cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:30-12-2015
Executado por user (administrador) em USER-PC (30-12-2015 00:13:07)
Executando a partir de C:\Users\user\Desktop
Perfis Carregados: user & UpdatusUser (Perfis Disponíveis: user & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\user\AppData\Local\Crsoft\crsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
(TODO: ) C:\ProgramData\Windows Update\upgsvr--.exe
(QNT) C:\Users\user\AppData\Roaming\Netlog\Netlog.exe
(QNT) C:\Users\user\AppData\Roaming\NetService\netservice.exe
() C:\Users\user\AppData\Roaming\03000200-1435983916-0500-0006-000700080009\hnsc55ED.tmp
() C:\Users\user\AppData\Roaming\WinNetSvc\WinNetSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11153\calendar.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
HKLM-x32\...\Run: [fst_br_279] => [X]
HKLM-x32\...\Run: [fst_br_290] => [X]
HKLM-x32\...\Run: [Baidu Antivirus] => "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
HKLM-x32\...\Run: [Auto ShutDown] => C:\Program Files (x86)\Auto ShutDown\AutoShutDown.exe
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2010-02-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [gmsd_br_332] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-12] (AVAST Software)
HKLM-x32\...\Run: [gmsd_br_002030020] => [X]
HKLM-x32\...\Run: [gmsd_br_005010023] => [X]
HKLM-x32\...\Run: [gmsd_br_005010025] => "C:\Program Files (x86)\gmsd_br_005010025\gmsd_br_005010025.exe"
HKLM-x32\...\Run: [rec_br_45] => [X]
HKLM-x32\...\Run: [LightGate] => C:\ProgramData\LightGate.exe [1081344 2015-12-04] ()
HKLM-x32\...\Run: [UnlockerAssistant] => "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\Run: [GoogleChromeAutoLaunch_100535F106431A9BDA15E8895BE69FFB] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\Run: [-] => C:\ProgramData\msdtc.exe [1891328 2015-12-29] ()
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\FA889F48BA91932CA1794DC9B9F86E43.dll Start /RUNNING
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {3949387b-11fa-11df-98f5-1078d2b54878} - F:\LGAutoRun.exe
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {45c17837-0150-11e4-adcf-806e6f6e6963} - F:\Startme.exe
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {95bac588-1202-11df-a106-1078d2b54878} - F:\AutoRun.exe "motorola.html"
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {9812affe-1202-11df-ba02-1078d2b54878} - E:\setup.exe
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {9b1001eb-1202-11df-befa-1078d2b54878} - D:\setup.exe
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {9b1001f0-1202-11df-befa-1078d2b54878} - E:\autorun.exe
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {9f39be06-1202-11df-9c29-1078d2b54878} - E:\LGAutoRun.exe
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\...\MountPoints2: {a2eddd5f-1202-11df-9015-1078d2b54878} - E:\Startme.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-17] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [ExplorerEx] -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => C:\Users\user\AppData\Roaming\Macwebtoise\explorerEx64.dll [2015-01-22] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-12-28]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:63137;https=127.0.0.1:63137
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DE0EB46D-9A2D-47F8-B569-4B0816523CD2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=6b5eed4fcfad6bd5af2aa20b4699f645
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=6b5eed4fcfad6bd5af2aa20b4699f645
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.atajitos.com/?bd=ds&oem=Cube&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&version=2.2.0.7859&pid=414031160&tid=317&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=PVG704Q3B0ARKB_ExcelStorTechnologyJ8080S&tm=1428296700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=PVG704Q3B0ARKB_ExcelStorTechnologyJ8080S&tm=1428296700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.atajitos.com/?bd=ds&oem=Cube&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&version=2.2.0.7859&pid=414031160&tid=317&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1407723511&from=rbm&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1405747940728&tguid=77324-18194-1405747940728-F1787EBADBD3BF4F0144E825C2B931CB&st=chrome&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1405747940728&tguid=77324-18194-1405747940728-F1787EBADBD3BF4F0144E825C2B931CB&st=chrome&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=77324&tid=18194&ver=5.7&ts=1405747940728&tguid=77324-18194-1405747940728-F1787EBADBD3BF4F0144E825C2B931CB&st=chrome&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1407723511&from=rbm&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=6b5eed4fcfad6bd5af2aa20b4699f645
