Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:13-06-2016
Executado por Povoa (administrador) em POVOA-PC (14-06-2016 12:32:24)
Executando a partir de C:\Users\Povoa\Downloads
Perfis Carregados: Povoa (Perfis Disponíveis: Povoa)
Platform: Microsoft Windows 7 Professional (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Mindspark) C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
() C:\Program Files\WeatherTool\2.0.1.11297\WeatherService.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files\WeatherTool\2.0.1.11297\weather.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\WSE_Astromenda\BRS\brs.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDL.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(WinDS PRO Central) C:\Users\Public\Documents\WinDS PRO\windspro.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-07] (Avast Software s.r.o.)
HKLM\...\Run: [FromDocToPDF EPM Support] => C:\Program Files\FromDocToPDF_65\bar\1.bin\65medint.exe [11600 2015-10-28] (Mindspark)
HKLM\...\Run: [MapsGalaxy EPM Support] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39medint.exe [11600 2015-10-28] (Mindspark)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe
HKLM\...\RunOnce: [Monopesali] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Povoa\AppData\Local\5CDC1E~1\Fekuc.dat"
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [GoogleChromeAutoLaunch_9D5A8538BD2E6B2E6F5EB6E2414EC312] => C:\Program Files\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [BRS] => C:\Program Files\WSE_Astromenda\BRS\brs.exe [1072128 2014-08-25] ()
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [EPSON TX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDL.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\Povoa\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-07] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Escola Flex.lnk [2015-03-29]
ShortcutTarget: Escola Flex.lnk -> C:\Program Files\Sistema Flex\Escola Flex\EscolaFlex.exe (Sistema Flex)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 200.189.80.121 200.189.80.126
Tcpip\..\Interfaces\{DA3AA30E-41B3-45DF-ABB4-0DF440297B2C}: [DhcpNameServer] 200.189.80.121 200.189.80.126
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ir_14_36_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0SzyyCzztN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByDtDyCyD0AtAtDtG0DtByDtCtGtAtBtC0FtGyB0D0E0FtGyEtA0EzytB0D0E0E0E0DyCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyB0AzztAtBzytGzy0A0A0BtGzyyEtCyCtG0CyEyCzytGtByE0CyEzzyD0DyB0FyBtAtA2Q&cr=590479816&ir=
URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo
URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyC0DtDyEyCtBtGtD0EyD0AtGtB0A0EyDtGyCzztCtDtG0AyD0BtDyDtAyE0AzztDyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D1158292297%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm063^LAPTBR^br&si=CMHpgZ64n8kCFYSBkQodg7IArQ&ptb=DB15D7FF-75CA-401A-987B-0DC5D288DD8C&ind=2015112011&n=781c2b4b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Web URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pc0102&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1L1G1B1V1N2Y1L1Qzu2SyCyCtD0F0EyEzztDtG0BzzyDtAtG0EyEyDyEtG0E0F0D0BtGtByC0EyE0D0BtA0EtB0A0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyB0AzztAtBzytGzy0A0A0BtGzyyEtCyCtG0CyEyCzytGtByE0CyEzzyD0DyB0FyBtAtA2Q&cr=910937190&ir=
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {09BE1E29-1876-4D8B-B2C3-B70078BEC9ED} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN69085808327231258&UM=1
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyC0DtDyEyCtBtGtD0EyD0AtGtB0A0EyDtGyCzztCtDtG0AyD0BtDyDtAyE0AzztDyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D1158292297%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.iminent.com/?appId=EC2F7334-9649-4ABA-90BE-F696832743F0&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm063^LAPTBR^br&si=CMHpgZ64n8kCFYSBkQodg7IArQ&ptb=DB15D7FF-75CA-401A-987B-0DC5D288DD8C&ind=2015112011&n=781c2b4b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
BHO: Sem Nome -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Nenhum Arquivo
BHO: Sem Nome -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> Nenhum Arquivo
BHO: Sem Nome -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> Nenhum Arquivo
BHO: Sem Nome -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Nenhum Arquivo
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-07] (Avast Software s.r.o.)
