Publicité
Publicité
Commentaire : http://www.cjoint.com/c/EGmuLZzgLIz
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by User (administrator) on CLAUDIO on 12-07-2015 17:31:38
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8 Pro (X64) OS Language: Português (Brasil)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-03-16] (Glarysoft Ltd)
HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.)
HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:52755;https=127.0.0.1:52755
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=sdkw_inner_hp_01_hao123_br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3075200918-40492572-906780818-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3075200918-40492572-906780818-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 201.55.232.80 201.55.232.75
Tcpip\..\Interfaces\{2FBACFA3-2A09-4F50-9AE9-03CDC4D459AB}: [DhcpNameServer] 201.55.232.80 201.55.232.75 201.6.4.116
Tcpip\..\Interfaces\{4599DE7A-00F7-4476-9DBE-30AD6C4852DE}: [DhcpNameServer] 201.55.232.80 201.55.232.75
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Earth) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-06-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-03-17] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION
S2 oqyvdedco; "C:\ProgramData\OhogmAgi\akijash.exe" /ts2=1 [X]
S2 thjyoejj; "C:\ProgramData\OhogmAgi\akijwsh.exe" -cms [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [2919936 2013-06-02] (Qualcomm Atheros Communications, Inc.)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-03-17] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 17:31 - 2015-07-12 17:31 - 00012861 _____ C:\Users\User\Downloads\FRST.txt
2015-07-12 17:31 - 2015-07-12 17:31 - 00000000 ____D C:\FRST
2015-07-12 17:30 - 2015-07-12 17:30 - 02133504 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-07-12 17:26 - 2015-07-12 17:26 - 05234792 _____ (ParetoLogic Inc.) C:\Users\User\Downloads\ParetoLogic PC Health Advisor_pt.exe
2015-07-12 11:13 - 2015-07-12 11:13 - 00016789 _____ C:\Users\User\Downloads\O.Exterminador.do.Futuro.Gênesis.CAM.XVID.DUBLADO-TOM.torrent
2015-07-12 11:11 - 2015-07-12 11:11 - 00018478 _____ C:\Users\User\Downloads\A.Espia.Que.Sabia.de.Menos.2015.HC.HDRip.XviD.Dublado.torrent
2015-07-12 11:11 - 2015-07-12 11:11 - 00014696 _____ C:\Users\User\Downloads\Minions.2015.HDTS.XViD.Dublado.torrent
2015-07-12 11:09 - 2015-07-12 11:09 - 00054675 _____ C:\Users\User\Downloads\Under.the.Dome.S03E01E02.HDTV.x264-LOL.torrent
2015-07-12 11:09 - 2015-07-12 11:09 - 00024308 _____ C:\Users\User\Downloads\Under.the.Dome.S03E03.HDTV.x264-LOL.torrent
2015-07-12 11:09 - 2015-07-12 11:09 - 00000804 _____ C:\Users\User\Downloads\Under.the.Dome.S03E04.HDTV.x264-LOL (1).torrent
2015-07-08 22:55 - 2015-07-08 22:55 - 00019818 _____ C:\Users\User\Downloads\Primo GPS 2013.torrent
2015-07-08 07:31 - 2015-07-08 23:42 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-08 07:31 - 2015-07-08 08:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Baidu
2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\Users\User\AppData\Local\MiniService
2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\ProgramData\Baidu
2015-07-06 08:43 - 2015-07-06 08:43 - 00001968 _____ C:\Users\User\Downloads\Meu Passado Me Condena 2 HDTS XviD Nacional.avi.torrent
2015-07-04 00:49 - 2015-07-04 00:49 - 00000000 ____D C:\Users\User\Downloads\CF-Auto-Root-klte-klteduosub-smg900md
2015-07-03 22:16 - 2015-07-03 22:25 - 274180792 _____ C:\Users\User\Downloads\cm-12.1-20150703-NIGHTLY-klte.zip
2015-07-03 19:09 - 2015-07-03 19:10 - 2551521450 _____ C:\Users\User\Downloads\G900FDXXU1BNL9_G900FDOXE1BNL9_G900FDXXU1BNL9_HOME.tar.md5
2015-07-03 18:29 - 2015-07-03 18:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-07-03 18:18 - 2015-07-03 18:25 - 275205019 _____ C:\Users\User\Downloads\cm-12.1-20150703-NIGHTLY-kltechnduo.zip
2015-07-03 18:10 - 2015-07-03 18:10 - 25812155 _____ C:\Users\User\Downloads\CF-Auto-Root-klte-klteduosub-smg900md.zip
2015-07-03 17:52 - 2015-07-03 17:53 - 13721600 _____ C:\Users\User\Downloads\openrecovery-twrp-2.8.4.0-klte.tar
2015-07-03 17:44 - 2015-07-03 17:45 - 13721600 _____ C:\Users\User\Downloads\openrecovery-twrp-2.8.5.0-gt-klte.tar
2015-07-03 09:40 - 2015-07-03 09:40 - 00018698 _____ C:\Users\User\Downloads\Jogos.Vorazes.A.Esperanca.Parte.1.2015.BDRip.XviD.Dual.Audio-MVP.torrent
2015-07-03 09:35 - 2015-07-03 09:35 - 00184914 _____ C:\Users\User\Downloads\Dragoes.de.Camelot.2015.720p.BRRip.x264-iFT.DUAL-CS.torrent
2015-06-30 10:25 - 2015-06-30 10:25 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-06-30 10:13 - 2015-07-08 22:52 - 00006104 _____ C:\Windows\setupact.log
2015-06-30 10:13 - 2015-06-30 10:13 - 00000000 _____ C:\Windows\setuperr.log
2015-06-30 10:05 - 2015-07-03 08:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 10:05 - 2015-06-30 10:06 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 10:05 - 2015-06-30 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 10:05 - 2015-06-30 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 10:05 - 2015-06-30 10:05 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2015-06-30 10:05 - 2015-06-30 10:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-30 10:05 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-30 10:05 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-30 10:05 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-30 10:04 - 2015-06-30 10:04 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-30 09:53 - 2015-06-30 09:53 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-06-30 09:53 - 2015-06-30 09:53 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-30 09:50 - 2015-06-30 10:38 - 00000008 _____ C:\END
2015-06-30 09:50 - 2015-06-30 09:50 - 00000045 _____ C:\user.js
2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 _____ C:\Windows\prleth.sys
2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-30 09:21 - 2015-06-30 09:21 - 00004528 _____ C:\Windows\SysWOW64\Lepfibs.ini
2015-06-30 09:21 - 2015-06-30 09:21 - 00002216 _____ C:\Windows\SysWOW64\LepfibsOff.ini
2015-06-30 09:21 - 2015-06-30 09:21 - 00002216 _____ C:\Windows\system32\LepfibsOff.ini
2015-06-30 09:20 - 2015-06-30 09:25 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-30 09:20 - 2015-06-30 09:21 - 00000000 ____D C:\Users\Todos os Usuários\OhogmAgi
2015-06-30 09:20 - 2015-06-30 09:21 - 00000000 ____D C:\ProgramData\OhogmAgi
2015-06-30 09:20 - 2015-06-30 09:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2015-06-30 09:20 - 2015-06-30 09:20 - 00000000 ____D C:\Users\User\AppData\Local\Opera Software
2015-06-30 09:19 - 2015-07-08 23:43 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform
2015-06-30 09:19 - 2015-07-08 23:43 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2015-06-30 09:19 - 2015-07-03 09:19 - 00000000 ____D C:\Program Files (x86)\cecea3d5-3cfb-47ed-a074-c0d5128c78a1
2015-06-30 09:19 - 2015-07-03 09:19 - 00000000 ____D C:\Program Files (x86)\ae591690-ff34-4960-a80b-95c5a8a830f4
2015-06-30 09:19 - 2015-06-30 09:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-06-30 09:19 - 2015-06-30 09:19 - 00003900 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
2015-06-30 09:19 - 2015-06-30 09:19 - 00003578 _____ C:\Windows\System32\Tasks\YTDownloader
2015-06-30 09:19 - 2015-06-30 09:19 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\User\AppData\Local\globalUpdate
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-06-30 09:19 - 2012-07-26 02:26 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-30 09:18 - 2015-06-30 09:18 - 00000000 ____D C:\Users\User\AppData\Local\CrashRpt
2015-06-30 09:18 - 2015-01-20 13:13 - 34334796 _____ C:\Users\User\Desktop\CF-Auto-Root-klte-klteduosub-smg900md.tar.md5
2015-06-30 09:18 - 2015-01-20 13:13 - 00943616 _____ (Samsung Electronics Co., Ltd.) C:\Users\User\Desktop\Odin3-v3.07.exe
2015-06-30 09:18 - 2015-01-20 13:13 - 00159744 _____ (TmaxSoft Co., Ltd) C:\Users\User\Desktop\tmax.dll
2015-06-30 09:18 - 2015-01-20 13:13 - 00102400 _____ C:\Users\User\Desktop\zlib.dll
2015-06-30 09:18 - 2015-01-20 13:13 - 00000706 _____ C:\Users\User\Desktop\Odin3.ini
2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\ProgramData\Samsung
2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\Program Files\SAMSUNG
