cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:31-12-2015
Executado por Win 7 (administrador) em WIN7-PC (06-01-2016 14:19:37)
Executando a partir de C:\Users\Win 7\Pictures
Perfis Carregados: Win 7 (Perfis Disponíveis: Win 7)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\Program Files (x86)\PSafe\Total\safemon\QHActiveDefense.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files (x86)\PSafe\Total\safemon\QHSafeTray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Mega Limited) C:\Users\Win 7\AppData\Local\MEGAsync\MEGAsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\WinRAR\WinRAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\PSafe\Total\safemon\QHSafeTray.exe [2406208 2015-08-04] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Win 7\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Win 7\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Win 7\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Win 7\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Win 7\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Win 7\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-12-19]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Win 7\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58043;https=127.0.0.1:58043;
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{709CFCD3-0F9F-47F4-BE5D-CEAB36A58C9C}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-23] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default
FF NewTab: hxxp://www.oursurfing.com/newtab/?type=nt&ts=1442011695&z=8e15d08a1a1181e1ea2ee83g8z4z8o4edg7g7q9t3g&from=2sq&uid=ST3320620AS_3QF0JHWMXXXX3QF0JHWM
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1442012231&z=669dcb962f0e5c76f5b3545gdzez7o7ebg6o9e2b1g&from=cmi&uid=ST3320620AS_3QF0JHWMXXXX3QF0JHWM
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-06-23] ()
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Nenhum Arquivo]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Nenhum Arquivo]
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3695188533-1945731474-308669925-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-3695188533-1945731474-308669925-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-212d2dea26134d09\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3695188533-1945731474-308669925-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-212d2dea26134d09\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3695188533-1945731474-308669925-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Win 7\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\searchplugins\oursurfing.xml [2015-09-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-26]
FF Extension: Sem Nome - C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\extensions\MGKN37049485@ACPSC11936960.com [não encontrado (a)]
FF Extension: Default SearchProtected - C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\extensions\defsearchp@gmail.com [2015-09-11] [não assinado]
FF Extension: deskCut - C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\extensions\deskCutv2@gmail.com [2015-09-11] [não assinado]
FF Extension: SavePass 1.1 - C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [2015-09-11] [não assinado]
FF Extension: Magnify It - C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\Extensions\magit@magit.com [2015-09-14] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Win 7\AppData\Roaming\Mozilla\Firefox\Profiles\8ewbe2o2.default\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=sc&ts=1442012231&z=669dcb962f0e5c76f5b3545gdzez7o7ebg6o9e2b1g&from=cmi&uid=ST3320620AS_3QF0JHWMXXXX3QF0JHWM

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://google.com.br/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => Nenhum Arquivo
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_17_0_0_134.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-23]
CHR Extension: (Google Docs) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]
CHR Extension: (Google Drive) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Planilhas do Google) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-23]
CHR Extension: (Stylish) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-09-29]
CHR Extension: (Documentos Google off-line) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (agar.io server browser) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\hongpdkjnjhijmdnogoicadboadgllhi [2015-06-30]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-11-02]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2015-06-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Win 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]
CHR Extension: (AKDBztdkwWjIcS1) - C:\Users\Win 7\AppData\Local\Google\Update\chrome [2015-09-11]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-06-23] () [Arquivo não assinado]
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S3 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3398544 2014-11-11] (INCA Internet Co., Ltd.)
R2 QHActiveDefense; C:\Program Files (x86)\PSafe\Total\safemon\QHActiveDefense.exe [704664 2015-08-04] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S3 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X] <==== ATENÇÃO
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATENÇÃO
S2 updatjuoondowiloadup; C:\Users\Win 7\AppData\Local\Freshtom.exe ueoatj updatjuoondowiloadup [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2014-10-15] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-08-04] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-08-04] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2014-10-15] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [312400 2014-10-15] (Qihu 360 Software Co., Ltd.)
R0 771631DF; C:\Windows\System32\drivers\771631DF.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-10-15] (Qihu 360 Software Co., Ltd.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-01-06 14:17 - 2016-01-06 14:19 - 00000000 ____D C:\FRST
2016-01-04 21:21 - 2016-01-04 21:21 - 00001081 _____ C:\Users\Win 7\Desktop\Continuar a Instalação de Pokemon X (U).lnk
2016-01-04 21:00 - 2016-01-04 21:00 - 00984289 _____ C:\Users\Win 7\Desktop\Pokemon X (U).zip
2015-12-19 18:38 - 2015-12-19 18:38 - 00001130 _____ C:\Users\Public\Desktop\Pokémon The Nightmare Version.lnk
2015-12-19 18:38 - 2015-12-19 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokémon The Nightmare Version
2015-12-19 18:35 - 2015-12-19 18:38 - 00000000 ____D C:\Program Files (x86)\Pokémon The Nightmare Version
2015-12-19 17:03 - 2016-01-05 02:47 - 00000000 ____D C:\Users\Win 7\Documents\MEGAsync Downloads
2015-12-19 17:02 - 2015-12-19 17:02 - 00000000 ___RD C:\Users\Win 7\Documents\MEGA
2015-12-19 16:42 - 2015-12-19 16:42 - 00001014 _____ C:\Users\Win 7\Desktop\MEGAsync.lnk
2015-12-19 16:42 - 2015-12-19 16:42 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-12-19 16:42 - 2015-12-19 16:42 - 00000000 ____D C:\Users\Win 7\AppData\Local\Mega Limited
2015-12-19 16:41 - 2015-12-19 16:42 - 00000000 ____D C:\Users\Win 7\AppData\Local\MEGAsync
2015-12-18 18:32 - 2015-12-18 18:32 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2015-12-12 14:32 - 2015-12-12 14:32 - 00000000 ____D C:\Users\Win 7\.swt
2015-12-09 20:22 - 2015-12-09 20:22 - 00000000 ____D C:\Users\Todos os Usuários\gbas
2015-12-09 20:22 - 2015-12-09 20:22 - 00000000 ____D C:\ProgramData\gbas
2015-12-09 20:16 - 2015-12-18 18:32 - 00002129 _____ C:\Users\Win 7\Desktop\Itaú.lnk
2015-12-09 20:16 - 2015-12-18 18:32 - 00000000 ____D C:\Users\Win 7\AppData\Local\Aplicativo Itau
2015-12-05 22:43 - 2015-12-05 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2.0
2015-12-05 22:43 - 2008-08-18 18:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2015-12-05 22:07 - 2015-12-05 22:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-12-03 18:56 - 2016-01-04 12:41 - 00000000 ____D C:\Users\Win 7\Desktop\Pokémon
2015-11-27 16:48 - 2015-11-27 16:48 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-17 13:31 - 2015-11-17 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-17 13:31 - 2015-11-17 13:31 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-07 18:55 - 2015-11-07 18:55 - 00001257 _____ C:\Users\Win 7\Desktop\desmume.ini
2015-11-06 15:16 - 2015-11-06 15:16 - 00000000 ____H C:\Users\Win 7\Documents\Default.rdp
2015-11-01 19:41 - 2015-11-01 19:49 - 72566287 _____ C:\Users\Win 7\Downloads\std-pokemonwhite (E).rar
2015-11-01 19:24 - 2015-11-01 19:24 - 73138124 _____ C:\Users\Win 7\Downloads\Pok_mon White PT_Poke_Saves.rar
2015-11-01 12:47 - 2015-11-01 12:47 - 00000000 ____D C:\Users\Win 7\Desktop\ini
2015-10-31 11:06 - 2015-10-31 11:06 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\Adobe
2015-10-31 11:06 - 2015-10-31 11:06 - 00000000 ____D C:\Users\Win 7\AppData\Local\Adobe
2015-10-31 11:06 - 2015-10-31 11:06 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2015-10-31 11:06 - 2015-10-31 11:06 - 00000000 ____D C:\ProgramData\Adobe
2015-10-27 16:47 - 2015-10-27 16:47 - 01774482 _____ C:\Users\Win 7\Downloads\Base AAD (Loving Bases).rar
2015-10-27 16:33 - 2015-10-27 16:34 - 04837811 _____ C:\Users\Win 7\Downloads\Base Batalha 2.psd
2015-10-27 13:12 - 2015-11-12 11:51 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-10-24 20:43 - 2015-11-14 11:58 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-10-24 20:15 - 2015-10-24 20:24 - 00003452 _____ C:\Windows\System32\Tasks\UninstallMonitor
2015-10-24 20:15 - 2015-10-24 20:15 - 00000000 ____D C:\Users\Todos os Usuários\Innovative Solutions
2015-10-24 20:15 - 2015-10-24 20:15 - 00000000 ____D C:\ProgramData\Innovative Solutions
2015-10-24 20:14 - 2015-10-24 20:15 - 00000000 ____D C:\Users\Win 7\AppData\Local\Innovative Solutions
2015-10-24 20:14 - 2015-10-24 20:14 - 00001525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2015-10-24 20:14 - 2015-10-24 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2015-10-24 20:14 - 2015-10-24 20:14 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2015-10-24 20:14 - 2014-03-07 10:25 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl
2015-10-21 17:20 - 2015-10-24 20:30 - 00000000 ____D C:\IQIYI Video
2015-10-21 17:20 - 2015-10-24 20:29 - 00000000 ____D C:\Users\Todos os Usuários\IQIYI Video
2015-10-21 17:20 - 2015-10-24 20:29 - 00000000 ____D C:\ProgramData\IQIYI Video
2015-10-21 17:20 - 2015-10-24 20:26 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\IQIYI Video
2015-10-21 17:20 - 2015-10-21 17:21 - 00000000 ____D C:\Users\Win 7\AppData\Local\SysassistByHotWheel
2015-10-21 17:20 - 2015-10-21 17:20 - 00000000 ____D C:\Users\Win 7\AppData\LocalLow\Unity
2015-10-21 17:20 - 2015-10-21 17:20 - 00000000 ____D C:\Users\Win 7\AppData\Local\Unity
2015-10-21 17:20 - 2015-10-21 17:20 - 00000000 ____D C:\Users\Public\QiYi
2015-10-21 17:20 - 2015-10-21 17:20 - 00000000 ____D C:\ppsfile
2015-10-21 17:15 - 2015-10-21 17:36 - 00000000 ____D C:\Program Files (x86)\baidu
2015-10-16 16:23 - 2015-10-16 16:23 - 00000000 ____D C:\Users\Win 7\AppData\Local\Aegisub
2015-10-16 16:17 - 2015-10-24 20:38 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\fontconfig
2015-10-16 16:16 - 2016-01-04 20:59 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2015-10-16 16:16 - 2016-01-04 20:59 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-16 16:16 - 2015-10-24 23:53 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\Aegisub
2015-10-16 16:16 - 2015-10-16 16:16 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASSDraw3.lnk
2015-10-16 16:16 - 2015-10-16 16:16 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aegisub.lnk
2015-10-16 16:16 - 2015-10-16 16:16 - 00000000 ____D C:\Program Files (x86)\Aegisub

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-01 15:07 - 2015-06-23 18:22 - 00000000 _RSHD C:\360SANDBOX
2016-01-06 14:18 - 2009-07-14 01:20 - 00000000 ____D C:\Windows
2016-01-06 13:50 - 2015-09-11 20:45 - 00000342 ____H C:\Windows\Tasks\VJXIUTSBOWFRMGFJ.job
2016-01-06 13:46 - 2015-06-23 18:22 - 00000000 ____D C:\Users\Win 7\AppData\LocalLow\360WD
2016-01-06 13:42 - 2009-07-14 02:45 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-06 13:42 - 2009-07-14 02:45 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-06 13:39 - 2015-06-23 18:04 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-06 13:39 - 2009-07-14 15:55 - 00707974 _____ C:\Windows\system32\prfh0416.dat
2016-01-06 13:39 - 2009-07-14 15:55 - 00147754 _____ C:\Windows\system32\prfc0416.dat
2016-01-06 13:39 - 2009-07-14 03:13 - 01641362 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-06 13:39 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf
2016-01-06 13:35 - 2015-09-05 11:35 - 00000000 ____D C:\Users\Win 7\AppData\Local\LogMeIn Hamachi
2016-01-06 13:35 - 2015-06-23 18:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-06 13:35 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-04 20:51 - 2015-06-23 18:32 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-01-04 12:47 - 2015-07-10 18:02 - 00002611 _____ C:\Users\Win 7\Desktop\vba.ini
2015-12-24 02:36 - 2015-06-23 18:30 - 00000000 ____D C:\Users\Win 7\AppData\Roaming\Skype
2015-12-24 00:41 - 2015-07-29 15:54 - 00000000 ____D C:\Program Files (x86)\Project64 2.2
2015-12-20 12:06 - 2015-09-13 15:34 - 00445328 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-20 02:01 - 2015-09-13 15:44 - 00112816 _____ C:\Users\Win 7\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-19 16:42 - 2009-07-14 01:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-19 01:03 - 2015-07-27 18:08 - 00000132 _____ C:\Users\Win 7\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2015-12-14 12:31 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-12 14:32 - 2015-06-23 17:58 - 00000000 ____D C:\Users\Win 7

==================== Arquivos na raiz de alguns diretórios =======

2015-09-11 20:49 - 2015-09-11 20:53 - 6420480 _____ () C:\Program Files (x86)\GUT9768.tmp
2015-10-04 16:04 - 2015-10-04 16:04 - 0000288 _____ () C:\Users\Win 7\AppData\Roaming\.backup.dm
2015-07-27 18:08 - 2015-12-19 01:03 - 0000132 _____ () C:\Users\Win 7\AppData\Roaming\Preferências do Formato PNG do Adobe CS6
2015-10-04 12:15 - 2015-10-04 12:15 - 0001456 _____ () C:\Users\Win 7\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2015-09-11 20:48 - 2015-09-11 20:48 - 0000187 _____ () C:\Users\Win 7\AppData\Local\Freshtom.exe.config
2015-09-11 20:49 - 2015-09-11 20:58 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job


Alguns arquivos em TEMP:
====================
C:\Users\Win 7\AppData\Local\Temp\aplicativoitau.exe
C:\Users\Win 7\AppData\Local\Temp\b5t_cl15237.exe
C:\Users\Win 7\AppData\Local\Temp\grvr.exe
C:\Users\Win 7\AppData\Local\Temp\ICReinstall_Pokemon X (U).exe
C:\Users\Win 7\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Win 7\AppData\Local\Temp\setup3.exe
C:\Users\Win 7\AppData\Local\Temp\setup_mbot_br.exe
C:\Users\Win 7\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2015-12-20 13:23

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité