Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 23-02-2017
Executado por joao (administrador) em JOAO-PC (23-02-2017 02:23:30)
Executando a partir de C:\Users\joao\Downloads
Perfis Carregados: joao (Perfis Disponíveis: joao)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Sandboxie Holdings, LLC) D:\sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Pingzapper\PZService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) D:\sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzFpsApplet\RzFpsApplet.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\Bluestacks.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\Bluestacks\BstkSVC.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM-x32\...\Run: [Kraken0502Launcher] => C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe [1599808 2015-08-14] (Razer Inc)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [{8CCCD0E7-56E4-45FB-B3FB-9F5183C2F4F0}] => "C:\Users\joao\Downloads\LeagueofLegends_BR_Installer_2016_05_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{8CCCD0E7-56E4-45FB-B3FB-9F5183C2F4F0}"
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [Chromium] => c:\users\joao\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [SandboxieControl] => D:\sandboxie\SbieCtrl.exe [799376 2016-12-13] (Sandboxie Holdings, LLC)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-07] (Banco do Brasil)
Startup: C:\Users\joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2017-02-22]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 187.123.62.41 187.123.62.36 201.6.4.116
Tcpip\..\Interfaces\{B06641F2-E632-423D-B4B3-171BE7D1A13E}: [DhcpNameServer] 187.123.62.41 187.123.62.36 201.6.4.116
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131190306024044200&GUID=EA24B8E6-605C-428A-BC77-8B3DADD8F7C3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131190306024044200&GUID=EA24B8E6-605C-428A-BC77-8B3DADD8F7C3
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131190306024200200&GUID=EA24B8E6-605C-428A-BC77-8B3DADD8F7C3
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-793131916-1262031037-2198829704-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-793131916-1262031037-2198829704-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: lf7ot01h.default
FF ProfilePath: C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default [2017-02-23]
FF NewTab: Mozilla\Firefox\Profiles\lf7ot01h.default -> about:newtab
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lf7ot01h.default -> google
FF Homepage: Mozilla\Firefox\Profiles\lf7ot01h.default -> about:home
FF Extension: (MEGA) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\Extensions\firefox@mega.co.nz.xpi [2017-02-17]
FF Extension: (Malware Search) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2017-02-15]
FF Extension: (Adblock Plus) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\features\{fe4782fc-a49a-41d5-bedd-c2e429b47b07}\disableSHA1rollout@mozilla.org.xpi [2017-02-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-10-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-10-21] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-10-21] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [394512 2016-11-29] (EasyAntiCheat Ltd)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-06-07] (GAS Tecnologia)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-10] (Hi-Rez Studios) [Arquivo não assinado]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325112 2017-02-20] (Overwolf LTD)
R2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-01-22] () [Arquivo não assinado]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
R2 SbieSvc; D:\sandboxie\SbieSvc.exe [197776 2016-12-13] (Sandboxie Holdings, LLC)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2016-07-14] ()
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-10-21] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-10-07] (Bluestack System Inc. )
S3 cpuz140; C:\Users\joao\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [45888 2017-02-07] (CPUID) <==== ATENÇÃO
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-22] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-02-22] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-05-09] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-02-07] (REALiX(tm))
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-23] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [42000 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44048 2016-10-30] (Razer Inc)
R3 SbieDrv; D:\sandboxie\SbieDrv.sys [205968 2016-12-13] (Sandboxie Holdings, LLC)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-05-09] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-02-22] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-11-11] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia)
