Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:04-03-2016
Executado por Rafaela (administrador) em PHILCO (05-03-2016 22:10:07)
Executando a partir de C:\Users\Rafaela\Desktop\FRST-OlderVersion
Perfis Carregados: Rafaela (Perfis Disponíveis: Rafaela)
Platform: Microsoft Windows 8.1 Enterprise (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bastray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_9e5a9771e29ebd0a\TiWorker.exe
() C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe
() C:\Program Files\CalendarTool\2.0.0.11189\calendar.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_b0108cd\instup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\Run: [ManyCam] => C:\Program Files\ManyCam\ManyCam.exe [8795312 2014-06-09] (Visicom Media Inc.)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [1424896 2016-02-16] (Seekar Ltd)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {0d275c59-84bd-11e5-974f-fa3ab0aa4444} - "D:\Windows\AutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {0d275db4-84bd-11e5-974f-fa3ab0aa4444} - "D:\Windows\AutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {4f8bbaa0-48b6-11e4-9723-74de2b61219a} - "D:\Startme.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {5508c47a-3767-11e4-9720-74de2b61219a} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {9989d39b-1ff4-11e5-9732-80ee734752c3} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {b94e312a-cb82-11e4-972a-80ee734752c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {c5b33f06-b6f8-11e5-9765-80ee734752c3} - "D:\.\StartModem.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {e318e25e-3465-11e5-9736-928ad7ce5690} - "D:\Startme.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-07-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{28767AA4-65A0-45C5-8624-7B2135A08768}: [NameServer] 200.204.135.203 200.204.135.200
Tcpip\..\Interfaces\{462F99DA-C3F5-4F4C-B2F9-FECA808CC5CB}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{94CA6C4D-953C-4347-889C-40191E731050}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f3e77ec705790fe55d41f1f3239a4b5d
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-712289024-91857821-862277897-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f3e77ec705790fe55d41f1f3239a4b5d
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-16] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-05-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Rafaela\AppData\Roaming\Mozilla\Firefox\Profiles\3jwhlnid.default
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f3e77ec705790fe55d41f1f3239a4b5d
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-13] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkp_inner_protection_03_hao123_br
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR NewTab: Default -> "chrome-extension://ckchkohkbpoijhiebdafjlnlhjpijgoh/stubby.html"
CHR Profile: C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02]
CHR Extension: (Google Docs) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02]
CHR Extension: (Google Drive) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google Search) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Planilhas do Google) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR Extension: (Gmail) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]
CHR Profile: C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-01]
CHR Extension: (Internet Speed Tracker) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jinlofiojphnmpllecgejammnjcmeipf [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR Extension: (Gmail) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [239880 2016-02-05] (McAfee, Inc.)
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-23] (Microsoft Corporation)
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [432384 2014-04-18] ()
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag.sys [23040 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys [27776 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis.sys [73728 2011-09-16] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [47216 2014-05-13] (Visicom Media Inc.)
S3 massfilter; C:\Windows\System32\drivers\ztembbmassfilter.sys [11776 2012-11-22] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
S3 mtkmbim6.2; C:\Windows\system32\DRIVERS\mtkmbim7.sys [173056 2012-12-03] (MBB)
R3 NETJME; C:\Windows\system32\DRIVERS\NETJME.sys [119296 2013-06-18] (JMicron Technology Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1659096 2013-07-31] (Realtek Semiconductor Corporation )
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 usbbus; C:\Windows\System32\drivers\lgusbbus.sys [13056 2011-04-27] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\system32\DRIVERS\lgusbdiag.sys [20864 2011-04-27] (LG Electronics Inc.)