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=PVG704Q3B0ARKB_ExcelStorTechnologyJ8080S&tm=1428296700
URLSearchHook: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Users\user\AppData\LocalLow\FreeOnlineRadioPlayerRecorder\prxtbFree.dll Nenhum Arquivo
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1414280620&from=red&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=209&systemid=488&v=a12834-385&apn_uid=6560101351804149&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com/?bd=ds&oem=Cube&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&version=2.2.0.7859&pid=414031160&tid=317&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1265335408&from=wpm11123&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=209&systemid=488&v=a12834-385&apn_uid=6560101351804149&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=21086&r=2015/03/24&hid=17273956641060676522&lg=EN&cc=BR&unqvl=85
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com/?bd=ds&oem=Cube&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&version=2.2.0.7859&pid=414031160&tid=317&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407723511&from=rbm&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1407723511&from=rbm&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1405747940728&tguid=77324-18194-1405747940728-F1787EBADBD3BF4F0144E825C2B931CB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> Web URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=14335&babsrc=SP_ss&mntrId=645d15100000000000001078d2b54878
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1265335408&from=wpm11123&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=209&systemid=488&v=a12834-385&apn_uid=6560101351804149&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.coolsearches.info/?l=1&q={searchTerms}&pid=21086&r=2015/03/24&hid=17273956641060676522&lg=EN&cc=BR&unqvl=85
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {BF40F3EE-1359-498F-A19B-4E04B38DAD09} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=183666&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {DC066B84-5E1A-42B8-B045-90C81706C708} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.atajitos.com/?bd=ds&oem=Cube&uid=ExcelStorXTechnologyXJ8080S_PVG704Q3B0ARKBB0ARKBX&version=2.2.0.7859&pid=414031160&tid=317&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-17] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-24] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll => Nenhum Arquivo
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24] (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll => Nenhum Arquivo
BHO-x32: Sem Nome -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> Nenhum Arquivo
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-17] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-24] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll => Nenhum Arquivo
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-24] (Oracle Corporation)
BHO-x32: FreeOnlineRadioPlayerRecorder Toolbar -> {f999a48b-1950-4d81-9971-79018f807b4b} -> C:\Users\user\AppData\LocalLow\FreeOnlineRadioPlayerRecorder\prxtbFree.dll => Nenhum Arquivo
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-24] (Google Inc.)
Toolbar: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Users\user\AppData\LocalLow\FreeOnlineRadioPlayerRecorder\prxtbFree.dll Nenhum Arquivo
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-24] (Google Inc.)
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2021049520-2442524900-2583098196-1000 -> Sem Nome - {32099AAC-C132-4136-9E9A-4E364A424E17} - Nenhum Arquivo
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe www.top8844.com?oem=mbtkv3&uid=PVG704Q3B0ARKB_ExcelStorTechnologyJ8080S&tm=1265339508

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uxoovry7.default
FF NewTab: www.top8844.com?oem=mbtkv3&uid=PVG704Q3B0ARKB_ExcelStorTechnologyJ8080S&tm=1265339508
FF DefaultSearchEngine: Yahoo!
FF Homepage: www.qqovd.com?oem=mbtkv3&uid=PVG704Q3B0ARKB_ExcelStorTechnologyJ8080S&tm=1428296700
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-04-10] (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [Nenhum Arquivo]
FF Plugin-x32: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [Nenhum Arquivo]
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Nenhum Arquivo]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2021049520-2442524900-2583098196-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-2021049520-2442524900-2583098196-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Nenhum Arquivo]
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uxoovry7.default\user.js [2015-07-06]
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF Extension: jid1vhLR6vkMUx9cswjetpack - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uxoovry7.default\extensions\jid1-vhLR6vkMUx9csw@jetpack [2010-02-05] [não assinado]
FF Extension: e5bbc237c99b4ceda0610be27703295f - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\uxoovry7.default\extensions\{e5bbc237-c99b-4ced-a061-0be27703295f} [2010-02-05] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files (x86)\Real\RealPlayer\browserrecord => não encontrado (a)

Chrome:
=======
CHR HomePage: Default -> www.qqovd.com?oem=mbtkv3&uid=PVG704Q3B0ARKB_ExcelStorTechnologyJ8080S&tm=1428296700
CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=6b5eed4fcfad6bd5af2aa20b4699f645"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-30]
CHR Extension: (Planilhas do Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Documentos Google off-line) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (EasyCalendar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-09-25]
CHR Extension: (IP Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljoeefknahadockdphffgplmlmilmeob [2015-11-27]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-09]
CHR Extension: (Ver Closed Tabs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\noefmckjndnmlfehcfnkelifmnldohhh [2015-12-17]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma.crx
CHR HKU\S-1-5-21-2021049520-2442524900-2583098196-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-18]
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx"
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma.crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-17] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4047768 2015-07-17] (Avast Software)
R2 Crashhd; C:\Users\user\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-30] ()
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado]
R2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\upgsvr--.exe [2787328 2015-12-25] (TODO: ) [Arquivo não assinado]
R2 NetLogHandler; C:\Users\user\AppData\Roaming\Netlog\Netlog.exe [167704 2015-06-08] (QNT)
R2 NetTcpHandler; C:\Users\user\AppData\Roaming\NetService\netservice.exe [211824 2015-03-20] (QNT)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5210480 2013-11-03] (INCA Internet Co., Ltd.)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11153\CalendarServ.exe [153224 2015-12-10] ()
R2 vicoqudu; C:\Users\user\AppData\Roaming\03000200-1435983916-0500-0006-000700080009\hnsc55ED.tmp [165376 2015-07-04] () [Arquivo não assinado]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinNetSvc; C:\Users\user\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X] <==== ATENÇÃO
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATENÇÃO
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
S2 NAUpdate; "C:\Program Files (x86)\Nero\Update\NASvc.exe" [X]
S3 Sony PC Companion; "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" [X]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S2 Update ace race; "C:\Program Files (x86)\ace race\updateacerace.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-17] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-07-18] (Disc Soft Ltd)