2015-06-26 02:16 - 2015-06-26 02:16 - 01730304 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-06-26 02:16 - 2015-06-26 02:16 - 01011448 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-06-15 21:08 - 2015-06-15 21:08 - 00000705 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLAUDIO.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 17:32 - 2015-03-17 21:18 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-07-12 17:24 - 2015-03-17 16:50 - 00000000 ____D C:\Users\User\AppData\Roaming\ClassicShell
2015-07-12 17:13 - 2015-03-17 16:56 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 17:05 - 2015-03-17 16:37 - 01141231 _____ C:\Windows\WindowsUpdate.log
2015-07-12 17:00 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 11:13 - 2015-03-17 16:56 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 23:27 - 2015-03-17 16:43 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3075200918-40492572-906780818-1001
2015-07-11 23:21 - 2012-07-26 07:33 - 00762618 _____ C:\Windows\system32\prfh0416.dat
2015-07-11 23:21 - 2012-07-26 07:33 - 00154410 _____ C:\Windows\system32\prfc0416.dat
2015-07-11 23:21 - 2012-07-26 04:28 - 01765682 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-11 23:18 - 2015-03-17 16:58 - 00000344 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-07-11 23:17 - 2015-03-17 16:58 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-11 23:16 - 2015-05-15 19:45 - 00201300 _____ C:\Windows\PFRO.log
2015-07-11 23:16 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 23:16 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-11 04:53 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-08 23:00 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-07 21:14 - 2015-03-17 16:57 - 00002486 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 18:34 - 2015-03-22 10:24 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 18:34 - 2015-03-22 10:24 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 09:19 - 2012-07-26 07:36 - 00000000 ____D C:\Windows\SKB
2015-07-03 08:38 - 2015-04-28 08:32 - 00000000 ____D C:\Users\User\AppData\Roaming\ZhiYun
2015-06-30 10:03 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-30 09:50 - 2015-05-29 05:30 - 00002635 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2015-06-30 09:50 - 2015-03-17 16:38 - 00001700 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-24 21:34 - 2015-05-10 19:43 - 00160768 ___SH C:\Users\User\Downloads\Thumbs.db
2015-06-22 08:21 - 2015-03-17 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-22 08:20 - 2015-03-17 17:07 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 08:20 - 2015-03-17 17:07 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-22 08:10 - 2015-03-17 17:12 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2015-06-22 08:10 - 2015-03-17 17:12 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\Users\Todos os Usuários\Avira
2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-22 08:08 - 2015-03-30 09:16 - 00430872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-17 08:35 - 2015-03-22 10:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-17 08:35 - 2015-03-22 10:14 - 00000000 ____D C:\Windows\system32\appraiser
==================== Files in the root of some directories =======
2015-03-18 10:09 - 2015-03-18 10:09 - 0000001 _____ () C:\Users\User\AppData\Local\llftool.4.30.agreement
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\1435667003.exe
C:\Users\User\AppData\Local\Temp\1436409814.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\spark_install.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll
C:\Users\User\AppData\Local\Temp\Uninstall.exe
C:\Users\User\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-10 03:00
==================== End of log ============================
Ran by User (administrator) on CLAUDIO on 12-07-2015 17:31:38
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8 Pro (X64) OS Language: Português (Brasil)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-12-18] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-05-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-03-16] (Glarysoft Ltd)
HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.)
HKU\S-1-5-21-3075200918-40492572-906780818-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:52755;https=127.0.0.1:52755
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=sdkw_inner_hp_01_hao123_br
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3075200918-40492572-906780818-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3075200918-40492572-906780818-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-03-17] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-03-17] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 201.55.232.80 201.55.232.75
Tcpip\..\Interfaces\{2FBACFA3-2A09-4F50-9AE9-03CDC4D459AB}: [DhcpNameServer] 201.55.232.80 201.55.232.75 201.6.4.116
Tcpip\..\Interfaces\{4599DE7A-00F7-4476-9DBE-30AD6C4852DE}: [DhcpNameServer] 201.55.232.80 201.55.232.75
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-03-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Earth) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jieopfhnlbjmbpckpdhfdedccdmngdac [2015-06-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-17]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-22] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-22] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-05-21] (Avira Operations GmbH & Co. KG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-03-17] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~2\YTDOWN~1\BROWSE~2.EXE [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION
S2 oqyvdedco; "C:\ProgramData\OhogmAgi\akijash.exe" /ts2=1 [X]
S2 thjyoejj; "C:\ProgramData\OhogmAgi\akijwsh.exe" -cms [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athur; C:\Windows\system32\DRIVERS\athuw8x.sys [2919936 2013-06-02] (Qualcomm Atheros Communications, Inc.)
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-03-17] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 17:31 - 2015-07-12 17:31 - 00012861 _____ C:\Users\User\Downloads\FRST.txt
2015-07-12 17:31 - 2015-07-12 17:31 - 00000000 ____D C:\FRST
2015-07-12 17:30 - 2015-07-12 17:30 - 02133504 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-07-12 17:26 - 2015-07-12 17:26 - 05234792 _____ (ParetoLogic Inc.) C:\Users\User\Downloads\ParetoLogic PC Health Advisor_pt.exe
2015-07-12 11:13 - 2015-07-12 11:13 - 00016789 _____ C:\Users\User\Downloads\O.Exterminador.do.Futuro.Gênesis.CAM.XVID.DUBLADO-TOM.torrent
2015-07-12 11:11 - 2015-07-12 11:11 - 00018478 _____ C:\Users\User\Downloads\A.Espia.Que.Sabia.de.Menos.2015.HC.HDRip.XviD.Dublado.torrent
2015-07-12 11:11 - 2015-07-12 11:11 - 00014696 _____ C:\Users\User\Downloads\Minions.2015.HDTS.XViD.Dublado.torrent
2015-07-12 11:09 - 2015-07-12 11:09 - 00054675 _____ C:\Users\User\Downloads\Under.the.Dome.S03E01E02.HDTV.x264-LOL.torrent
2015-07-12 11:09 - 2015-07-12 11:09 - 00024308 _____ C:\Users\User\Downloads\Under.the.Dome.S03E03.HDTV.x264-LOL.torrent
2015-07-12 11:09 - 2015-07-12 11:09 - 00000804 _____ C:\Users\User\Downloads\Under.the.Dome.S03E04.HDTV.x264-LOL (1).torrent
2015-07-08 22:55 - 2015-07-08 22:55 - 00019818 _____ C:\Users\User\Downloads\Primo GPS 2013.torrent
2015-07-08 07:31 - 2015-07-08 23:42 - 00000000 ____D C:\Program Files (x86)\baidu
2015-07-08 07:31 - 2015-07-08 08:31 - 00000000 ____D C:\Users\User\AppData\Roaming\Baidu
2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\Users\User\AppData\Local\MiniService
2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2015-07-08 07:31 - 2015-07-08 07:31 - 00000000 ____D C:\ProgramData\Baidu
2015-07-06 08:43 - 2015-07-06 08:43 - 00001968 _____ C:\Users\User\Downloads\Meu Passado Me Condena 2 HDTS XviD Nacional.avi.torrent
2015-07-04 00:49 - 2015-07-04 00:49 - 00000000 ____D C:\Users\User\Downloads\CF-Auto-Root-klte-klteduosub-smg900md
2015-07-03 22:16 - 2015-07-03 22:25 - 274180792 _____ C:\Users\User\Downloads\cm-12.1-20150703-NIGHTLY-klte.zip
2015-07-03 19:09 - 2015-07-03 19:10 - 2551521450 _____ C:\Users\User\Downloads\G900FDXXU1BNL9_G900FDOXE1BNL9_G900FDXXU1BNL9_HOME.tar.md5
2015-07-03 18:29 - 2015-07-03 18:29 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-07-03 18:18 - 2015-07-03 18:25 - 275205019 _____ C:\Users\User\Downloads\cm-12.1-20150703-NIGHTLY-kltechnduo.zip
2015-07-03 18:10 - 2015-07-03 18:10 - 25812155 _____ C:\Users\User\Downloads\CF-Auto-Root-klte-klteduosub-smg900md.zip
2015-07-03 17:52 - 2015-07-03 17:53 - 13721600 _____ C:\Users\User\Downloads\openrecovery-twrp-2.8.4.0-klte.tar
2015-07-03 17:44 - 2015-07-03 17:45 - 13721600 _____ C:\Users\User\Downloads\openrecovery-twrp-2.8.5.0-gt-klte.tar
2015-07-03 09:40 - 2015-07-03 09:40 - 00018698 _____ C:\Users\User\Downloads\Jogos.Vorazes.A.Esperanca.Parte.1.2015.BDRip.XviD.Dual.Audio-MVP.torrent
2015-07-03 09:35 - 2015-07-03 09:35 - 00184914 _____ C:\Users\User\Downloads\Dragoes.de.Camelot.2015.720p.BRRip.x264-iFT.DUAL-CS.torrent
2015-06-30 10:25 - 2015-06-30 10:25 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-06-30 10:13 - 2015-07-08 22:52 - 00006104 _____ C:\Windows\setupact.log
2015-06-30 10:13 - 2015-06-30 10:13 - 00000000 _____ C:\Windows\setuperr.log
2015-06-30 10:05 - 2015-07-03 08:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-30 10:05 - 2015-06-30 10:06 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-30 10:05 - 2015-06-30 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-30 10:05 - 2015-06-30 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-30 10:05 - 2015-06-30 10:05 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2015-06-30 10:05 - 2015-06-30 10:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-30 10:05 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-30 10:05 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-30 10:05 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-30 10:04 - 2015-06-30 10:04 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-30 09:53 - 2015-06-30 09:53 - 00000008 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-06-30 09:53 - 2015-06-30 09:53 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-30 09:50 - 2015-06-30 10:38 - 00000008 _____ C:\END
2015-06-30 09:50 - 2015-06-30 09:50 - 00000045 _____ C:\user.js
2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 _____ C:\Windows\prleth.sys
2015-06-30 09:50 - 2015-06-30 09:50 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-30 09:21 - 2015-06-30 09:21 - 00004528 _____ C:\Windows\SysWOW64\Lepfibs.ini
2015-06-30 09:21 - 2015-06-30 09:21 - 00002216 _____ C:\Windows\SysWOW64\LepfibsOff.ini
2015-06-30 09:21 - 2015-06-30 09:21 - 00002216 _____ C:\Windows\system32\LepfibsOff.ini
2015-06-30 09:20 - 2015-06-30 09:25 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-30 09:20 - 2015-06-30 09:21 - 00000000 ____D C:\Users\Todos os Usuários\OhogmAgi
2015-06-30 09:20 - 2015-06-30 09:21 - 00000000 ____D C:\ProgramData\OhogmAgi
2015-06-30 09:20 - 2015-06-30 09:20 - 00000000 ____D C:\Users\User\AppData\Roaming\Opera Software
2015-06-30 09:20 - 2015-06-30 09:20 - 00000000 ____D C:\Users\User\AppData\Local\Opera Software
2015-06-30 09:19 - 2015-07-08 23:43 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform
2015-06-30 09:19 - 2015-07-08 23:43 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2015-06-30 09:19 - 2015-07-03 09:19 - 00000000 ____D C:\Program Files (x86)\cecea3d5-3cfb-47ed-a074-c0d5128c78a1
2015-06-30 09:19 - 2015-07-03 09:19 - 00000000 ____D C:\Program Files (x86)\ae591690-ff34-4960-a80b-95c5a8a830f4
2015-06-30 09:19 - 2015-06-30 09:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-06-30 09:19 - 2015-06-30 09:19 - 00003900 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
2015-06-30 09:19 - 2015-06-30 09:19 - 00003578 _____ C:\Windows\System32\Tasks\YTDownloader
2015-06-30 09:19 - 2015-06-30 09:19 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\User\AppData\Local\globalUpdate
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-06-30 09:19 - 2015-06-30 09:19 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-06-30 09:19 - 2012-07-26 02:26 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-30 09:18 - 2015-06-30 09:18 - 00000000 ____D C:\Users\User\AppData\Local\CrashRpt
2015-06-30 09:18 - 2015-01-20 13:13 - 34334796 _____ C:\Users\User\Desktop\CF-Auto-Root-klte-klteduosub-smg900md.tar.md5
2015-06-30 09:18 - 2015-01-20 13:13 - 00943616 _____ (Samsung Electronics Co., Ltd.) C:\Users\User\Desktop\Odin3-v3.07.exe
2015-06-30 09:18 - 2015-01-20 13:13 - 00159744 _____ (TmaxSoft Co., Ltd) C:\Users\User\Desktop\tmax.dll
2015-06-30 09:18 - 2015-01-20 13:13 - 00102400 _____ C:\Users\User\Desktop\zlib.dll
2015-06-30 09:18 - 2015-01-20 13:13 - 00000706 _____ C:\Users\User\Desktop\Odin3.ini