S3 USBModem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [25216 2011-04-27] (LG Electronics Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [30224 2014-03-23] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [219992 2014-03-23] (Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [69120 2012-11-28] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [92504 2014-03-23] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-05 22:06 - 2014-04-15 20:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-03-05 21:46 - 2015-10-08 12:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2016-03-05 21:46 - 2015-03-03 22:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-03-05 21:45 - 2016-03-05 21:45 - 00001763 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-03-05 21:45 - 2016-03-05 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-03-05 21:45 - 2016-03-05 21:45 - 00000000 ____D C:\Program Files\ZHPFix
2016-03-05 21:45 - 2015-12-17 14:45 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-05 21:45 - 2015-12-17 13:11 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-05 21:43 - 2016-03-05 21:42 - 03521617 _____ (Nicolas Coolman ) C:\Users\Rafaela\Desktop\ZHPFix.exe
2016-03-05 21:42 - 2016-03-05 21:42 - 03521617 _____ (Nicolas Coolman ) C:\Users\Rafaela\Downloads\ZHPFix.exe
2016-03-05 21:38 - 2016-03-05 22:08 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\CalendarTool
2016-03-05 21:38 - 2016-03-05 21:38 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-03-05 21:38 - 2016-03-05 21:38 - 00000000 ____D C:\Program Files\CalendarTool
2016-03-04 23:04 - 2016-03-04 23:04 - 00078903 _____ C:\Users\Rafaela\Desktop\ZHPDiag.txt
2016-03-04 22:53 - 2016-03-05 21:55 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\ZHP
2016-03-04 22:53 - 2016-03-04 22:53 - 00000866 _____ C:\Users\Rafaela\Desktop\ZHPDiag.lnk
2016-03-04 22:52 - 2016-03-04 22:51 - 02139136 _____ C:\Users\Rafaela\Desktop\ZHPDiag3.exe
2016-03-04 22:51 - 2016-03-04 22:51 - 02139136 _____ C:\Users\Rafaela\Downloads\ZHPDiag3.exe
2016-03-04 22:48 - 2016-03-04 22:48 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Macromedia
2016-03-04 20:26 - 2016-03-04 22:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-04 20:06 - 2016-03-04 20:19 - 00000000 ____D C:\UsbFix
2016-03-04 20:06 - 2016-03-04 20:06 - 03086990 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Rafaela\Downloads\UsbFix_2016_8.194.exe
2016-03-04 20:06 - 2016-03-04 20:06 - 00001456 _____ C:\Users\Rafaela\Desktop\UsbFix.lnk
2016-03-04 20:04 - 2016-03-05 22:10 - 00000000 ____D C:\Users\Rafaela\Desktop\FRST-OlderVersion
2016-03-04 20:02 - 2016-03-04 20:02 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2016-03-04 20:01 - 2015-04-24 03:22 - 01029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\Users\Todos os Usuários\WeatherMini.exe
2016-03-04 20:01 - 2015-04-24 03:22 - 01029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
2016-03-04 07:07 - 2016-03-04 20:04 - 01725440 _____ (Farbar) C:\Users\Rafaela\Desktop\FRST.exe
2016-03-04 07:07 - 2016-03-04 07:07 - 01722368 _____ (Farbar) C:\Users\Rafaela\Downloads\FRST.exe
2016-03-03 23:25 - 2016-03-05 21:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-03 23:25 - 2016-03-04 20:02 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Mozilla
2016-03-03 23:25 - 2016-03-03 23:25 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-03 23:25 - 2016-03-03 23:25 - 00001073 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-03 23:25 - 2016-03-03 23:25 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\Mozilla
2016-03-03 23:23 - 2016-03-03 23:23 - 43005624 _____ C:\Users\Rafaela\Desktop\Firefox Setup 44.0.exe
2016-03-03 21:22 - 2016-03-05 22:10 - 00000000 ____D C:\FRST
2016-03-03 21:06 - 2016-03-03 21:05 - 00002582 _____ C:\Users\Rafaela\Desktop\lo maw.xml
2016-03-03 20:34 - 2016-03-03 20:35 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-03 20:33 - 2016-03-03 20:33 - 00001028 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-03 20:33 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-03 20:33 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-03 20:33 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-03 20:16 - 2016-03-03 20:16 - 00001435 _____ C:\Users\Rafaela\Desktop\iexplore - Atalho.lnk
2016-03-03 19:45 - 2016-03-03 19:45 - 00000933 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-03 19:45 - 2016-03-03 19:45 - 00000000 ____D C:\Program Files\CCleaner
2016-03-03 19:21 - 2016-03-03 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rafaela\Desktop\HijackThis.exe
2016-03-02 20:45 - 2016-03-02 20:45 - 00000164 _____ C:\Users\Rafaela\Downloads\vitoriaam (3).qtl
2016-02-26 20:06 - 2016-02-27 10:49 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Ares
2016-02-26 20:06 - 2016-02-26 20:06 - 00000877 _____ C:\Users\Public\Desktop\Ares.lnk
2016-02-26 20:06 - 2016-02-26 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
2016-02-26 20:06 - 2016-02-26 20:06 - 00000000 ____D C:\Program Files\Ares
2016-02-24 19:55 - 2016-02-24 19:55 - 00772016 _____ (Reimage®) C:\Users\Rafaela\Downloads\Não confirmado 558417.crdownload
2016-02-20 13:40 - 2016-02-20 13:41 - 00039953 _____ C:\Users\Rafaela\Downloads\gaiola-de-pedra.html
2016-02-15 21:43 - 2016-02-26 12:41 - 02100224 _____ C:\Users\Rafaela\Documents\Setup.vhd
2016-02-13 20:57 - 2016-02-13 20:57 - 00000175 _____ C:\Users\Rafaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2016-02-13 20:28 - 2016-02-13 20:28 - 00000000 _____ C:\Users\Rafaela\Downloads\chD_UkDLSAbBiVsf (2).ej3sqel.partial
2016-02-13 20:20 - 2016-02-13 20:20 - 00044097 _____ C:\Users\Rafaela\Downloads\chD_UkDLSAbBiVsf (1)
2016-02-13 20:19 - 2016-02-13 20:19 - 00044097 _____ C:\Users\Rafaela\Downloads\chD_UkDLSAbBiVsf
2016-02-13 18:42 - 2016-02-13 18:42 - 00000000 ____D C:\Users\Rafaela\AppData\LocalLow\Baidu
2016-02-13 16:14 - 2016-03-05 22:13 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-13 16:14 - 2016-02-15 21:38 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-13 16:12 - 2016-02-13 21:01 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Adobe
2016-02-10 14:14 - 2016-02-10 14:14 - 00163751 _____ C:\Users\Rafaela\Downloads\MUSICAS RAIZ ,CAIPIRA, CABOCLA,, - YouTube.html
2016-02-10 14:14 - 2016-02-10 14:14 - 00000000 ____D C:\Users\Rafaela\Downloads\MUSICAS RAIZ ,CAIPIRA, CABOCLA,, - YouTube_files
2016-02-10 14:08 - 2016-02-10 14:08 - 00276960 _____ C:\Users\Rafaela\Downloads\Lairton - Morango do Nordeste. - YouTube.html
2016-02-10 14:08 - 2016-02-10 14:08 - 00000000 ____D C:\Users\Rafaela\Downloads\Lairton - Morango do Nordeste. - YouTube_files
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-05 22:11 - 2013-08-22 05:05 - 00000000 ____D C:\Windows\CbsTemp
2016-03-05 22:10 - 2014-07-18 22:40 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-05 22:10 - 2014-07-18 22:40 - 00000000 ____D C:\Windows\system32\MRT
2016-03-05 21:57 - 2014-07-14 22:12 - 00001078 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-05 21:57 - 2014-07-14 22:12 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 21:38 - 2015-11-28 18:52 - 00000000 ____D C:\Users\Rafaela\OneDrive
2016-03-05 21:33 - 2013-08-22 04:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 23:24 - 2013-08-22 03:13 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-03-04 07:14 - 2014-07-14 21:54 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Packages
2016-03-04 07:14 - 2013-08-22 05:17 - 00000000 ____D C:\Windows\AppReadiness
2016-03-03 23:28 - 2013-08-22 05:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-03 20:10 - 2013-08-22 03:21 - 00000000 ____D C:\Windows\inf
2016-03-03 20:05 - 2014-07-27 21:54 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\Baidu
2016-03-03 20:05 - 2014-07-27 21:54 - 00000000 ____D C:\Program Files\baidu
2016-03-03 19:50 - 2015-11-09 23:53 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-03 19:50 - 2013-08-31 15:27 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2016-03-03 19:50 - 2013-08-31 15:27 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2016-03-02 20:41 - 2015-11-09 15:57 - 00000000 ____D C:\Program Files\Vivo Internet
2016-02-28 21:39 - 2013-08-22 05:17 - 00000000 ____D C:\Windows\system32\NDF
2016-02-16 11:31 - 2015-05-23 03:15 - 00000000 ____D C:\Users\Rafaela\Documents\Fax
2016-02-13 20:03 - 2015-11-09 20:36 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2016-02-13 18:56 - 2014-07-14 21:54 - 00002244 _____ C:\Users\Rafaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-13 18:35 - 2014-07-14 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
==================== Arquivos na raiz de alguns diretórios =======
2015-11-13 11:32 - 2015-11-13 11:32 - 0032038 _____ () C:\Users\Rafaela\AppData\Roaming\Edge.ico
2014-12-03 13:30 - 2015-07-09 16:40 - 0000000 _____ () C:\Users\Rafaela\AppData\Roaming\FoxitReaderUpdateInfo.txt
2015-11-13 11:32 - 2015-11-13 11:31 - 0014080 _____ (Microsoft) C:\Users\Rafaela\AppData\Roaming\LaunchBrowser_ed.exe
2015-11-13 11:32 - 2015-11-13 11:31 - 0000182 _____ () C:\Users\Rafaela\AppData\Roaming\LaunchBrowser_ed.exe.config
2015-11-09 20:35 - 2015-11-09 20:35 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2016-03-04 20:01 - 2015-04-24 03:22 - 1029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\WeatherMini.exe
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\WeatherMini.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-02-28 11:27
==================== Fim de FRST.txt ============================
Executado por Rafaela (administrador) em PHILCO (05-03-2016 22:10:07)
Executando a partir de C:\Users\Rafaela\Desktop\FRST-OlderVersion
Perfis Carregados: Rafaela (Perfis Disponíveis: Rafaela)
Platform: Microsoft Windows 8.1 Enterprise (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe
() C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\ZDSupport\ZDServ\CancelAutoPlay_Server.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bastray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_9e5a9771e29ebd0a\TiWorker.exe
() C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe
() C:\Program Files\CalendarTool\2.0.0.11189\calendar.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New\instup.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\New_b0108cd\instup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-02] (AVAST Software)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\Run: [ManyCam] => C:\Program Files\ManyCam\ManyCam.exe [8795312 2014-06-09] (Visicom Media Inc.)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\Run: [ares] => C:\Program Files\Ares\Ares.exe [1424896 2016-02-16] (Seekar Ltd)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {0d275c59-84bd-11e5-974f-fa3ab0aa4444} - "D:\Windows\AutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {0d275db4-84bd-11e5-974f-fa3ab0aa4444} - "D:\Windows\AutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {4f8bbaa0-48b6-11e4-9723-74de2b61219a} - "D:\Startme.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {5508c47a-3767-11e4-9720-74de2b61219a} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {9989d39b-1ff4-11e5-9732-80ee734752c3} - "D:\LGAutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {b94e312a-cb82-11e4-972a-80ee734752c3} - "D:\AutoRun.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {c5b33f06-b6f8-11e5-9765-80ee734752c3} - "D:\.\StartModem.exe"
HKU\S-1-5-21-712289024-91857821-862277897-1001\...\MountPoints2: {e318e25e-3465-11e5-9736-928ad7ce5690} - "D:\Startme.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-07-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{28767AA4-65A0-45C5-8624-7B2135A08768}: [NameServer] 200.204.135.203 200.204.135.200
Tcpip\..\Interfaces\{462F99DA-C3F5-4F4C-B2F9-FECA808CC5CB}: [DhcpNameServer] 192.168.200.1
Tcpip\..\Interfaces\{94CA6C4D-953C-4347-889C-40191E731050}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f3e77ec705790fe55d41f1f3239a4b5d
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-712289024-91857821-862277897-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f3e77ec705790fe55d41f1f3239a4b5d
BHO: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-07-16] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-05-14] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Rafaela\AppData\Roaming\Mozilla\Firefox\Profiles\3jwhlnid.default
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f3e77ec705790fe55d41f1f3239a4b5d
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-13] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkp_inner_protection_03_hao123_br
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR NewTab: Default -> "chrome-extension://ckchkohkbpoijhiebdafjlnlhjpijgoh/stubby.html"
CHR Profile: C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-02]
CHR Extension: (Google Docs) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-02]
CHR Extension: (Google Drive) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-02]
CHR Extension: (Google Search) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Planilhas do Google) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-02]
CHR Extension: (Gmail) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-02]
CHR Profile: C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-01]
CHR Extension: (Internet Speed Tracker) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jinlofiojphnmpllecgejammnjcmeipf [2014-12-22]
CHR Extension: (Google Wallet) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR Extension: (Gmail) - C:\Users\Rafaela\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
R2 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [239880 2016-02-05] (McAfee, Inc.)
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279784 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-03-23] (Microsoft Corporation)
R2 ZDServ; C:\ProgramData\ZDSupport\ZDServ\ZDServ.exe [432384 2014-04-18] ()
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [25856 2011-09-06] (Google Inc)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag.sys [23040 2011-09-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys [27776 2011-09-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\system32\DRIVERS\lgandnetndis.sys [73728 2011-09-16] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-16] ()
S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [47216 2014-05-13] (Visicom Media Inc.)
S3 massfilter; C:\Windows\System32\drivers\ztembbmassfilter.sys [11776 2012-11-22] (MBB Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
S3 mtkmbim6.2; C:\Windows\system32\DRIVERS\mtkmbim7.sys [173056 2012-12-03] (MBB)
R3 NETJME; C:\Windows\system32\DRIVERS\NETJME.sys [119296 2013-06-18] (JMicron Technology Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1659096 2013-07-31] (Realtek Semiconductor Corporation )
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 usbbus; C:\Windows\System32\drivers\lgusbbus.sys [13056 2011-04-27] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\system32\DRIVERS\lgusbdiag.sys [20864 2011-04-27] (LG Electronics Inc.)
S3 USBModem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [25216 2011-04-27] (LG Electronics Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [30224 2014-03-23] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [219992 2014-03-23] (Microsoft Corporation)
S3 wdf_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [69120 2012-11-28] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [92504 2014-03-23] (Microsoft Corporation)
R3 WUDFSensorLP; C:\Windows\System32\drivers\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-05 22:06 - 2014-04-15 20:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-03-05 21:46 - 2015-10-08 12:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2016-03-05 21:46 - 2015-03-03 22:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-03-05 21:45 - 2016-03-05 21:45 - 00001763 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-03-05 21:45 - 2016-03-05 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-03-05 21:45 - 2016-03-05 21:45 - 00000000 ____D C:\Program Files\ZHPFix
2016-03-05 21:45 - 2015-12-17 14:45 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-03-05 21:45 - 2015-12-17 13:11 - 02975744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-03-05 21:43 - 2016-03-05 21:42 - 03521617 _____ (Nicolas Coolman ) C:\Users\Rafaela\Desktop\ZHPFix.exe
2016-03-05 21:42 - 2016-03-05 21:42 - 03521617 _____ (Nicolas Coolman ) C:\Users\Rafaela\Downloads\ZHPFix.exe
2016-03-05 21:38 - 2016-03-05 22:08 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\CalendarTool
2016-03-05 21:38 - 2016-03-05 21:38 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-03-05 21:38 - 2016-03-05 21:38 - 00000000 ____D C:\Program Files\CalendarTool
2016-03-04 23:04 - 2016-03-04 23:04 - 00078903 _____ C:\Users\Rafaela\Desktop\ZHPDiag.txt
2016-03-04 22:53 - 2016-03-05 21:55 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\ZHP
2016-03-04 22:53 - 2016-03-04 22:53 - 00000866 _____ C:\Users\Rafaela\Desktop\ZHPDiag.lnk
2016-03-04 22:52 - 2016-03-04 22:51 - 02139136 _____ C:\Users\Rafaela\Desktop\ZHPDiag3.exe
2016-03-04 22:51 - 2016-03-04 22:51 - 02139136 _____ C:\Users\Rafaela\Downloads\ZHPDiag3.exe
2016-03-04 22:48 - 2016-03-04 22:48 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Macromedia
2016-03-04 20:26 - 2016-03-04 22:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-04 20:06 - 2016-03-04 20:19 - 00000000 ____D C:\UsbFix
2016-03-04 20:06 - 2016-03-04 20:06 - 03086990 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Rafaela\Downloads\UsbFix_2016_8.194.exe
2016-03-04 20:06 - 2016-03-04 20:06 - 00001456 _____ C:\Users\Rafaela\Desktop\UsbFix.lnk
2016-03-04 20:04 - 2016-03-05 22:10 - 00000000 ____D C:\Users\Rafaela\Desktop\FRST-OlderVersion
2016-03-04 20:02 - 2016-03-04 20:02 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2016-03-04 20:01 - 2015-04-24 03:22 - 01029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\Users\Todos os Usuários\WeatherMini.exe
2016-03-04 20:01 - 2015-04-24 03:22 - 01029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
2016-03-04 07:07 - 2016-03-04 20:04 - 01725440 _____ (Farbar) C:\Users\Rafaela\Desktop\FRST.exe
2016-03-04 07:07 - 2016-03-04 07:07 - 01722368 _____ (Farbar) C:\Users\Rafaela\Downloads\FRST.exe
2016-03-03 23:25 - 2016-03-05 21:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-03 23:25 - 2016-03-04 20:02 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Mozilla
2016-03-03 23:25 - 2016-03-03 23:25 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-03 23:25 - 2016-03-03 23:25 - 00001073 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-03 23:25 - 2016-03-03 23:25 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\Mozilla
2016-03-03 23:23 - 2016-03-03 23:23 - 43005624 _____ C:\Users\Rafaela\Desktop\Firefox Setup 44.0.exe
2016-03-03 21:22 - 2016-03-05 22:10 - 00000000 ____D C:\FRST
2016-03-03 21:06 - 2016-03-03 21:05 - 00002582 _____ C:\Users\Rafaela\Desktop\lo maw.xml
2016-03-03 20:34 - 2016-03-03 20:35 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-03 20:33 - 2016-03-03 20:33 - 00001028 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-03 20:33 - 2016-03-03 20:33 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-03-03 20:33 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-03 20:33 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-03 20:33 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-03 20:16 - 2016-03-03 20:16 - 00001435 _____ C:\Users\Rafaela\Desktop\iexplore - Atalho.lnk
2016-03-03 19:45 - 2016-03-03 19:45 - 00000933 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-03 19:45 - 2016-03-03 19:45 - 00000000 ____D C:\Program Files\CCleaner
2016-03-03 19:21 - 2016-03-03 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rafaela\Desktop\HijackThis.exe
2016-03-02 20:45 - 2016-03-02 20:45 - 00000164 _____ C:\Users\Rafaela\Downloads\vitoriaam (3).qtl
2016-02-26 20:06 - 2016-02-27 10:49 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Ares
2016-02-26 20:06 - 2016-02-26 20:06 - 00000877 _____ C:\Users\Public\Desktop\Ares.lnk
2016-02-26 20:06 - 2016-02-26 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
2016-02-26 20:06 - 2016-02-26 20:06 - 00000000 ____D C:\Program Files\Ares
2016-02-24 19:55 - 2016-02-24 19:55 - 00772016 _____ (Reimage®) C:\Users\Rafaela\Downloads\Não confirmado 558417.crdownload
2016-02-20 13:40 - 2016-02-20 13:41 - 00039953 _____ C:\Users\Rafaela\Downloads\gaiola-de-pedra.html
2016-02-15 21:43 - 2016-02-26 12:41 - 02100224 _____ C:\Users\Rafaela\Documents\Setup.vhd
2016-02-13 20:57 - 2016-02-13 20:57 - 00000175 _____ C:\Users\Rafaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2016-02-13 20:28 - 2016-02-13 20:28 - 00000000 _____ C:\Users\Rafaela\Downloads\chD_UkDLSAbBiVsf (2).ej3sqel.partial
2016-02-13 20:20 - 2016-02-13 20:20 - 00044097 _____ C:\Users\Rafaela\Downloads\chD_UkDLSAbBiVsf (1)
2016-02-13 20:19 - 2016-02-13 20:19 - 00044097 _____ C:\Users\Rafaela\Downloads\chD_UkDLSAbBiVsf
2016-02-13 18:42 - 2016-02-13 18:42 - 00000000 ____D C:\Users\Rafaela\AppData\LocalLow\Baidu