S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-23 02:23 - 2017-02-23 02:24 - 00020516 _____ C:\Users\joao\Downloads\FRST.txt
2017-02-23 02:23 - 2017-02-23 02:23 - 00000000 ____D C:\FRST
2017-02-23 02:22 - 2017-02-23 02:22 - 02423296 _____ (Farbar) C:\Users\joao\Downloads\FRST64.exe
2017-02-23 02:14 - 2017-02-23 02:14 - 00000000 ____D C:\Windows\CheckSur
2017-02-23 02:04 - 2017-02-23 02:04 - 00003132 _____ C:\Windows\System32\Tasks\{3D9AF35D-243F-41EC-9C88-B3D89BAA8D94}
2017-02-23 02:03 - 2017-02-23 02:03 - 14749120 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x64(2).exe
2017-02-23 02:01 - 2017-02-23 02:01 - 14749120 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x64(1).exe
2017-02-23 02:00 - 2017-02-23 02:00 - 14572000 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x64.exe
2017-02-23 01:59 - 2017-02-23 01:59 - 13767776 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x86.exe
2017-02-23 01:40 - 2017-02-23 01:40 - 00001437 _____ C:\Users\joao\Desktop\MU_LEGEND.lnk
2017-02-23 01:40 - 2017-02-23 01:40 - 00000000 ____D C:\Users\joao\AppData\Local\VCLStylesSkin
2017-02-23 01:40 - 2017-02-23 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MU LEGEND GLOBAL
2017-02-23 01:30 - 2017-02-23 01:30 - 00000000 ____D C:\Program Files (x86)\Webzen
2017-02-22 23:12 - 2017-02-23 01:29 - 00000000 ____D C:\download
2017-02-22 23:11 - 2017-02-22 23:11 - 00000000 ____D C:\Users\Todos os Usuários\WEBZEN
2017-02-22 23:11 - 2017-02-22 23:11 - 00000000 ____D C:\ProgramData\WEBZEN
2017-02-22 23:09 - 2017-02-22 23:09 - 05929456 _____ C:\Users\joao\Downloads\MU_LEGEND_Downloader_EN.exe
2017-02-22 22:10 - 2017-02-22 22:10 - 00566839 _____ C:\Users\joao\Desktop\AI_AGGRO.rar
2017-02-20 17:53 - 2017-02-20 17:54 - 40620408 _____ C:\Users\joao\Downloads\Pack GRFs CrimsonRo.rar
2017-02-20 17:39 - 2017-02-20 17:40 - 00004377 _____ C:\Users\joao\Downloads\plugin.ini
2017-02-18 14:35 - 2017-02-18 14:35 - 01420880 _____ C:\Users\joao\ts3_recording_17_02_18_14_35_37.wav
2017-02-17 11:21 - 2017-02-17 11:21 - 00000723 _____ C:\Users\joao\Desktop\Sandboxed Web Browser.lnk
2017-02-17 11:21 - 2017-02-17 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-02-15 13:33 - 2017-02-15 13:33 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-15 13:32 - 2017-02-23 01:49 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-15 13:32 - 2017-02-22 18:41 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-15 13:32 - 2017-02-22 18:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-15 13:32 - 2017-02-22 18:40 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-15 13:32 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-15 13:30 - 2017-02-15 13:31 - 55566792 _____ (Malwarebytes ) C:\Users\joao\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-15 12:57 - 2017-02-15 12:58 - 00000000 ____D C:\AdwCleaner
2017-02-15 12:56 - 2017-02-15 12:57 - 04015056 _____ C:\Users\joao\Downloads\adwcleaner_6.043.exe
2017-02-15 12:43 - 2017-02-15 12:43 - 00000000 ____D C:\Users\joao\Desktop\PLAYLIST SELECIONADA
2017-02-15 11:14 - 2017-02-15 11:14 - 00000000 ____D C:\Users\joao\AppData\Local\4kdownload.com
2017-02-15 11:14 - 2017-02-15 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-02-15 11:14 - 2017-02-15 11:14 - 00000000 ____D C:\Program Files (x86)\4KDownload
2017-02-15 11:09 - 2017-02-15 11:09 - 00105722 _____ C:\Users\joao\Downloads\Flash-2017.zip
2017-02-14 10:55 - 2017-02-14 10:55 - 00000003 _____ C:\Windows\SysWOW64\HRUPPROG.EXIT
2017-02-14 10:54 - 2017-02-14 10:55 - 00000003 _____ C:\Windows\SysWOW64\HRUPPROG.TXT
2017-02-14 00:58 - 2017-02-14 00:58 - 00000000 ____D C:\Users\cesar_000\Desktop\GRFdoInsanity
2017-02-14 00:58 - 2017-02-14 00:58 - 00000000 ____D C:\Users\cesar_000
2017-02-14 00:56 - 2017-02-14 00:56 - 07144691 _____ C:\Users\joao\Downloads\GRF+Editor.rar
2017-02-13 20:41 - 2017-02-13 20:41 - 00001281 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2017-02-13 20:38 - 2017-02-13 20:39 - 123589304 _____ (Razer Inc. ) C:\Users\joao\Downloads\RazerCortexSetup_7.6.8.66.exe
2017-02-13 18:00 - 2017-02-13 18:01 - 55975680 _____ C:\Users\joao\Downloads\black (2).grf
2017-02-13 13:48 - 2017-02-13 13:48 - 00262144 _____ C:\Windows\Minidump\021317-18174-01.dmp
2017-02-12 12:10 - 2017-02-12 12:10 - 00262144 ____N C:\Windows\Minidump\021217-18298-01.dmp
2017-02-10 10:11 - 2017-02-10 10:11 - 00385760 _____ C:\Windows\Minidump\021017-18657-01.dmp
2017-02-08 12:03 - 2017-02-08 12:03 - 00000000 ___RD C:\Sandbox
2017-02-08 00:39 - 2017-02-16 11:33 - 00001682 _____ C:\Windows\Sandboxie.ini
2017-02-08 00:37 - 2017-02-08 00:37 - 05485792 _____ (Sandboxie Holdings, LLC) C:\Users\joao\Downloads\SandboxieInstall64-516.exe