2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\Users\Todos os Usuários\Samsung
2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\ProgramData\Samsung
2015-06-30 09:16 - 2015-06-30 09:16 - 00000000 ____D C:\Program Files\SAMSUNG
2015-06-26 02:16 - 2015-06-26 02:16 - 01730304 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-06-26 02:16 - 2015-06-26 02:16 - 01011448 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-06-15 21:08 - 2015-06-15 21:08 - 00000705 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLAUDIO.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-12 17:32 - 2015-03-17 21:18 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-07-12 17:24 - 2015-03-17 16:50 - 00000000 ____D C:\Users\User\AppData\Roaming\ClassicShell
2015-07-12 17:13 - 2015-03-17 16:56 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 17:05 - 2015-03-17 16:37 - 01141231 _____ C:\Windows\WindowsUpdate.log
2015-07-12 17:00 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\system32\sru
2015-07-12 11:13 - 2015-03-17 16:56 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-11 23:27 - 2015-03-17 16:43 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3075200918-40492572-906780818-1001
2015-07-11 23:21 - 2012-07-26 07:33 - 00762618 _____ C:\Windows\system32\prfh0416.dat
2015-07-11 23:21 - 2012-07-26 07:33 - 00154410 _____ C:\Windows\system32\prfc0416.dat
2015-07-11 23:21 - 2012-07-26 04:28 - 01765682 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-11 23:18 - 2015-03-17 16:58 - 00000344 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2015-07-11 23:17 - 2015-03-17 16:58 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-07-11 23:16 - 2015-05-15 19:45 - 00201300 _____ C:\Windows\PFRO.log
2015-07-11 23:16 - 2012-07-26 04:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 23:16 - 2012-07-26 02:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-11 04:53 - 2012-07-26 05:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-07-08 23:00 - 2012-07-26 04:59 - 00000000 ____D C:\Windows\CbsTemp
2015-07-07 21:14 - 2015-03-17 16:57 - 00002486 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-06 18:34 - 2015-03-22 10:24 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 18:34 - 2015-03-22 10:24 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 09:19 - 2012-07-26 07:36 - 00000000 ____D C:\Windows\SKB
2015-07-03 08:38 - 2015-04-28 08:32 - 00000000 ____D C:\Users\User\AppData\Roaming\ZhiYun
2015-06-30 10:03 - 2012-07-26 05:12 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-30 09:50 - 2015-05-29 05:30 - 00002635 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2015-06-30 09:50 - 2015-03-17 16:38 - 00001700 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-24 21:34 - 2015-05-10 19:43 - 00160768 ___SH C:\Users\User\Downloads\Thumbs.db
2015-06-22 08:21 - 2015-03-17 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-22 08:20 - 2015-03-17 17:07 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-22 08:20 - 2015-03-17 17:07 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-22 08:10 - 2015-03-17 17:12 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2015-06-22 08:10 - 2015-03-17 17:12 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\Users\Todos os Usuários\Avira
2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\ProgramData\Avira
2015-06-22 08:10 - 2015-03-17 17:07 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-22 08:08 - 2015-03-30 09:16 - 00430872 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-17 08:35 - 2015-03-22 10:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-17 08:35 - 2015-03-22 10:14 - 00000000 ____D C:\Windows\system32\appraiser
==================== Files in the root of some directories =======
2015-03-18 10:09 - 2015-03-18 10:09 - 0000001 _____ () C:\Users\User\AppData\Local\llftool.4.30.agreement
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\1435667003.exe
C:\Users\User\AppData\Local\Temp\1436409814.exe
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\spark_install.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll
C:\Users\User\AppData\Local\Temp\Uninstall.exe
C:\Users\User\AppData\Local\Temp\UninstallModule.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-10 03:00
==================== End of log ============================