2016-02-13 16:14 - 2016-03-05 22:13 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-13 16:14 - 2016-02-15 21:38 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-13 16:12 - 2016-02-13 21:01 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Adobe
2016-02-10 14:14 - 2016-02-10 14:14 - 00163751 _____ C:\Users\Rafaela\Downloads\MUSICAS RAIZ ,CAIPIRA, CABOCLA,, - YouTube.html
2016-02-10 14:14 - 2016-02-10 14:14 - 00000000 ____D C:\Users\Rafaela\Downloads\MUSICAS RAIZ ,CAIPIRA, CABOCLA,, - YouTube_files
2016-02-10 14:08 - 2016-02-10 14:08 - 00276960 _____ C:\Users\Rafaela\Downloads\Lairton - Morango do Nordeste. - YouTube.html
2016-02-10 14:08 - 2016-02-10 14:08 - 00000000 ____D C:\Users\Rafaela\Downloads\Lairton - Morango do Nordeste. - YouTube_files
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-05 22:11 - 2013-08-22 05:05 - 00000000 ____D C:\Windows\CbsTemp
2016-03-05 22:10 - 2014-07-18 22:40 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-05 22:10 - 2014-07-18 22:40 - 00000000 ____D C:\Windows\system32\MRT
2016-03-05 21:57 - 2014-07-14 22:12 - 00001078 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-05 21:57 - 2014-07-14 22:12 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 21:38 - 2015-11-28 18:52 - 00000000 ____D C:\Users\Rafaela\OneDrive
2016-03-05 21:33 - 2013-08-22 04:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 23:24 - 2013-08-22 03:13 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-03-04 07:14 - 2014-07-14 21:54 - 00000000 ____D C:\Users\Rafaela\AppData\Local\Packages
2016-03-04 07:14 - 2013-08-22 05:17 - 00000000 ____D C:\Windows\AppReadiness
2016-03-03 23:28 - 2013-08-22 05:17 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-03 20:10 - 2013-08-22 03:21 - 00000000 ____D C:\Windows\inf
2016-03-03 20:05 - 2014-07-27 21:54 - 00000000 ____D C:\Users\Rafaela\AppData\Roaming\Baidu
2016-03-03 20:05 - 2014-07-27 21:54 - 00000000 ____D C:\Program Files\baidu
2016-03-03 19:50 - 2015-11-09 23:53 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-03 19:50 - 2013-08-31 15:27 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2016-03-03 19:50 - 2013-08-31 15:27 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2016-03-02 20:41 - 2015-11-09 15:57 - 00000000 ____D C:\Program Files\Vivo Internet
2016-02-28 21:39 - 2013-08-22 05:17 - 00000000 ____D C:\Windows\system32\NDF
2016-02-16 11:31 - 2015-05-23 03:15 - 00000000 ____D C:\Users\Rafaela\Documents\Fax
2016-02-13 20:03 - 2015-11-09 20:36 - 00000000 ____D C:\Users\Public\Documents\Baidu Security
2016-02-13 18:56 - 2014-07-14 21:54 - 00002244 _____ C:\Users\Rafaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-13 18:35 - 2014-07-14 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
==================== Arquivos na raiz de alguns diretórios =======
2015-11-13 11:32 - 2015-11-13 11:32 - 0032038 _____ () C:\Users\Rafaela\AppData\Roaming\Edge.ico
2014-12-03 13:30 - 2015-07-09 16:40 - 0000000 _____ () C:\Users\Rafaela\AppData\Roaming\FoxitReaderUpdateInfo.txt
2015-11-13 11:32 - 2015-11-13 11:31 - 0014080 _____ (Microsoft) C:\Users\Rafaela\AppData\Roaming\LaunchBrowser_ed.exe
2015-11-13 11:32 - 2015-11-13 11:31 - 0000182 _____ () C:\Users\Rafaela\AppData\Roaming\LaunchBrowser_ed.exe.config
2015-11-09 20:35 - 2015-11-09 20:35 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2016-03-04 20:01 - 2015-04-24 03:22 - 1029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\Duplicaterecord.js
C:\ProgramData\WeatherMini.exe
C:\Users\Todos os Usuários\Duplicaterecord.js
C:\Users\Todos os Usuários\WeatherMini.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-02-28 11:27
==================== Fim de FRST.txt ============================