2017-02-07 13:41 - 2017-01-20 11:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-07 13:35 - 2017-01-23 20:04 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-07 13:35 - 2017-01-23 20:04 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 34934720 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 28209720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 19008392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 16403200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 14677456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 14286392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-07 13:35 - 2017-01-20 13:36 - 11123424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 03623992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 03185720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 01051072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00990264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00496680 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00412720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00173272 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00156792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00150760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00135840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-07 13:35 - 2017-01-20 13:36 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-07 13:04 - 2017-02-07 13:04 - 00027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-02-07 13:04 - 2017-02-07 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-02-07 13:04 - 2017-02-07 13:04 - 00000000 ____D C:\Program Files\HWiNFO64
2017-02-07 13:02 - 2017-02-07 13:02 - 03782064 _____ (Martin Malík - REALiX ) C:\Users\joao\Downloads\hw64_544.exe
2017-02-07 11:28 - 2017-02-07 11:28 - 01189840 _____ ( ) C:\Users\joao\Downloads\hwmonitor_1.30.exe
2017-02-07 11:28 - 2017-02-07 11:28 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-02-07 11:28 - 2017-02-07 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-02-07 11:28 - 2017-02-07 11:28 - 00000000 ____D C:\Program Files\CPUID
2017-02-07 11:26 - 2017-02-07 11:26 - 00007610 _____ C:\Users\joao\AppData\Local\Resmon.ResmonCfg
2017-02-06 16:34 - 2017-02-06 16:34 - 00262144 _____ C:\Windows\Minidump\020617-16270-01.dmp
2017-02-05 23:20 - 2017-02-05 23:20 - 00699668 _____ C:\Users\joao\Downloads\Bichito.exe
2017-02-03 11:03 - 2017-02-03 11:03 - 00000000 ____D C:\Users\joao\AppData\Local\RzStats
2017-02-03 10:57 - 2017-02-03 10:57 - 00385112 _____ C:\Windows\Minidump\020317-26691-01.dmp
2017-02-03 10:54 - 2016-09-16 21:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2017-02-03 10:43 - 2017-02-03 10:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_rzvkeyboard_01009.Wdf
2017-02-03 10:43 - 2017-02-03 10:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2017-02-03 10:43 - 2017-02-03 10:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2017-02-02 18:40 - 2017-02-05 14:46 - 00000000 ____D C:\project
2017-02-02 18:39 - 2017-02-02 18:40 - 92628158 _____ C:\Users\joao\Downloads\ROP.rar
2017-01-31 21:15 - 2017-01-31 21:17 - 96160337 _____ C:\Users\joao\Downloads\Avioes do Forro - NoComando 2k17.rar
2017-01-28 21:26 - 2017-01-28 21:27 - 00395920 _____ C:\Windows\Minidump\012817-20326-01.dmp
2017-01-28 12:02 - 2017-01-28 12:02 - 00406584 _____ C:\Windows\Minidump\012817-18205-01.dmp
2017-01-25 20:07 - 2017-01-25 20:07 - 00058576 _____ C:\Users\joao\Downloads\AI.rar
2017-01-25 12:40 - 2017-01-25 12:40 - 00941776 _____ (Carambis (ROSTPAY LTD.)) C:\Users\joao\Downloads\InstallerDU-2.4.2.9633.exe
2017-01-25 12:36 - 2017-01-31 21:33 - 00000000 ____D C:\Users\joao\Desktop\jÃO
2017-01-25 09:41 - 2017-01-25 09:41 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:41 - 2017-01-25 09:41 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-25 09:41 - 2017-01-20 15:41 - 01872320 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 01464768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-01-25 09:40 - 2017-01-25 09:40 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-20 15:41 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-01-25 09:40 - 2017-01-20 15:41 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-25 09:40 - 2017-01-20 15:41 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-01-25 09:40 - 2017-01-20 15:41 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-01-25 09:40 - 2017-01-20 11:04 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-25 09:40 - 2017-01-20 10:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-01-24 17:36 - 2017-01-24 17:36 - 00000000 ____D C:\Program Files (x86)\Gravity
2017-01-24 17:08 - 2017-01-24 17:08 - 01068367 _____ C:\Users\joao\Downloads\✩ ✪ A.I Cheio de razão Nova 2016 ✩✪.rar
2017-01-24 12:06 - 2017-01-24 12:06 - 00000000 ____D C:\Users\joao\AppData\Local\Level Up!