S3 dtproscsibus; C:\Windows\System32\DRIVERS\dtproscsibus.sys [30352 2015-07-03] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-08-29] (Sony Mobile Communications)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [115152 2015-07-17] (AVAST Software)
S3 RTCore64; C:\Program Files (x86)\EVGA Precision\RTCore64.sys [14352 2009-10-05] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-07-03] (Duplex Secure Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [Arquivo não assinado]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-17] (Avast Software)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 npkcrypt; \??\C:\Level Up! Games\Ragnarok\npkcrypt.sys [X]
S3 npkycryp; \??\C:\Level Up! Games\Ragnarok\npkycryp.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-30 00:13 - 2015-12-30 00:20 - 00034325 _____ C:\Users\user\Desktop\FRST.txt
2015-12-30 00:11 - 2015-12-30 00:13 - 00000000 ____D C:\FRST
2015-12-30 00:11 - 2015-12-30 00:11 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-12-30 00:10 - 2015-12-30 00:10 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-12-30 00:09 - 2015-12-30 00:10 - 02370560 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-12-30 00:08 - 2015-12-30 00:08 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-12-29 04:35 - 2015-12-29 04:35 - 00000000 ____D C:\Users\user\Downloads\Call.of.Duty.Modern.Warfare.3-RELOADED
2015-12-29 02:28 - 2015-12-29 02:32 - 00000000 ____D C:\Users\user\Downloads\O Senhor dos Anéis - O Retorno do Rei (2003)
2015-12-29 00:23 - 2015-12-29 09:32 - 01891328 _____ C:\Users\Todos os Usuários\msdtc.exe
2015-12-29 00:23 - 2015-12-29 09:32 - 01891328 _____ C:\ProgramData\msdtc.exe
2015-12-29 00:17 - 2010-02-05 00:11 - 00000879 _____ C:\Users\Public\Desktop\TZip.lnk
2015-12-28 00:14 - 2015-12-28 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TZip
2015-12-28 00:14 - 2015-12-28 00:14 - 00000000 ____D C:\Program Files (x86)\TZip
2015-12-28 00:13 - 2015-12-25 07:18 - 04540096 _____ (${COMPANY_NAME}) C:\Users\Todos os Usuários\setup.exe
2015-12-28 00:13 - 2015-12-25 07:18 - 04540096 _____ (${COMPANY_NAME}) C:\ProgramData\setup.exe
2015-12-28 00:09 - 2015-12-30 00:11 - 00002060 _____ C:\Users\user\Desktop\Google Chrome.lnk
2015-12-26 13:38 - 2010-02-05 00:06 - 00000000 ____D C:\Users\user\AppData\rundir
2015-12-25 00:07 - 2010-02-05 00:01 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2015-12-25 00:07 - 2010-02-05 00:01 - 00000000 ____D C:\ProgramData\Windows Update
2015-12-25 00:05 - 2015-12-25 15:59 - 02787328 _____ (TODO: ) C:\Users\Todos os Usuários\upgsvr--.exe
2015-12-25 00:05 - 2015-12-25 15:59 - 02787328 _____ (TODO: ) C:\ProgramData\upgsvr--.exe
2015-12-24 12:57 - 2010-02-05 00:21 - 00000000 ____D C:\Users\user\Documents\GTA San Andreas User Files
2015-12-24 12:14 - 2015-12-24 13:09 - 00000000 ____D C:\Users\user\Downloads\GTA San Andreas
2015-12-24 10:58 - 2015-12-24 10:58 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-24 10:58 - 2015-12-24 10:58 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-24 10:58 - 2015-12-24 10:58 - 00000000 ____D C:\Users\Todos os Usuários\Google
2015-12-24 10:58 - 2015-12-24 10:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-24 10:58 - 2015-12-24 10:58 - 00000000 ____D C:\ProgramData\Google
2015-12-24 10:58 - 2015-12-24 10:58 - 00000000 ____D C:\Program Files\Google
2015-12-24 10:58 - 2015-12-24 10:58 - 00000000 ____D C:\Program Files\CCleaner
2015-12-20 01:39 - 2015-12-29 02:26 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2015-12-20 00:28 - 2015-12-28 00:07 - 00000000 ____D C:\Program Files (x86)\Unlocker
2015-12-20 00:28 - 2015-12-20 00:28 - 00000000 ____D C:\Users\Todos os Usuários\Babylon
2015-12-20 00:28 - 2015-12-20 00:28 - 00000000 ____D C:\ProgramData\Babylon
2015-12-20 00:13 - 2015-12-30 00:11 - 00000000 ____D C:\Users\user\AppData\Roaming\CalendarTool
2015-12-18 01:04 - 2015-12-29 13:33 - 00002898 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2015-12-18 01:04 - 2015-12-29 13:33 - 00002898 _____ C:\ProgramData\xcgui_debug.txt
2015-12-18 00:32 - 2015-12-24 11:40 - 00000616 _____ C:\Users\user\Desktop\NeoRAGEx 5.0.lnk
2015-12-18 00:13 - 2015-12-18 22:22 - 01889280 _____ C:\Users\Todos os Usuários\carssc.exe
2015-12-18 00:13 - 2015-12-18 22:22 - 01889280 _____ C:\ProgramData\carssc.exe
2015-12-17 14:27 - 2015-12-17 14:31 - 02245032 _____ (UpAurora.COM) C:\Users\Todos os Usuários\UpAurora_1.0.0.3034__101br.exe
2015-12-17 14:27 - 2015-12-17 14:31 - 02245032 _____ (UpAurora.COM) C:\ProgramData\UpAurora_1.0.0.3034__101br.exe
2015-12-17 14:11 - 2015-12-17 14:11 - 00000000 ____D C:\Users\user\AppData\Roaming\WinNetSvc
2015-12-16 11:48 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2015-12-16 11:48 - 2015-12-10 15:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-12-16 11:39 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2015-12-16 11:39 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2015-12-16 03:58 - 2015-12-17 00:21 - 00000000 ____D C:\NeoRAGEx 5.0
2015-12-03 00:07 - 2015-12-03 00:07 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2015-12-30 00:12 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2015-12-30 00:09 - 2009-07-14 02:45 - 00028416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-30 00:09 - 2009-07-14 02:45 - 00028416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-29 13:50 - 2014-09-01 18:04 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-29 13:50 - 2014-06-24 01:08 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-29 13:50 - 2014-05-06 09:04 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 13:07 - 2009-07-29 14:08 - 03603930 _____ C:\Windows\system32\prfh0416.dat
2015-12-29 13:07 - 2009-07-29 14:08 - 02911716 _____ C:\Windows\system32\prfc0416.dat
2015-12-29 13:07 - 2009-07-14 03:13 - 00006484 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-29 06:08 - 2014-06-20 02:18 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2015-12-29 05:49 - 2014-09-01 18:04 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-29 04:51 - 2015-07-06 17:46 - 00000972 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-12-28 00:38 - 2010-02-05 01:11 - 00000000 ____D C:\Users\user\AppData\Roaming\logpath
2015-12-28 00:37 - 2015-04-06 03:05 - 00000000 ____D C:\Users\user\AppData\Roaming\RunDir
2015-12-28 00:03 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2015-12-26 15:01 - 2015-07-06 17:49 - 00000256 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2015-12-25 00:09 - 2014-06-20 01:10 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-12-24 13:09 - 2015-08-04 15:52 - 00000000 ____D C:\Users\user\Downloads\Setups
2015-12-24 12:57 - 2010-02-05 01:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-24 12:13 - 2013-08-08 14:59 - 00156080 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-24 12:07 - 2014-12-29 00:48 - 00000000 ____D C:\Users\user\Documents\Portable Adobe Photoshop CC v14
2015-12-24 11:02 - 2015-09-02 05:24 - 00000000 ____D C:\Users\user\AppData\Roaming\MPC-HC
2015-12-24 11:02 - 2015-07-03 03:46 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Pro
2015-12-24 11:02 - 2010-02-05 03:01 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2015-12-24 11:00 - 2013-08-08 19:42 - 00000000 ____D C:\Windows\Panther
2015-12-24 11:00 - 2010-02-05 02:08 - 00000000 ____D C:\Windows\Minidump
2015-12-24 10:58 - 2014-06-20 01:10 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-24 10:55 - 2014-08-20 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-24 10:55 - 2014-08-20 06:45 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-24 10:53 - 2015-07-28 15:33 - 00000000 ____D C:\Program Files\Java
2015-12-24 10:50 - 2015-10-08 03:50 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-12-24 10:48 - 2015-07-28 15:33 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-12-23 00:03 - 2013-08-08 14:48 - 00001571 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-20 02:47 - 2014-06-23 15:05 - 00000000 ____D C:\Users\UpdatusUser
2015-12-20 02:43 - 2009-07-14 02:45 - 05156984 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-20 01:47 - 2010-02-05 00:06 - 00000000 ____D C:\Program Files (x86)\Enterbrain
2015-12-19 10:03 - 2014-07-09 23:34 - 00002540 __RSH C:\Users\Todos os Usuários\ntuser.pol
2015-12-19 10:03 - 2014-07-09 23:34 - 00002540 __RSH C:\ProgramData\ntuser.pol
2015-12-07 09:41 - 2014-09-02 03:55 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-12-02 10:39 - 2015-09-17 02:22 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 10:39 - 2015-09-17 02:22 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 10:39 - 2015-09-17 02:22 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 10:39 - 2015-09-17 02:22 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-30 03:24 - 2015-11-17 11:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Arquivos na raiz de alguns diretórios =======

2014-07-17 03:01 - 2010-02-05 01:07 - 0000415 _____ () C:\Users\user\AppData\Roaming\apachesrvin.vbs
2014-07-17 03:01 - 2010-02-05 01:07 - 0000090 _____ () C:\Users\user\AppData\Roaming\die.bat
2014-09-01 06:18 - 2014-09-01 06:18 - 0002086 _____ () C:\Users\user\AppData\Roaming\HK
2014-12-30 01:01 - 2014-12-30 01:01 - 1832936 _____ (Enter) C:\Users\user\AppData\Roaming\RRXU.exe
2010-02-05 00:15 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\user\AppData\Roaming\upgsvr.exe
2015-04-29 18:07 - 2015-04-29 18:07 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2014-06-23 12:36 - 2014-06-23 12:36 - 0002080 _____ () C:\Users\user\AppData\Local\chrome.lnk
2015-07-06 17:49 - 2015-07-06 17:49 - 0613255 _____ (CMI Limited) C:\Users\user\AppData\Local\nse678A.tmp
2015-08-07 10:33 - 2015-08-07 10:33 - 0613255 _____ (CMI Limited) C:\Users\user\AppData\Local\nsp6971.tmp
2015-07-07 18:01 - 2015-07-07 18:01 - 0613255 _____ (CMI Limited) C:\Users\user\AppData\Local\nssE393.tmp
2010-02-05 00:01 - 2010-02-05 00:01 - 0000000 _____ () C:\Users\user\AppData\Local\{9FDF9121-3457-4145-9D85-2BA6F48484C7}
2015-03-23 18:24 - 2015-03-23 18:24 - 0000000 _____ () C:\Users\user\AppData\Local\{E37969ED-D080-4658-9EAE-7CB8CA9D095F}
2015-12-18 00:13 - 2015-12-18 22:22 - 1889280 _____ () C:\ProgramData\carssc.exe
2010-02-05 00:19 - 2015-11-26 07:58 - 4127064 _____ () C:\ProgramData\ch_dl_url
2015-12-16 11:39 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2015-12-29 00:23 - 2015-12-29 09:32 - 1891328 _____ () C:\ProgramData\msdtc.exe
2015-12-28 00:13 - 2015-12-25 07:18 - 4540096 _____ (${COMPANY_NAME}) C:\ProgramData\setup.exe
2015-12-17 14:27 - 2015-12-17 14:31 - 2245032 _____ (UpAurora.COM) C:\ProgramData\UpAurora_1.0.0.3034__101br.exe
2015-12-25 00:05 - 2015-12-25 15:59 - 2787328 _____ (TODO: ) C:\ProgramData\upgsvr--.exe
2010-02-05 00:17 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-03-24 11:06 - 2015-03-23 16:53 - 1047392 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
2010-02-05 00:01 - 2010-02-05 00:01 - 0000969 _____ () C:\ProgramData\webad.xml
2015-12-18 01:04 - 2015-12-29 13:33 - 0002898 _____ () C:\ProgramData\xcgui_debug.txt
2015-12-16 11:48 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\carssc.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msdtc.exe
C:\ProgramData\setup.exe
C:\ProgramData\UpAurora_1.0.0.3034__101br.exe
C:\ProgramData\upgsvr--.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\WeatherMini.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\carssc.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msdtc.exe
C:\Users\Todos os Usuários\setup.exe
C:\Users\Todos os Usuários\UpAurora_1.0.0.3034__101br.exe
C:\Users\Todos os Usuários\upgsvr--.exe
C:\Users\Todos os Usuários\upgsvr.exe
C:\Users\Todos os Usuários\WeatherMini.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe


Alguns arquivos em TEMP:
====================
C:\Users\user\AppData\Local\Temp\jre-8u66-windows-au.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2015-12-16 18:31

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité