Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:07-02-2016 Executado por User (administrador) em USER-PC (13-02-2016 15:14:37) Executando a partir de C:\Users\User\Downloads Perfis Carregados: User (Perfis Disponíveis: User) Platform: Microsoft Windows 7 Professional (X86) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe () C:\Windows\System32\PnkBstrA.exe (UpAurora.COM) C:\Users\User\AppData\Roaming\UpAuroraBrowser\Installer\UpAuroraKernelService.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe () C:\ProgramData\WindowsMsg\osmsg.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\BitTorrent\updates\7.9.5_41713\utorrentie.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\BitTorrent\updates\7.9.5_41713\utorrentie.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe (BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Rocksteady Studios Ltd.) C:\Games\Batman - Arkham City\Binaries\Win32\BatmanAC.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.) HKLM\...\Run: [gmsd_br_005010190] => "C:\Program Files\gmsd_br_005010190\gmsd_br_005010190.exe" HKLM\...\Run: [rec_en_77] => "C:\Program Files\rec_en_77\rec_en_77.exe" HKLM\...\Run: [rec_br_150] => "C:\Program Files\rec_br_150\rec_br_150.exe" HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-04] (AVAST Software) HKLM\...\Run: [gmsd_br_005010201] => "C:\Program Files\gmsd_br_005010201\gmsd_br_005010201.exe" HKLM\...\Run: [rec_br_161] => "C:\Program Files\rec_br_161\rec_br_161.exe" HKLM\...\Run: [rec_br_164] => "C:\Program Files\rec_br_164\rec_br_164.exe" HKLM\...\Run: [gmsd_br_005010204] => "C:\Program Files\gmsd_br_005010204\gmsd_br_005010204.exe" HKLM\...\Run: [gmsd_br_005010205] => "C:\Program Files\gmsd_br_005010205\gmsd_br_005010205.exe" HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation) HKLM\...\Run: [mbot_en_037050236] => "C:\Program Files\mbot_en_037050236\mbot_en_037050236.exe" HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Run: [Memory Improve Master] => C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe [5095424 2009-03-16] (Memory Improve Master Studio) HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [2065944 2016-02-10] (BitTorrent Inc.) HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd) HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Run: [BitTorrent] => C:\Users\User\AppData\Roaming\BitTorrent\BitTorrent.exe [1903648 2016-02-12] (BitTorrent Inc.) HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] () HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\MountPoints2: {038ca9e2-654b-11e1-a7ad-1078d2baab0a} - F:\Autorun.exe HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\MountPoints2: {0eeb3e4b-58f7-11e2-ba9c-1078d2baab0a} - G:\Autorun.exe HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\MountPoints2: {319c2d42-9ab2-11e1-9c3f-1078d2baab0a} - H:\Autorun.exe HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\MountPoints2: {44f23019-5c1f-11e2-a7bd-1078d2baab0a} - H:\Launcher.exe HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\MountPoints2: {d0d7e020-c648-11e3-a127-1078d2baab0a} - F:\LGAutoRun.exe HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\MountPoints2: {fb22d166-b683-11e5-a0fd-1078d2baab0a} - F:\LG_PC_Programs.exe ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll [2013-06-20] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll [2013-06-20] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x86.dll [2013-06-20] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-01-04] (AVAST Software) ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => Nenhum Arquivo ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => Nenhum Arquivo ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => Nenhum Arquivo GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO CHR HKU\S-1-5-21-721376797-892549677-2231489058-1000\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 177.70.96.72 177.70.97.109 Tcpip\..\Interfaces\{1B3A0902-7AE1-46C4-8F05-9028B6FE99BD}: [DhcpNameServer] 172.16.0.1 200.225.197.34 Tcpip\..\Interfaces\{83A6CB82-0918-4B26-8431-22A9D6FC467F}: [DhcpNameServer] 177.70.96.72 177.70.97.109 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\S-1-5-21-721376797-892549677-2231489058-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKU\S-1-5-21-721376797-892549677-2231489058-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal URLSearchHook: HKLM -> Padrão = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} URLSearchHook: HKU\S-1-5-21-721376797-892549677-2231489058-1000 - (Sem Nome) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - Nenhum Arquivo URLSearchHook: HKU\S-1-5-21-721376797-892549677-2231489058-1000 - (Sem Nome) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - Nenhum Arquivo SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = SearchScopes: HKLM -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> DefaultScope {0FE29EFB-3D44-40A8-8EFD-FB7D620F242A} URL = hxxp://www.google.com/search?q={searchterms}&cx=partner-pub-3796753109442372:3837783968 SearchScopes: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} SearchScopes: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> {0FE29EFB-3D44-40A8-8EFD-FB7D620F242A} URL = hxxp://www.google.com/search?q={searchterms}&cx=partner-pub-3796753109442372:3837783968 SearchScopes: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchterms}&cx=partner-pub-3796753109442372:3837783968 SearchScopes: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = hxxp://search.alot.com/web?q={searchTerms} SearchScopes: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=profitraf2 BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-02-11] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-04] (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation) Toolbar: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> Sem Nome - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> Sem Nome - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-721376797-892549677-2231489058-1000 -> Sem Nome - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - Nenhum Arquivo DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2011-03-25] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-07-12] (Adobe Systems) FF Plugin HKU\S-1-5-21-721376797-892549677-2231489058-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-721376797-892549677-2231489058-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-27] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2003-05-15] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\searchplugins\Baixaki.xml [2015-12-27] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\searchplugins\search_the_web.xml [2014-07-16] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Baixaki.xml [2015-12-27] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-02-12] FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\search_the_web.xml [2014-07-16] FF Extension: wxDfast - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\50069ad472f36@50069ad472f6f.info [2012-07-18] [não assinado] FF Extension: FTdownloader 2 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\ftdownloader2@ftdownloader.com.xpi [2013-02-11] [não assinado] FF Extension: FTdownloader V3.0 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11] [não assinado] FF Extension: 4shared.com Community Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} [2012-07-16] [não assinado] FF Extension: Oasis Space 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\{0d39a849-3612-48f3-815c-56b0eda149d7}.xpi [2015-12-26] [não assinado] FF Extension: FoodBuzz - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25} [2013-06-28] [não assinado] FF Extension: Oasis Space 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\{65b45c02-eb5c-4010-8af5-4c075c4b43a3}.xpi [2015-12-29] [não assinado] FF Extension: Oasis Space 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\{83abc2fa-3a3b-44aa-97cf-b1ea0776baf1}.xpi [2015-12-23] [não assinado] FF Extension: Steel Cut 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\{8fffb585-d0b1-47fe-9abd-465dcf63e467}.xpi [2015-12-16] [não assinado] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzm9cchi.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-06-23] [não assinado] FF Extension: wxDfast - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\50069ad472f36@50069ad472f6f.info [2016-02-12] [não assinado] FF Extension: GsearchFinder - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-02-02] FF Extension: FTdownloader 2 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\ftdownloader2@ftdownloader.com.xpi [2013-02-11] [não assinado] FF Extension: FTdownloader V3.0 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\ftdownloader3@ftdownloader.com.xpi [2013-04-11] [não assinado] FF Extension: 4shared.com Community Toolbar - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} [2016-02-12] [não assinado] FF Extension: Oasis Space 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{0d39a849-3612-48f3-815c-56b0eda149d7}.xpi [2015-12-26] [não assinado] FF Extension: FoodBuzz - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{2326C1C3-3E92-49da-A3FB-CB8AD8AD8F25} [2016-02-12] [não assinado] FF Extension: Oasis Space 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{65b45c02-eb5c-4010-8af5-4c075c4b43a3}.xpi [2015-12-29] [não assinado] FF Extension: Oasis Space 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{83abc2fa-3a3b-44aa-97cf-b1ea0776baf1}.xpi [2015-12-23] [não assinado] FF Extension: Steel Cut 1.0.1 - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{8fffb585-d0b1-47fe-9abd-465dcf63e467}.xpi [2015-12-16] [não assinado] FF Extension: SweetPacks Toolbar for Firefox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-06-23] [não assinado] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-14] FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox => não encontrado (a) FF HKLM\...\Firefox\Extensions: [{0047D1A3-1D56-40B9-9708-00BD037D9D04}] - C:\Program Files\shopperz281220151410\Firefox\{0047D1A3-1D56-40B9-9708-00BD037D9D04}.xpi => não encontrado (a) FF HKLM\...\Firefox\Extensions: [{09C803BC-FA7E-42E1-983A-C6ABDD528E5C}] - C:\Program Files\shopperz291220151409\Firefox\{09C803BC-FA7E-42E1-983A-C6ABDD528E5C}.xpi => não encontrado (a) FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-14] FF HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Firefox\Extensions: [findlyrics@findlyrics.co] - C:\Program Files\FindLyrics\FF FF Extension: FindLyrics - C:\Program Files\FindLyrics\FF [2016-01-05] [não assinado] FF HKU\S-1-5-21-721376797-892549677-2231489058-1000\...\Firefox\Extensions: [D7C802E4-BDDC-4A1F-A790-F4C9D43DA9FD] - C:\Program Files\LyricsTab\116.xpi => não encontrado (a) Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-12] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-12] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-12] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-12] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-12] CHR Extension: (Planilhas do Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-12] CHR Extension: (Documentos Google off-line) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-13] CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-12] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-12] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-12] CHR HKLM\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files\Google\Chrome\User Data\Default\Extensions\serach.crx CHR HKLM\...\Chrome\Extension: [clpdgmdkdnijjbgmnajolnbnjejoeogm] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-04] CHR HKLM\...\Chrome\Extension: [jjknhiidfgljainedphkgfofokacfblp] - C:\ProgramData\wxDfast\jjknhiidfgljainedphkgfofokacfblp.crx CHR HKLM\...\Chrome\Extension: [kejpcolehiecjkanilhmblkbndaomhpc] - C:\Users\User\AppData\Local\Temp\ccex.crx CHR HKLM\...\Chrome\Extension: [mdebcffgnijbblbinknkbefciofebcda] - C:\Users\User\AppData\Local\Temp\ccex.crx CHR HKLM\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\User\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-721376797-892549677-2231489058-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [noebaifjopccondbkcieccphcpijhdne] - C:\Users\User\AppData\Local\CRE\noebaifjopccondbkcieccphcpijhdne.crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-04] (AVAST Software) R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1893896 2015-11-12] (LogMeIn Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Arquivo não assinado] R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-11-12] (LogMeIn, Inc.) R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado] R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [Arquivo não assinado] S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [Arquivo não assinado] S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer3119.exe [235776 2015-12-15] (MustangService) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-07-29] () S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [Arquivo não assinado] R2 UpAurora Kernel Service; C:\Users\User\AppData\Roaming\UpAuroraBrowser\Installer\UpAuroraKernelService.exe [184880 2015-12-03] (UpAurora.COM) S2 307a311d; "C:\Windows\system32\rundll32.exe" "c:\Program Files\AppendModule\AppendModule.dll",serv S3 BASSVC; "C:\Program Files\Baidu Security\MoboMarket\1.3.7.5841\bassvc.exe" -svc [X] S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 360HookOem; C:\Windows\System32\drivers\360HookOEM.sys [54912 2012-05-31] (360安全中心) [Arquivo não assinado] R1 360SpOEM; C:\Windows\System32\drivers\360SpOEM.sys [64048 2012-08-21] (360安全中心) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2016-01-04] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2016-01-04] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2016-01-04] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812208 2016-01-21] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449384 2016-01-21] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2016-01-04] (AVAST Software) R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] () R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-10-28] (Disc Soft Ltd) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [27040 2015-11-12] (LogMeIn, Inc.) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.) R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.) S3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [34896 2010-07-01] (Screaming Bee LLC) R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [17216 2005-03-01] (SafeKey International, Inc.) [Arquivo não assinado] R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-10-28] (Duplex Secure Ltd.) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex) S3 XXLHASP; c:\windows\system32\drivers\XXLHASP.sys [821248 2012-09-15] () [Arquivo não assinado] R1 {0d39a849-3612-48f3-815c-56b0eda149d7}Gw; C:\Windows\System32\drivers\{0d39a849-3612-48f3-815c-56b0eda149d7}Gw.sys [43112 2015-12-29] (StdLib) R1 {17ec2d72-62c2-47e7-8f05-2e2282ed32b2}Gw; C:\Windows\System32\drivers\{17ec2d72-62c2-47e7-8f05-2e2282ed32b2}Gw.sys [43112 2016-01-08] (StdLib) R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52928 2014-07-17] (StdLib) R1 {65b45c02-eb5c-4010-8af5-4c075c4b43a3}Gw; C:\Windows\System32\drivers\{65b45c02-eb5c-4010-8af5-4c075c4b43a3}Gw.sys [43112 2015-12-31] (StdLib) R1 {7912fe62-268c-49c6-b007-1f4e47c522de}Gw; C:\Windows\System32\drivers\{7912fe62-268c-49c6-b007-1f4e47c522de}Gw.sys [43112 2016-01-11] (StdLib) U3 amc61xt5; C:\Windows\system32\Drivers\amc61xt5.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta) S4 AlxKill; \??\C:\Users\User\AppData\Roaming\driver.sys [X] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X] S3 athur; system32\DRIVERS\athur.sys [X] S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X] S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X] S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X] S1 Bnbase; System32\drivers\bnbasex.sys [X] S1 Bndef; \??\C:\Windows\System32\drivers\bndef.sys [X] S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 cportclm; \??\C:\Users\User\AppData\Local\Temp\cportclm.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 fdrawcmd; \??\C:\Windows\system32\drivers\fdrawcmd.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S0 MPCBase; System32\drivers\MPCBase.sys [X] S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] S3 xspirit; \??\C:\Windows\xspirit.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-13 15:14 - 2016-02-13 15:16 - 00028536 _____ C:\Users\User\Downloads\FRST.txt 2016-02-13 15:14 - 2016-02-13 15:14 - 00000000 ____D C:\FRST 2016-02-13 15:12 - 2016-02-13 15:13 - 01721344 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2016-02-13 06:55 - 2016-02-13 06:55 - 00001682 _____ C:\Users\Public\Desktop\Batman - Arkham City.lnk 2016-02-13 06:55 - 2016-02-13 06:55 - 00001057 _____ C:\Users\Public\Desktop\Batman - Arkham City (Settings).lnk 2016-02-13 06:55 - 2016-02-13 06:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman - Arkham City 2016-02-13 05:53 - 2016-02-13 05:53 - 00000000 ____D C:\Users\User\Desktop\Batman Arkham City 2016-02-13 05:21 - 2016-02-13 05:21 - 00011362 _____ C:\Users\User\Desktop\fixlist.txt.txt 2016-02-13 01:42 - 2016-02-13 01:42 - 00000000 ____D C:\Users\Public\Documents\PC Faster 2016-02-12 21:20 - 2016-02-12 23:53 - 00002110 _____ C:\Users\User\Desktop\chrome.lnk 2016-02-12 20:50 - 2016-02-12 20:50 - 00000000 ____D C:\Program Files\03000200-1455317409-0500-0006-000700080009 2016-02-12 20:44 - 2016-02-13 05:52 - 00000000 ____D C:\Users\User\Downloads\Batman.Arkham.City.EN-RU.Repack.by.z10yded 2016-02-12 20:44 - 2016-02-12 21:23 - 00000000 ____D C:\Users\Todos os Usuários\baidu 2016-02-12 20:44 - 2016-02-12 21:23 - 00000000 ____D C:\ProgramData\baidu 2016-02-12 20:43 - 2016-02-12 20:43 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-02-12 20:43 - 2016-02-12 20:43 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-02-12 20:41 - 2016-02-12 20:41 - 00002675 _____ C:\Users\User\Desktop\BitTorrent.lnk 2016-02-12 20:41 - 2016-02-12 20:41 - 00002675 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2016-02-12 20:40 - 2016-02-12 20:40 - 01999976 _____ (BitTorrent Inc.) C:\Users\User\Downloads\BitTorrent (3).exe 2016-02-12 20:39 - 2016-02-12 20:39 - 00525696 _____ C:\Users\User\Downloads\bittorrent (1).exe 2016-02-12 20:34 - 2016-02-12 21:24 - 00000000 ____D C:\Program Files\NewExt 2016-02-12 20:34 - 2016-02-12 20:34 - 00000000 ____D C:\Users\User\AppData\Roaming\dlg 2016-02-12 20:33 - 2016-02-13 01:40 - 00000000 ____D C:\Program Files\rec_en_77 2016-02-12 20:32 - 2016-02-13 00:33 - 00000000 ____D C:\Program Files\03000200-1455316339-0500-0006-000700080009 2016-02-12 20:29 - 2016-02-12 20:30 - 00000000 ____D C:\Users\User\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-02-12 20:29 - 2016-02-12 20:29 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-02-12 20:28 - 2016-02-12 20:28 - 00525696 _____ C:\Users\User\Downloads\bittorrent.exe 2016-02-12 20:18 - 2016-02-12 20:18 - 01324551 _____ C:\Users\User\Downloads\Tradução B A C BY GG.rar 2016-02-12 12:51 - 2016-02-12 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tribo Gamer 2016-02-12 12:51 - 2016-02-12 12:51 - 00000000 ____D C:\Program Files\Tribo Gamer 2016-02-12 12:44 - 2016-02-12 12:44 - 00000000 ____D C:\Users\User\Documents\Square Enix 2016-02-12 11:31 - 2016-02-12 11:31 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2016-02-12 11:21 - 2016-02-12 11:21 - 00001590 _____ C:\Users\Public\Desktop\Batman Arkham Asylum GOTY.lnk 2016-02-12 11:21 - 2016-02-12 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocksteady Studios 2016-02-12 11:05 - 2016-02-12 11:05 - 00000000 ____D C:\Program Files\Rocksteady Studios 2016-02-11 23:39 - 2016-02-11 23:39 - 00000877 _____ C:\AiOLog.txt 2016-02-11 23:35 - 2016-02-11 23:35 - 00000000 ____D C:\Users\User\AppData\Roaming\Sun 2016-02-11 23:35 - 2016-02-11 23:35 - 00000000 ____D C:\Users\User\.oracle_jre_usage 2016-02-11 23:35 - 2016-02-11 23:35 - 00000000 ____D C:\Program Files\Common Files\Java 2016-02-11 23:34 - 2016-02-11 23:34 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2016-02-11 23:34 - 2016-02-11 23:34 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2016-02-11 23:34 - 2016-02-11 23:34 - 00000000 ____D C:\ProgramData\Oracle 2016-02-11 23:33 - 2016-02-11 23:33 - 00000000 ____D C:\Users\User\AppData\LocalLow\Oracle 2016-02-11 21:42 - 2016-02-11 22:21 - 369102226 _____ (Sereby Corporation) C:\Users\User\Downloads\aio-runtimes_v2.3.4.exe 2016-02-11 20:52 - 2016-02-11 20:53 - 01408849 _____ C:\Users\User\Downloads\Trad-BAA-ByStiff.rar 2016-02-11 20:46 - 2016-02-11 23:22 - 00000000 ____D C:\Users\User\Downloads\Batman.Arkham.Asylum.Game.of.The.Year.Edition-PROPHET[rarbg] 2016-02-11 20:45 - 2016-02-11 20:45 - 00590269 _____ C:\Users\User\Downloads\BAA-ByStiff.torrent 2016-02-11 16:31 - 2016-02-13 07:21 - 00000000 ____D C:\Users\User\Documents\WB Games 2016-02-11 15:43 - 2016-02-13 01:40 - 00000831 _____ C:\Users\Public\Desktop\Batman - Arkham Origins.lnk 2016-02-11 15:43 - 2016-02-13 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman - Arkham Origins 2016-02-11 15:24 - 2016-02-13 06:00 - 00000000 ____D C:\Users\User\AppData\Local\Setup Integrity Check 2016-02-11 02:19 - 2016-02-11 03:23 - 735083180 _____ C:\Users\User\Downloads\tradfull_pt-br_ba33ar24cy33or24_byundergondor™.exe 2016-02-11 02:18 - 2016-02-12 21:16 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-11 02:17 - 2016-02-13 14:28 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-02-11 02:17 - 2016-02-13 07:11 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-02-11 02:01 - 2016-02-11 02:16 - 107691577 _____ C:\Users\User\Downloads\tradfull_pt-br_ba33ar24cy33or24_byundergondor™.exe.opdownload 2016-02-11 02:00 - 2016-02-11 15:53 - 00000000 ____D C:\Users\User\Desktop\Batman - Arkham Origins 2016-02-11 01:59 - 2016-02-11 01:59 - 00000000 ____D C:\Users\User\Downloads\TradFull_PT-BR_Ba33Ar24Cy33Or24_ByUndergondor™ 2016-02-11 01:52 - 2016-02-11 15:19 - 00000000 ____D C:\Users\User\Downloads\Batman.Arkham.Origins.EN-RU.Repack.by.z10yded 2016-02-11 01:46 - 2016-02-11 01:58 - 58794589 _____ C:\Users\User\Desktop\tradfull_pt-br_ba33ar24cy33or24_byundergondor™.exe 2016-02-11 00:26 - 2016-02-13 01:40 - 00000000 ____D C:\AdwCleaner 2016-02-11 00:24 - 2016-02-11 00:25 - 01508352 _____ C:\Users\User\Downloads\adwcleaner_5.033.exe 2016-02-10 05:43 - 2016-02-13 07:12 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent 2016-02-08 01:15 - 2016-02-08 01:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Network Cleaner 2016-02-07 06:33 - 2016-02-07 06:33 - 00927832 _____ ( ) C:\Users\User\Downloads\Baixe Seu Arquivo Download.exe 2016-02-07 06:23 - 2016-02-07 06:22 - 00044642 _____ (wXzy1ZVLX7NSJ9) C:\Users\User\Downloads\Download Hq Batman Duas-caras Ataca Duas Vezes [1].exe 2016-02-07 06:22 - 2016-02-07 06:22 - 00927832 _____ ( ) C:\Users\User\Downloads\Download Hq Batman Duas-caras Ataca Duas Vezes.exe 2016-02-07 05:50 - 2016-02-07 05:50 - 00000873 _____ C:\Users\User\Desktop\CDisplay.lnk 2016-02-07 05:50 - 2016-02-07 05:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay 2016-02-07 05:50 - 2016-02-07 05:50 - 00000000 ____D C:\Program Files\CDisplay 2016-02-07 05:47 - 2016-02-07 05:47 - 69122123 _____ C:\Users\User\Downloads\02 BATMAN_OCavaleiroDasTrevas_01_COMPLETO_[batmanguide.wordpress.com].cbz 2016-02-07 05:44 - 2016-02-11 13:41 - 00000000 ____D C:\Users\User\Desktop\Batman - HQ's 2016-02-03 19:33 - 2016-02-03 19:33 - 00000897 _____ C:\Users\Public\Desktop\Origin.lnk 2016-02-03 19:33 - 2016-02-03 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2016-02-03 19:31 - 2016-02-03 19:33 - 00000000 ____D C:\Program Files\Origin 2016-02-03 19:21 - 2016-02-03 19:22 - 31332536 _____ (Electronic Arts, Inc.) C:\Users\User\Downloads\OriginThinSetup.exe 2016-02-03 19:14 - 2016-02-03 19:33 - 00000000 ____D C:\Users\Todos os Usuários\Origin 2016-02-03 19:14 - 2016-02-03 19:33 - 00000000 ____D C:\ProgramData\Origin 2016-02-03 18:56 - 2016-02-03 18:56 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller 2016-02-03 18:52 - 2016-02-03 18:52 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk 2016-02-03 18:52 - 2016-02-03 18:52 - 00001099 _____ C:\Users\Public\Desktop\The Sims 4.lnk 2016-02-03 18:04 - 2016-02-03 18:15 - 00000000 ____D C:\Users\User\Desktop\The Sims 4 2016-02-03 14:45 - 2016-02-03 14:51 - 00000000 ____D C:\Users\User\Desktop\LEGO Batman 3 - Beyond Gotham 2016-01-18 08:38 - 2016-01-18 08:38 - 00088664 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT 2016-01-16 18:06 - 2016-01-16 18:06 - 00993736 _____ (Program App Internet ) C:\Users\User\Downloads\adobe_flash_player (3).exe 2016-01-14 10:51 - 2016-02-12 21:16 - 00001041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 35.lnk 2016-01-14 10:51 - 2016-02-12 21:16 - 00001029 _____ C:\Users\Public\Desktop\Opera 35.lnk 2016-01-14 10:48 - 2016-01-14 10:48 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-01-14 09:24 - 2016-01-14 09:37 - 00088664 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT 2016-01-14 09:23 - 2016-01-14 09:24 - 00000993 _____ C:\Users\User\Desktop\Memory Improve Master.lnk 2016-01-14 09:23 - 2016-01-14 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memory Improve Master 2016-01-14 09:23 - 2016-01-14 09:24 - 00000000 ____D C:\Program Files\Memory Improve Master 2016-01-14 01:53 - 2016-01-14 01:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-01-14 01:51 - 2016-01-04 02:25 - 00322760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-01-14 00:55 - 2016-01-14 00:56 - 03761152 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-02-13 15:15 - 2013-05-12 00:55 - 00000000 ____D C:\Users\User\AppData\Roaming\BitTorrent 2016-02-13 15:15 - 2012-03-03 16:53 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent 2016-02-13 14:55 - 2016-01-02 03:47 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-02-13 14:27 - 2012-07-26 13:57 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-02-13 13:29 - 2013-10-16 20:24 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721376797-892549677-2231489058-1000UA.job 2016-02-13 12:39 - 2012-07-18 09:26 - 00000354 ____H C:\Windows\Tasks\OptimizerProUpdaterRefreshTask.job 2016-02-13 07:19 - 2009-07-14 02:34 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-02-13 07:19 - 2009-07-14 02:34 - 00014544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-02-13 07:12 - 2015-10-13 04:07 - 00000000 ____D C:\Users\User\AppData\LocalLow\BitTorrent 2016-02-13 07:12 - 2012-03-03 16:55 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp 2016-02-13 07:11 - 2015-10-13 03:04 - 00000648 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job 2016-02-13 07:11 - 2013-07-30 19:16 - 00000414 ____H C:\Windows\Tasks\schedule!3036567561.job 2016-02-13 07:11 - 2012-09-19 21:15 - 08405015 _____ C:\Windows\TempFile 2016-02-13 07:11 - 2012-07-18 09:26 - 00000374 ____H C:\Windows\Tasks\OptimizerProUpdaterLogonTask.job 2016-02-13 07:11 - 2012-07-18 09:25 - 00000376 ____H C:\Windows\Tasks\WxDFastUpdaterLogonTask.job 2016-02-13 07:11 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-02-13 06:58 - 2009-07-14 02:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-02-13 06:23 - 2014-06-05 23:14 - 00000000 ____D C:\Games 2016-02-13 02:22 - 2013-03-06 18:50 - 00000000 ____D C:\Program Files\Electronic Arts 2016-02-13 02:00 - 2014-07-02 03:00 - 00000000 ____D C:\Users\User\AppData\Local\Adobe 2016-02-13 01:43 - 2016-01-04 04:48 - 00001349 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-02-12 21:23 - 2012-10-05 21:38 - 00000000 ____D C:\Users\User\AppData\Roaming\baidu 2016-02-12 21:16 - 2014-10-15 18:18 - 00000969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 26.lnk 2016-02-12 21:16 - 2012-07-04 17:04 - 00001787 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-02-12 19:29 - 2013-10-16 20:24 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721376797-892549677-2231489058-1000Core.job 2016-02-12 11:04 - 2012-03-04 01:59 - 00000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite 2016-02-11 23:38 - 2014-04-23 02:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-02-11 23:38 - 2014-04-23 02:01 - 00000000 ____D C:\ProgramData\Package Cache 2016-02-11 23:34 - 2014-01-23 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-02-11 23:33 - 2012-02-01 16:35 - 00000000 ____D C:\Program Files\Java 2016-02-11 02:19 - 2012-02-01 14:43 - 00000000 ____D C:\Users\User\AppData\Local\Google 2016-02-11 02:18 - 2012-02-01 14:48 - 00000000 ____D C:\Program Files\Google 2016-02-11 02:17 - 2012-07-02 12:29 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-02-11 02:17 - 2012-02-01 14:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-02-11 00:32 - 2012-02-04 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-02-10 06:37 - 2013-09-23 18:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Synthesia 2016-02-08 01:15 - 2012-03-27 00:39 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps 2016-02-07 23:33 - 2015-06-04 17:20 - 01596928 ___SH C:\Users\User\Downloads\Thumbs.db 2016-02-06 20:08 - 2013-10-13 20:06 - 00000000 ____D C:\Program Files\Opera 2016-02-03 19:38 - 2015-07-27 13:37 - 00000000 ____D C:\Users\User\Desktop\Jogos Leves 2016-02-03 19:38 - 2015-07-27 13:34 - 00000000 ____D C:\Users\User\Desktop\Coisas do meu Livro 2016-02-03 19:38 - 2015-04-19 22:37 - 00000000 ____D C:\Users\User\Desktop\Playlist 2016-02-03 19:19 - 2012-02-02 09:59 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2016-02-03 19:19 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF 2016-02-03 14:53 - 2013-07-18 17:00 - 00000000 ____D C:\Users\User\AppData\Roaming\Warner Bros. Interactive Entertainment 2016-01-21 14:07 - 2012-02-01 14:41 - 00812208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2016-01-21 14:07 - 2012-02-01 14:41 - 00449384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-01-17 16:20 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf 2016-01-14 10:52 - 2013-10-13 20:06 - 00000000 ____D C:\Users\User\AppData\Local\Opera Software 2016-01-14 10:51 - 2013-10-13 20:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Opera Software 2016-01-14 10:10 - 2013-05-05 12:58 - 00000000 ____D C:\Users\User\Documents\GTA San Andreas User Files 2016-01-14 09:06 - 2012-06-16 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2016-01-14 08:17 - 2012-02-11 00:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-01-14 07:48 - 2015-10-08 07:27 - 00000000 ____D C:\Users\User\Downloads\The_Sims_3_University_Life-FLT 2016-01-14 02:52 - 2012-02-01 13:05 - 01674994 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-14 02:52 - 2009-07-14 06:15 - 00720002 _____ C:\Windows\system32\prfh0416.dat 2016-01-14 02:52 - 2009-07-14 06:15 - 00152244 _____ C:\Windows\system32\prfc0416.dat 2016-01-14 02:27 - 2015-09-11 19:45 - 00000000 ____D C:\Program Files\Injustice Gods Among Us Ultimate Edition 2016-01-14 01:53 - 2016-01-04 02:29 - 00001963 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-01-14 00:29 - 2016-01-04 04:39 - 00000000 __SHD C:\found.012 2016-01-14 00:23 - 2015-04-28 22:38 - 00000000 ____D C:\Users\User\Desktop\Fraps ==================== Arquivos na raiz de alguns diretórios ======= 2012-09-22 18:17 - 2012-06-13 10:23 - 0893496 _____ (Complitly ) C:\Program Files\Common Files\AutoCompleteInstaller-VD.exe 2015-06-30 11:37 - 2016-01-01 19:58 - 0000024 _____ () C:\Users\User\AppData\Roaming\appdataFr25.bin 2014-04-15 01:12 - 2014-04-15 01:12 - 0000000 _____ () C:\Users\User\AppData\Roaming\bitlord_log.txt 2012-08-25 12:44 - 2012-08-25 12:44 - 0000195 _____ () C:\Users\User\AppData\Roaming\config.txt 2012-12-23 01:50 - 2012-12-23 01:50 - 0000077 _____ () C:\Users\User\AppData\Roaming\id 2013-08-08 14:51 - 2013-08-08 14:51 - 0075684 _____ () C:\Users\User\AppData\Roaming\PhotoPad.dmp 2014-07-20 00:22 - 2014-07-20 00:22 - 0138904 _____ () C:\Users\User\AppData\Roaming\PnkBstrK.sys 2014-06-24 18:09 - 2014-06-24 18:09 - 0000132 _____ () C:\Users\User\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2014-02-03 01:19 - 2014-02-11 09:38 - 0000082 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2013-10-15 15:59 - 2013-10-15 17:00 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Salvar para a Web 12.0 Prefs 2014-06-24 17:53 - 2014-06-24 17:53 - 0001456 _____ () C:\Users\User\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2012-03-14 03:06 - 2013-08-08 03:44 - 0006656 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-07-22 22:04 - 2014-07-22 22:04 - 0591112 _____ (ClickMeIn Limited) C:\Users\User\AppData\Local\nsi22C2.tmp 2015-01-30 09:56 - 2015-01-30 09:56 - 0000000 _____ () C:\Users\User\AppData\Local\{107A2027-DCE2-492E-93CB-8497964FED1B} 2013-10-16 01:56 - 2013-10-16 01:56 - 0000000 _____ () C:\Users\User\AppData\Local\{12040A17-3E98-484E-BFA4-725D20A25BAB} 2015-06-25 07:18 - 2015-06-25 07:18 - 0000000 _____ () C:\Users\User\AppData\Local\{3AB00AA8-ECCC-4299-9972-BA6429009232} 2015-05-28 14:00 - 2015-05-28 14:00 - 0000000 _____ () C:\Users\User\AppData\Local\{4099F931-3400-49B4-BA8E-00EC4025DAAD} 2015-04-30 14:12 - 2015-04-30 14:12 - 0000000 _____ () C:\Users\User\AppData\Local\{842AA48F-65C5-4478-9EB1-044C5342FCE8} 2015-05-27 15:23 - 2015-05-27 15:23 - 0000000 _____ () C:\Users\User\AppData\Local\{9130704E-A4B3-4486-8FD6-BD87730F9DA1} 2015-01-30 09:56 - 2015-01-30 09:56 - 0000000 _____ () C:\Users\User\AppData\Local\{913E1505-606F-42E9-924B-A87EF0F490B4} 2015-04-30 14:12 - 2015-04-30 14:12 - 0000000 _____ () C:\Users\User\AppData\Local\{A5AAF24F-C1FD-4795-B06C-6864B041F9C3} 2015-04-29 15:10 - 2015-04-29 15:10 - 0000000 _____ () C:\Users\User\AppData\Local\{B53A0B4A-73DA-48B9-AEFC-510BBD2C57EC} 2015-05-27 15:23 - 2015-05-27 15:23 - 0000000 _____ () C:\Users\User\AppData\Local\{C0A7DAF0-EAD6-4981-B209-15AA51A564B2} 2015-01-30 10:23 - 2015-01-30 10:23 - 0000000 _____ () C:\Users\User\AppData\Local\{DE2658D1-36E0-4779-BDF5-4A57239543B7} 2014-06-05 12:47 - 2014-06-05 12:47 - 0000000 _____ () C:\Users\User\AppData\Local\{EEBED39C-AAB0-4A23-A4B7-F1F75E793451} 2015-05-06 14:18 - 2015-05-06 14:19 - 0000000 _____ () C:\Users\User\AppData\Local\{FE4430F4-1524-4B1B-9DAA-77D0E6D10F0A} 2015-04-19 05:59 - 2015-04-19 18:33 - 0000112 _____ () C:\ProgramData\8361H0.dat Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\8361H0.dat C:\Users\Todos os Usuários\8361H0.dat C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job Alguns arquivos em TEMP: ==================== C:\Users\User\AppData\Local\Temp\0a3d8a64ef66f93fda9c4616a51814fc.dll C:\Users\User\AppData\Local\Temp\1455319424.exe C:\Users\User\AppData\Local\Temp\1B20.tmp.exe C:\Users\User\AppData\Local\Temp\1BBF.tmp.exe C:\Users\User\AppData\Local\Temp\221F.tmp.exe C:\Users\User\AppData\Local\Temp\287c499808bcff52a39d16f78044882a.dll C:\Users\User\AppData\Local\Temp\2D87.tmp.exe C:\Users\User\AppData\Local\Temp\352E.tmp.exe C:\Users\User\AppData\Local\Temp\3BB7.tmp.exe C:\Users\User\AppData\Local\Temp\493D.tmp.exe C:\Users\User\AppData\Local\Temp\6181.tmp.exe C:\Users\User\AppData\Local\Temp\63B8.tmp.exe C:\Users\User\AppData\Local\Temp\69BC.tmp.exe C:\Users\User\AppData\Local\Temp\6EC9.tmp.exe C:\Users\User\AppData\Local\Temp\8577.tmp.exe C:\Users\User\AppData\Local\Temp\8578.tmp.exe C:\Users\User\AppData\Local\Temp\862C.tmp.exe C:\Users\User\AppData\Local\Temp\8WY0QA5XCZ.exe C:\Users\User\AppData\Local\Temp\931E.tmp.exe C:\Users\User\AppData\Local\Temp\CE2E.tmp.exe C:\Users\User\AppData\Local\Temp\D575.tmp.exe C:\Users\User\AppData\Local\Temp\ED0.tmp.exe C:\Users\User\AppData\Local\Temp\FD4F.tmp.exe C:\Users\User\AppData\Local\Temp\fsd6D4F.exe C:\Users\User\AppData\Local\Temp\fsdAD8A.exe C:\Users\User\AppData\Local\Temp\MSTVGKNYZU.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll C:\Users\User\AppData\Local\Temp\TVHHGOJITA.exe C:\Users\User\AppData\Local\Temp\XZOLTHOOYC.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-02-11 06:20 ==================== Fim de FRST.txt ============================