2017-01-24 12:05 - 2017-01-24 12:05 - 00001602 _____ C:\Users\joao\Desktop\Warface.lnk
2017-01-24 11:57 - 2017-01-24 11:57 - 00000000 ____D C:\Level Up
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-23 02:20 - 2016-08-07 12:05 - 00000000 ____D C:\Users\joao\AppData\Roaming\TS3Client
2017-02-23 01:31 - 2016-08-16 21:06 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-23 00:29 - 2016-07-20 23:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-22 22:15 - 2015-09-01 14:05 - 00000000 ____D C:\Hel Networks Aika - Copy
2017-02-22 19:53 - 2016-11-04 14:04 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2017-02-22 19:53 - 2016-11-04 14:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-22 18:50 - 2016-07-23 11:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 18:49 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-22 18:49 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 18:44 - 2016-08-27 12:04 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-02-22 18:43 - 2016-07-16 10:14 - 00000000 ____D C:\Users\joao\AppData\Local\CrashDumps
2017-02-22 18:42 - 2016-07-14 23:03 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-02-22 18:42 - 2016-07-14 23:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 18:40 - 2016-08-27 12:04 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-02-22 18:39 - 2016-12-27 10:04 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-02-22 18:38 - 2016-11-18 20:49 - 00000000 ____D C:\Users\joao\AppData\LocalLow\Mozilla
2017-02-22 18:38 - 2016-08-27 12:04 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-02-22 18:38 - 2016-08-27 12:04 - 00000000 ____D C:\ProgramData\GbPlugin
2017-02-22 18:37 - 2016-08-15 20:24 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-22 18:36 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-22 14:37 - 2016-08-27 12:04 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2017-02-20 23:55 - 2016-08-07 11:54 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-02-20 12:28 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-18 14:35 - 2016-07-14 22:21 - 00000000 ____D C:\Users\joao
2017-02-16 13:48 - 2009-07-14 14:55 - 00705572 _____ C:\Windows\system32\prfh0416.dat
2017-02-16 13:48 - 2009-07-14 14:55 - 00147412 _____ C:\Windows\system32\prfc0416.dat
2017-02-16 13:48 - 2009-07-14 02:13 - 01634914 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-16 13:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-02-15 01:31 - 2016-08-16 21:06 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 01:31 - 2016-08-16 21:06 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 01:31 - 2016-08-16 21:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-15 01:31 - 2016-08-15 22:28 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 01:31 - 2016-08-15 22:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-13 20:44 - 2016-07-14 23:17 - 00000000 ____D C:\Users\joao\AppData\Local\Razer
2017-02-13 20:41 - 2016-07-14 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-02-13 20:40 - 2016-07-14 23:15 - 00000000 ____D C:\Users\Todos os Usuários\Razer
2017-02-13 20:40 - 2016-07-14 23:15 - 00000000 ____D C:\ProgramData\Razer
2017-02-13 20:40 - 2016-07-14 23:15 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-13 13:48 - 2016-07-17 01:18 - 684639675 _____ C:\Windows\MEMORY.DMP
2017-02-13 13:48 - 2016-07-16 09:39 - 00000000 ____D C:\Windows\Minidump
2017-02-07 13:42 - 2017-01-23 11:12 - 00000000 ____D C:\temp
2017-02-07 13:42 - 2016-07-14 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-07 13:42 - 2016-07-14 23:00 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2017-02-07 13:42 - 2016-07-14 23:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-07 13:40 - 2016-07-14 23:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-07 13:39 - 2016-07-14 23:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 13:39 - 2016-07-14 22:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-05 14:06 - 2016-07-14 23:35 - 00000000 ____D C:\Users\joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-05 14:06 - 2016-07-14 23:35 - 00000000 ____D C:\Users\joao\AppData\Local\Discord
2017-02-03 16:01 - 2016-07-14 23:35 - 00000000 ____D C:\Users\joao\AppData\Roaming\discord
2017-01-28 12:02 - 2016-11-18 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 12:02 - 2016-07-14 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-25 12:25 - 2016-07-14 23:06 - 00000000 ____D C:\Users\joao\AppData\Local\NVIDIA Corporation
2017-01-24 12:30 - 2017-01-23 11:45 - 00000000 ____D C:\Users\joao\.aria2
2017-01-24 12:05 - 2017-01-23 11:12 - 00000000 ____D C:\Users\joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up
2017-01-24 11:44 - 2017-01-23 11:15 - 00000000 ____D C:\Users\joao\Documents\LevelUp Data
2017-01-24 10:29 - 2017-01-23 11:12 - 00000000 ____D C:\Users\joao\AppData\Local\Deployment
==================== Arquivos na raiz de alguns diretórios =======
2017-02-07 11:26 - 2017-02-07 11:26 - 0007610 _____ () C:\Users\joao\AppData\Local\Resmon.ResmonCfg
2016-07-23 18:17 - 2016-07-23 18:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-04 20:33 - 2016-08-04 20:33 - 0000016 _____ () C:\ProgramData\mntemp
Alguns arquivos em TEMP:
====================
2016-07-14 23:27 - 2017-02-22 18:37 - 0619840 _____ () C:\Users\joao\AppData\Local\Temp\0Kraken0502DevProps.dll
2016-07-14 23:03 - 2016-07-10 19:36 - 0735152 _____ (NVIDIA Corporation) C:\Users\joao\AppData\Local\Temp\nvSCPAPI.dll
2017-02-07 13:35 - 2016-07-10 19:36 - 0335296 _____ (NVIDIA Corporation) C:\Users\joao\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-02-13 09:39
==================== Fim de FRST.txt ============================
Executado por joao (administrador) em JOAO-PC (23-02-2017 02:23:30)
Executando a partir de C:\Users\joao\Downloads
Perfis Carregados: joao (Perfis Disponíveis: joao)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Sandboxie Holdings, LLC) D:\sandboxie\SbieSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files (x86)\Pingzapper\PZService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) D:\sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(The CefSharp Authors) C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\FPSRunner32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\x64\FPSRunner64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzFpsApplet\RzFpsApplet.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(Razer, Inc.) C:\Users\joao\AppData\Local\Razer\InGameEngine\cache\RzFpsApplet\rzcefrenderprocess.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\Bluestacks.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\Bluestacks\BstkSVC.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-01-16] (Razer Inc.)
HKLM-x32\...\Run: [Kraken0502Launcher] => C:\Program Files (x86)\Razer\Razer_Kraken0502_Driver\Drivers\SysAudio\Kraken0502Helper.exe [1599808 2015-08-14] (Razer Inc)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe [222160 2016-09-28] (Razer Inc.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [{8CCCD0E7-56E4-45FB-B3FB-9F5183C2F4F0}] => "C:\Users\joao\Downloads\LeagueofLegends_BR_Installer_2016_05_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{8CCCD0E7-56E4-45FB-B3FB-9F5183C2F4F0}"
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [Chromium] => c:\users\joao\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-10-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\...\Run: [SandboxieControl] => D:\sandboxie\SbieCtrl.exe [799376 2016-12-13] (Sandboxie Holdings, LLC)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1947872 2016-06-07] (Banco do Brasil)
Startup: C:\Users\joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2017-02-22]
ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 187.123.62.41 187.123.62.36 201.6.4.116
Tcpip\..\Interfaces\{B06641F2-E632-423D-B4B3-171BE7D1A13E}: [DhcpNameServer] 187.123.62.41 187.123.62.36 201.6.4.116
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131190306024044200&GUID=EA24B8E6-605C-428A-BC77-8B3DADD8F7C3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131190306024044200&GUID=EA24B8E6-605C-428A-BC77-8B3DADD8F7C3
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=131190306024200200&GUID=EA24B8E6-605C-428A-BC77-8B3DADD8F7C3
HKU\S-1-5-21-793131916-1262031037-2198829704-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-793131916-1262031037-2198829704-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-793131916-1262031037-2198829704-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2016-06-07] (Banco do Brasil)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: lf7ot01h.default
FF ProfilePath: C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default [2017-02-23]
FF NewTab: Mozilla\Firefox\Profiles\lf7ot01h.default -> about:newtab
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lf7ot01h.default -> google
FF Homepage: Mozilla\Firefox\Profiles\lf7ot01h.default -> about:home
FF Extension: (MEGA) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\Extensions\firefox@mega.co.nz.xpi [2017-02-17]
FF Extension: (Malware Search) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2017-02-15]
FF Extension: (Adblock Plus) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\joao\AppData\Roaming\Mozilla\Firefox\Profiles\lf7ot01h.default\features\{fe4782fc-a49a-41d5-bedd-c2e429b47b07}\disableSHA1rollout@mozilla.org.xpi [2017-02-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-10-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-10-21] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-10-21] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [394512 2016-11-29] (EasyAntiCheat Ltd)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2016-06-07] (GAS Tecnologia)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-02-10] (Hi-Rez Studios) [Arquivo não assinado]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1325112 2017-02-20] (Overwolf LTD)
R2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-01-22] () [Arquivo não assinado]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [133376 2016-09-28] (Razer Inc.)
R2 SbieSvc; D:\sandboxie\SbieSvc.exe [197776 2016-12-13] (Sandboxie Holdings, LLC)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [927280 2016-11-11] (GAS Tecnologia LTDA)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2016-07-14] ()
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-10-21] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-10-07] (Bluestack System Inc. )
S3 cpuz140; C:\Users\joao\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [45888 2017-02-07] (CPUID) <==== ATENÇÃO
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2017-02-22] (GAS Tecnologia)
R0 gbpddreg; C:\Windows\System32\drivers\gbpddreg64.sys [29816 2017-02-22] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2016-05-09] (GAS Tecnologia)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-02-07] (REALiX(tm))
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-15] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-22] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-23] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [42000 2016-10-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-10-08] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44048 2016-10-30] (Razer Inc)
R3 SbieDrv; D:\sandboxie\SbieDrv.sys [205968 2016-12-13] (Sandboxie Holdings, LLC)
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2016-05-09] (GAS Tecnologia LTDA)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2017-02-22] (GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [36984 2016-11-11] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25184 2016-11-11] (GAS Tecnologia)
S3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [25184 2016-11-11] (GAS Tecnologia)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-23 02:23 - 2017-02-23 02:24 - 00020516 _____ C:\Users\joao\Downloads\FRST.txt
2017-02-23 02:23 - 2017-02-23 02:23 - 00000000 ____D C:\FRST
2017-02-23 02:22 - 2017-02-23 02:22 - 02423296 _____ (Farbar) C:\Users\joao\Downloads\FRST64.exe
2017-02-23 02:14 - 2017-02-23 02:14 - 00000000 ____D C:\Windows\CheckSur
2017-02-23 02:04 - 2017-02-23 02:04 - 00003132 _____ C:\Windows\System32\Tasks\{3D9AF35D-243F-41EC-9C88-B3D89BAA8D94}
2017-02-23 02:03 - 2017-02-23 02:03 - 14749120 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x64(2).exe
2017-02-23 02:01 - 2017-02-23 02:01 - 14749120 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x64(1).exe
2017-02-23 02:00 - 2017-02-23 02:00 - 14572000 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x64.exe
2017-02-23 01:59 - 2017-02-23 01:59 - 13767776 _____ (Microsoft Corporation) C:\Users\joao\Downloads\vc_redist.x86.exe
2017-02-23 01:40 - 2017-02-23 01:40 - 00001437 _____ C:\Users\joao\Desktop\MU_LEGEND.lnk
2017-02-23 01:40 - 2017-02-23 01:40 - 00000000 ____D C:\Users\joao\AppData\Local\VCLStylesSkin
2017-02-23 01:40 - 2017-02-23 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MU LEGEND GLOBAL
2017-02-23 01:30 - 2017-02-23 01:30 - 00000000 ____D C:\Program Files (x86)\Webzen
2017-02-22 23:12 - 2017-02-23 01:29 - 00000000 ____D C:\download
2017-02-22 23:11 - 2017-02-22 23:11 - 00000000 ____D C:\Users\Todos os Usuários\WEBZEN
2017-02-22 23:11 - 2017-02-22 23:11 - 00000000 ____D C:\ProgramData\WEBZEN
2017-02-22 23:09 - 2017-02-22 23:09 - 05929456 _____ C:\Users\joao\Downloads\MU_LEGEND_Downloader_EN.exe
2017-02-22 22:10 - 2017-02-22 22:10 - 00566839 _____ C:\Users\joao\Desktop\AI_AGGRO.rar
2017-02-20 17:53 - 2017-02-20 17:54 - 40620408 _____ C:\Users\joao\Downloads\Pack GRFs CrimsonRo.rar
2017-02-20 17:39 - 2017-02-20 17:40 - 00004377 _____ C:\Users\joao\Downloads\plugin.ini
2017-02-18 14:35 - 2017-02-18 14:35 - 01420880 _____ C:\Users\joao\ts3_recording_17_02_18_14_35_37.wav
2017-02-17 11:21 - 2017-02-17 11:21 - 00000723 _____ C:\Users\joao\Desktop\Sandboxed Web Browser.lnk
2017-02-17 11:21 - 2017-02-17 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-02-15 13:33 - 2017-02-15 13:33 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-15 13:32 - 2017-02-23 01:49 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-15 13:32 - 2017-02-22 18:41 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-15 13:32 - 2017-02-22 18:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-15 13:32 - 2017-02-22 18:40 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-15 13:32 - 2017-02-15 13:32 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-15 13:32 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-15 13:30 - 2017-02-15 13:31 - 55566792 _____ (Malwarebytes ) C:\Users\joao\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-15 12:57 - 2017-02-15 12:58 - 00000000 ____D C:\AdwCleaner
2017-02-15 12:56 - 2017-02-15 12:57 - 04015056 _____ C:\Users\joao\Downloads\adwcleaner_6.043.exe
2017-02-15 12:43 - 2017-02-15 12:43 - 00000000 ____D C:\Users\joao\Desktop\PLAYLIST SELECIONADA
2017-02-15 11:14 - 2017-02-15 11:14 - 00000000 ____D C:\Users\joao\AppData\Local\4kdownload.com
2017-02-15 11:14 - 2017-02-15 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2017-02-15 11:14 - 2017-02-15 11:14 - 00000000 ____D C:\Program Files (x86)\4KDownload
2017-02-15 11:09 - 2017-02-15 11:09 - 00105722 _____ C:\Users\joao\Downloads\Flash-2017.zip
2017-02-14 10:55 - 2017-02-14 10:55 - 00000003 _____ C:\Windows\SysWOW64\HRUPPROG.EXIT
2017-02-14 10:54 - 2017-02-14 10:55 - 00000003 _____ C:\Windows\SysWOW64\HRUPPROG.TXT
2017-02-14 00:58 - 2017-02-14 00:58 - 00000000 ____D C:\Users\cesar_000\Desktop\GRFdoInsanity
2017-02-14 00:58 - 2017-02-14 00:58 - 00000000 ____D C:\Users\cesar_000
2017-02-14 00:56 - 2017-02-14 00:56 - 07144691 _____ C:\Users\joao\Downloads\GRF+Editor.rar
2017-02-13 20:41 - 2017-02-13 20:41 - 00001281 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2017-02-13 20:38 - 2017-02-13 20:39 - 123589304 _____ (Razer Inc. ) C:\Users\joao\Downloads\RazerCortexSetup_7.6.8.66.exe
2017-02-13 18:00 - 2017-02-13 18:01 - 55975680 _____ C:\Users\joao\Downloads\black (2).grf
2017-02-13 13:48 - 2017-02-13 13:48 - 00262144 _____ C:\Windows\Minidump\021317-18174-01.dmp
2017-02-12 12:10 - 2017-02-12 12:10 - 00262144 ____N C:\Windows\Minidump\021217-18298-01.dmp
2017-02-10 10:11 - 2017-02-10 10:11 - 00385760 _____ C:\Windows\Minidump\021017-18657-01.dmp
2017-02-08 12:03 - 2017-02-08 12:03 - 00000000 ___RD C:\Sandbox
2017-02-08 00:39 - 2017-02-16 11:33 - 00001682 _____ C:\Windows\Sandboxie.ini
2017-02-08 00:37 - 2017-02-08 00:37 - 05485792 _____ (Sandboxie Holdings, LLC) C:\Users\joao\Downloads\SandboxieInstall64-516.exe
2017-02-07 13:41 - 2017-01-20 11:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-07 13:35 - 2017-01-23 20:04 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-02-07 13:35 - 2017-01-23 20:04 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 34934720 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 28209720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 19008392 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 16403200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 14677456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 14286392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-02-07 13:35 - 2017-01-20 13:36 - 11123424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 03623992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 03185720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 01051072 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00990264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00609216 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00499136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00496680 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00425288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00412720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00173272 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00156792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00150760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00135840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-02-07 13:35 - 2017-01-20 13:36 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-07 13:35 - 2017-01-20 13:36 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-07 13:04 - 2017-02-07 13:04 - 00027552 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-02-07 13:04 - 2017-02-07 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-02-07 13:04 - 2017-02-07 13:04 - 00000000 ____D C:\Program Files\HWiNFO64
2017-02-07 13:02 - 2017-02-07 13:02 - 03782064 _____ (Martin Malík - REALiX ) C:\Users\joao\Downloads\hw64_544.exe
2017-02-07 11:28 - 2017-02-07 11:28 - 01189840 _____ ( ) C:\Users\joao\Downloads\hwmonitor_1.30.exe
2017-02-07 11:28 - 2017-02-07 11:28 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2017-02-07 11:28 - 2017-02-07 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-02-07 11:28 - 2017-02-07 11:28 - 00000000 ____D C:\Program Files\CPUID
2017-02-07 11:26 - 2017-02-07 11:26 - 00007610 _____ C:\Users\joao\AppData\Local\Resmon.ResmonCfg
2017-02-06 16:34 - 2017-02-06 16:34 - 00262144 _____ C:\Windows\Minidump\020617-16270-01.dmp
2017-02-05 23:20 - 2017-02-05 23:20 - 00699668 _____ C:\Users\joao\Downloads\Bichito.exe
2017-02-03 11:03 - 2017-02-03 11:03 - 00000000 ____D C:\Users\joao\AppData\Local\RzStats
2017-02-03 10:57 - 2017-02-03 10:57 - 00385112 _____ C:\Windows\Minidump\020317-26691-01.dmp
2017-02-03 10:54 - 2016-09-16 21:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2017-02-03 10:43 - 2017-02-03 10:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_rzvkeyboard_01009.Wdf
2017-02-03 10:43 - 2017-02-03 10:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2017-02-03 10:43 - 2017-02-03 10:43 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_rzdaendpt_01009.Wdf
2017-02-02 18:40 - 2017-02-05 14:46 - 00000000 ____D C:\project
2017-02-02 18:39 - 2017-02-02 18:40 - 92628158 _____ C:\Users\joao\Downloads\ROP.rar
2017-01-31 21:15 - 2017-01-31 21:17 - 96160337 _____ C:\Users\joao\Downloads\Avioes do Forro - NoComando 2k17.rar
2017-01-28 21:26 - 2017-01-28 21:27 - 00395920 _____ C:\Windows\Minidump\012817-20326-01.dmp
2017-01-28 12:02 - 2017-01-28 12:02 - 00406584 _____ C:\Windows\Minidump\012817-18205-01.dmp
2017-01-25 20:07 - 2017-01-25 20:07 - 00058576 _____ C:\Users\joao\Downloads\AI.rar
2017-01-25 12:40 - 2017-01-25 12:40 - 00941776 _____ (Carambis (ROSTPAY LTD.)) C:\Users\joao\Downloads\InstallerDU-2.4.2.9633.exe
2017-01-25 12:36 - 2017-01-31 21:33 - 00000000 ____D C:\Users\joao\Desktop\jÃO
2017-01-25 09:41 - 2017-01-25 09:41 - 00003742 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:41 - 2017-01-25 09:41 - 00001412 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-25 09:41 - 2017-01-20 15:41 - 01872320 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 01464768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-01-25 09:41 - 2017-01-20 15:41 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-01-25 09:40 - 2017-01-25 09:40 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-25 09:40 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:40 - 2017-01-20 15:41 - 00156608 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-01-25 09:40 - 2017-01-20 15:41 - 00124352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-01-25 09:40 - 2017-01-20 15:41 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-01-25 09:40 - 2017-01-20 15:41 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-01-25 09:40 - 2017-01-20 11:04 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-01-25 09:40 - 2017-01-20 10:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-01-24 17:36 - 2017-01-24 17:36 - 00000000 ____D C:\Program Files (x86)\Gravity
2017-01-24 17:08 - 2017-01-24 17:08 - 01068367 _____ C:\Users\joao\Downloads\✩ ✪ A.I Cheio de razão Nova 2016 ✩✪.rar
2017-01-24 12:06 - 2017-01-24 12:06 - 00000000 ____D C:\Users\joao\AppData\Local\Level Up!
2017-01-24 12:05 - 2017-01-24 12:05 - 00001602 _____ C:\Users\joao\Desktop\Warface.lnk
2017-01-24 11:57 - 2017-01-24 11:57 - 00000000 ____D C:\Level Up
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-02-23 02:20 - 2016-08-07 12:05 - 00000000 ____D C:\Users\joao\AppData\Roaming\TS3Client
2017-02-23 01:31 - 2016-08-16 21:06 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-23 00:29 - 2016-07-20 23:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-22 22:15 - 2015-09-01 14:05 - 00000000 ____D C:\Hel Networks Aika - Copy
2017-02-22 19:53 - 2016-11-04 14:04 - 00000000 ____D C:\Users\Todos os Usuários\BlueStacksSetup
2017-02-22 19:53 - 2016-11-04 14:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-22 18:50 - 2016-07-23 11:13 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 18:49 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-22 18:49 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 18:44 - 2016-08-27 12:04 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2017-02-22 18:43 - 2016-07-16 10:14 - 00000000 ____D C:\Users\joao\AppData\Local\CrashDumps
2017-02-22 18:42 - 2016-07-14 23:03 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2017-02-22 18:42 - 2016-07-14 23:03 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-22 18:40 - 2016-08-27 12:04 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2017-02-22 18:39 - 2016-12-27 10:04 - 00028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2017-02-22 18:38 - 2016-11-18 20:49 - 00000000 ____D C:\Users\joao\AppData\LocalLow\Mozilla
2017-02-22 18:38 - 2016-08-27 12:04 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2017-02-22 18:38 - 2016-08-27 12:04 - 00000000 ____D C:\ProgramData\GbPlugin
2017-02-22 18:37 - 2016-08-15 20:24 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-22 18:36 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-22 14:37 - 2016-08-27 12:04 - 00029816 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddreg64.sys
2017-02-20 23:55 - 2016-08-07 11:54 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-02-20 12:28 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-18 14:35 - 2016-07-14 22:21 - 00000000 ____D C:\Users\joao
2017-02-16 13:48 - 2009-07-14 14:55 - 00705572 _____ C:\Windows\system32\prfh0416.dat
2017-02-16 13:48 - 2009-07-14 14:55 - 00147412 _____ C:\Windows\system32\prfc0416.dat
2017-02-16 13:48 - 2009-07-14 02:13 - 01634914 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-16 13:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-02-15 01:31 - 2016-08-16 21:06 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-15 01:31 - 2016-08-16 21:06 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-15 01:31 - 2016-08-16 21:06 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-15 01:31 - 2016-08-15 22:28 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-15 01:31 - 2016-08-15 22:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-13 20:44 - 2016-07-14 23:17 - 00000000 ____D C:\Users\joao\AppData\Local\Razer
2017-02-13 20:41 - 2016-07-14 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-02-13 20:40 - 2016-07-14 23:15 - 00000000 ____D C:\Users\Todos os Usuários\Razer
2017-02-13 20:40 - 2016-07-14 23:15 - 00000000 ____D C:\ProgramData\Razer
2017-02-13 20:40 - 2016-07-14 23:15 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-13 13:48 - 2016-07-17 01:18 - 684639675 _____ C:\Windows\MEMORY.DMP
2017-02-13 13:48 - 2016-07-16 09:39 - 00000000 ____D C:\Windows\Minidump
2017-02-07 13:42 - 2017-01-23 11:12 - 00000000 ____D C:\temp
2017-02-07 13:42 - 2016-07-14 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-07 13:42 - 2016-07-14 23:00 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2017-02-07 13:42 - 2016-07-14 23:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-07 13:40 - 2016-07-14 23:01 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-07 13:39 - 2016-07-14 23:00 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 13:39 - 2016-07-14 22:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-05 14:06 - 2016-07-14 23:35 - 00000000 ____D C:\Users\joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-02-05 14:06 - 2016-07-14 23:35 - 00000000 ____D C:\Users\joao\AppData\Local\Discord
2017-02-03 16:01 - 2016-07-14 23:35 - 00000000 ____D C:\Users\joao\AppData\Roaming\discord
2017-01-28 12:02 - 2016-11-18 12:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-28 12:02 - 2016-07-14 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-25 12:25 - 2016-07-14 23:06 - 00000000 ____D C:\Users\joao\AppData\Local\NVIDIA Corporation
2017-01-24 12:30 - 2017-01-23 11:45 - 00000000 ____D C:\Users\joao\.aria2
2017-01-24 12:05 - 2017-01-23 11:12 - 00000000 ____D C:\Users\joao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up
2017-01-24 11:44 - 2017-01-23 11:15 - 00000000 ____D C:\Users\joao\Documents\LevelUp Data
2017-01-24 10:29 - 2017-01-23 11:12 - 00000000 ____D C:\Users\joao\AppData\Local\Deployment
==================== Arquivos na raiz de alguns diretórios =======
2017-02-07 11:26 - 2017-02-07 11:26 - 0007610 _____ () C:\Users\joao\AppData\Local\Resmon.ResmonCfg
2016-07-23 18:17 - 2016-07-23 18:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-04 20:33 - 2016-08-04 20:33 - 0000016 _____ () C:\ProgramData\mntemp
Alguns arquivos em TEMP:
====================
2016-07-14 23:27 - 2017-02-22 18:37 - 0619840 _____ () C:\Users\joao\AppData\Local\Temp\0Kraken0502DevProps.dll
2016-07-14 23:03 - 2016-07-10 19:36 - 0735152 _____ (NVIDIA Corporation) C:\Users\joao\AppData\Local\Temp\nvSCPAPI.dll
2017-02-07 13:35 - 2016-07-10 19:36 - 0335296 _____ (NVIDIA Corporation) C:\Users\joao\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-02-13 09:39
==================== Fim de FRST.txt ============================