6 2017-02-07 16:32:25.650 Copyright (c) 2009-2016 Sophos Limited. All rights reserved. 2017-02-07 16:32:25.650 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2017-02-07 16:32:25.650 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64 2017-02-07 16:32:25.650 Checking for updates... 2017-02-07 16:32:26.129 Update progress: proxy server not available 2017-02-07 16:32:40.489 Option all = no 2017-02-07 16:32:40.489 Option recurse = yes 2017-02-07 16:32:40.489 Option archive = no 2017-02-07 16:32:40.489 Option service = yes 2017-02-07 16:32:40.489 Option confirm = yes 2017-02-07 16:32:40.489 Option sxl = yes 2017-02-07 16:32:40.490 Option max-data-age = 35 2017-02-07 16:32:40.490 Option vdl-logging = yes 2017-02-07 16:32:40.499 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-02-07 16:32:40.499 Machine ID: c49517429cb54134ae25654c3a549d9f 2017-02-07 16:32:40.499 Component SVRTcli.exe version 2.5.6 2017-02-07 16:32:40.499 Component control.dll version 2.5.6 2017-02-07 16:32:40.499 Component SVRTservice.exe version 2.5.6 2017-02-07 16:32:40.499 Component engine\osdp.dll version 1.44.1.2270 2017-02-07 16:32:40.499 Component engine\veex.dll version 3.67.0.2270 2017-02-07 16:32:40.499 Component engine\savi.dll version 9.0.5.2270 2017-02-07 16:32:40.499 Component rkdisk.dll version 1.5.31.1 2017-02-07 16:32:40.499 Version info: Product version 2.5.6 2017-02-07 16:32:40.499 Version info: Detection engine 3.67.0 2017-02-07 16:32:40.499 Version info: Detection data 5.32 2017-02-07 16:32:40.499 Version info: Build date 04/10/2016 2017-02-07 16:32:40.499 Version info: Data files added 766 2017-02-07 16:32:40.499 Version info: Last successful update (not yet updated) 2017-02-07 16:32:49.417 Downloading updates... 2017-02-07 16:32:49.420 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE536 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE536 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE536 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE537 LATEST path= baseVersion= [included from product IDE536 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE537 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE537 LATEST path= 2017-02-07 16:32:49.420 Update progress: [I49502] sdds.data0910.xml: found supplement IDE538 LATEST path= baseVersion= [included from product IDE537 LATEST path=] 2017-02-07 16:32:49.420 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE538 LATEST path= 2017-02-07 16:32:49.421 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE538 LATEST path= 2017-02-07 16:32:49.421 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path= 2017-02-07 16:32:50.105 Update progress: [I19463] Syncing product SAVIW32 LATEST path= 2017-02-07 16:32:50.105 Update progress: [I19463] Product download size 156130248 bytes 2017-02-07 16:33:28.689 Update progress: [I19463] Syncing product IDE536 LATEST path= 2017-02-07 16:33:28.689 Update progress: [I19463] Product download size 3527452 bytes 2017-02-07 16:33:30.925 Update progress: [I19463] Syncing product IDE537 LATEST path= 2017-02-07 16:33:30.925 Update progress: [I19463] Product download size 2537599 bytes 2017-02-07 16:33:32.550 Update progress: [I19463] Syncing product IDE538 LATEST path= 2017-02-07 16:33:32.675 Installing updates... 2017-02-07 16:33:33.296 Error level 1 2017-02-07 16:34:33.974 Update successful 2017-02-07 16:34:47.415 Option all = no 2017-02-07 16:34:47.415 Option recurse = yes 2017-02-07 16:34:47.415 Option archive = no 2017-02-07 16:34:47.415 Option service = yes 2017-02-07 16:34:47.415 Option confirm = yes 2017-02-07 16:34:47.415 Option sxl = yes 2017-02-07 16:34:47.415 Option max-data-age = 35 2017-02-07 16:34:47.415 Option vdl-logging = yes 2017-02-07 16:34:47.415 Customer ID: 094260ca9b3af99f9d4a3909fc47a743 2017-02-07 16:34:47.415 Machine ID: c49517429cb54134ae25654c3a549d9f 2017-02-07 16:34:47.415 Component SVRTcli.exe version 2.5.6 2017-02-07 16:34:47.415 Component control.dll version 2.5.6 2017-02-07 16:34:47.415 Component SVRTservice.exe version 2.5.6 2017-02-07 16:34:47.415 Component engine\osdp.dll version 1.44.1.2280 2017-02-07 16:34:47.415 Component engine\veex.dll version 3.68.0.2280 2017-02-07 16:34:47.415 Component engine\savi.dll version 9.0.7.2280 2017-02-07 16:34:47.415 Component rkdisk.dll version 1.5.31.1 2017-02-07 16:34:47.415 Version info: Product version 2.5.6 2017-02-07 16:34:47.415 Version info: Detection engine 3.68.0 2017-02-07 16:34:47.415 Version info: Detection data 5.35 2017-02-07 16:34:47.415 Version info: Build date 10/01/2017 2017-02-07 16:34:47.415 Version info: Data files added 346 2017-02-07 16:34:47.415 Version info: Last successful update 07/02/2017 14:34:33 2017-02-07 20:08:13.352 Could not open C:\hiberfil.sys 2017-02-07 20:08:50.093 >>> Virus 'Mal/VMProtBad-A' found in file C:\Level Up\Ragnarok\gepard.dll 2017-02-07 20:09:23.529 Could not open C:\pagefile.sys 2017-02-07 20:13:17.983 >>> Virus 'Mal/VMProtBad-A' found in file C:\Program Files\SHILDBRO V3\gepard.dll 2017-02-07 20:59:40.105 >>> Virus 'Mal/VMProtBad-A' found in file C:\ragnarok\gepard.dll 2017-02-07 21:05:29.048 Could not open C:\swapfile.sys 2017-02-07 21:05:29.407 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:05:29.408 Could not open C:\System Volume Information\{436c5f75-eccf-11e6-82ca-7429afa47974}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:05:29.408 Could not open C:\System Volume Information\{48d83ae0-ea24-11e6-82c8-7429afa47974}{3808876b-c176-4e48-b7ae-04046e6cc752} 2017-02-07 21:07:31.648 Could not open C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Current Session 2017-02-07 21:07:31.648 Could not open C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Current Tabs 2017-02-07 21:24:48.339 >>> Virus 'Mal/EncPk-AAL' found in file C:\Users\Yeriah\AppData\Local\Temp\GCAC.dll 2017-02-07 21:53:57.615 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 2017-02-07 21:53:57.616 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 2017-02-07 21:54:05.877 Could not open C:\Windows\System32\config\BBI 2017-02-07 21:54:06.454 Could not open C:\Windows\System32\config\RegBack\DEFAULT 2017-02-07 21:54:06.485 Could not open C:\Windows\System32\config\RegBack\SAM 2017-02-07 21:54:06.490 Could not open C:\Windows\System32\config\RegBack\SECURITY 2017-02-07 21:54:06.514 Could not open C:\Windows\System32\config\RegBack\SOFTWARE 2017-02-07 21:54:06.544 Could not open C:\Windows\System32\config\RegBack\SYSTEM 2017-02-07 22:27:11.273 The following items will be cleaned up: 2017-02-07 22:27:11.273 Mal/VMProtBad-A 2017-02-07 22:27:11.273 Mal/EncPk-AAL Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 05-02-2017 Executado por Yeriah (administrador) em PC-DO-ALEX (08-02-2017 15:31:51) Executando a partir de C:\Users\Yeriah\Downloads Perfis Carregados: Yeriah (Perfis Disponíveis: Yeriah) Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe () C:\Windows\SysWOW64\WIN8_MBIM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe.bak (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Huawei Technologies Co., Ltd.) C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET\ouc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ShareX Team) C:\Program Files\ShareX\ShareX.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Hammer & Chisel, Inc.) C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Farbar) C:\Users\Yeriah\Downloads\FRST64 (1).exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphCrashHandler.exe (Trion Worlds Inc.) C:\Program Files (x86)\Glyph\GlyphClientApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-08] (Power Software Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-07] (Dropbox, Inc.) HKLM-x32\...\Run: [DeathTaker] => C:\Program Files (x86)\Genius\DeathTaker\mousehid.exe [303616 2013-04-03] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60408 2016-12-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginScd: C:\Program Files (x86)\GbPlugin\gbiehScd.dll [2015-10-06] (Sicredi) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Discord] => C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a600027-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a60005b-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {94453256-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {9445328c-cce0-11e6-82c4-7429afa47974} - "F:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {ae31608b-dc6e-11e4-824f-806e6f6e6963} - "D:\CDViewer.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254191-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254c66-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {fb37d97a-4c61-11e5-8277-7429afa47974} - "F:\EMP_UDSe.exe" /autorun HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll [1839640 2015-10-06] (Sicredi) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-02-21] ShortcutTarget: Curse.lnk -> C:\Users\Yeriah\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-29] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 189.7.120.16 189.7.120.15 Tcpip\..\Interfaces\{58ECD54B-5CDD-4A30-8A5F-7BE4B3782272}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{E2D45466-7876-4A81-A298-32DC60763DD4}: [DhcpNameServer] 189.7.120.16 189.7.120.15 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Sem Nome -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation) BHO-x32: Sem Nome -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Nenhum Arquivo BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540011} -> C:\Program Files (x86)\GbPlugin\gbiehscd.dll [2015-10-06] (Sicredi) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default [2017-02-05] FF Extension: (Avira Browser Safety) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\Extensions\abs@avira.com [2016-12-22] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-4078040627-3876670005-1468608263-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Yeriah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-29] (Citrix Online) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default [2017-02-08] CHR Extension: (Google Apresentações) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02] CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02] CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02] CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Planilhas do Google) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02] CHR Extension: (Documentos Google off-line) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02] CHR Extension: (Chrome Media Router) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [Arquivo não assinado] R2 AutoRun_MBIM; C:\Windows\SysWOW64\WIN8_MBIM.exe [163840 2014-03-07] () [Arquivo não assinado] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-10-06] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) U5 EMAC Secure; C:\Users\Yeriah\AppData\Local\Temp\GCSecure.sys [794248 2017-02-04] (Gamers Club) R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-07] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia) R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [Arquivo não assinado] R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-12] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-08 00:26 - 2017-02-08 00:26 - 00059938 _____ C:\Users\Yeriah\Desktop\Addition.txt 2017-02-08 00:11 - 2017-02-08 00:11 - 02421248 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64 (1).exe 2017-02-07 22:58 - 2017-02-07 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-07 18:35 - 2017-02-07 18:35 - 00107775 _____ C:\Users\Yeriah\Downloads\gabarito.pdf 2017-02-07 16:06 - 2017-02-07 16:06 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-02-07 16:00 - 2017-02-07 16:00 - 00414137 _____ C:\Users\Yeriah\Downloads\aula_06_-_taxa_nominal_-_capital_e_equivalencia_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00403620 _____ C:\Users\Yeriah\Downloads\aula_05_-_taxa_nominal_-_capital_e_equivalencia_-_parte_i.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00376439 _____ C:\Users\Yeriah\Downloads\aula_02_-_juros_simples_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00367674 _____ C:\Users\Yeriah\Downloads\aula_01_-_juros_simples_-_parte_i.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00367674 _____ C:\Users\Yeriah\Downloads\aula_01_-_juros_simples_-_parte_i (1).pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00262316 _____ C:\Users\Yeriah\Downloads\aula_04_-_taxas_de_rendimento_-_inflacao_e_real_-_parte_ii.pdf 2017-02-07 16:00 - 2017-02-07 16:00 - 00254206 _____ C:\Users\Yeriah\Downloads\aula_03_-_taxas_de_rendimento_-_inflacao_e_real_-_parte_i.pdf 2017-02-07 15:49 - 2017-02-07 15:49 - 00662208 _____ () C:\Users\Yeriah\Downloads\puush-installer.exe 2017-02-07 15:49 - 2017-02-07 15:49 - 00000798 _____ C:\Users\Yeriah\Desktop\ShareX.lnk 2017-02-07 14:32 - 2017-02-07 14:32 - 00000000 ____D C:\Users\Todos os Usuários\Sophos 2017-02-07 14:32 - 2017-02-07 14:32 - 00000000 ____D C:\ProgramData\Sophos 2017-02-07 14:31 - 2017-02-07 14:31 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2017-02-07 14:31 - 2017-02-07 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2017-02-07 14:31 - 2017-02-07 14:31 - 00000000 ____D C:\Program Files (x86)\Sophos 2017-02-07 14:26 - 2017-02-07 14:28 - 162703984 _____ (Sophos Limited) C:\Users\Yeriah\Downloads\Sophos Virus Removal Tool.exe 2017-02-07 14:21 - 2017-02-07 14:21 - 00002505 _____ C:\Users\Yeriah\Desktop\AdwCleaner[C0].txt 2017-02-07 13:35 - 2017-02-07 13:35 - 04015056 _____ C:\Users\Yeriah\Downloads\AdwCleaner.exe 2017-02-07 12:58 - 2017-02-07 12:58 - 00000773 _____ C:\Users\Yeriah\Desktop\JRT.txt 2017-02-07 12:29 - 2017-02-07 12:29 - 01663040 _____ (Malwarebytes) C:\Users\Yeriah\Downloads\JRT.exe 2017-02-07 02:38 - 2017-02-07 02:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-02-07 02:38 - 2017-02-07 02:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-02-06 13:28 - 2017-02-08 13:47 - 00000000 ____D C:\Users\Yeriah\Documents\ArcheAge 2017-02-06 13:28 - 2017-02-06 13:28 - 00000000 ____D C:\ArcheAge 2017-02-04 23:32 - 2017-02-04 23:32 - 00001918 _____ C:\Users\Yeriah\Desktop\Archeage.lnk 2017-02-04 14:16 - 2017-02-08 00:25 - 00059935 _____ C:\Users\Yeriah\Downloads\Addition.txt 2017-02-04 14:13 - 2017-02-08 15:32 - 00030041 _____ C:\Users\Yeriah\Downloads\FRST.txt 2017-02-04 00:42 - 2017-02-04 00:46 - 00000000 ____D C:\Users\Yeriah\Downloads\ygopro-percy 2017-02-04 00:42 - 2017-02-04 00:42 - 00000930 _____ C:\Users\Yeriah\Desktop\Ygopro.lnk 2017-02-04 00:41 - 2017-02-04 00:42 - 40482992 _____ C:\Users\Yeriah\Downloads\ygopro-1.033.D-Percy.exe 2017-02-03 23:39 - 2017-02-05 16:34 - 00000000 ____D C:\Users\Yeriah\Downloads\La.La.Land.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-02-03 23:39 - 2017-02-03 23:45 - 00000000 ____D C:\Users\Yeriah\Downloads\The Prestige (2006) 2017-02-03 23:38 - 2017-02-03 23:38 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\uTorrent 2017-02-03 22:19 - 2017-02-03 22:19 - 02420736 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe 2017-02-03 13:49 - 2017-02-03 13:49 - 00001150 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-02-03 13:49 - 2017-02-03 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-02-03 13:45 - 2017-02-05 16:27 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\Mozilla 2017-02-03 13:44 - 2017-02-03 13:51 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Mozilla 2017-02-03 13:44 - 2017-02-03 13:44 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-03 13:42 - 2017-02-03 13:43 - 00245584 _____ C:\Users\Yeriah\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-02 01:42 - 2017-02-02 01:43 - 04121760 _____ (Husdawg, LLC) C:\Users\Yeriah\Downloads\Detection.exe 2017-02-01 22:17 - 2017-02-01 22:44 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Tera_Awesomium 2017-02-01 04:15 - 2017-02-01 14:02 - 00000000 ____D C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN 2017-02-01 04:14 - 2017-02-01 04:14 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN (1).torrent 2017-02-01 04:10 - 2017-02-01 04:10 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN.torrent 2017-01-27 14:17 - 2017-01-27 14:18 - 00730192 _____ C:\Users\Yeriah\Downloads\download (1).htm 2017-01-26 14:11 - 2017-01-26 14:11 - 00072999 _____ C:\Users\Yeriah\Downloads\Índice-de-trabalhos.xlsx 2017-01-26 02:26 - 2016-05-22 23:37 - 00032299 ____N C:\Users\Yeriah\Downloads\Game.of.Thrones.S06E05.WEBRip.1080p.x264-NOGRP.srt 2017-01-26 02:25 - 2017-01-26 02:25 - 00014552 _____ C:\Users\Yeriah\Downloads\game-of-thrones-season-6-episode-5-arabic-21123.zip 2017-01-25 21:43 - 2017-01-25 21:43 - 00003166 _____ C:\Windows\System32\Tasks\klcp_update 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-01-25 21:39 - 2017-01-25 21:40 - 14306797 _____ (KLCP ) C:\Users\Yeriah\Downloads\K-Lite_Codec_Pack_1285_Basic.exe 2017-01-25 21:39 - 2017-01-25 21:39 - 00712340 _____ ( ) C:\Users\Yeriah\Downloads\klcp_update_1282_20170119.exe 2017-01-25 21:17 - 2017-01-25 21:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones Season 6 S06 Complete 1080p WEB DL x265 HEVC SUJAIDR 2017-01-25 18:21 - 2017-01-25 18:28 - 637577727 _____ (Brytenwalda Dev. ) C:\Users\Yeriah\Downloads\brytenwalda139.exe 2017-01-25 02:49 - 2017-02-01 17:52 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG 2017-01-24 15:15 - 2017-01-24 15:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 5 2017-01-24 15:13 - 2017-01-26 01:07 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 6 2017-01-23 17:48 - 2017-01-23 17:48 - 00008829 _____ C:\Users\Yeriah\Desktop\Novo(a) Planilha do Microsoft Excel.xlsx 2017-01-22 17:40 - 2017-01-22 17:40 - 00000000 ____D C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions 2017-01-22 15:52 - 2017-01-22 16:20 - 00000000 ____D C:\Users\Yeriah\Downloads\Arrival.2016.DVDScr.x264-4RRIVED 2017-01-22 15:52 - 2017-01-22 16:19 - 00000000 ____D C:\Users\Yeriah\Downloads\[ www.torrenting.me ] - Hacksaw.Ridge.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-01-22 00:50 - 2017-01-22 01:36 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 4 [HDTV] 2017-01-21 00:12 - 2017-01-21 00:12 - 00000744 _____ C:\Users\Yeriah\Desktop\Jogar Live-RO.lnk 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:08 - 2017-01-21 00:08 - 210479692 _____ () C:\Users\Yeriah\Downloads\Instalador_Live-RO_2.0.exe 2017-01-20 01:18 - 2017-01-20 01:37 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part02.rar 2017-01-20 01:18 - 2017-01-20 01:26 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part03.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part04.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part01.rar 2017-01-20 01:18 - 2017-01-20 01:22 - 114291302 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part05.rar 2017-01-19 19:58 - 2017-01-20 21:48 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 3 [HDTV] 2017-01-19 19:58 - 2017-01-19 23:17 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.S02 2017-01-18 18:50 - 2017-01-18 18:50 - 37503157 _____ C:\Users\Yeriah\Downloads\Professora Adriana Figueiredo - Falando em Português - Crase nas Locuções Femininas.mp4 2017-01-18 16:33 - 2017-01-18 16:34 - 00868962 _____ C:\Users\Yeriah\Downloads\Agente_Penitenciario_FUNDATEC_2014.zip 2017-01-18 02:25 - 2017-01-18 02:26 - 00000000 ____D C:\Users\Yeriah\Downloads\Game Of Thrones.S01.[Complete Season 1].BRRip.XviD-VLiS 2017-01-13 23:37 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\That Awkward Moment (2014) 2017-01-13 23:32 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Brothers.Grimsby.2016.HDRip.XViD-ETRG 2017-01-13 23:29 - 2017-01-16 16:58 - 00000000 ____D C:\Users\Yeriah\Downloads\Superbad Unrated (2007) 2017-01-13 22:50 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Yeriah\Downloads\Downfall [2004] 2017-01-13 22:49 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Hunt.2012.720p.BluRay.x264-x0r 2017-01-13 22:44 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\The Pianist (2002) 2017-01-13 22:42 - 2017-01-14 09:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Forrest Gump (1994) 2017-01-13 22:42 - 2017-01-13 22:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Schindlers List (1993) 2017-01-13 14:09 - 2017-01-13 14:09 - 00264160 _____ C:\Users\Yeriah\Downloads\b0f80a228ec00c32ba202d12f7e5bc99.pdf 2017-01-13 01:36 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Accountant.2016.HC.HDRip.X264.AC3-EVO 2017-01-12 00:45 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The Departed (2006) 2017-01-12 00:45 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\Reservoir Dogs (1992) [1080p] 2017-01-12 00:43 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\The Shawshank Redemption (1994) 2017-01-11 23:00 - 2017-01-12 10:26 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-08 15:31 - 2015-06-16 23:08 - 00000000 ____D C:\FRST 2017-02-08 15:20 - 2016-06-16 20:54 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-08 15:05 - 2016-04-23 15:28 - 00000296 _____ C:\Windows\Tasks\AutoKMS.job 2017-02-08 14:53 - 2016-05-31 12:30 - 00001042 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-08 14:52 - 2017-01-05 18:55 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Glyph 2017-02-08 14:52 - 2017-01-05 18:55 - 00000000 ____D C:\Program Files (x86)\Glyph 2017-02-08 14:15 - 2015-04-10 21:24 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-08 14:07 - 2015-04-10 21:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-02-08 01:12 - 2016-08-18 00:25 - 00000000 ____D C:\Users\Yeriah\Documents\ShareX 2017-02-08 00:11 - 2015-04-10 21:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps 2017-02-08 00:10 - 2016-10-27 23:07 - 00000000 ____D C:\Program Files\SHILDBRO V3 2017-02-08 00:10 - 2016-10-27 22:51 - 00000000 ____D C:\ragnarok 2017-02-07 22:59 - 2016-05-31 12:30 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-07 21:52 - 2016-05-31 12:30 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-07 16:06 - 2015-04-10 21:18 - 00000000 ____D C:\Users\Yeriah\Documents\Bluetooth Folder 2017-02-07 15:49 - 2016-08-18 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX 2017-02-07 15:49 - 2016-08-18 00:24 - 00000000 ____D C:\Program Files\ShareX 2017-02-07 14:26 - 2015-04-06 13:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-02-07 14:19 - 2015-04-10 21:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive 2017-02-07 14:18 - 2016-08-08 18:39 - 00000000 ____D C:\Users\Yeriah\AppData\Local\LogMeIn Hamachi 2017-02-07 14:18 - 2016-01-28 19:41 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-02-07 14:18 - 2016-01-28 19:41 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-02-07 14:17 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-07 14:16 - 2013-08-22 11:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2017-02-07 14:15 - 2015-06-14 16:58 - 00000000 ____D C:\AdwCleaner 2017-02-07 14:15 - 2013-08-22 13:36 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2017-02-07 14:15 - 2013-08-22 13:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-02-07 12:33 - 2015-04-10 21:24 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-07 12:33 - 2015-04-10 21:24 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-06 22:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf 2017-02-06 22:48 - 2015-04-10 21:17 - 00000000 ____D C:\Users\Yeriah 2017-02-05 16:31 - 2014-11-22 00:43 - 01827170 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-05 16:31 - 2014-11-21 23:52 - 00784992 _____ C:\Windows\system32\prfh0416.dat 2017-02-05 16:31 - 2014-11-21 23:52 - 00163734 _____ C:\Windows\system32\prfc0416.dat 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\Users\Todos os Usuários\Glyph 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2017-02-04 23:32 - 2017-01-05 18:55 - 00000000 ____D C:\ProgramData\Glyph 2017-02-04 22:24 - 2016-06-16 20:54 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-04 00:30 - 2015-07-31 01:21 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\uTorrent 2017-02-03 22:09 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\discord 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-03 19:45 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-03 13:45 - 2016-12-22 21:42 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Mozilla 2017-02-01 19:20 - 2015-04-06 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-01-27 02:33 - 2016-07-29 02:30 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time 2017-01-25 20:09 - 2015-07-31 03:59 - 00000000 ____D C:\Users\Yeriah\Documents\Mount&Blade Warband Savegames 2017-01-25 03:13 - 2015-05-13 21:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer 2017-01-22 17:08 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 01:33 - 2016-12-15 01:47 - 00003178 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-19 01:33 - 2016-04-23 15:30 - 00002313 _____ C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-01-19 01:33 - 2015-07-23 21:54 - 00003186 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-01-16 22:11 - 2017-01-02 14:45 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET 2017-01-15 21:20 - 2016-06-16 20:54 - 00003934 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-01-15 21:20 - 2016-06-16 20:54 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-14 15:55 - 2015-05-24 00:34 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype 2017-01-14 15:53 - 2015-04-12 14:00 - 00000000 ____D C:\Users\Yeriah\AppData\Local\osu! 2017-01-13 17:23 - 2015-12-04 18:41 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time-Community 2017-01-13 17:10 - 2017-01-01 22:32 - 00000000 ____D C:\Users\Yeriah\Downloads\Cities - Skylines [FitGirl Repack] 2017-01-13 12:45 - 2016-12-22 20:38 - 00000078 _____ C:\Users\Yeriah\Desktop\Novo Documento de Texto (3).txt 2017-01-11 19:19 - 2016-08-01 03:08 - 00002179 _____ C:\Users\Yeriah\Desktop\Discord.lnk 2017-01-11 19:19 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-11 19:18 - 2016-08-01 03:07 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Discord 2017-01-11 14:47 - 2016-05-31 11:45 - 00000000 ____D C:\Users\Yeriah\Desktop\Its all fun and games 2017-01-11 14:43 - 2015-12-27 22:54 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\DarkSoulsII 2017-01-11 12:14 - 2015-04-13 20:52 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 12:12 - 2015-04-13 20:52 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 15:07 - 2016-12-07 19:01 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ElevatedDiagnostics 2017-01-09 14:07 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\ModemLogs ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-23 00:58 - 2016-05-23 00:58 - 0000094 _____ () C:\Users\Yeriah\AppData\Local\fusioncache.dat 2015-04-06 13:10 - 2015-04-06 13:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-03 20:42 - 2015-11-04 20:42 - 0000032 ____R () C:\ProgramData\hash.dat 2015-04-06 13:37 - 2015-04-06 13:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-04-06 13:32 - 2015-04-06 13:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-04-06 13:33 - 2015-04-06 13:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-04-06 13:35 - 2015-04-06 13:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-04-06 13:31 - 2015-04-06 13:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\hash.dat C:\Users\Todos os Usuários\hash.dat Alguns arquivos em TEMP: ==================== 2016-12-29 13:24 - 2016-12-29 13:24 - 43872728 _____ (Skype Technologies S.A.) C:\Users\Yeriah\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-28 20:26 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 05-02-2017 Executado por Yeriah (08-02-2017 15:34:39) Executando a partir de C:\Users\Yeriah\Downloads Windows 8.1 Single Language (Update) (X64) (2015-04-10 23:17:14) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled) ASPNET (S-1-5-21-4078040627-3876670005-1468608263-1003 - Limited - Enabled) Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled) Yeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Agarest - Generations of War Zero (HKLM-x32\...\1426762679_is1) (Version: 2.0.0.2 - GOG.com) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.) Atualizações da NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Auditorium (HKLM-x32\...\com.cipherprime.auditorium) (Version: 1.5.0 - UNKNOWN) Auditorium (x32 Version: 1.5.0 - UNKNOWN) Hidden Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden Brytenwalda versão 1.39 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.39 - Brytenwalda Dev.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.) Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc) DeathTaker Gaming Mouse (HKLM-x32\...\{0614BCA9-3613-4171-8128-621991A9FBF2}}_is1) (Version: - ) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell System Detect (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Discord (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.24+4.8 - DjVuZone) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION) Ethernal Ragnarok Online (HKLM-x32\...\Ethernal Ragnarok Online) (Version: - ) Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio) Gamersclub Anti Cheat (HKLM-x32\...\{C14C05CA-F9F5-45C3-9C23-43E10AF71897}) (Version: 1.00 - EMACLab) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Infestation: The New Z (HKLM\...\Steam App 555570) (Version: - Fredaikis AB) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jogos Level Up (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\bda992e0694a5bbb) (Version: 0.9.4.4 - Level Up) K-Lite Codec Pack 12.8.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Live-RO v2.0 (HKLM-x32\...\Live-RO v2.0) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - ) Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA Driver de gráficos 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation) osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd) Painel de controle da NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Popcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official) <==== ATENÇÃO Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATENÇÃO Popcorn-Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.5.0 - ShareX Team) SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.) The Duel (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\The Duel) (Version: 10.00.00.00 - The Duel) TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo) VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.18.149 - Huawei Technologies Co.,Ltd) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{ea60f6df-ac6e-42a0-8d11-bad1341c1037}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0E5B5B44-5BE0-41F3-8641-A03E90C6DF3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {1CC4B002-A4C5-4761-8772-3291E9A6D8C0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {4C83B209-A421-45F9-907C-34B8C6819A65} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {6D5066B8-652C-461E-8D14-54D5375979F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation) Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {96A504DD-E0C2-4AC7-93F4-14EA6214BBF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated) Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated) Task: {A4D3BE19-9D0F-4016-8713-52470D410404} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) Task: {C245F196-52B8-4EDD-934D-64186B21A306} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation) Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CA2E9BE7-143D-40CF-8BBC-3C7891C83805} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-01-23] () Task: {CEB42939-C3D8-472D-B274-C4E928D799C0} - System32\Tasks\{F481EC1B-7C67-470A-B66C-3072BEA38EE8} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/pt/abandoninstall?page=tsMain Task: {D2721FD9-119F-49C5-A20A-5CF5FDBB4716} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated) Task: {ECADC4F5-E83C-417F-852A-3B5A1BE8D6C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: Shortcut: C:\Users\Yeriah\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1768213486_pt-br.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=eps&cc=BR&setlang=pt-BR&inlang=pt-BR&adlt=moderate&scale=100&contrast=none&hw=900%2C1600&CVID=87BF19B5AC4A4A5F865D827F18F3C32 ShortcutWithArgument: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.facebook.com\https_80\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.facebook.com/ ==================== Módulos Carregados (Whitelisted) ============== 2015-04-06 13:28 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:29 - 2013-10-23 06:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-23 17:57 - 2014-03-07 00:23 - 00163840 _____ () C:\Windows\SysWOW64\WIN8_MBIM.exe 2015-07-23 21:47 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-03-14 13:27 - 2011-03-14 13:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-30 12:48 - 2016-05-02 03:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-08 22:32 - 2016-05-02 03:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-05-30 12:48 - 2016-05-02 03:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-08 22:33 - 2016-05-02 03:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2014-11-30 20:59 - 2014-11-30 20:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-11-30 20:56 - 2014-11-30 20:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-11-30 21:02 - 2014-11-30 21:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-04-06 13:40 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2016-05-30 12:47 - 2016-05-02 03:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-30 12:47 - 2016-05-02 03:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-04-06 13:33 - 2013-03-05 01:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-12-02 17:25 - 2016-05-02 04:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-04-06 13:21 - 2013-09-17 10:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2017-02-07 12:33 - 2017-02-01 07:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 12:33 - 2017-02-01 07:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2016-02-29 15:21 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:40 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-04-06 13:40 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-04-06 13:39 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2017-01-11 19:19 - 2017-01-04 14:28 - 01958912 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\ffmpeg.dll 2017-01-12 10:26 - 2017-01-12 10:26 - 01082880 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node 2017-01-12 10:26 - 2017-01-12 10:26 - 03750400 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll 2017-01-12 10:26 - 2017-01-12 10:26 - 00914432 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node 2017-01-12 10:26 - 2017-01-12 10:26 - 01127424 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node 2017-01-11 19:19 - 2017-01-04 14:28 - 02278912 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\libglesv2.dll 2017-01-11 19:19 - 2017-01-04 14:28 - 00096768 _____ () C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\libegl.dll 2017-02-07 22:17 - 2017-02-07 22:17 - 00148992 _____ () \\?\C:\Users\Yeriah\AppData\Local\Temp\B510.tmp.node 2017-01-12 10:26 - 2017-01-12 10:26 - 02658304 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node 2017-01-12 10:26 - 2017-01-12 10:26 - 02130432 _____ () \\?\C:\Users\Yeriah\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node 2017-01-05 18:55 - 2017-02-04 23:22 - 01019904 _____ () C:\Program Files (x86)\Glyph\xlpack.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 00010752 _____ () C:\Program Files (x86)\Glyph\libEGL.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 01293824 _____ () C:\Program Files (x86)\Glyph\libGLESv2.dll 2017-01-05 18:55 - 2017-02-04 23:22 - 00702464 _____ () C:\Program Files (x86)\Glyph\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-05 00:15 - 2016-12-23 16:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-04-10 21:27 - 2017-01-18 23:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 17:30 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-17 00:38 - 2017-01-05 01:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-04-10 21:27 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:38800886_Scd.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicredi.com.br -> correspondente.sicredi.com.br IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicreditotal.com.br -> internet.sicreditotal.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 11:25 - 2016-04-21 17:00 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Yeriah\Pictures\Camera Roll\WIN_20160801_155757.JPG DNS Servers: 189.7.120.16 - 189.7.120.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DeathTaker" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "KSS" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [UDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{A50394C2-A2C8-42D1-9913-B788465D4B71}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8A9E4633-0220-49A1-AD38-3A8BEF6773E9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8DDB9F28-1DFF-4E22-BE48-E3B745E81393}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{FDAF8DF1-7C19-4079-8FB3-EE13E0933252}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1BF6C2B7-9894-4AAF-99F4-8EACF367DAAE}] => C:\Users\Yeriah\Downloads\Client19-04\MiniA.exe FirewallRules: [{C5802C00-234F-4260-BDDF-937D01A18514}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{ECADBAD9-DED3-4A5D-ADF0-5001265A1903}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{FF655954-4826-4750-8DB2-BE32D1215562}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{FDF80600-A36E-4410-AF7D-BFC702033C3A}] => C:\Users\Yeriah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{39027F61-95F8-42ED-A430-A3AFBB5029B1}] => C:\WarThunder\launcher.exe FirewallRules: [{6BB2BAED-6F82-4375-8B5D-53D44C081281}] => C:\WarThunder\launcher.exe FirewallRules: [{2BEADD49-A308-428E-A350-62A3B0AB956D}] => C:\WarThunder\bpreport.exe FirewallRules: [{02FE9A07-E173-4084-ABD8-D5E5C0A8377A}] => C:\WarThunder\bpreport.exe FirewallRules: [{B3951357-658F-4BF1-9E04-DE61068E3257}] => C:\WarThunder\bpreport.exe FirewallRules: [{FCC9C62F-688C-4C27-ABA8-1057110932DA}] => C:\WarThunder\bpreport.exe FirewallRules: [{8AAEB9BB-2474-4930-B6EF-503360BB5E53}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CEF379B0-0539-4968-8FA2-0E38355A4E0B}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{C68278C5-37A4-439C-9F8C-E44E904C8995}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{BD230D35-67A7-42EE-86E3-76D8122E7050}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{53394B0C-C290-402C-AB8D-B1A7C0425D43}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{BC9052AC-993E-4707-8BFB-11C5E6ED14B4}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{C749D356-0608-4A09-A8CD-4567226B2FED}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [UDP Query User{1F48A2AC-1E29-453E-A42E-75DC7D0E3E37}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [{197AF25F-FB06-4356-84B5-A78E426E29B3}] => C:\warthunder\aces.exe FirewallRules: [{1FB98CF2-872E-49B4-B4E3-D1442FB6D7F0}] => C:\warthunder\aces.exe FirewallRules: [{FC710CD5-CE45-474F-896A-1FCB1C6F69FA}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{CA2AA8BC-CA4C-45C7-85B6-D80CE7A143FE}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{685514C9-3F4E-414C-B020-7E829457D36C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CFE8B538-3AF6-4482-A056-37E235384927}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{53AA33B9-CFA5-4C90-AB6B-65ED4128B74C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{82313A54-8DF5-4275-94C2-73D80567F3CF}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3082165F-B22A-43E6-89DB-8A39498F2F81}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8AE76FFF-3740-4D7F-B0F3-3D53C5D72BB0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{22D952A1-B7BE-4BD2-848B-9403564FB5F1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9B574E13-8687-4B01-80B2-AB6F829C0858}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{10B7BA3A-324B-4CEA-9CB0-31D9DCAF9261}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{A90EC4A2-CE9B-4E0B-A8E5-7E0CB9650A8A}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [UDP Query User{EEB0D4DE-0ED1-44B7-8272-0AFCF129834D}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [{12ECF169-5DDB-4103-87D6-C965DF9E1B82}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{5AA28CC5-D000-4F63-8EB1-BC5461B25E60}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{DCF0D338-0F1D-477B-96F8-53C248AEB096}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{B1619273-C2E4-41F5-A5FC-602B027CBDD2}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{DD197B50-9EFD-4307-939C-C2F71A3D374E}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E9765AAF-28F7-4963-96A6-A737F6A3F2B5}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{4A22EDC7-66FA-48EA-9EE4-B52A33E9B6A6}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{F6F5946F-0382-442D-9F82-C7DF6E03A243}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{03C81E77-685E-4CFE-AF85-E5D30AD3FD24}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [UDP Query User{8E08222C-B8B1-4BBA-BEE4-CEBA65AA5875}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{EB066444-8F9A-4031-823D-276917AA9EFE}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{5973F6B9-C809-4D52-AEA4-B2CC02B578BD}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [TCP Query User{205B53D8-C279-4532-967A-A1FE813FC821}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{0A236397-E0FA-4BCD-A151-5B3F973063A4}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{DFA1C7FF-4B49-4947-A770-6B836F2C7343}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{E075125C-DF2D-4428-8AC3-B8DA718F1AB9}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{41EF1CF8-A36B-4595-9B31-3186EAABBC10}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [{FB72A7B5-DD7F-4C86-9139-F82E0828B6C4}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [TCP Query User{33B17861-98D2-4961-AAA4-8C11E3ECBCBE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F17972EF-E18D-4150-8C1D-8CF80453F8BE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{EEAAC134-C2C4-4052-8FA3-D9413A1E67DB}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{71EB2023-5E95-44A0-BCD1-02C0DA499CF0}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{FED30E57-20A6-4C56-80BF-CA0A562943BC}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{C01647E1-BAA5-411D-B752-1CCA59D4A3FE}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{C9FF5578-4947-4FF8-AFEB-2B9063D1053F}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{75CC8D15-3E4A-4624-BE51-54516B7AC77B}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{342447EF-FA7F-44E9-8DA0-80DEC3345D6B}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{96FC42AB-D7D8-42A3-989E-EF391D5A2FE5}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{0E696DE2-9DC0-483C-88F4-BD39FAE89033}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [UDP Query User{A331AC7B-6DFF-4FEF-BE16-94250F765220}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{0CA0176B-1463-4AE2-9000-0AC96F1BBBE0}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{FDBC7881-C61A-4F2F-A00E-43818B833559}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{08241F7F-8302-47C9-882F-02DD2EB40A07}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{9EFCDD09-7CB0-4295-8718-79DFCC8363A1}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{6D016F01-6ABB-4068-B814-F9C93BA05DC2}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{B58051DC-A0B0-4C3E-9106-C4A88055E790}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [TCP Query User{6E6A3DBF-F86E-4C15-900D-7A9DEF34018F}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [UDP Query User{C4F63F50-F2C7-4998-B6D7-4D05D69E347E}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{67AD6FD2-2B9A-491D-98AC-9234CC3B360D}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{7B40F75A-E65B-4F86-B104-43057222D502}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{BC8C6A8E-3391-43F0-A8F6-FBD756312430}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{E5989D0A-3E75-4794-91CA-BD742625B87E}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{99DF59A5-5914-424C-B5C7-339251DA6E47}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{B23EC8C8-4CCB-4D63-AFAB-2B1067C70456}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{6F240318-6852-42A2-8830-1414FFA7A32D}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{78BE5F88-35CD-45FA-9FDD-4B7C3100D24F}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [TCP Query User{DD86E353-70F9-4D48-B2CF-1333C4AA02C6}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [UDP Query User{8522E945-BE92-4FAB-8513-BBB798DC42F8}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{EBE5CB3C-15D6-4FB9-B93B-B1ADA93E12BE}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{CD409AEA-FC03-4620-A1B7-31858B1D1457}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{2D4FBBE8-83BD-438D-A315-45A916A0F685}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{92AA8FE7-FBCD-4748-A024-B289C857835D}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{84120510-4803-4D38-868C-3A7F6928EB24}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E7E361D1-D253-42C3-AB7C-4F8B4A0EE2A0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EA234F39-9B58-4DDA-9704-F83FA922D2E8}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [UDP Query User{4C030473-4740-468D-8871-B067EDB0C7EC}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [TCP Query User{62CE4C19-6D79-45E2-8617-591D4F9784DD}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [UDP Query User{540D1B1B-8621-4C34-811F-48CA94CEE4C3}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [TCP Query User{19003352-5DC6-4D52-8518-8B145BE8A34A}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [UDP Query User{FE0AB68A-4919-46E3-B6FC-9C7B5E2CC4F6}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [{18676C17-2F3D-4EA5-918A-99D6FCC0FFDE}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7EDFC0B2-B342-40BC-BCAA-DFE6F315B7FF}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{46326887-570E-473E-A082-A4E8B0085FDC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE8EECB4-7CFE-4C95-AC0F-9518E262EEB3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4B2FA29C-E6C1-4900-8A3E-1B728A0D983B}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{8360386B-7F6F-469D-A47C-7B00B125AFC2}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Pontos de Restauração ========================= 03-02-2017 19:42:20 Windows Update 07-02-2017 12:34:55 JRT Pre-Junkware Removal ==================== Dispositivos Apresentando Falhas No Gerenciador ============= ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/08/2017 02:19:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem enviados para a Microsoft, (Erro 80070005). Error: (02/08/2017 02:06:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Explorer.EXE versão 6.3.9600.18460 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: be8 Hora de Início: 01d2815dbad36ed5 Hora de Término: 0 Caminho do Aplicativo: C:\Windows\Explorer.EXE ID do Relatório: dd417026-ee17-11e6-82cb-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/08/2017 12:11:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ERUNT.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e19 Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.18233, carimbo de data/hora: 0x56bb4e1d Código de exceção: 0xc0000005 Deslocamento da falha: 0x00060665 ID do processo com falha: 0x2384 Hora de início do aplicativo com falha: 0x01d281b0ad1a9753 Caminho do aplicativo com falha: C:\Windows\ERUNT.exe Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll ID do Relatório: eb5a792b-eda3-11e6-82cb-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/07/2017 10:58:49 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/07/2017 10:58:48 PM) (Source: DbxSvc) (EventID: 270) (User: ) Description: Filter Unload failed with: (-2145452013) O sistema não pôde localizar o filtro especificado. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Error: (02/07/2017 07:59:08 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: ) Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: O servidor RPC está muito ocupado para concluir esta operação. Erros de Sistema: ============= Error: (02/08/2017 01:59:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070643: Atualização de Definição Windows Defender – KB2267602 (Definição 1.235.2358.0). Error: (02/08/2017 06:59:11 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Houve falha na inicialização porque não foi possível criar o dispositivo de driver. Use a cadeia de caracteres "7A791964F500" para identificar a interface para a qual houve falha na inicialização. A cadeia de caracteres representa o endereço MAC da interface que falhou ou a GUID se o NetBT não conseguir mapear da GUID para o endereço MAC. Se nem o endereço MAC, nem a GUID estavam disponíveis, a cadeia de caracteres representará um nome de dispositivo de cluster. Error: (02/08/2017 06:59:11 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Houve falha na inicialização porque não foi possível criar o dispositivo de driver. Use a cadeia de caracteres "7A791964F500" para identificar a interface para a qual houve falha na inicialização. A cadeia de caracteres representa o endereço MAC da interface que falhou ou a GUID se o NetBT não conseguir mapear da GUID para o endereço MAC. Se nem o endereço MAC, nem a GUID estavam disponíveis, a cadeia de caracteres representará um nome de dispositivo de cluster. Error: (02/07/2017 04:06:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Serviço de Dispositivos de Interface Humana, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:05:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Serviço de Associação de Dispositivo, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:04:32 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: O Gerenciador de controle de serviços tentou executar uma ação corretiva (Reiniciar o serviço) após a finalização inesperada do serviço Agente de Conexão de Rede, mas essa ação falhou com o seguinte erro: Uma cópia deste serviço já está sendo executada. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Driver Foundation - Estrutura do Driver de Modo de Usuário foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Configuração Automática de WLAN foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Host do Sistema de Diagnósticos foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (02/07/2017 04:04:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Cliente de rastreamento de link distribuído foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço. CodeIntegrity: =================================== Date: 2017-02-04 23:34:51.991 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-02 22:18:32.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-16 15:11:43.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-13 14:36:36.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 12:11:02.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-03 18:05:28.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-02 02:13:56.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-19 17:38:40.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-11 16:27:40.146 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-06 21:41:12.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentagem de memória em uso: 64% RAM física total: 8096.46 MB RAM física disponível: 2882.49 MB Virtual Total: 11168.46 MB Virtual disponível: 3844.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:512.37 GB) NTFS Drive d: (CDROM) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT. ==================== Fim de Addition.txt ============================ -
Hello, my computer is taking alot of time to turn on/off and most aplications have became really slower, even games fps has gone down, i reall think i'm infected with something. Here are the farbar results Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 29-01-2017 Executado por Yeriah (administrador) em PC-DO-ALEX (04-02-2017 14:13:45) Executando a partir de C:\Users\Yeriah\Downloads Perfis Carregados: Yeriah (Perfis Disponíveis: Yeriah) Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe () C:\Windows\SysWOW64\WIN8_MBIM.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Huawei Technologies Co., Ltd.) C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET\ouc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-08] (Power Software Ltd) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26219896 2017-01-30] (Dropbox, Inc.) HKLM-x32\...\Run: [DeathTaker] => C:\Program Files (x86)\Genius\DeathTaker\mousehid.exe [303616 2013-04-03] () HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60408 2016-12-16] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginScd: C:\Program Files (x86)\GbPlugin\gbiehScd.dll [2015-10-06] (Sicredi) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [Discord] => C:\Users\Yeriah\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a600027-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {4a60005b-0977-11e6-82a5-7429afa47974} - "G:\.\ShowModem.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {94453256-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {9445328c-cce0-11e6-82c4-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {ae31608b-dc6e-11e4-824f-806e6f6e6963} - "D:\CDViewer.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254191-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {d1254c66-d620-11e6-82c5-7429afa47974} - "E:\AutoRun.exe" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: {fb37d97a-4c61-11e5-8277-7429afa47974} - "F:\EMP_UDSe.exe" /autorun HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\Program Files (x86)\GbPlugin\gbiehscd.dll [1839640 2015-10-06] (Sicredi) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL -> Nenhum Arquivo ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-02-21] ShortcutTarget: Curse.lnk -> C:\Users\Yeriah\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-12-29] () ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 189.7.120.16 189.7.120.15 Tcpip\..\Interfaces\{58ECD54B-5CDD-4A30-8A5F-7BE4B3782272}: [DhcpNameServer] 10.1.1.1 Tcpip\..\Interfaces\{E2D45466-7876-4A81-A298-32DC60763DD4}: [DhcpNameServer] 189.7.120.16 189.7.120.15 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll => Nenhum Arquivo BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL => Nenhum Arquivo BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540011} -> C:\Program Files (x86)\GbPlugin\gbiehscd.dll [2015-10-06] (Sicredi) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL Nenhum Arquivo FireFox: ======== FF ProfilePath: C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default [2017-02-04] FF Extension: (Avira Browser Safety) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\Extensions\abs@avira.com [2016-12-22] FF Extension: (Diagnostics) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\features\{dd383f65-f2ee-491b-91de-e4124ba573d3}\diagnostics@mozilla.org.xpi [2017-02-03] FF Extension: (Send HSTS Priming Requests) - C:\Users\Yeriah\AppData\Roaming\Mozilla\Firefox\Profiles\EDgjXuml.default\features\{dd383f65-f2ee-491b-91de-e4124ba573d3}\hsts-priming@mozilla.org.xpi [2017-02-03] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-4078040627-3876670005-1468608263-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Yeriah\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-29] (Citrix Online) Chrome: ======= CHR DefaultProfile: Default CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default [2017-02-04] CHR Extension: (Google Apresentações) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02] CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02] CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02] CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02] CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02] CHR Extension: (Planilhas do Google) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02] CHR Extension: (Documentos Google off-line) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (AdBlock) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18] CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02] CHR Extension: (Chrome Media Router) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows (R) Win 7 DDK provider) [Arquivo não assinado] R2 AutoRun_MBIM; C:\Windows\SysWOW64\WIN8_MBIM.exe [163840 2014-03-07] () [Arquivo não assinado] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-31] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-30] (Dropbox, Inc.) S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell) R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [587576 2015-10-06] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation) S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) S2 libusbd; C:\Windows\SysWOW64\libusbd-nt.exe [18944 2005-03-09] (hxxp://libusb-win32.sourceforge.net) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) U5 EMAC Secure; C:\Users\Yeriah\AppData\Local\Temp\GCSecure.sys [794248 2017-02-04] (Gamers Club) R3 eppvad_simple; C:\Windows\system32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-03] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [21720 2015-04-29] (GAS Tecnologia) S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.) S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [Arquivo não assinado] R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation) S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2016-04-21] (The OpenVPN Project) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-04-29] (GAS Tecnologia LTDA) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [267264 2016-08-12] (Microsoft Corporation) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-04 14:13 - 2017-02-04 14:13 - 00030920 _____ C:\Users\Yeriah\Downloads\FRST.txt 2017-02-04 00:42 - 2017-02-04 00:46 - 00000000 ____D C:\Users\Yeriah\Downloads\ygopro-percy 2017-02-04 00:42 - 2017-02-04 00:42 - 00000930 _____ C:\Users\Yeriah\Desktop\Ygopro.lnk 2017-02-04 00:41 - 2017-02-04 00:42 - 40482992 _____ C:\Users\Yeriah\Downloads\ygopro-1.033.D-Percy.exe 2017-02-03 23:39 - 2017-02-03 23:45 - 00000000 ____D C:\Users\Yeriah\Downloads\The Prestige (2006) 2017-02-03 23:39 - 2017-02-03 23:39 - 00000000 ____D C:\Users\Yeriah\Downloads\La.La.Land.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-02-03 23:38 - 2017-02-03 23:38 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\uTorrent 2017-02-03 22:19 - 2017-02-03 22:19 - 02420736 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe 2017-02-03 22:06 - 2017-02-03 22:06 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2017-02-03 13:49 - 2017-02-03 13:49 - 00001150 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2017-02-03 13:49 - 2017-02-03 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2017-02-03 13:45 - 2017-02-04 00:49 - 00000000 ____D C:\Users\Yeriah\AppData\LocalLow\Mozilla 2017-02-03 13:44 - 2017-02-03 13:51 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Mozilla 2017-02-03 13:44 - 2017-02-03 13:44 - 00001177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00001165 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-03 13:44 - 2017-02-03 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-03 13:42 - 2017-02-03 13:43 - 00245584 _____ C:\Users\Yeriah\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-02 18:56 - 2017-02-02 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-02-02 01:42 - 2017-02-02 01:43 - 04121760 _____ (Husdawg, LLC) C:\Users\Yeriah\Downloads\Detection.exe 2017-02-01 22:17 - 2017-02-01 22:44 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Tera_Awesomium 2017-02-01 04:15 - 2017-02-01 14:02 - 00000000 ____D C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN 2017-02-01 04:14 - 2017-02-01 04:14 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN (1).torrent 2017-02-01 04:10 - 2017-02-01 04:10 - 00057141 _____ C:\Users\Yeriah\Downloads\PSO2E4JP_SETUPEN.torrent 2017-01-30 12:02 - 2017-01-30 12:02 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2017-01-30 12:02 - 2017-01-30 12:02 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2017-01-27 14:17 - 2017-01-27 14:18 - 00730192 _____ C:\Users\Yeriah\Downloads\download (1).htm 2017-01-26 14:11 - 2017-01-26 14:11 - 00072999 _____ C:\Users\Yeriah\Downloads\Índice-de-trabalhos.xlsx 2017-01-26 02:26 - 2016-05-22 23:37 - 00032299 ____N C:\Users\Yeriah\Downloads\Game.of.Thrones.S06E05.WEBRip.1080p.x264-NOGRP.srt 2017-01-26 02:25 - 2017-01-26 02:25 - 00014552 _____ C:\Users\Yeriah\Downloads\game-of-thrones-season-6-episode-5-arabic-21123.zip 2017-01-25 21:43 - 2017-01-25 21:43 - 00003166 _____ C:\Windows\System32\Tasks\klcp_update 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2017-01-25 21:40 - 2017-01-25 21:40 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-01-25 21:39 - 2017-01-25 21:40 - 14306797 _____ (KLCP ) C:\Users\Yeriah\Downloads\K-Lite_Codec_Pack_1285_Basic.exe 2017-01-25 21:39 - 2017-01-25 21:39 - 00712340 _____ ( ) C:\Users\Yeriah\Downloads\klcp_update_1282_20170119.exe 2017-01-25 21:17 - 2017-01-25 21:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones Season 6 S06 Complete 1080p WEB DL x265 HEVC SUJAIDR 2017-01-25 18:21 - 2017-01-25 18:28 - 637577727 _____ (Brytenwalda Dev. ) C:\Users\Yeriah\Downloads\brytenwalda139.exe 2017-01-25 02:49 - 2017-02-01 17:52 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG 2017-01-25 00:07 - 2017-01-25 00:07 - 00000000 ____D C:\Users\Yeriah\Downloads\(2016) Minha Mãe é uma peça 2 HD-TS 2017-01-24 15:15 - 2017-01-24 15:18 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 5 2017-01-24 15:13 - 2017-01-26 01:07 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - Season 6 2017-01-23 17:48 - 2017-01-23 17:48 - 00008829 _____ C:\Users\Yeriah\Desktop\Novo(a) Planilha do Microsoft Excel.xlsx 2017-01-22 17:40 - 2017-01-22 17:40 - 00000000 ____D C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions 2017-01-22 15:52 - 2017-01-22 16:20 - 00000000 ____D C:\Users\Yeriah\Downloads\Arrival.2016.DVDScr.x264-4RRIVED 2017-01-22 15:52 - 2017-01-22 16:19 - 00000000 ____D C:\Users\Yeriah\Downloads\[ www.torrenting.me ] - Hacksaw.Ridge.2016.DVDScr.XVID.AC3.HQ.Hive-CM8 2017-01-22 00:50 - 2017-01-22 01:36 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 4 [HDTV] 2017-01-21 00:12 - 2017-01-21 00:12 - 00000744 _____ C:\Users\Yeriah\Desktop\Jogar Live-RO.lnk 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:12 - 2017-01-21 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Live-RO 2017-01-21 00:08 - 2017-01-21 00:08 - 210479692 _____ () C:\Users\Yeriah\Downloads\Instalador_Live-RO_2.0.exe 2017-01-20 01:18 - 2017-01-20 01:37 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part02.rar 2017-01-20 01:18 - 2017-01-20 01:26 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part03.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part04.rar 2017-01-20 01:18 - 2017-01-20 01:25 - 209715200 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part01.rar 2017-01-20 01:18 - 2017-01-20 01:22 - 114291302 _____ C:\Users\Yeriah\Downloads\DiplomacyCompilation+companions.part05.rar 2017-01-19 22:21 - 2017-01-19 22:42 - 275294916 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 01.mp4 2017-01-19 22:21 - 2017-01-19 22:28 - 323760185 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 02.mp4 2017-01-19 22:21 - 2017-01-19 22:28 - 269260586 _____ C:\Users\Yeriah\Downloads\Lei Maria da Penha - 11.340 de 2006 - Parte 03.mp4 2017-01-19 19:58 - 2017-01-20 21:48 - 00000000 ____D C:\Users\Yeriah\Downloads\Game of Thrones - The Complete Season 3 [HDTV] 2017-01-19 19:58 - 2017-01-19 23:17 - 00000000 ____D C:\Users\Yeriah\Downloads\Game.of.Thrones.S02 2017-01-18 18:50 - 2017-01-18 18:50 - 37503157 _____ C:\Users\Yeriah\Downloads\Professora Adriana Figueiredo - Falando em Português - Crase nas Locuções Femininas.mp4 2017-01-18 16:33 - 2017-01-18 16:34 - 00868962 _____ C:\Users\Yeriah\Downloads\Agente_Penitenciario_FUNDATEC_2014.zip 2017-01-18 02:25 - 2017-01-18 02:26 - 00000000 ____D C:\Users\Yeriah\Downloads\Game Of Thrones.S01.[Complete Season 1].BRRip.XviD-VLiS 2017-01-13 23:37 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\That Awkward Moment (2014) 2017-01-13 23:32 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Brothers.Grimsby.2016.HDRip.XViD-ETRG 2017-01-13 23:29 - 2017-01-16 16:58 - 00000000 ____D C:\Users\Yeriah\Downloads\Superbad Unrated (2007) 2017-01-13 22:50 - 2017-01-17 12:22 - 00000000 ____D C:\Users\Yeriah\Downloads\Downfall [2004] 2017-01-13 22:49 - 2017-01-14 09:57 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Hunt.2012.720p.BluRay.x264-x0r 2017-01-13 22:44 - 2017-01-14 09:58 - 00000000 ____D C:\Users\Yeriah\Downloads\The Pianist (2002) 2017-01-13 22:42 - 2017-01-14 09:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Forrest Gump (1994) 2017-01-13 22:42 - 2017-01-13 22:56 - 00000000 ____D C:\Users\Yeriah\Downloads\Schindlers List (1993) 2017-01-13 14:09 - 2017-01-13 14:09 - 00264160 _____ C:\Users\Yeriah\Downloads\b0f80a228ec00c32ba202d12f7e5bc99.pdf 2017-01-13 01:36 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Accountant.2016.HC.HDRip.X264.AC3-EVO 2017-01-12 00:45 - 2017-01-13 10:04 - 00000000 ____D C:\Users\Yeriah\Downloads\The Departed (2006) 2017-01-12 00:45 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\Reservoir Dogs (1992) [1080p] 2017-01-12 00:43 - 2017-01-12 10:27 - 00000000 ____D C:\Users\Yeriah\Downloads\The Shawshank Redemption (1994) 2017-01-12 00:31 - 2017-01-12 00:31 - 00000000 ____D C:\Users\Yeriah\Downloads\I Am Bolt 2016 720p BRRip 800 MB - iExTV 2017-01-11 23:00 - 2017-01-12 10:26 - 00000000 ____D C:\Users\Yeriah\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG 2017-01-07 14:49 - 2017-01-07 14:49 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\SmartSteamEmu 2017-01-05 18:55 - 2017-01-05 21:17 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Glyph 2017-01-05 18:55 - 2017-01-05 21:07 - 00000000 ____D C:\Program Files (x86)\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\Users\Todos os Usuários\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2017-01-05 18:55 - 2017-01-05 18:58 - 00000000 ____D C:\ProgramData\Glyph 2017-01-05 18:55 - 2017-01-05 18:55 - 00001015 _____ C:\Users\Yeriah\Desktop\Glyph.lnk 2017-01-05 18:51 - 2017-01-05 18:54 - 72398296 _____ (Trion Worlds Inc.) C:\Users\Yeriah\Downloads\GlyphInstall-0-160.exe 2017-01-05 18:03 - 2017-01-05 18:03 - 00000219 _____ C:\Users\Yeriah\Desktop\Left 4 Dead 2.url ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-02-04 14:13 - 2015-06-16 23:08 - 00000000 ____D C:\FRST 2017-02-04 04:24 - 2016-06-16 20:54 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-04 04:20 - 2016-06-16 20:54 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-04 03:53 - 2016-05-31 12:30 - 00001042 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-04 02:26 - 2015-04-10 21:24 - 00000000 ____D C:\Program Files (x86)\Steam 2017-02-04 00:30 - 2015-07-31 01:21 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\uTorrent 2017-02-04 00:06 - 2015-04-10 21:23 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-02-03 22:16 - 2015-04-06 13:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2017-02-03 22:09 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\discord 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-02-03 22:05 - 2015-12-02 17:25 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-03 22:05 - 2015-04-10 21:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive 2017-02-03 22:03 - 2016-05-31 12:30 - 00001038 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-02-03 22:03 - 2016-01-28 19:41 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys 2017-02-03 22:03 - 2016-01-28 19:41 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2017-02-03 22:02 - 2016-04-23 15:28 - 00000296 _____ C:\Windows\Tasks\AutoKMS.job 2017-02-03 22:02 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-03 19:45 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp 2017-02-03 13:45 - 2016-12-22 21:42 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Mozilla 2017-02-02 18:57 - 2016-05-31 12:30 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-02-01 22:56 - 2015-04-10 21:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps 2017-02-01 19:20 - 2015-04-06 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2017-01-31 21:56 - 2015-07-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-01-27 21:43 - 2014-11-22 00:43 - 01827170 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-27 21:43 - 2014-11-21 23:52 - 00784992 _____ C:\Windows\system32\prfh0416.dat 2017-01-27 21:43 - 2014-11-21 23:52 - 00163734 _____ C:\Windows\system32\prfc0416.dat 2017-01-27 21:43 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf 2017-01-27 02:33 - 2016-07-29 02:30 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time 2017-01-25 20:09 - 2015-07-31 03:59 - 00000000 ____D C:\Users\Yeriah\Documents\Mount&Blade Warband Savegames 2017-01-25 03:13 - 2015-05-13 21:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer 2017-01-22 17:08 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\NDF 2017-01-19 01:33 - 2016-12-15 01:47 - 00003178 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-19 01:33 - 2016-04-23 15:30 - 00002313 _____ C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-01-19 01:33 - 2015-07-23 21:54 - 00003186 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4078040627-3876670005-1468608263-1002 2017-01-16 22:11 - 2017-01-02 14:45 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\VIVO INTERNET 2017-01-15 21:20 - 2016-06-16 20:54 - 00003934 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2017-01-15 21:20 - 2016-06-16 20:54 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-15 21:20 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\system32\Macromed 2017-01-14 15:55 - 2015-05-24 00:34 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype 2017-01-14 15:53 - 2015-04-12 14:00 - 00000000 ____D C:\Users\Yeriah\AppData\Local\osu! 2017-01-13 17:23 - 2015-12-04 18:41 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time-Community 2017-01-13 17:10 - 2017-01-01 22:32 - 00000000 ____D C:\Users\Yeriah\Downloads\Cities - Skylines [FitGirl Repack] 2017-01-13 12:45 - 2016-12-22 20:38 - 00000078 _____ C:\Users\Yeriah\Desktop\Novo Documento de Texto (3).txt 2017-01-12 10:22 - 2015-04-10 21:17 - 00000000 ____D C:\Users\Yeriah 2017-01-12 10:19 - 2015-04-10 21:18 - 00000000 ____D C:\Users\Yeriah\Documents\Bluetooth Folder 2017-01-11 19:19 - 2016-08-01 03:08 - 00002179 _____ C:\Users\Yeriah\Desktop\Discord.lnk 2017-01-11 19:19 - 2016-08-01 03:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc 2017-01-11 19:18 - 2016-08-01 03:07 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Discord 2017-01-11 14:47 - 2016-05-31 11:45 - 00000000 ____D C:\Users\Yeriah\Desktop\Its all fun and games 2017-01-11 14:43 - 2015-12-27 22:54 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\DarkSoulsII 2017-01-11 12:14 - 2015-04-13 20:52 - 00000000 ____D C:\Windows\system32\MRT 2017-01-11 12:12 - 2015-04-13 20:52 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-01-09 15:07 - 2016-12-07 19:01 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ElevatedDiagnostics 2017-01-09 14:07 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\ModemLogs 2017-01-05 18:03 - 2015-04-10 21:30 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-23 00:58 - 2016-05-23 00:58 - 0000094 _____ () C:\Users\Yeriah\AppData\Local\fusioncache.dat 2015-04-06 13:10 - 2015-04-06 13:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-01-03 20:42 - 2015-11-04 20:42 - 0000032 ____R () C:\ProgramData\hash.dat 2015-04-06 13:37 - 2015-04-06 13:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log 2015-11-02 00:25 - 2015-11-02 00:25 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-04-06 13:32 - 2015-04-06 13:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log 2015-04-06 13:33 - 2015-04-06 13:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log 2015-04-06 13:35 - 2015-04-06 13:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log 2015-04-06 13:31 - 2015-04-06 13:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\hash.dat C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\hash.dat C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns arquivos em TEMP: ==================== 2016-12-31 00:25 - 2017-02-04 01:16 - 2077184 _____ () C:\Users\Yeriah\AppData\Local\Temp\GCAC.dll 2016-12-29 13:24 - 2016-12-29 13:24 - 43872728 _____ (Skype Technologies S.A.) C:\Users\Yeriah\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-28 20:26 ==================== Fim de FRST.txt ============================ Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 29-01-2017 Executado por Yeriah (04-02-2017 14:16:11) Executando a partir de C:\Users\Yeriah\Downloads Windows 8.1 Single Language (Update) (X64) (2015-04-10 23:17:14) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled) ASPNET (S-1-5-21-4078040627-3876670005-1468608263-1003 - Limited - Enabled) Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled) Yeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated) Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) Agarest - Generations of War Zero (HKLM-x32\...\1426762679_is1) (Version: 2.0.0.2 - GOG.com) Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios) Atualizações da NVIDIA 2.9.1.22 (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Auditorium (HKLM-x32\...\com.cipherprime.auditorium) (Version: 1.5.0 - UNKNOWN) Auditorium (x32 Version: 1.5.0 - UNKNOWN) Hidden Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden Brytenwalda versão 1.39 (HKLM-x32\...\{4D15C6C1-74C9-4AA4-8378-CEEDE7E53F39}_is1) (Version: 1.39 - Brytenwalda Dev.) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.) Cities: Skylines (HKLM-x32\...\Cities: Skylines_is1) (Version: - ) Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc) DeathTaker Gaming Mouse (HKLM-x32\...\{0614BCA9-3613-4171-8128-621991A9FBF2}}_is1) (Version: - ) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.) Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell System Detect (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Devilian Live-US (HKLM-x32\...\Glyph Devilian Live-US) (Version: - Trion Worlds, Inc.) DiRT 3 Complete Edition (HKLM\...\Steam App 321040) (Version: - Codemasters Racing Studio) Discord (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.) DjVuLibre+DjView (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.24+4.8 - DjVuZone) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.12 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION) Ethernal Ragnarok Online (HKLM-x32\...\Ethernal Ragnarok Online) (Version: - ) Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio) Gamersclub Anti Cheat (HKLM-x32\...\{C14C05CA-F9F5-45C3-9C23-43E10AF71897}) (Version: 1.00 - EMACLab) Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios) Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden Infestation: The New Z (HKLM\...\Steam App 555570) (Version: - Fredaikis AB) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jogos Level Up (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\bda992e0694a5bbb) (Version: 0.9.4.4 - Level Up) K-Lite Codec Pack 12.8.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.8.5 - KLCP) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve) LibUSB-Win32-0.1.10.1 (HKLM-x32\...\LibUSB-Win32_is1) (Version: 0.1.10.1 - LibUSB-Win32) LIMBO (HKLM\...\Steam App 48000) (Version: - Playdead) Live-RO v2.0 (HKLM-x32\...\Live-RO v2.0) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 15.0.4815.1001 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment) Mount&Blade Warband (HKLM-x32\...\Mount&Blade Warband) (Version: - ) Mozilla Firefox 51.0.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 pt-BR)) (Version: 51.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NVIDIA Driver de gráficos 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd) Painel de controle da NVIDIA 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - ) Popcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official) <==== ATENÇÃO Popcorn Time Community 0.3.8-6 (HKLM-x32\...\Popcorn Time Community 0.3.8-6) (Version: 0.3.8-6 - Popcorn Time Community) <==== ATENÇÃO Popcorn-Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn-Time) (Version: 0.3.9 - Popcorn Time) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.) Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.) ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.1.0 - ShareX Team) SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\Steam App 323370) (Version: - Bluehole Inc.) The Duel (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\The Duel) (Version: 10.00.00.00 - The Duel) TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version: - Nadeo) VIVO INTERNET (HKLM-x32\...\VIVO INTERNET) (Version: 16.002.10.18.149 - Huawei Technologies Co.,Ltd) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F000F}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\GAS Tecnologia\GBBD\npsf_scd_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Yeriah\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002_Classes\CLSID\{ea60f6df-ac6e-42a0-8d11-bad1341c1037}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0E5B5B44-5BE0-41F3-8641-A03E90C6DF3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {1CC4B002-A4C5-4761-8772-3291E9A6D8C0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink) Task: {4C83B209-A421-45F9-907C-34B8C6819A65} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {6D5066B8-652C-461E-8D14-54D5375979F0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.) Task: {96A504DD-E0C2-4AC7-93F4-14EA6214BBF1} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-15] (Adobe Systems Incorporated) Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated) Task: {A4D3BE19-9D0F-4016-8713-52470D410404} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) Task: {B1DB07FC-B0FF-4FBB-901F-942BD79AB160} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.) Task: {C245F196-52B8-4EDD-934D-64186B21A306} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation) Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.) Task: {CA2E9BE7-143D-40CF-8BBC-3C7891C83805} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-01-23] () Task: {CEB42939-C3D8-472D-B274-C4E928D799C0} - System32\Tasks\{F481EC1B-7C67-470A-B66C-3072BEA38EE8} => Chrome.exe hxxps://ui.skype.com/ui/0/7.29.80.102/pt/abandoninstall?page=tsMain Task: {D2721FD9-119F-49C5-A20A-5CF5FDBB4716} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-15] (Adobe Systems Incorporated) Task: {ECADC4F5-E83C-417F-852A-3B5A1BE8D6C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-05-31] (Dropbox, Inc.) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Atalhos ============================= (As entradas podem ser listadas para serem restauradas ou removidas.) WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: Shortcut: C:\Users\Yeriah\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1768213486_pt-br.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=eps&cc=BR&setlang=pt-BR&inlang=pt-BR&adlt=moderate&scale=100&contrast=none&hw=900%2C1600&CVID=87BF19B5AC4A4A5F865D827F18F3C32 ShortcutWithArgument: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.facebook.com\https_80\Facebook.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxps://www.facebook.com/ ==================== Módulos Carregados (Whitelisted) ============== 2015-04-06 13:28 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:29 - 2013-10-23 06:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-04-23 17:57 - 2014-03-07 00:23 - 00163840 _____ () C:\Windows\SysWOW64\WIN8_MBIM.exe 2015-07-23 21:47 - 2015-10-13 06:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-03-14 13:27 - 2011-03-14 13:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2016-05-30 12:48 - 2016-05-02 03:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-04-08 22:32 - 2016-05-02 03:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-05-30 12:48 - 2016-05-02 03:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2015-04-06 13:40 - 2014-06-04 16:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll 2015-04-06 13:40 - 2014-06-04 16:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-05-30 12:48 - 2016-05-02 03:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-04-08 22:33 - 2016-05-02 03:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-05-30 12:48 - 2016-05-02 03:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2014-11-30 20:59 - 2014-11-30 20:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-11-30 20:56 - 2014-11-30 20:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2014-11-30 21:02 - 2014-11-30 21:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe 2015-04-06 13:40 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe 2016-05-30 12:47 - 2016-05-02 03:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-05-30 12:47 - 2016-05-02 03:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2015-04-06 13:33 - 2013-03-05 01:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2015-12-02 17:25 - 2016-05-02 04:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-12-14 19:23 - 2016-12-08 05:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-14 19:23 - 2016-12-08 05:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll 2016-02-29 15:21 - 2013-10-23 19:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-04-06 13:21 - 2013-09-17 10:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2015-04-06 13:40 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll 2015-04-06 13:40 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll 2015-04-06 13:39 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll 2015-06-05 00:15 - 2016-12-23 16:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2015-06-05 00:15 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2015-04-10 21:27 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2015-04-10 21:27 - 2017-01-18 23:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-03-09 17:30 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-12-17 00:38 - 2017-01-05 01:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll 2015-06-05 00:15 - 2017-01-18 23:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll 2015-04-10 21:27 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10] AlternateDataStreams: C:\Windows\System32:38800886_Scd.gbp [2] AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicredi.com.br -> correspondente.sicredi.com.br IE trusted site: HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\sicreditotal.com.br -> internet.sicreditotal.com.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 11:25 - 2016-04-21 17:00 - 00000822 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Yeriah\Pictures\Camera Roll\WIN_20160801_155757.JPG DNS Servers: 189.7.120.16 - 189.7.120.15 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == HKLM\...\StartupApproved\Run: => "BCSSync" HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui" HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "DeathTaker" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "Skype" HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\StartupApproved\Run: => "KSS" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exe FirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe FirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe FirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [UDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe FirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{A50394C2-A2C8-42D1-9913-B788465D4B71}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8A9E4633-0220-49A1-AD38-3A8BEF6773E9}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{8DDB9F28-1DFF-4E22-BE48-E3B745E81393}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{FDAF8DF1-7C19-4079-8FB3-EE13E0933252}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1BF6C2B7-9894-4AAF-99F4-8EACF367DAAE}] => C:\Users\Yeriah\Downloads\Client19-04\MiniA.exe FirewallRules: [{C5802C00-234F-4260-BDDF-937D01A18514}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{ECADBAD9-DED3-4A5D-ADF0-5001265A1903}] => C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe FirewallRules: [{FF655954-4826-4750-8DB2-BE32D1215562}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{FDF80600-A36E-4410-AF7D-BFC702033C3A}] => C:\Users\Yeriah\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{39027F61-95F8-42ED-A430-A3AFBB5029B1}] => C:\WarThunder\launcher.exe FirewallRules: [{6BB2BAED-6F82-4375-8B5D-53D44C081281}] => C:\WarThunder\launcher.exe FirewallRules: [{2BEADD49-A308-428E-A350-62A3B0AB956D}] => C:\WarThunder\bpreport.exe FirewallRules: [{02FE9A07-E173-4084-ABD8-D5E5C0A8377A}] => C:\WarThunder\bpreport.exe FirewallRules: [{B3951357-658F-4BF1-9E04-DE61068E3257}] => C:\WarThunder\bpreport.exe FirewallRules: [{FCC9C62F-688C-4C27-ABA8-1057110932DA}] => C:\WarThunder\bpreport.exe FirewallRules: [{8AAEB9BB-2474-4930-B6EF-503360BB5E53}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{CEF379B0-0539-4968-8FA2-0E38355A4E0B}] => C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{C68278C5-37A4-439C-9F8C-E44E904C8995}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{BD230D35-67A7-42EE-86E3-76D8122E7050}C:\users\yeriah\appdata\local\popcorn time\nw.exe] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{53394B0C-C290-402C-AB8D-B1A7C0425D43}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [{BC9052AC-993E-4707-8BFB-11C5E6ED14B4}] => C:\users\yeriah\appdata\local\popcorn time\nw.exe FirewallRules: [TCP Query User{C749D356-0608-4A09-A8CD-4567226B2FED}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [UDP Query User{1F48A2AC-1E29-453E-A42E-75DC7D0E3E37}C:\warthunder\aces.exe] => C:\warthunder\aces.exe FirewallRules: [{197AF25F-FB06-4356-84B5-A78E426E29B3}] => C:\warthunder\aces.exe FirewallRules: [{1FB98CF2-872E-49B4-B4E3-D1442FB6D7F0}] => C:\warthunder\aces.exe FirewallRules: [{FC710CD5-CE45-474F-896A-1FCB1C6F69FA}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{CA2AA8BC-CA4C-45C7-85B6-D80CE7A143FE}] => C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe FirewallRules: [{685514C9-3F4E-414C-B020-7E829457D36C}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{CFE8B538-3AF6-4482-A056-37E235384927}] => C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{53AA33B9-CFA5-4C90-AB6B-65ED4128B74C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{82313A54-8DF5-4275-94C2-73D80567F3CF}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{3082165F-B22A-43E6-89DB-8A39498F2F81}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{8AE76FFF-3740-4D7F-B0F3-3D53C5D72BB0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{22D952A1-B7BE-4BD2-848B-9403564FB5F1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9B574E13-8687-4B01-80B2-AB6F829C0858}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{10B7BA3A-324B-4CEA-9CB0-31D9DCAF9261}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{A90EC4A2-CE9B-4E0B-A8E5-7E0CB9650A8A}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [UDP Query User{EEB0D4DE-0ED1-44B7-8272-0AFCF129834D}C:\users\yeriah\appdata\local\popcorn time community\nw.exe] => C:\users\yeriah\appdata\local\popcorn time community\nw.exe FirewallRules: [{12ECF169-5DDB-4103-87D6-C965DF9E1B82}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{5AA28CC5-D000-4F63-8EB1-BC5461B25E60}] => C:\Program Files (x86)\Steam\steamapps\common\Europa Universalis IV\eu4.exe FirewallRules: [{DCF0D338-0F1D-477B-96F8-53C248AEB096}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{B1619273-C2E4-41F5-A5FC-602B027CBDD2}] => C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe FirewallRules: [{DD197B50-9EFD-4307-939C-C2F71A3D374E}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{E9765AAF-28F7-4963-96A6-A737F6A3F2B5}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{4A22EDC7-66FA-48EA-9EE4-B52A33E9B6A6}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{F6F5946F-0382-442D-9F82-C7DF6E03A243}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{03C81E77-685E-4CFE-AF85-E5D30AD3FD24}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [UDP Query User{8E08222C-B8B1-4BBA-BEE4-CEBA65AA5875}C:\program files (x86)\youwave android\vb\vboxsdl.exe] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{EB066444-8F9A-4031-823D-276917AA9EFE}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [{5973F6B9-C809-4D52-AEA4-B2CC02B578BD}] => C:\program files (x86)\youwave android\vb\vboxsdl.exe FirewallRules: [TCP Query User{205B53D8-C279-4532-967A-A1FE813FC821}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [UDP Query User{0A236397-E0FA-4BCD-A151-5B3F973063A4}C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{DFA1C7FF-4B49-4947-A770-6B836F2C7343}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{E075125C-DF2D-4428-8AC3-B8DA718F1AB9}] => C:\users\yeriah\appdata\roaming\acestream\engine\ace_engine.exe FirewallRules: [{41EF1CF8-A36B-4595-9B31-3186EAABBC10}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [{FB72A7B5-DD7F-4C86-9139-F82E0828B6C4}] => C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe FirewallRules: [TCP Query User{33B17861-98D2-4961-AAA4-8C11E3ECBCBE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{F17972EF-E18D-4150-8C1D-8CF80453F8BE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{EEAAC134-C2C4-4052-8FA3-D9413A1E67DB}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{71EB2023-5E95-44A0-BCD1-02C0DA499CF0}] => C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{FED30E57-20A6-4C56-80BF-CA0A562943BC}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [{C01647E1-BAA5-411D-B752-1CCA59D4A3FE}] => C:\Program Files (x86)\Steam\steamapps\common\Commandos 2 Men of Courage\Legacy\comm2.exe FirewallRules: [TCP Query User{C9FF5578-4947-4FF8-AFEB-2B9063D1053F}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [UDP Query User{75CC8D15-3E4A-4624-BE51-54516B7AC77B}C:\users\yeriah\appdata\local\popcorn-time\nw.exe] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{342447EF-FA7F-44E9-8DA0-80DEC3345D6B}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [{96FC42AB-D7D8-42A3-989E-EF391D5A2FE5}] => C:\users\yeriah\appdata\local\popcorn-time\nw.exe FirewallRules: [TCP Query User{0E696DE2-9DC0-483C-88F4-BD39FAE89033}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [UDP Query User{A331AC7B-6DFF-4FEF-BE16-94250F765220}C:\program files (x86)\age of empires iii - complete collection\age3y.exe] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{0CA0176B-1463-4AE2-9000-0AC96F1BBBE0}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{FDBC7881-C61A-4F2F-A00E-43818B833559}] => C:\program files (x86)\age of empires iii - complete collection\age3y.exe FirewallRules: [{08241F7F-8302-47C9-882F-02DD2EB40A07}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{9EFCDD09-7CB0-4295-8718-79DFCC8363A1}] => C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe FirewallRules: [{6D016F01-6ABB-4068-B814-F9C93BA05DC2}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [{B58051DC-A0B0-4C3E-9106-C4A88055E790}] => C:\Program Files (x86)\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe FirewallRules: [TCP Query User{6E6A3DBF-F86E-4C15-900D-7A9DEF34018F}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [UDP Query User{C4F63F50-F2C7-4998-B6D7-4D05D69E347E}C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{67AD6FD2-2B9A-491D-98AC-9234CC3B360D}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{7B40F75A-E65B-4F86-B104-43057222D502}] => C:\users\yeriah\appdata\local\apps\2.0\mygmk82n.p6j\67a92b6p.gyn\leve..tion_3af41edd49c109a3_0000.0009_68082bad8b8cd4e1\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe FirewallRules: [{BC8C6A8E-3391-43F0-A8F6-FBD756312430}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{E5989D0A-3E75-4794-91CA-BD742625B87E}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForever.exe FirewallRules: [{99DF59A5-5914-424C-B5C7-339251DA6E47}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{B23EC8C8-4CCB-4D63-AFAB-2B1067C70456}] => C:\Program Files (x86)\Steam\steamapps\common\TrackMania Nations Forever\TmForeverLauncher.exe FirewallRules: [{6F240318-6852-42A2-8830-1414FFA7A32D}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [{78BE5F88-35CD-45FA-9FDD-4B7C3100D24F}] => C:\Program Files (x86)\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe FirewallRules: [TCP Query User{DD86E353-70F9-4D48-B2CF-1333C4AA02C6}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [UDP Query User{8522E945-BE92-4FAB-8513-BBB798DC42F8}C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{EBE5CB3C-15D6-4FB9-B93B-B1ADA93E12BE}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{CD409AEA-FC03-4620-A1B7-31858B1D1457}] => C:\program files (x86)\steam\steamapps\common\newz\thenewz.exe FirewallRules: [{2D4FBBE8-83BD-438D-A315-45A916A0F685}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{92AA8FE7-FBCD-4748-A024-B289C857835D}] => C:\Program Files (x86)\Steam\steamapps\common\NewZ\NewZLauncher.exe FirewallRules: [{CFF9BA8C-4230-4760-A0EA-5BB2F4906FA4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{84120510-4803-4D38-868C-3A7F6928EB24}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{E7E361D1-D253-42C3-AB7C-4F8B4A0EE2A0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{EA234F39-9B58-4DDA-9704-F83FA922D2E8}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [UDP Query User{4C030473-4740-468D-8871-B067EDB0C7EC}C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe] => C:\program files (x86)\emaclab\gamersclub anti cheat\gclauncher.exe FirewallRules: [TCP Query User{62CE4C19-6D79-45E2-8617-591D4F9784DD}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [UDP Query User{540D1B1B-8621-4C34-811F-48CA94CEE4C3}C:\program files (x86)\the duel\theduel.exe] => C:\program files (x86)\the duel\theduel.exe FirewallRules: [TCP Query User{19003352-5DC6-4D52-8518-8B145BE8A34A}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [UDP Query User{FE0AB68A-4919-46E3-B6FC-9C7B5E2CC4F6}C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe] => C:\users\yeriah\downloads\saltandsanctuaryv1.0.0.4\salt and sanctuary v1.0.0.4\salt and sanctuary\salt.exe FirewallRules: [{18676C17-2F3D-4EA5-918A-99D6FCC0FFDE}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{7EDFC0B2-B342-40BC-BCAA-DFE6F315B7FF}] => C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe FirewallRules: [{DB8435E3-09C5-414E-A743-02064EDE2967}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{46326887-570E-473E-A082-A4E8B0085FDC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CE8EECB4-7CFE-4C95-AC0F-9518E262EEB3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Pontos de Restauração ========================= 03-02-2017 19:42:20 Windows Update ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: LogMeIn Hamachi Virtual Ethernet Adapter Description: LogMeIn Hamachi Virtual Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn Inc. Service: Hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (02/04/2017 12:30:37 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa uTorrent.exe versão 3.4.9.43085 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1560 Hora de Início: 01d27e876512ebd9 Hora de Término: 15 Caminho do Aplicativo: C:\Users\Yeriah\AppData\Roaming\uTorrent\uTorrent.exe ID do Relatório: e1dea44a-ea81-11e6-82c9-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/03/2017 10:09:45 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 12b0 Hora de Início: 01d27e7a31148157 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe ID do Relatório: 27547f54-ea6e-11e6-82c9-7429afa47974 Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/03/2017 10:02:37 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/02/2017 06:56:56 PM) (Source: DbxSvc) (EventID: 320) (User: ) Description: Failed to connect to the driver: (-2147024894) O sistema não pode encontrar o arquivo especificado. Error: (02/02/2017 06:56:55 PM) (Source: DbxSvc) (EventID: 270) (User: ) Description: Filter Unload failed with: (-2145452013) O sistema não pôde localizar o filtro especificado. Error: (02/02/2017 04:16:32 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa left4dead2.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1cdc Hora de Início: 01d27d195dddb631 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe ID do Relatório: 2361c07e-e90f-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/01/2017 10:55:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: TERA-Launcher.exe, versão: 3.5.3.2, carimbo de data/hora: 0x5236e244 Nome do módulo com falha: gbiehScd.dll, versão: 4.14.0.106, carimbo de data/hora: 0x55cce4d4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x00160a5b ID do processo com falha: 0x20cc Hora de início do aplicativo com falha: 0x01d27ce96a2da0d5 Caminho do aplicativo com falha: C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe Caminho do módulo com falha: C:\Program Files (x86)\GbPlugin\gbiehScd.dll ID do Relatório: 5a1485bb-e8e2-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/01/2017 07:41:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa LiveComm.exe versão 17.5.9600.20911 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1c8c Hora de Início: 01d27cd32f911972 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe ID do Relatório: 22546f8c-e8c7-11e6-82c8-7429afa47974 Nome completo do pacote com falha: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: ppleae38af2e007f4358a809ac99a64a67c1 Error: (02/01/2017 08:24:15 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: Um problema impediu que os dados do Programa de Aperfeiçoamento da Experiência do Usuário fossem enviados para a Microsoft, (Erro 80070005). Error: (02/01/2017 02:43:45 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa csgo.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 2ca4 Hora de Início: 01d27c45a5ec7e46 Hora de Término: 12 Caminho do Aplicativo: C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe ID do Relatório: f4b82d96-e838-11e6-82c8-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (02/03/2017 10:09:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Serviço Intel(R) Management and Security Application Local Management Service suspenso ao iniciar. Error: (02/03/2017 10:07:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Dell Digital Delivery Service devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:07:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Digital Delivery Service. Error: (02/03/2017 10:07:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Dell Foundation Services devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:07:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Dell Foundation Services. Error: (02/03/2017 10:03:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço LogMeIn Hamachi Tunneling Engine devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (02/03/2017 10:03:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço LogMeIn Hamachi Tunneling Engine. Error: (02/03/2017 10:02:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço LibUsb-Win32 - Daemon, Version 0.1.10.1 devido ao seguinte erro: O sistema não pode encontrar o arquivo especificado. Error: (02/03/2017 10:02:03 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\drivers\libusb0.sys Error: (02/03/2017 10:01:58 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \SystemRoot\SysWow64\drivers\libusb0.sys CodeIntegrity: =================================== Date: 2017-02-02 22:18:32.047 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-16 15:11:43.716 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-13 14:36:36.847 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-11 12:11:02.359 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-03 18:05:28.785 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-01-02 02:13:56.712 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-19 17:38:40.909 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-11 16:27:40.146 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-12-06 21:41:12.262 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-11-20 08:08:56.210 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentagem de memória em uso: 49% RAM física total: 8096.46 MB RAM física disponível: 4074.86 MB Virtual Total: 11168.46 MB Virtual disponível: 7012.63 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:547.18 GB) NTFS Drive d: (CDROM) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT. ==================== Fim de Addition.txt ============================ Thanks!
-
Hello guys, my computer is showing some realy weird comportament, after i've scanned with Malwarebytes it found somewhat like 3000 itens, most with the same name. As soon as i start it it is ok, but sometime later my notebook goes damn slow (Somewhat like 10min working well), stop opening some sites and stuff. Ty for any help. Addition.txt FRST.txt
-
Actually was an AD from the own site, it seems that is everything ok now! I thank you very much Borislav.
-
Hum.. Ads seems to be gone, but still, sometimes when i click somewhere in page and "ad-page" opens, not sure if normal. Ty anyway!
-
Sorry for the delay. Here it is. C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application cleaned by deleting - quarantined
-
Hello, here are the logs. Malwarebytes Anti-Malwarewww.malwarebytes.org Data da Verificação: 17/06/2015Hora da Verificação: 23:23:01Arquivo de Log: ddd.txtAdministrador: Sim Versão: 2.01.6.1022Base de Dados de Malware: v2015.06.17.05Base de Dados de Rootkit: v2015.06.15.01Licença: GrátisProteção de Malware: DesabilitadoProteção de Site Malicioso: DesabilitadoAuto-Proteção: Desabilitado SO: Windows 8.1Processador: x64Sistema de Arquivos: NTFSUsuário: Yeriah Tipo da Verificação: Verificar AmeaçaResultado: TerminadoObjetos Verificados: 381450Tempo Decorrido: 13 min, 33 seg Memória: HabilitadoInicialização: HabilitadoSistema de Arquivos: HabilitadoArquivos Compactados: HabilitadoRootkits: DesabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 0(Nenhum item malicioso detectado) Módulos: 0(Nenhum item malicioso detectado) Chaves de Registro: 0(Nenhum item malicioso detectado) Valores de Registro: 0(Nenhum item malicioso detectado) Dados de Registro: 0(Nenhum item malicioso detectado) Pastas: 0(Nenhum item malicioso detectado) Arquivos: 1PUP.Optional.OpenCandy, C:\Users\Yeriah\Downloads\PowerISO6-x64.exe, , [498006b58901d1651efe5e0f57af1be5], Setores Físicos: 0(Nenhum item malicioso detectado) (end) Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015Ran by Yeriah at 2015-06-17 23:14:07 Run:1Running from C:\Users\Yeriah\DownloadsLoaded Profiles: UpdatusUser & Yeriah (Available Profiles: UpdatusUser & Yeriah)Boot Mode: Normal============================================== fixlist content:*****************startCloseProcesses:FirewallRules: [{B885A1E5-DD6C-44A9-B35E-3CB4E2A47590}] => (Allow) C:\Program Files\BitComet\BitComet.exeFirewallRules: [{63BB8BEF-0CF7-4CC5-8543-B34ACD0B5B3A}] => (Allow) C:\Program Files\BitComet\BitComet.exeC:\Program Files\BitCometURLSearchHook: [s-1-5-21-4078040627-3876670005-1468608263-1001] ATTENTION ==> Default URLSearchHook is missingSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =2015-06-16 22:06 - 2015-05-13 20:09 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BitComet2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\Users\Todos os Usuários\softthinks2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\ProgramData\softthinksC:\Users\Yeriah\AppData\Local\Temp\i4jdel0.exeEmptyTemp:end***************** Processes closed successfully.HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B885A1E5-DD6C-44A9-B35E-3CB4E2A47590} => value removed successfullyHKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63BB8BEF-0CF7-4CC5-8543-B34ACD0B5B3A} => value removed successfully"C:\Program Files\BitComet" => File/Folder not found.Could not restore Default URLSearchHook.HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyHKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfullyC:\Users\Yeriah\AppData\Roaming\BitComet => moved successfully. "C:\Users\Todos os Usuários\softthinks" folder move: Could not move "C:\Users\Todos os Usuários\softthinks" folder => Scheduled to move on reboot. "C:\ProgramData\softthinks" folder move: Could not move "C:\ProgramData\softthinks" folder => Scheduled to move on reboot. C:\Users\Yeriah\AppData\Local\Temp\i4jdel0.exe => moved successfully.EmptyTemp: => 3.9 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-17 23:17:38)<= C:\Users\Todos os Usuários\softthinks => Is moved successfullyC:\ProgramData\softthinks => Is moved successfully ==== End of Fixlog 23:17:38 ====
-
Hello guys, it has been some time since some popups started to shown everywhere, in my browser, and even inside a game (Dota2). I'd be glad if you could help me on this. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015Ran by Yeriah (administrator) on PC-DO-ALEX on 16-06-2015 22:08:19Running from C:\Users\Yeriah\DownloadsLoaded Profiles: UpdatusUser & Yeriah (Available Profiles: UpdatusUser & Yeriah)Platform: Windows 8.1 Single Language (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Atheros Communications) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-04-07] (Power Software Ltd)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-11-30] (Atheros Communications)HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28920448 2015-05-14] (Skype Technologies S.A.)HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\MountPoints2: E - "E:\Setup.exe" AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-02] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [326224 2013-08-02] (NVIDIA Corporation)ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=genHKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=genURLSearchHook: [s-1-5-21-4078040627-3876670005-1468608263-1001] ATTENTION ==> Default URLSearchHook is missingSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-14] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-14] (Oracle Corporation)Tcpip\Parameters: [DhcpNameServer] 89.248.171.33 8.8.8.8 FireFox:========FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-14] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-14] (Oracle Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.) Chrome: =======CHR Profile: C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-10]CHR Extension: (Google Docs) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-10]CHR Extension: (Google Drive) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-10]CHR Extension: (YouTube) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-10]CHR Extension: (Google Search) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-10]CHR Extension: (Google Sheets) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-10]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]CHR Extension: (Google Wallet) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-10]CHR Extension: (Gmail) - C:\Users\Yeriah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-10] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [322176 2014-11-30] (Windows ® Win 7 DDK provider) [File not signed]S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1141248 2015-06-06] ()S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [92528 2015-05-05] (Dell)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{21AC100C-C882-4DE7-A7E4-EBD00657F486} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-11-10] (Qualcomm Atheros Communications, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-11-30] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-02] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-08-02] (Synaptics Incorporated)S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 22:08 - 2015-06-16 22:08 - 00015787 _____ C:\Users\Yeriah\Downloads\FRST.txt2015-06-16 22:08 - 2015-06-16 22:08 - 00000000 ____D C:\FRST2015-06-16 22:07 - 2015-06-16 22:07 - 02109952 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST64.exe2015-06-16 22:05 - 2015-06-16 22:06 - 01148416 _____ (Farbar) C:\Users\Yeriah\Downloads\FRST.exe2015-06-16 22:04 - 2015-06-16 22:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-16 22:03 - 2015-06-16 22:03 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-16 22:03 - 2015-06-16 22:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-16 22:03 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-16 22:03 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-16 22:03 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-06-16 22:00 - 2015-06-16 22:01 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Yeriah\Downloads\mbam-setup-2.1.6.1022.exe2015-06-16 17:11 - 2015-06-16 17:11 - 00000000 ____D C:\Users\Yeriah\Documents\Amnesia2015-06-16 16:13 - 2015-06-16 16:13 - 00002198 _____ C:\Users\Yeriah\Desktop\Amnesia.lnk2015-06-16 16:13 - 2015-06-16 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent2015-06-16 16:07 - 2015-06-16 16:13 - 00000000 ____D C:\Program Files (x86)\Amnesia - The Dark Descent2015-06-14 16:56 - 2015-06-14 16:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2015-06-14 16:56 - 2015-06-14 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-06-14 16:56 - 2015-06-14 16:56 - 00000000 ____D C:\Program Files (x86)\Java2015-06-14 16:46 - 2015-06-14 16:46 - 00562272 _____ (Oracle Corporation) C:\Users\Yeriah\Downloads\chromeinstall-8u45 (1).exe2015-06-14 16:38 - 2015-06-14 16:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\Yeriah\Downloads\HijackThis.exe2015-06-14 16:34 - 2015-06-14 16:34 - 00001286 _____ C:\Users\Yeriah\Desktop\Revo Uninstaller.lnk2015-06-14 16:34 - 2015-06-14 16:34 - 00000000 ____D C:\Program Files (x86)\VS Revo Group2015-06-14 16:32 - 2015-06-14 16:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Yeriah\Downloads\revosetup.exe2015-06-14 16:29 - 2015-06-14 16:29 - 00000000 ___RD C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2015-06-14 16:27 - 2015-06-14 16:27 - 00000000 ____D C:\_OTL2015-06-14 16:22 - 2015-06-14 16:22 - 00071004 _____ C:\Users\Yeriah\Downloads\Extras.Txt2015-06-14 16:21 - 2015-06-14 16:21 - 00102608 _____ C:\Users\Yeriah\Downloads\OTL.Txt2015-06-14 16:15 - 2015-06-14 16:15 - 00602112 _____ (OldTimer Tools) C:\Users\Yeriah\Downloads\OTL.exe2015-06-14 16:13 - 2015-06-14 16:13 - 00001682 _____ C:\Users\Yeriah\Desktop\JRT.txt2015-06-14 16:12 - 2015-06-14 16:12 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PC-DO-ALEX-Windows-8.1-Single-Language-(64-bit).dat2015-06-14 16:12 - 2015-06-14 16:12 - 00000000 ____D C:\RegBackup2015-06-14 16:10 - 2015-06-14 16:10 - 02944147 _____ (Thisisu) C:\Users\Yeriah\Downloads\JRT.exe2015-06-14 15:58 - 2015-06-14 16:04 - 00000000 ____D C:\AdwCleaner2015-06-14 15:57 - 2015-06-14 15:58 - 02231296 _____ C:\Users\Yeriah\Downloads\AdwCleaner.exe2015-06-09 19:47 - 2015-05-25 10:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll2015-06-09 19:47 - 2015-05-25 10:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll2015-06-09 19:47 - 2015-04-08 19:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll2015-06-09 19:47 - 2015-04-08 19:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml2015-06-09 19:47 - 2015-04-01 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2015-06-09 19:47 - 2015-04-01 19:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2015-06-09 19:47 - 2015-03-20 00:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll2015-06-09 19:47 - 2015-03-20 00:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll2015-06-09 19:47 - 2015-03-19 23:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2015-06-09 19:47 - 2015-03-19 23:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2015-06-09 19:47 - 2015-03-01 22:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll2015-06-09 19:47 - 2015-03-01 22:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll2015-06-09 19:46 - 2015-05-27 11:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-06-09 19:46 - 2015-05-27 11:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-06-09 19:46 - 2015-05-23 00:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-06-09 19:46 - 2015-05-23 00:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2015-06-09 19:46 - 2015-05-23 00:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-06-09 19:46 - 2015-05-23 00:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-06-09 19:46 - 2015-05-23 00:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2015-06-09 19:46 - 2015-05-22 23:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-06-09 19:46 - 2015-05-22 23:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-06-09 19:46 - 2015-05-22 23:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-06-09 19:46 - 2015-05-22 23:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-06-09 19:46 - 2015-05-22 23:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-06-09 19:46 - 2015-05-22 23:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-06-09 19:46 - 2015-05-22 23:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-06-09 19:46 - 2015-05-22 23:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-06-09 19:46 - 2015-05-22 23:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-06-09 19:46 - 2015-05-22 23:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2015-06-09 19:46 - 2015-05-22 23:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-06-09 19:46 - 2015-05-22 23:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-06-09 19:46 - 2015-05-22 23:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-06-09 19:46 - 2015-05-22 16:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-06-09 19:46 - 2015-05-22 16:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-06-09 19:46 - 2015-05-22 16:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2015-06-09 19:46 - 2015-05-22 15:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-06-09 19:46 - 2015-05-22 15:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-06-09 19:46 - 2015-05-22 15:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-06-09 19:46 - 2015-05-22 15:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-06-09 19:46 - 2015-05-22 15:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-06-09 19:46 - 2015-05-22 15:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-06-09 19:46 - 2015-05-22 15:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-06-09 19:46 - 2015-05-22 15:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-06-09 19:46 - 2015-05-22 15:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-06-09 19:46 - 2015-05-22 15:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-06-09 19:46 - 2015-05-22 15:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-06-09 19:46 - 2015-05-22 15:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-06-09 19:46 - 2015-05-22 14:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-06-09 19:46 - 2015-05-22 14:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-06-09 19:46 - 2015-05-22 14:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-06-09 19:46 - 2015-05-22 14:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-06-09 19:46 - 2015-05-22 14:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-06-09 19:46 - 2015-04-24 23:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2015-06-09 19:46 - 2015-04-24 23:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll2015-06-09 19:46 - 2015-04-16 03:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS2015-06-09 19:46 - 2015-04-13 19:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll2015-06-09 19:46 - 2015-04-13 19:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll2015-06-09 19:46 - 2015-04-09 21:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll2015-06-09 19:46 - 2015-04-09 21:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll2015-06-09 19:46 - 2015-04-01 01:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe2015-06-09 19:46 - 2015-04-01 01:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll2015-06-09 19:46 - 2015-04-01 01:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll2015-06-09 19:46 - 2015-04-01 01:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll2015-06-09 19:46 - 2015-04-01 00:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll2015-06-09 19:46 - 2015-04-01 00:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll2015-06-09 19:46 - 2015-04-01 00:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe2015-06-09 19:46 - 2015-03-31 23:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll2015-06-09 19:46 - 2015-03-31 23:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe2015-06-09 19:46 - 2015-03-31 23:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll2015-06-09 19:46 - 2015-03-31 23:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll2015-06-09 19:46 - 2015-03-31 23:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll2015-06-09 19:46 - 2015-03-31 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe2015-06-09 19:45 - 2015-05-21 13:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-06-08 00:11 - 2015-06-08 00:20 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\OBS2015-06-08 00:11 - 2015-06-08 00:11 - 00000953 _____ C:\Users\Yeriah\Desktop\Open Broadcaster Software.lnk2015-06-08 00:11 - 2015-06-08 00:11 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software2015-06-08 00:11 - 2015-06-08 00:11 - 00000000 ____D C:\Program Files\OBS2015-06-08 00:11 - 2015-06-08 00:11 - 00000000 ____D C:\Program Files (x86)\OBS2015-06-08 00:10 - 2015-06-08 00:11 - 07072745 _____ C:\Users\Yeriah\Downloads\OBS_0_651b_Installer.exe2015-06-08 00:08 - 2015-06-08 00:08 - 00000000 ____D C:\Users\Yeriah\Downloads\Converter2015-06-08 00:06 - 2015-06-08 00:07 - 11299041 _____ C:\Users\Yeriah\Downloads\Converter.zip2015-06-07 19:10 - 2015-06-07 19:38 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Knights Saves2015-06-07 19:04 - 2015-06-07 19:04 - 00000222 _____ C:\Users\Yeriah\Desktop\Knights and Merchants.url2015-06-07 17:33 - 2015-06-07 17:33 - 00000000 ____D C:\Users\Yeriah\AppData\Local\GWX2015-06-06 22:55 - 2015-06-07 02:55 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\.minecraft2015-06-06 22:55 - 2015-06-06 22:55 - 00160088 _____ C:\Users\Yeriah\Downloads\Minecraft (1).rar2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\Users\Todos os Usuários\Sun2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\Users\Todos os Usuários\Oracle2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\ProgramData\Sun2015-06-06 22:54 - 2015-06-06 22:54 - 00000000 ____D C:\ProgramData\Oracle2015-06-06 22:51 - 2015-06-06 22:52 - 00562272 _____ (Oracle Corporation) C:\Users\Yeriah\Downloads\chromeinstall-8u45.exe2015-06-06 22:50 - 2015-06-06 22:50 - 00000000 ____D C:\Users\Yeriah\Downloads\Minecraft2015-06-06 17:11 - 2015-06-06 17:11 - 00001172 _____ C:\Users\Public\Desktop\Battle.net.lnk2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Battle.net2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Blizzard Entertainment2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Battle.net2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Users\Todos os Usuários\Blizzard Entertainment2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\ProgramData\Blizzard Entertainment2015-06-06 17:11 - 2015-06-06 17:11 - 00000000 ____D C:\Program Files (x86)\Battle.net2015-06-06 17:08 - 2015-06-06 21:40 - 00000000 ____D C:\Users\Yeriah\AppData\Local\ArmA 2 OA2015-06-06 17:08 - 2015-06-06 17:10 - 00000000 ____D C:\Users\Yeriah\Documents\ArmA 22015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\Users\Todos os Usuários\Bohemia Interactive Studio2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\Users\Todos os Usuários\Battle.net2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\ProgramData\Bohemia Interactive Studio2015-06-06 17:08 - 2015-06-06 17:08 - 00000000 ____D C:\ProgramData\Battle.net2015-06-06 15:27 - 2015-06-06 15:27 - 00000222 _____ C:\Users\Yeriah\Desktop\Arma 2 DayZ Mod.url2015-06-06 14:08 - 2015-06-06 14:08 - 03080760 _____ (Blizzard Entertainment) C:\Users\Yeriah\Downloads\Heroes-of-the-Storm-Setup-ptBR.exe2015-06-06 14:06 - 2015-06-06 14:06 - 00000221 _____ C:\Users\Yeriah\Desktop\Arma 2 Operation Arrowhead.url2015-06-05 23:33 - 2015-06-05 23:33 - 00160088 _____ C:\Users\Yeriah\Downloads\Minecraft.rar2015-06-04 23:28 - 2015-05-22 10:08 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-06-04 23:28 - 2015-05-21 10:08 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-06-04 23:28 - 2015-05-21 10:08 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2015-06-04 23:28 - 2015-05-21 10:08 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-06-04 23:28 - 2015-04-16 19:07 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-05-30 17:35 - 2015-05-30 17:36 - 627681016 _____ C:\Users\Yeriah\Downloads\Life 01.avi2015-05-29 23:46 - 2015-05-30 14:52 - 00000136 _____ C:\Windows\ODBC.INI2015-05-25 13:55 - 2015-05-25 13:55 - 00000000 ____D C:\Users\Yeriah\AppData\Local\SKIDROW2015-05-25 13:17 - 2015-05-25 13:17 - 08552448 _____ C:\Users\Yeriah\Downloads\hamachi (1).msi2015-05-23 23:36 - 2015-05-23 23:36 - 00000000 ____D C:\Users\Yeriah\Tracing2015-05-23 23:34 - 2015-06-16 13:58 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00002715 _____ C:\Users\Public\Desktop\Skype.lnk2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ___RD C:\Program Files (x86)\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\Users\Todos os Usuários\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\ProgramData\Skype2015-05-23 23:34 - 2015-05-23 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-05-23 23:31 - 2015-05-23 23:34 - 43028096 _____ (Skype Technologies S.A.) C:\Users\Yeriah\Downloads\SkypeSetupFull.exe2015-05-20 19:35 - 2015-05-20 19:35 - 00002321 _____ C:\Users\Public\Desktop\Europa Universalis IV El Dorado.lnk2015-05-20 19:35 - 2015-05-20 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradox Interactive2015-05-20 19:32 - 2015-05-20 19:32 - 00000000 ____D C:\Program Files (x86)\Paradox Interactive2015-05-20 19:30 - 2015-05-20 19:30 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\PowerISO2015-05-20 18:48 - 2015-05-20 18:48 - 00000826 _____ C:\Users\Public\Desktop\PowerISO.lnk2015-05-20 18:48 - 2015-05-20 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO2015-05-20 18:48 - 2015-05-20 18:48 - 00000000 ____D C:\Program Files\PowerISO2015-05-20 18:48 - 2015-04-07 23:01 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys2015-05-20 18:47 - 2015-05-20 18:47 - 02814520 _____ (Power Software Ltd) C:\Users\Yeriah\Downloads\PowerISO6-x64.exe2015-05-20 18:47 - 2015-05-20 18:47 - 00171768 _____ C:\Users\Yeriah\Downloads\[kat.cr]europa.universalis.iv.el.dorado.skidrow.torrent2015-05-20 18:00 - 2015-05-20 18:00 - 00000000 ____D C:\Users\Yeriah\Documents\Paradox Interactive2015-05-17 14:47 - 2015-05-17 14:47 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes2015-05-17 14:47 - 2015-05-17 14:47 - 00000000 ____D C:\ProgramData\Malwarebytes2015-05-17 14:45 - 2015-05-17 14:45 - 21547816 _____ (Malwarebytes Corporation ) C:\Users\Yeriah\Downloads\mbam-setup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-16 22:08 - 2015-04-10 20:47 - 00000000 ____D C:\Users\Yeriah\AppData\Local\CrashDumps2015-06-16 22:08 - 2015-04-10 20:23 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4078040627-3876670005-1468608263-10022015-06-16 22:08 - 2015-04-06 12:28 - 01583072 _____ C:\Windows\WindowsUpdate.log2015-06-16 22:06 - 2015-05-13 20:09 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BitComet2015-06-16 22:00 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\sru2015-06-16 21:34 - 2015-04-10 20:23 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-16 20:24 - 2015-04-18 22:19 - 00000000 ____D C:\Users\Yeriah\AppData\Local\LogMeIn Hamachi2015-06-16 20:06 - 2015-04-10 20:24 - 00000000 ____D C:\Program Files (x86)\Steam2015-06-16 19:05 - 2015-04-21 16:38 - 00000000 ____D C:\Users\Yeriah\AppData\Local\Popcorn-Time2015-06-14 22:20 - 2015-04-06 12:19 - 00000000 ____D C:\Program Files\Dell2015-06-14 20:37 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness2015-06-14 16:57 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache2015-06-14 16:41 - 2015-04-10 20:17 - 00000000 ____D C:\Users\Yeriah\AppData\Local\VirtualStore2015-06-14 16:37 - 2015-04-06 12:39 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery2015-06-14 16:30 - 2015-04-10 20:23 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-06-14 16:28 - 2015-04-10 20:21 - 00000000 ___RD C:\Users\Yeriah\OneDrive2015-06-14 16:28 - 2013-08-22 11:46 - 00026006 _____ C:\Windows\setupact.log2015-06-14 16:28 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-06-14 16:27 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI2015-06-14 16:05 - 2014-11-21 17:32 - 00051864 _____ C:\Windows\PFRO.log2015-06-13 17:23 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF2015-06-13 15:55 - 2013-08-22 11:44 - 00346864 _____ C:\Windows\system32\FNTCACHE.DAT2015-06-13 15:53 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ToastData2015-06-13 15:53 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PolicyDefinitions2015-06-09 22:14 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp2015-06-09 22:13 - 2015-04-13 19:52 - 00000000 ____D C:\Windows\system32\MRT2015-06-09 22:09 - 2015-04-13 19:52 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-06-09 20:35 - 2015-04-10 20:24 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-06-08 21:16 - 2014-11-22 00:16 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll2015-06-08 21:16 - 2014-11-22 00:16 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll2015-06-08 21:16 - 2014-11-22 00:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe2015-06-08 21:16 - 2014-11-22 00:16 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll2015-06-08 21:16 - 2013-08-22 08:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll2015-06-08 21:16 - 2013-08-22 08:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe2015-06-08 21:16 - 2013-08-22 08:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll2015-06-08 21:16 - 2013-08-22 08:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll2015-06-08 21:16 - 2013-08-22 08:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll2015-06-08 21:16 - 2013-08-22 00:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll2015-06-08 21:16 - 2013-08-22 00:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe2015-06-08 21:16 - 2013-08-22 00:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll2015-06-08 21:16 - 2013-08-22 00:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll2015-06-08 21:16 - 2013-08-22 00:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll2015-06-07 19:04 - 2015-04-10 20:30 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-06-07 17:35 - 2015-04-19 12:51 - 00000000 ____D C:\Windows\system32\appraiser2015-06-07 17:35 - 2014-11-22 07:35 - 00000000 ___SD C:\Windows\system32\CompatTel2015-06-06 17:08 - 2015-04-10 22:18 - 00027598 _____ C:\Windows\DirectX.log2015-06-04 23:11 - 2015-04-10 20:17 - 00000000 ____D C:\Users\Yeriah2015-06-03 13:18 - 2014-11-22 07:44 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-06-03 13:18 - 2014-11-22 07:44 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-05-30 17:53 - 2015-05-13 20:43 - 00000000 ____D C:\Users\Yeriah\AppData\Roaming\BSplayer2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\Users\Todos os Usuários\softthinks2015-05-29 23:32 - 2015-04-10 20:22 - 00000000 ____D C:\ProgramData\softthinks2015-05-20 19:29 - 2015-04-06 12:31 - 00000000 ____D C:\Users\Todos os Usuários\CyberLink2015-05-20 19:29 - 2015-04-06 12:31 - 00000000 ____D C:\ProgramData\CyberLink2015-05-19 23:52 - 2015-04-19 12:50 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-05-19 23:52 - 2015-04-19 12:50 - 00000000 ___SD C:\Windows\system32\GWX2015-05-19 12:08 - 2014-11-21 23:43 - 01800588 _____ C:\Windows\system32\PerfStringBackup.INI2015-05-19 12:08 - 2014-11-21 22:52 - 00775938 _____ C:\Windows\system32\prfh0416.dat2015-05-19 12:08 - 2014-11-21 22:52 - 00159030 _____ C:\Windows\system32\prfc0416.dat2015-05-19 11:55 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel2015-05-19 11:55 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers ==================== Files in the root of some directories ======= 2015-04-06 12:10 - 2015-04-06 12:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2015-04-06 12:37 - 2015-04-06 12:37 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log2015-04-06 12:32 - 2015-04-06 12:33 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log2015-04-06 12:33 - 2015-04-06 12:35 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log2015-04-06 12:35 - 2015-04-06 12:37 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log2015-04-06 12:31 - 2015-04-06 12:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP:====================C:\Users\Yeriah\AppData\Local\Temp\i4jdel0.exeC:\Users\Yeriah\AppData\Local\Temp\Quarantine.exeC:\Users\Yeriah\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-06 14:12 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015Ran by Yeriah at 2015-06-16 22:09:08Running from C:\Users\Yeriah\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-4078040627-3876670005-1468608263-500 - Administrator - Disabled)Convidado (S-1-5-21-4078040627-3876670005-1468608263-501 - Limited - Disabled)UpdatusUser (S-1-5-21-4078040627-3876670005-1468608263-1001 - Limited - Enabled) => C:\Users\UpdatusUserYeriah (S-1-5-21-4078040627-3876670005-1468608263-1002 - Administrator - Enabled) => C:\Users\Yeriah ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version: - Bohemia Interactive)Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)Atualizações da NVIDIA 7.2.17 (Version: 7.2.17 - NVIDIA Corporation) HiddenBattle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1078 - AB Team, d.o.o.)CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)Dell Foundation Services (HKLM\...\{90B2EE35-59D0-4A1F-B125-9F678D46A955}) (Version: 2.1.125.0 - Dell Inc.)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)Europa Universalis IV El Dorado (HKLM-x32\...\Europa Universalis IV El Dorado_is1) (Version: - )Fraps (HKLM-x32\...\Fraps) (Version: - )Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)Knights and Merchants (HKLM-x32\...\Steam App 253900) (Version: - Topware Interactive)LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) HiddenMalwarebytes Anti-Malware versão 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)NVIDIA Driver de gráficos 326.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.49 - NVIDIA Corporation)NVIDIA GeForce Experience 1.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6 - NVIDIA Corporation)Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )osu! (HKLM-x32\...\{b6a62150-824b-4c5b-ba99-2d147c2df4dc}) (Version: latest - ppy Pty Ltd)Painel de controle da NVIDIA 326.49 (Version: 326.49 - NVIDIA Corporation) HiddenPopcorn Time (HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\...\Popcorn Time) (Version: - Popcorn Official)PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.336 - Qualcomm Atheros Communications)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.)Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version: - Wild Shadow Studios)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 19-05-2015 23:51:01 Windows Update06-06-2015 12:41:10 Windows Update08-06-2015 21:16:33 Instalador de Módulos do Windows14-06-2015 16:35:10 Revo Uninstaller's restore point - Geeks3D FurMark 1.14.116-06-2015 22:06:01 Revo Uninstaller's restore point - BitComet 1.38 64-bit ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0D38A464-134F-45C2-9B44-4939B4AD4C29} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-15] (Microsoft Corporation)Task: {2AE09075-FB53-4A98-A624-623F2A7715D6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-09] (Microsoft Corporation)Task: {46B13078-2731-4342-8DB0-C8F87299F3DF} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-05] (CyberLink)Task: {53A59D03-B3DE-4CE9-A3B8-1EF14DAEE6BE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {622D948D-4982-461A-BAE8-8EF07D5204D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)Task: {63DAF388-63D6-4C61-BC69-81E3CA74754E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)Task: {79B37FB6-C8E9-4EA9-9DE8-23C70E6BD8D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-10] (Google Inc.)Task: {A06293AC-5DF6-443A-90C0-A027D0623E81} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {A301D762-1D51-49C6-BD2E-72807499BA0E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-02] (Synaptics Incorporated)Task: {B52C1A44-819C-4F99-B74B-BBB04ABE82B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)Task: {C44999D9-7089-4D0D-B715-5B11EBD2B9EF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)Task: {D3A0A38B-D40F-4EE1-9189-0953647F706A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasksTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-06 12:28 - 2013-08-02 04:10 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2015-04-06 12:29 - 2013-08-01 10:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-04-06 12:40 - 2014-06-04 15:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll2015-04-06 12:40 - 2014-06-04 15:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll2015-04-06 12:40 - 2014-06-04 15:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll2014-11-30 19:59 - 2014-11-30 19:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2014-11-30 19:56 - 2014-11-30 19:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll2014-11-30 20:02 - 2014-11-30 20:02 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe2015-04-06 12:40 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe2015-06-04 23:15 - 2015-04-16 14:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-06-04 23:15 - 2015-04-22 23:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll2015-06-04 23:15 - 2015-06-04 15:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll2015-06-04 23:15 - 2015-04-22 23:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-06-04 23:15 - 2015-04-22 23:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll2015-04-10 20:27 - 2014-12-01 18:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2015-04-10 20:27 - 2014-12-01 18:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2015-04-10 20:27 - 2015-06-04 15:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2015-04-06 12:33 - 2013-03-05 00:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-03-05 11:41 - 2013-03-05 11:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2015-04-10 20:27 - 2015-05-11 16:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2015-04-06 12:21 - 2013-09-17 09:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2015-04-06 12:40 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll2015-04-06 12:40 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll2015-04-06 12:39 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll2015-06-09 20:35 - 2015-06-05 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll2015-06-09 20:35 - 2015-06-05 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll2015-06-09 20:35 - 2015-06-05 15:22 - 15003464 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll2015-05-19 12:04 - 2015-05-11 16:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Yeriah\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4078040627-3876670005-1468608263-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpgDNS Servers: 89.248.171.33 - 8.8.8.8 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{A77C0DB9-39AE-4AFA-9E74-E5145A107663}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{5AEC61D9-A259-4DF2-A8C3-B16A50C96CE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{B5D5FA41-624B-45CD-AC1C-6902914D8136}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{7775B65D-1289-40D2-8275-EC696DB74864}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exeFirewallRules: [{EFC2FBD8-E071-478B-B153-E92AC57DD59C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{F90BB543-515F-4D17-9A66-03D254B7BFF9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{5397D920-A69D-470C-B0A4-E2582F39BE65}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{AD184BDB-0CE9-4F03-A57E-5AF578245351}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{E45A42AB-D859-41E7-9482-0D78EA98C7CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exeFirewallRules: [{8451F65E-4EF5-4F1A-AA01-812171207F2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Realm of the Mad God\Realm of the Mad God.exeFirewallRules: [{08A9337F-64E6-4ACA-9365-37474E4B6C5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{442BA43A-2E20-4176-9E75-3F573405745F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exeFirewallRules: [{99A91F38-4B39-4E74-A294-C071082172B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeFirewallRules: [{AA23D751-966C-4491-BB7E-AD4D4AEB056A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeFirewallRules: [TCP Query User{CFB2C708-5556-40F8-A924-6E15E3494765}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [uDP Query User{2D66258F-CE04-4681-B992-2B9ECBCE8425}C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [{AE3D81A7-E9E0-43C1-8E30-9AC1B8E7AFC9}] => (Block) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [{03588A51-CCEC-4ADF-AF72-0A316AA51995}] => (Block) C:\users\yeriah\appdata\local\popcorn time\node-webkit\popcorn time.exeFirewallRules: [{B885A1E5-DD6C-44A9-B35E-3CB4E2A47590}] => (Allow) C:\Program Files\BitComet\BitComet.exeFirewallRules: [{63BB8BEF-0CF7-4CC5-8543-B34ACD0B5B3A}] => (Allow) C:\Program Files\BitComet\BitComet.exeFirewallRules: [TCP Query User{51BCC054-3711-48C4-897C-7CFF29C0EDED}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{DC36F516-164A-42BF-BBDD-7FAEB5014058}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{B5668247-4F07-4C1C-A2D5-D3F73DD2663C}] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{9C32E667-EF94-445C-B001-EC61B5A4B629}] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{ED51094A-35A7-41B3-9054-9975B12AB207}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => (Allow) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [uDP Query User{14D67858-45AF-4F2C-8986-EB60DAFFD1CF}C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exe] => (Allow) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [{61ECF8B2-A907-44DE-80F9-CB933610F696}] => (Block) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [{8AD36D9E-7BDA-4A8A-964A-A22DBA327A87}] => (Block) C:\program files (x86)\paradox interactive\europa universalis iv el dorado\eu4_server.exeFirewallRules: [{21B5650D-27F8-4707-928E-456BE8746D1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exeFirewallRules: [{D8CF4E9E-DD00-48BD-98B0-180D64DB54A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA_BE.exeFirewallRules: [{70A52FD1-2788-457F-A46C-8309CCC813AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exeFirewallRules: [{C263DD9D-93E8-45E6-9E5F-1CA61AF60BF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 2 Operation Arrowhead\ArmA2OA.exeFirewallRules: [{F5DE2FA1-5E57-4294-8285-7A7CEF3C3753}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{8A84F26B-1460-41EC-90F3-DE9E789777FA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [TCP Query User{700AE3F0-D876-42FF-9476-89BB5D9462A1}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exeFirewallRules: [uDP Query User{FC34F8E7-36FD-4ED7-9531-AE7A4BA3DAFD}C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_45\bin\javaw.exeFirewallRules: [{B9CBC7B9-E61A-4D78-966F-5BA69E48F7C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\KM_TPR.exeFirewallRules: [{103AFE67-C2EF-449B-AD99-28909F11424B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\KM_TPR.exeFirewallRules: [{4C9D8F2E-F54C-4588-B4FC-6979EC7C627C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exeFirewallRules: [{4B9770E2-61C7-4E8D-9BEA-B911E9E1651A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Knights and Merchants Historical Version\hd\Knights_and_Merchants_steam.exeFirewallRules: [{1CD95820-D464-49ED-8DDD-A11BDDC83465}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/16/2015 10:08:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: ERUNT.exe, versão: 0.0.0.0, carimbo de data/hora: 0x2a425e19Nome do módulo com falha: uxtheme.dll, versão: 6.3.9600.17415, carimbo de data/hora: 0x54503957Código de exceção: 0xc0000005Deslocamento da falha: 0x000322ffID do processo com falha: 0x191cHora de início do aplicativo com falha: 0xERUNT.exe0Caminho do aplicativo com falha: ERUNT.exe1Caminho do módulo com falha: ERUNT.exe2ID do Relatório: ERUNT.exe3Nome completo do pacote com falha: ERUNT.exe4ID do aplicativo relativo ao pacote com falha: ERUNT.exe5 Error: (06/16/2015 05:13:26 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: O programa Amnesia.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações. ID do Processo: 1d7c Hora de Início: 01d0a870b56a9209 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Amnesia.exe ID do Relatório: 24ca2263-1464-11e5-8265-7429afa47974 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (06/16/2015 02:46:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/15/2015 06:55:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 05:26:19 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (06/14/2015 02:48:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 01:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: hl2.exe, versão: 0.0.0.0, carimbo de data/hora: 0x552d15e0Nome do módulo com falha: client.dll, versão: 1.0.0.1, carimbo de data/hora: 0x556b2796Código de exceção: 0xc0000005Deslocamento da falha: 0x0015f34aID do processo com falha: 0x490Hora de início do aplicativo com falha: 0xhl2.exe0Caminho do aplicativo com falha: hl2.exe1Caminho do módulo com falha: hl2.exe2ID do Relatório: hl2.exe3Nome completo do pacote com falha: hl2.exe4ID do aplicativo relativo ao pacote com falha: hl2.exe5 Error: (06/13/2015 05:27:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: hl2.exe, versão: 0.0.0.0, carimbo de data/hora: 0x552d15e0Nome do módulo com falha: client.dll, versão: 1.0.0.1, carimbo de data/hora: 0x556b2796Código de exceção: 0xc0000005Deslocamento da falha: 0x0015f34aID do processo com falha: 0x1d7cHora de início do aplicativo com falha: 0xhl2.exe0Caminho do aplicativo com falha: hl2.exe1Caminho do módulo com falha: hl2.exe2ID do Relatório: hl2.exe3Nome completo do pacote com falha: hl2.exe4ID do aplicativo relativo ao pacote com falha: hl2.exe5 Error: (06/13/2015 05:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nome do aplicativo com falha: hl2.exe, versão: 0.0.0.0, carimbo de data/hora: 0x552d15e0Nome do módulo com falha: client.dll, versão: 1.0.0.1, carimbo de data/hora: 0x556b2796Código de exceção: 0xc0000005Deslocamento da falha: 0x0015f34aID do processo com falha: 0x200cHora de início do aplicativo com falha: 0xhl2.exe0Caminho do aplicativo com falha: hl2.exe1Caminho do módulo com falha: hl2.exe2ID do Relatório: hl2.exe3Nome completo do pacote com falha: hl2.exe4ID do aplicativo relativo ao pacote com falha: hl2.exe5 Error: (06/13/2015 04:47:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 System errors:=============Error: (06/14/2015 04:27:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\athihvs.dll Error: (06/14/2015 04:27:29 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\athihvs.dll Error: (06/14/2015 04:27:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\athihvs.dll Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço SoftThinks Agent Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Cyberlink RichVideo Service(CRVS) foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Steam Client Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Intel® Dynamic Application Loader Host Interface Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço Intel® Rapid Storage Technology foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço LogMeIn Hamachi Tunneling Engine foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (06/14/2015 04:12:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: O serviço NVIDIA Update Service Daemon foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Microsoft Office:=========================Error: (06/16/2015 10:08:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: ERUNT.exe0.0.0.02a425e19uxtheme.dll6.3.9600.1741554503957c0000005000322ff191c01d0a89a0f37a7a9C:\Windows\ERUNT.exeC:\Windows\system32\uxtheme.dll4d08462b-148d-11e5-8265-7429afa47974 Error: (06/16/2015 05:13:26 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Amnesia.exe0.0.0.01d7c01d0a870b56a92094294967295C:\Program Files (x86)\Amnesia - The Dark Descent\redist\Amnesia.exe24ca2263-1464-11e5-8265-7429afa47974 Error: (06/16/2015 02:46:23 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/15/2015 06:55:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 05:26:19 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (06/14/2015 02:48:58 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (06/14/2015 01:00:34 AM) (Source: Application Error) (EventID: 1000) (User: )Description: hl2.exe0.0.0.0552d15e0client.dll1.0.0.1556b2796c00000050015f34a49001d0a6484907789cC:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exec:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\client.dlle8045810-1249-11e5-8263-7429afa47974 Error: (06/13/2015 05:27:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: hl2.exe0.0.0.0552d15e0client.dll1.0.0.1556b2796c00000050015f34a1d7c01d0a616e8a3c0d2C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exec:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\client.dlla5aa9f92-120a-11e5-8263-7429afa47974 Error: (06/13/2015 05:22:18 PM) (Source: Application Error) (EventID: 1000) (User: )Description: hl2.exe0.0.0.0552d15e0client.dll1.0.0.1556b2796c00000050015f34a200c01d0a6150757ffbfC:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exec:\program files (x86)\steam\steamapps\common\garrysmod\garrysmod\bin\client.dlle2c373c8-1209-11e5-8263-7429afa47974 Error: (06/13/2015 04:47:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 ==================== Memory info =========================== Processor: Intel® Core i7-4510U CPU @ 2.00GHzPercentage of memory in use: 44%Total physical RAM: 8096.46 MBAvailable physical RAM: 4477.27 MBTotal Pagefile: 9376.46 MBAvailable Pagefile: 4997.4 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:922.03 GB) (Free:826.41 GB) NTFSDrive e: (Amnesia - The Da) (CDROM) (Total:0.95 GB) (Free:0 GB) CDFSDrive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFSDrive y: (PBR Image) (Fixed) (Total:8.09 GB) (Free:0.73 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 86BA5996) Partition: GPT Partition Type. ==================== End of log ============================