Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:06-05-2016 01
Executado por Windows Seven (administrador) em WINDOWSSEVEN-PC (05-05-2016 18:23:46)
Executando a partir de C:\Users\Windows Seven\Desktop
Perfis Carregados: Windows Seven (Perfis Disponíveis: Windows Seven & Convidado)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files\d4384c37d2b248b8b953c5f2593e16ff\8c13e5517e417c85e5bbf6ed536f3199.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) J:\HiPatchService.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.11244\WeatherService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11244\weather.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Users\Windows Seven\AppData\Local\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Windows Seven\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Windows Seven\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [iTunesHelper] => J:\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [MyStart Anti-phishing Domain Advisor] => C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe [235072 2013-10-17] (Visicom Media Inc.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [3106936 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Windows Seven\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\...\Run: [AutoHelpDesk] => C:\Users\Convidado\Downloads\DiagnosticoItau.exe [3213048 2015-12-01] (Banco Itaú)
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\...\MountPoints2: {21d47be7-74ca-11e3-83e9-bcaec59ba367} - I:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [Abertram] -> {C3F0735B-2D96-429B-ABED-B6B7B82F9F00} => C:\Users\Windows Seven\AppData\Roaming\Adair\Abertram.dll [2016-05-04] (Accelerate )
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => Nenhum Arquivo
Startup: C:\Users\Windows Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c005.js [2014-11-03] ()
Startup: C:\Users\Windows Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2015-09-21]
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1046" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
AutoConfigURL: [S-1-5-21-2996482816-3314968776-3039710406-1000] => file://C:/Users/Windows Seven/AppData/Roaming/zion.pac
Hosts: O arquivo Hosts não foi detectado no seu diretório padrão
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46AD9533-C80B-4E84-9AFE-358417665E36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{81FC95D4-A184-45DD-ABE9-A196D7AA1DDA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EC232894-2507-4408-98FF-38BE8CC8751B}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0file://C:/Users/Windows Seven/AppData/Roaming/zion.pac
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130948730261981015&GUID=00000000-0000-0000-0000-000000000000
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfbxrLL569XP3i7qQDWwWgj4Nk1hXzrDCxFf-Wf82rf3Pd_P3pR_rsyMCn7Uqb2vvJjui8eOtTzpmD37r8gve6hUnxyv1cZNIOsF5CCs8GiMncQYXoyQ9jKDXF7XjY2XyxjUGo7-XipLN&q={searchTerms}
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3219
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=3219&bs=true&q=
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfbxrLL569XP3i7qQDWwWgj4Nk1hXzrDCxFf-Wf82rf3Pd_P3pR_rsyMCn7Uqb2vvJjui8eOtTzpmD37r8gve6hUnxyv1cZNIOsF5CCs8GiMncQYXoyQ9jKDXF7XjY2XyxjUGo7-XipLN&q={searchTerms}
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfbxrLL569XP3i7qQDWwWgj4Nk1hXzrDCxFf-Wf82rf3Pd_P3pR_rsyMCn7Uqb2vvJjui8eOtTzpmD37r8gve6hUnxyv1cZNIOsF5CCs8GiMncQYXoyQ9jKDXF7XjY2XyxjUGo7-XipLN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=20041099_cb
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: XXBrowserBHO -> {8565268C-C2BD-4E63-90F4-439F678E4664} -> C:\Program Files (x86)\XXBrowserBHO\XXBrowserBHO64.dll [2014-09-30] ()
BHO: FsLibrary.FileContextMenuExt Class -> {8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> C:\Program Files (x86)\Funshion Online\3.0.3.68\FsMediaBar64.dll [2015-12-25] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: 0EB1DDC7-7D9B-0065-E532-58E94565120D Class -> {0EB1DDC7-7D9B-0065-E532-58E94565120D} -> Nenhum Arquivo
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-30] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> Nenhum Arquivo
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> Sem Nome - {75E13B3C-C339-43C3-8FE4-83A6A8BE10B0} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> Sem Nome - {41564952-412D-5637-00A7-7A786E7484D7} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> Sem Nome - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - Nenhum Arquivo
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-01] ()
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [Nenhum Arquivo]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Windows Seven\funshion\funshiontools\npFunshion.dll [2015-05-13] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-01-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-01-15] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> J:\Arc\Plugins\npArcPluginFF.dll [2016-02-24] (Perfect World Entertainment Inc)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.1.0029\npplugin2.dll [2014-03-26] (PPLive Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> J:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2013-12-19] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Windows Seven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Windows Seven\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @talk.google.com/O1DPlugin -> C:\Users\Windows Seven\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Windows Seven\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Windows Seven\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Windows Seven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-01-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-26] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Nenhum Arquivo]
FF Plugin ProgramFiles/Appdata: C:\Users\Windows Seven\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Windows Seven\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-26]
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-02-23]
FF Extension: iCloud Bookmarks - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996\Extensions\firefoxdav@icloud.com [2016-04-30]
FF Extension: UniSales - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996\Extensions\gWvdbHB@Hs.net [2015-02-02] [não assinado]
FF Extension: Adblock Plus - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\vpz0mvdf.default\extensions\lightningnewtab@gmail.com.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha2682.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha2682\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha296.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha296\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5801.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5801\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home923.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home923\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
Chrome:
=======
CHR dev: Chrome dev build detectado! <======= ATENÇÃO
CHR HomePage: Profile 1 -> hxxp://www.google.com
CHR StartupUrls: Profile 1 -> "hxxps://www.facebook.com/", "hxxp://anitube.xpg.uol.com.br/", "hxxps://www.youtube.com/", "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b"
CHR Profile: C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (AdRemoverUTubue) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeoinnfndhmpgebfghmalanlcmbbpdbc [2015-12-04]
CHR Extension: (samurai) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eihllpbeeplbgbmabaoohnclmekijhnb [2015-06-04]
CHR Extension: (Gmail) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR Extension: (UniSales) - C:\ProgramData\emiidngeiaefacfbpmabjgpjodhnpbel\ []
CHR HKLM-x32\...\Chrome\Extension: [aicbeeoeiklakjmaocohmkdelfdiimko] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5801\ch\MediaViewV1alpha5801.crx
CHR HKLM-x32\...\Chrome\Extension: [anmlncnpeandajadkjapdkhklkdmjnil] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha296\ch\MediaViewV1alpha296.crx
CHR HKLM-x32\...\Chrome\Extension: [bphpdkfcobaefmclndnclbmpljjoacep] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home923\ch\MediaWatchV1home923.crx
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx
StartMenuInternet: Google Chrome - chrome.exe
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 4a8fe774f1d71325ab29cbe3ced7c136; c:\program files\d4384c37d2b248b8b953c5f2593e16ff\8c13e5517e417c85e5bbf6ed536f3199.exe [3082752 2016-04-21] () [Arquivo não assinado]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 ArcService; J:\Arc\ArcService.exe [88024 2016-02-24] (Perfect World Entertainment Inc)
R2 HiPatchService; J:\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [Arquivo não assinado]
S2 ihelpermsgpushsvr; C:\Program Files (x86)\PP苹果助手3.0\ihelpermsgpushsvr.exe [261832 2016-02-16] (广州爱禾网络技术有限公司) [Arquivo não assinado]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3520872 2015-09-22] (INCA Internet Co., Ltd.)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 PornTime Updater; C:\Users\Windows Seven\AppData\Roaming\PT\updater.exe [165888 2015-06-15] (PornTime) [Arquivo não assinado]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [907384 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11244\WeatherService.exe [141960 2016-03-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 LPTSystemUpdater; "C:\Program Files (x86)\LPT\srpts.exe" [X] <==== ATENÇÃO
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2015-11-20] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-02-01] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-11-20] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [368720 2016-02-01] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-02-01] (360.cn)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-03-17] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [214720 2015-11-20] (Microsoft Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\J:\Garena Plus\Room\safedrv.sys [X]
S1 lwnfd_1_10_0_13; system32\drivers\lwnfd_1_10_0_13.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-05 18:03 - 2016-05-05 18:23 - 00059826 _____ C:\Users\Windows Seven\Desktop\Addition.txt
2016-05-05 18:02 - 2016-05-05 18:23 - 00027560 _____ C:\Users\Windows Seven\Desktop\FRST.txt
2016-05-05 18:01 - 2016-05-05 18:23 - 00000000 ____D C:\FRST
2016-05-05 18:01 - 2016-05-05 18:01 - 02379776 _____ (Farbar) C:\Users\Windows Seven\Desktop\FRST64.exe
2016-05-05 17:56 - 2015-07-01 22:07 - 00088248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-05-05 17:56 - 2015-06-15 15:32 - 00634528 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-05-05 17:56 - 2015-06-10 19:10 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-05 17:51 - 2015-06-10 19:10 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-05 17:44 - 2016-05-05 17:44 - 00110200 _____ C:\Users\Windows Seven\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-05 11:55 - 2015-06-15 15:32 - 00634528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-04-30 16:41 - 2016-04-30 16:41 - 00242304 _____ C:\Users\Windows Seven\Desktop\Firefox Setup Stub 46.0.exe
2016-04-26 20:55 - 2016-04-26 20:55 - 00000479 _____ C:\Users\Windows Seven\Desktop\Play R4 3DS Games.lnk
2016-04-26 20:55 - 2016-04-26 20:55 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator
2016-04-26 19:53 - 2016-04-26 19:53 - 01027104 _____ ( ) C:\Users\Windows Seven\Desktop\Yu-Gi-Oh Zexal - World Duel Carnival (E).exe
2016-04-26 19:50 - 2016-05-05 12:52 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\BirthplacesUnquote
2016-04-21 18:39 - 2016-04-22 09:54 - 00000000 ____D C:\Program Files\d4384c37d2b248b8b953c5f2593e16ff
2016-04-13 08:14 - 2016-05-05 12:52 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 08:14 - 2016-04-02 14:48 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 08:14 - 2016-04-02 14:45 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 08:14 - 2016-03-23 11:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-06 15:30 - 2016-04-06 15:30 - 00001080 _____ C:\Users\Public\Desktop\PP苹果助手3.0.lnk
2016-04-06 15:30 - 2016-04-06 15:30 - 00000000 ____D C:\Users\Windows Seven\Documents\teiron
2016-04-06 15:30 - 2016-04-06 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP苹果助手3.0
2016-04-06 15:29 - 2016-04-06 15:30 - 00000000 ____D C:\Program Files (x86)\PP苹果助手3.0
2016-04-06 15:23 - 2016-04-06 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-06 15:23 - 2016-04-06 15:23 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-05 18:23 - 2015-11-28 06:35 - 00000000 ____D C:\Users\Windows Seven\AppData\LocalLow\360WD
2016-05-05 18:22 - 2015-12-05 22:40 - 00000000 ____D C:\Users\Todos os Usuários\Freemake
2016-05-05 18:22 - 2015-12-05 22:40 - 00000000 ____D C:\ProgramData\Freemake
2016-05-05 17:56 - 2016-03-31 06:20 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Adair
2016-05-05 17:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-05-05 17:49 - 2013-05-10 17:03 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2016-05-05 17:49 - 2013-05-10 17:03 - 00000000 ____D C:\ProgramData\TEMP
2016-05-05 17:49 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-05 17:49 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-05 17:36 - 2013-02-02 17:33 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000UA.job
2016-05-05 17:29 - 2015-11-28 07:11 - 00000000 __SHD C:\$360Section
2016-05-05 17:29 - 2015-11-28 06:37 - 00000000 ____D C:\Users\Todos os Usuários\360Quarant
2016-05-05 17:29 - 2015-11-28 06:37 - 00000000 ____D C:\ProgramData\360Quarant
2016-05-05 16:58 - 2013-04-20 10:53 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000UA.job
2016-05-05 14:56 - 2016-03-16 21:14 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\WeatherTool
2016-05-05 13:04 - 2013-05-30 17:11 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\Akamai
2016-05-05 12:53 - 2015-11-28 06:35 - 00000000 ____D C:\Users\Todos os Usuários\360safe
2016-05-05 12:53 - 2015-11-28 06:35 - 00000000 ____D C:\ProgramData\360safe
2016-05-05 12:52 - 2015-01-28 21:12 - 00000000 ____D C:\Users\Windows Seven\Desktop\baiixados
2016-05-05 12:44 - 2016-01-04 21:05 - 00000000 ____D C:\Users\Windows Seven\Desktop\emulador
2016-05-05 12:18 - 2014-01-04 23:47 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\LogMeIn Hamachi
2016-05-05 12:11 - 2014-01-30 23:47 - 00003442 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-05-05 12:11 - 2014-01-30 23:47 - 00003442 __RSH C:\ProgramData\ntuser.pol
2016-05-05 12:11 - 2013-05-09 12:00 - 00003414 _____ C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
2016-05-05 10:58 - 2013-04-20 10:53 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000Core.job
2016-05-05 09:36 - 2013-02-02 17:33 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000Core.job
2016-05-05 07:52 - 2015-05-15 13:59 - 00000000 ___HD C:\Users\Public\FunAcce
2016-05-05 06:56 - 2015-01-20 19:58 - 00002171 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-05 06:46 - 2015-11-28 06:34 - 00000000 _RSHD C:\360SANDBOX
2016-05-05 06:46 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-05 06:39 - 2015-08-15 16:25 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\FunMini
2016-05-05 03:00 - 2015-08-13 20:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-29 20:02 - 2015-08-13 20:44 - 00392010 _____ C:\Windows\system32\prfh0404.dat
2016-04-29 20:02 - 2015-08-13 20:44 - 00374908 _____ C:\Windows\system32\prfh0804.dat
2016-04-29 20:02 - 2015-08-13 20:44 - 00118942 _____ C:\Windows\system32\prfc0804.dat
2016-04-29 20:02 - 2015-08-13 20:44 - 00114028 _____ C:\Windows\system32\prfc0404.dat
2016-04-29 20:02 - 2009-07-29 13:08 - 00703582 _____ C:\Windows\system32\prfh0416.dat
2016-04-29 20:02 - 2009-07-29 13:08 - 00146368 _____ C:\Windows\system32\prfc0416.dat
2016-04-29 20:02 - 2009-07-14 02:13 - 02628128 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-29 20:02 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-04-29 07:39 - 2015-11-16 05:42 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\FunUninst
2016-04-26 21:33 - 2013-11-10 16:34 - 00000000 ____D C:\Users\Windows Seven\Desktop\jogo
2016-04-25 16:48 - 2014-11-25 21:43 - 00000000 ____D C:\Users\Windows Seven\Documents\ihelper
2016-04-23 21:00 - 2013-03-15 21:36 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\vlc
2016-04-22 19:51 - 2014-11-15 22:49 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\ElevatedDiagnostics
2016-04-22 19:51 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-21 15:05 - 2012-12-05 12:34 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-16 18:44 - 2013-01-28 23:12 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\foobar2000
2016-04-14 03:26 - 2016-03-19 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-14 03:26 - 2015-08-13 20:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-14 03:26 - 2015-01-20 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-14 03:10 - 2015-08-13 19:17 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 03:10 - 2012-12-05 13:35 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-04-14 03:03 - 2015-08-13 19:17 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 17:55 - 2014-03-20 09:35 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-11 17:55 - 2013-03-14 23:59 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\uTorrent
2016-04-11 17:55 - 2012-12-06 22:31 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Skype
2016-04-06 15:30 - 2014-11-25 21:43 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Teiron
2016-04-06 15:23 - 2015-02-14 05:01 - 00000886 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-04-05 16:18 - 2013-05-24 19:52 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
==================== Arquivos na raiz de alguns diretórios =======
2014-04-06 14:02 - 2015-07-23 20:10 - 0000911 _____ () C:\Users\Windows Seven\AppData\Roaming\coreavc.ini
2013-08-07 22:59 - 2014-04-20 23:29 - 0000125 _____ () C:\Users\Windows Seven\AppData\Roaming\D2Info0
2014-09-13 16:59 - 2014-09-13 16:59 - 0002820 _____ () C:\Users\Windows Seven\AppData\Roaming\porcuccion.txt
2013-04-26 23:37 - 2014-05-04 22:13 - 0045270 _____ () C:\Users\Windows Seven\AppData\Roaming\room_v3.dat
2013-12-19 02:42 - 2014-03-30 00:40 - 0000192 _____ () C:\Users\Windows Seven\AppData\Roaming\WB.CFG
2014-09-13 16:59 - 2014-09-13 16:59 - 0006016 ___RH () C:\Users\Windows Seven\AppData\Roaming\zion.pac
2014-05-05 21:18 - 2014-05-23 22:11 - 0000003 _____ () C:\Users\Windows Seven\AppData\Local\proxy.log
2015-01-19 23:42 - 2015-01-19 23:43 - 0000000 _____ () C:\Users\Windows Seven\AppData\Local\{2648004D-23ED-4A79-9538-C7F116EED843}
2002-01-06 10:56 - 2002-01-06 10:56 - 0000000 _____ () C:\Users\Windows Seven\AppData\Local\{602DA885-BE4C-447C-88F0-C2AB8D4BA3DE}
2015-04-13 22:50 - 2015-04-13 22:50 - 0000160 _____ () C:\ProgramData\bc.ini
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-28 00:54
==================== Fim de FRST.txt ============================
Executado por Windows Seven (administrador) em WINDOWSSEVEN-PC (05-05-2016 18:23:46)
Executando a partir de C:\Users\Windows Seven\Desktop
Perfis Carregados: Windows Seven (Perfis Disponíveis: Windows Seven & Convidado)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files\d4384c37d2b248b8b953c5f2593e16ff\8c13e5517e417c85e5bbf6ed536f3199.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) J:\HiPatchService.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.11244\WeatherService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11244\weather.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Users\Windows Seven\AppData\Local\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Akamai Technologies, Inc.) C:\Users\Windows Seven\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Windows Seven\AppData\Local\Akamai\netsession_win.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_197.exe
(VS Revo Group) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [iTunesHelper] => J:\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [MyStart Anti-phishing Domain Advisor] => C:\ProgramData\MyStart Anti-phishing Domain Advisor\MyStart_antiphishing.exe [235072 2013-10-17] (Visicom Media Inc.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [3106936 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2016-04-05] (LogMeIn Inc.)
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Windows Seven\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\...\Run: [AutoHelpDesk] => C:\Users\Convidado\Downloads\DiagnosticoItau.exe [3213048 2015-12-01] (Banco Itaú)
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\...\MountPoints2: {21d47be7-74ca-11e3-83e9-bcaec59ba367} - I:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShellIconOverlayIdentifiers: [Abertram] -> {C3F0735B-2D96-429B-ABED-B6B7B82F9F00} => C:\Users\Windows Seven\AppData\Roaming\Adair\Abertram.dll [2016-05-04] (Accelerate )
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [FunOverlay] -> {A5662DF9-0C2E-4A56-9FE1-BACFF6966D88} => Nenhum Arquivo
Startup: C:\Users\Windows Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\c005.js [2014-11-03] ()
Startup: C:\Users\Windows Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2015-09-21]
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1046" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
AutoConfigURL: [S-1-5-21-2996482816-3314968776-3039710406-1000] => file://C:/Users/Windows Seven/AppData/Roaming/zion.pac
Hosts: O arquivo Hosts não foi detectado no seu diretório padrão
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{46AD9533-C80B-4E84-9AFE-358417665E36}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{81FC95D4-A184-45DD-ABE9-A196D7AA1DDA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EC232894-2507-4408-98FF-38BE8CC8751B}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0file://C:/Users/Windows Seven/AppData/Roaming/zion.pac
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130948730261981015&GUID=00000000-0000-0000-0000-000000000000
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfbxrLL569XP3i7qQDWwWgj4Nk1hXzrDCxFf-Wf82rf3Pd_P3pR_rsyMCn7Uqb2vvJjui8eOtTzpmD37r8gve6hUnxyv1cZNIOsF5CCs8GiMncQYXoyQ9jKDXF7XjY2XyxjUGo7-XipLN&q={searchTerms}
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3219
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=3219&bs=true&q=
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfbxrLL569XP3i7qQDWwWgj4Nk1hXzrDCxFf-Wf82rf3Pd_P3pR_rsyMCn7Uqb2vvJjui8eOtTzpmD37r8gve6hUnxyv1cZNIOsF5CCs8GiMncQYXoyQ9jKDXF7XjY2XyxjUGo7-XipLN&q={searchTerms}
HKU\S-1-5-21-2996482816-3314968776-3039710406-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391229410&from=tugs&uid=395049983_1052515_ACFC85A7
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmfbxrLL569XP3i7qQDWwWgj4Nk1hXzrDCxFf-Wf82rf3Pd_P3pR_rsyMCn7Uqb2vvJjui8eOtTzpmD37r8gve6hUnxyv1cZNIOsF5CCs8GiMncQYXoyQ9jKDXF7XjY2XyxjUGo7-XipLN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&bar=13&tn=20041099_cb
SearchScopes: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: XXBrowserBHO -> {8565268C-C2BD-4E63-90F4-439F678E4664} -> C:\Program Files (x86)\XXBrowserBHO\XXBrowserBHO64.dll [2014-09-30] ()
BHO: FsLibrary.FileContextMenuExt Class -> {8D0F6366-8F2E-4F7F-872E-5AB98554D78C} -> C:\Program Files (x86)\Funshion Online\3.0.3.68\FsMediaBar64.dll [2015-12-25] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: 0EB1DDC7-7D9B-0065-E532-58E94565120D Class -> {0EB1DDC7-7D9B-0065-E532-58E94565120D} -> Nenhum Arquivo
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-30] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> Nenhum Arquivo
BHO-x32: Auxiliar de Conexão de Conta da Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-02-01] (Qihu 360 Software Co., Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> Sem Nome - {75E13B3C-C339-43C3-8FE4-83A6A8BE10B0} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> Sem Nome - {41564952-412D-5637-00A7-7A786E7484D7} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-2996482816-3314968776-3039710406-1000 -> Sem Nome - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - Nenhum Arquivo
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2013-03-02] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2013-03-02] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b
FF Keyword.URL: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-01] ()
FF Plugin: @qvod.com/QvodShare -> C:\Program Files (x86)\QvodPlayer\npShareModule_x64.dll [Nenhum Arquivo]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-01] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @funshion.com/npFunshion -> C:\Users\Windows Seven\funshion\funshiontools\npFunshion.dll [2015-05-13] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-01-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-01-15] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> J:\Arc\Plugins\npArcPluginFF.dll [2016-02-24] (Perfect World Entertainment Inc)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.1.0029\npplugin2.dll [2014-03-26] (PPLive Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> J:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2013-12-19] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-20] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @qvod.com/QvodInsert -> C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Windows Seven\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Windows Seven\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @talk.google.com/O1DPlugin -> C:\Users\Windows Seven\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Windows Seven\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Windows Seven\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Windows Seven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-01-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-26] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-2996482816-3314968776-3039710406-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [Nenhum Arquivo]
FF Plugin ProgramFiles/Appdata: C:\Users\Windows Seven\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Windows Seven\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-26]
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-02-23]
FF Extension: iCloud Bookmarks - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996\Extensions\firefoxdav@icloud.com [2016-04-30]
FF Extension: UniSales - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996\Extensions\gWvdbHB@Hs.net [2015-02-02] [não assinado]
FF Extension: Adblock Plus - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\u2eeyrjg.default-1395921731996\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Windows Seven\AppData\Roaming\Mozilla\Firefox\Profiles\vpz0mvdf.default\extensions\lightningnewtab@gmail.com.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaPlayerV1alpha2682.net] - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha2682\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha296.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha296\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha5801.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5801\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaWatchV1home923.net] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home923\ff => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
Chrome:
=======
CHR dev: Chrome dev build detectado! <======= ATENÇÃO
CHR HomePage: Profile 1 -> hxxp://www.google.com
CHR StartupUrls: Profile 1 -> "hxxps://www.facebook.com/", "hxxp://anitube.xpg.uol.com.br/", "hxxps://www.youtube.com/", "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=3601003af7037c86288689107850e99b"
CHR Profile: C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-05]
CHR Extension: (Google Drive) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (AdRemoverUTubue) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eeoinnfndhmpgebfghmalanlcmbbpdbc [2015-12-04]
CHR Extension: (samurai) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eihllpbeeplbgbmabaoohnclmekijhnb [2015-06-04]
CHR Extension: (Gmail) - C:\Users\Windows Seven\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-05]
CHR Extension: (UniSales) - C:\ProgramData\emiidngeiaefacfbpmabjgpjodhnpbel\ []
CHR HKLM-x32\...\Chrome\Extension: [aicbeeoeiklakjmaocohmkdelfdiimko] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha5801\ch\MediaViewV1alpha5801.crx
CHR HKLM-x32\...\Chrome\Extension: [anmlncnpeandajadkjapdkhklkdmjnil] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha296\ch\MediaViewV1alpha296.crx
CHR HKLM-x32\...\Chrome\Extension: [bphpdkfcobaefmclndnclbmpljjoacep] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home923\ch\MediaWatchV1home923.crx
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx
StartMenuInternet: Google Chrome - chrome.exe
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 4a8fe774f1d71325ab29cbe3ced7c136; c:\program files\d4384c37d2b248b8b953c5f2593e16ff\8c13e5517e417c85e5bbf6ed536f3199.exe [3082752 2016-04-21] () [Arquivo não assinado]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 ArcService; J:\Arc\ArcService.exe [88024 2016-02-24] (Perfect World Entertainment Inc)
R2 HiPatchService; J:\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [Arquivo não assinado]
S2 ihelpermsgpushsvr; C:\Program Files (x86)\PP苹果助手3.0\ihelpermsgpushsvr.exe [261832 2016-02-16] (广州爱禾网络技术有限公司) [Arquivo não assinado]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2016-04-05] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3520872 2015-09-22] (INCA Internet Co., Ltd.)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
S3 PornTime Updater; C:\Users\Windows Seven\AppData\Roaming\PT\updater.exe [165888 2015-06-15] (PornTime) [Arquivo não assinado]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [907384 2016-02-01] (QIHU 360 SOFTWARE CO. LIMITED)
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11244\WeatherService.exe [141960 2016-03-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S4 LPTSystemUpdater; "C:\Program Files (x86)\LPT\srpts.exe" [X] <==== ATENÇÃO
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137808 2015-11-20] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
S3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2015-11-20] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2016-02-01] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-11-20] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [368720 2016-02-01] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [181328 2016-02-01] (360.cn)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-03-17] ()
S3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 WofAdk; C:\Windows\System32\drivers\wofadk.sys [214720 2015-11-20] (Microsoft Corporation)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GGSAFERDriver; \??\J:\Garena Plus\Room\safedrv.sys [X]
S1 lwnfd_1_10_0_13; system32\drivers\lwnfd_1_10_0_13.sys [X]
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-05 18:03 - 2016-05-05 18:23 - 00059826 _____ C:\Users\Windows Seven\Desktop\Addition.txt
2016-05-05 18:02 - 2016-05-05 18:23 - 00027560 _____ C:\Users\Windows Seven\Desktop\FRST.txt
2016-05-05 18:01 - 2016-05-05 18:23 - 00000000 ____D C:\FRST
2016-05-05 18:01 - 2016-05-05 18:01 - 02379776 _____ (Farbar) C:\Users\Windows Seven\Desktop\FRST64.exe
2016-05-05 17:56 - 2015-07-01 22:07 - 00088248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-05-05 17:56 - 2015-06-15 15:32 - 00634528 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-05-05 17:56 - 2015-06-10 19:10 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-05 17:51 - 2015-06-10 19:10 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-05-05 17:44 - 2016-05-05 17:44 - 00110200 _____ C:\Users\Windows Seven\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-05 11:55 - 2015-06-15 15:32 - 00634528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-04-30 16:41 - 2016-04-30 16:41 - 00242304 _____ C:\Users\Windows Seven\Desktop\Firefox Setup Stub 46.0.exe
2016-04-26 20:55 - 2016-04-26 20:55 - 00000479 _____ C:\Users\Windows Seven\Desktop\Play R4 3DS Games.lnk
2016-04-26 20:55 - 2016-04-26 20:55 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R4 3DS Emulator
2016-04-26 19:53 - 2016-04-26 19:53 - 01027104 _____ ( ) C:\Users\Windows Seven\Desktop\Yu-Gi-Oh Zexal - World Duel Carnival (E).exe
2016-04-26 19:50 - 2016-05-05 12:52 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\BirthplacesUnquote
2016-04-21 18:39 - 2016-04-22 09:54 - 00000000 ____D C:\Program Files\d4384c37d2b248b8b953c5f2593e16ff
2016-04-13 08:14 - 2016-05-05 12:52 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 08:14 - 2016-04-02 14:48 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 08:14 - 2016-04-02 14:45 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 08:14 - 2016-04-02 14:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 08:14 - 2016-03-23 11:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-06 15:30 - 2016-04-06 15:30 - 00001080 _____ C:\Users\Public\Desktop\PP苹果助手3.0.lnk
2016-04-06 15:30 - 2016-04-06 15:30 - 00000000 ____D C:\Users\Windows Seven\Documents\teiron
2016-04-06 15:30 - 2016-04-06 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PP苹果助手3.0
2016-04-06 15:29 - 2016-04-06 15:30 - 00000000 ____D C:\Program Files (x86)\PP苹果助手3.0
2016-04-06 15:23 - 2016-04-06 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-04-06 15:23 - 2016-04-06 15:23 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-05 18:23 - 2015-11-28 06:35 - 00000000 ____D C:\Users\Windows Seven\AppData\LocalLow\360WD
2016-05-05 18:22 - 2015-12-05 22:40 - 00000000 ____D C:\Users\Todos os Usuários\Freemake
2016-05-05 18:22 - 2015-12-05 22:40 - 00000000 ____D C:\ProgramData\Freemake
2016-05-05 17:56 - 2016-03-31 06:20 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Adair
2016-05-05 17:56 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\migwiz
2016-05-05 17:49 - 2013-05-10 17:03 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2016-05-05 17:49 - 2013-05-10 17:03 - 00000000 ____D C:\ProgramData\TEMP
2016-05-05 17:49 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-05 17:49 - 2009-07-14 01:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-05 17:36 - 2013-02-02 17:33 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000UA.job
2016-05-05 17:29 - 2015-11-28 07:11 - 00000000 __SHD C:\$360Section
2016-05-05 17:29 - 2015-11-28 06:37 - 00000000 ____D C:\Users\Todos os Usuários\360Quarant
2016-05-05 17:29 - 2015-11-28 06:37 - 00000000 ____D C:\ProgramData\360Quarant
2016-05-05 16:58 - 2013-04-20 10:53 - 00000960 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000UA.job
2016-05-05 14:56 - 2016-03-16 21:14 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\WeatherTool
2016-05-05 13:04 - 2013-05-30 17:11 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\Akamai
2016-05-05 12:53 - 2015-11-28 06:35 - 00000000 ____D C:\Users\Todos os Usuários\360safe
2016-05-05 12:53 - 2015-11-28 06:35 - 00000000 ____D C:\ProgramData\360safe
2016-05-05 12:52 - 2015-01-28 21:12 - 00000000 ____D C:\Users\Windows Seven\Desktop\baiixados
2016-05-05 12:44 - 2016-01-04 21:05 - 00000000 ____D C:\Users\Windows Seven\Desktop\emulador
2016-05-05 12:18 - 2014-01-04 23:47 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\LogMeIn Hamachi
2016-05-05 12:11 - 2014-01-30 23:47 - 00003442 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-05-05 12:11 - 2014-01-30 23:47 - 00003442 __RSH C:\ProgramData\ntuser.pol
2016-05-05 12:11 - 2013-05-09 12:00 - 00003414 _____ C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
2016-05-05 10:58 - 2013-04-20 10:53 - 00000938 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000Core.job
2016-05-05 09:36 - 2013-02-02 17:33 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2996482816-3314968776-3039710406-1000Core.job
2016-05-05 07:52 - 2015-05-15 13:59 - 00000000 ___HD C:\Users\Public\FunAcce
2016-05-05 06:56 - 2015-01-20 19:58 - 00002171 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-05 06:46 - 2015-11-28 06:34 - 00000000 _RSHD C:\360SANDBOX
2016-05-05 06:46 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-05 06:39 - 2015-08-15 16:25 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\FunMini
2016-05-05 03:00 - 2015-08-13 20:38 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-29 20:02 - 2015-08-13 20:44 - 00392010 _____ C:\Windows\system32\prfh0404.dat
2016-04-29 20:02 - 2015-08-13 20:44 - 00374908 _____ C:\Windows\system32\prfh0804.dat
2016-04-29 20:02 - 2015-08-13 20:44 - 00118942 _____ C:\Windows\system32\prfc0804.dat
2016-04-29 20:02 - 2015-08-13 20:44 - 00114028 _____ C:\Windows\system32\prfc0404.dat
2016-04-29 20:02 - 2009-07-29 13:08 - 00703582 _____ C:\Windows\system32\prfh0416.dat
2016-04-29 20:02 - 2009-07-29 13:08 - 00146368 _____ C:\Windows\system32\prfc0416.dat
2016-04-29 20:02 - 2009-07-14 02:13 - 02628128 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-29 20:02 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-04-29 07:39 - 2015-11-16 05:42 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\FunUninst
2016-04-26 21:33 - 2013-11-10 16:34 - 00000000 ____D C:\Users\Windows Seven\Desktop\jogo
2016-04-25 16:48 - 2014-11-25 21:43 - 00000000 ____D C:\Users\Windows Seven\Documents\ihelper
2016-04-23 21:00 - 2013-03-15 21:36 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\vlc
2016-04-22 19:51 - 2014-11-15 22:49 - 00000000 ____D C:\Users\Windows Seven\AppData\Local\ElevatedDiagnostics
2016-04-22 19:51 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-21 15:05 - 2012-12-05 12:34 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-16 18:44 - 2013-01-28 23:12 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\foobar2000
2016-04-14 03:26 - 2016-03-19 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-14 03:26 - 2015-08-13 20:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-14 03:26 - 2015-01-20 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-14 03:10 - 2015-08-13 19:17 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 03:10 - 2012-12-05 13:35 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-04-14 03:03 - 2015-08-13 19:17 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 17:55 - 2014-03-20 09:35 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-04-11 17:55 - 2013-03-14 23:59 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\uTorrent
2016-04-11 17:55 - 2012-12-06 22:31 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Skype
2016-04-06 15:30 - 2014-11-25 21:43 - 00000000 ____D C:\Users\Windows Seven\AppData\Roaming\Teiron
2016-04-06 15:23 - 2015-02-14 05:01 - 00000886 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-04-05 16:18 - 2013-05-24 19:52 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
==================== Arquivos na raiz de alguns diretórios =======
2014-04-06 14:02 - 2015-07-23 20:10 - 0000911 _____ () C:\Users\Windows Seven\AppData\Roaming\coreavc.ini
2013-08-07 22:59 - 2014-04-20 23:29 - 0000125 _____ () C:\Users\Windows Seven\AppData\Roaming\D2Info0
2014-09-13 16:59 - 2014-09-13 16:59 - 0002820 _____ () C:\Users\Windows Seven\AppData\Roaming\porcuccion.txt
2013-04-26 23:37 - 2014-05-04 22:13 - 0045270 _____ () C:\Users\Windows Seven\AppData\Roaming\room_v3.dat
2013-12-19 02:42 - 2014-03-30 00:40 - 0000192 _____ () C:\Users\Windows Seven\AppData\Roaming\WB.CFG
2014-09-13 16:59 - 2014-09-13 16:59 - 0006016 ___RH () C:\Users\Windows Seven\AppData\Roaming\zion.pac
2014-05-05 21:18 - 2014-05-23 22:11 - 0000003 _____ () C:\Users\Windows Seven\AppData\Local\proxy.log
2015-01-19 23:42 - 2015-01-19 23:43 - 0000000 _____ () C:\Users\Windows Seven\AppData\Local\{2648004D-23ED-4A79-9538-C7F116EED843}
2002-01-06 10:56 - 2002-01-06 10:56 - 0000000 _____ () C:\Users\Windows Seven\AppData\Local\{602DA885-BE4C-447C-88F0-C2AB8D4BA3DE}
2015-04-13 22:50 - 2015-04-13 22:50 - 0000160 _____ () C:\ProgramData\bc.ini
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-04-28 00:54
==================== Fim de FRST.txt ============================