BHO: Sem Nome -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Nenhum Arquivo
BHO: Sem Nome -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> Nenhum Arquivo
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Sem Nome -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> Nenhum Arquivo
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Sem Nome - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Sem Nome - {364EA597-E728-4CE4-BB4A-ED846EF47970} - Nenhum Arquivo
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default
FF DefaultSearchEngine: Avast Search
FF DefaultSearchUrl: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Avast Search
FF SelectedSearchEngine: Avast Search
FF Homepage: hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b
FF Keyword.URL: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [Nenhum Arquivo]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Astromenda.xml [2014-08-31]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\avast-search.xml [2016-04-26]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Mysearchdial.xml [2014-05-11]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Search Provided by Yahoo.xml [2016-04-23]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\yahoo-avast.xml [2014-12-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-09]
FF HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b
CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b"
CHR Profile: C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee Security Scan+) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Quick Start) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2015-12-07]
CHR Extension: (Search Manager) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-06-12]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx"
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-20]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-07] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-17] (Avast Software)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36936 2014-09-21] (Just Develop It) <==== ATENÇÃO
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89424 2015-10-28] (Mindspark)
R2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [89424 2015-10-28] (Mindspark)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6399360 2016-05-27] (Reimage®)
R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.1.11297\WeatherService.exe [141960 2016-04-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-07] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-17] (Avast Software)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz134; \??\C:\Users\Povoa\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-14 12:32 - 2016-06-14 12:32 - 00020993 _____ C:\Users\Povoa\Downloads\FRST.txt
2016-06-14 12:31 - 2016-06-14 12:32 - 00000000 ____D C:\FRST
2016-06-14 12:31 - 2016-06-14 12:31 - 01736192 _____ (Farbar) C:\Users\Povoa\Downloads\FRST.exe
2016-06-14 12:24 - 2016-06-14 12:24 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-06-14 12:24 - 2016-06-14 12:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-14 12:23 - 2016-06-14 12:23 - 00002155 _____ C:\Users\Public\Desktop\WinDS PRO.lnk
2016-06-14 12:21 - 2016-06-14 12:23 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2016-06-14 12:11 - 2016-06-14 12:19 - 43698377 _____ C:\Users\Povoa\Desktop\WinDS PRO 2016.04.08.zip
2016-06-13 11:59 - 2016-06-13 11:59 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-06-13 11:58 - 2016-06-13 11:58 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-05-15 11:36 - 2016-05-15 11:36 - 00144944 _____ C:\Windows\Minidump\051516-18018-01.dmp
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-14 12:24 - 2014-02-27 19:05 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 12:23 - 2014-03-08 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO
2016-06-14 12:20 - 2014-03-04 15:20 - 00000292 _____ C:\Windows\Tasks\Funmoods.job
2016-06-14 12:05 - 2014-03-22 14:50 - 00000292 _____ C:\Windows\Tasks\MySearchDial.job
2016-06-14 12:03 - 2014-04-21 12:54 - 00000292 _____ C:\Windows\Tasks\Price Meter Updater.job
2016-06-14 12:03 - 2014-02-27 19:05 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-14 12:03 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-14 10:43 - 2009-07-14 01:34 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-14 10:43 - 2009-07-14 01:34 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-14 10:08 - 2016-04-23 21:12 - 00000000 ____D C:\Users\Povoa\AppData\Roaming\WeatherTool
2016-06-14 09:47 - 2014-02-23 16:04 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-13 20:53 - 2014-02-27 19:06 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 20:53 - 2014-02-27 19:06 - 00002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-13 11:59 - 2016-04-23 21:12 - 00000000 ____D C:\Program Files\WeatherTool
2016-06-11 15:22 - 2016-04-26 09:51 - 00000000 ___HD C:\Users\Povoa\Desktop\Matheus
2016-06-11 15:12 - 2015-12-21 19:25 - 00000150 _____ C:\Windows\Reimage.ini
2016-05-27 23:09 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2016-05-27 22:59 - 2014-06-07 11:24 - 00000000 ____D C:\Users\Povoa\AppData\LocalLow\Temp
2016-05-15 11:36 - 2014-03-08 17:40 - 176323524 _____ C:\Windows\MEMORY.DMP
2016-05-15 11:36 - 2014-03-08 17:40 - 00000000 ____D C:\Windows\Minidump
==================== Arquivos na raiz de alguns diretórios =======
2015-09-27 14:34 - 2015-09-27 14:34 - 2170899 _____ () C:\Users\Povoa\AppData\Roaming\sb669.dat
2015-11-20 12:55 - 2015-11-20 12:55 - 0410624 _____ () C:\Users\Povoa\AppData\Roaming\Setup50259.exe
2015-09-27 14:33 - 2015-09-27 14:33 - 0581120 _____ () C:\Users\Povoa\AppData\Roaming\Setup52511.exe
2014-03-04 15:20 - 2015-12-03 18:04 - 0000332 _____ () C:\Users\Povoa\AppData\Roaming\WB.CFG
2014-12-06 19:00 - 2014-12-17 18:10 - 0000010 _____ () C:\Users\Povoa\AppData\Local\DSI.DAT
2014-12-06 19:00 - 2014-12-06 19:00 - 0022528 _____ () C:\Users\Povoa\AppData\Local\dsisetup2300852.exe
2014-12-17 18:10 - 2014-12-17 18:10 - 0022528 _____ () C:\Users\Povoa\AppData\Local\dsisetup41068042.exe
2014-10-06 19:13 - 2014-10-06 19:13 - 0000020 _____ () C:\ProgramData\bc.ini
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
C:\Users\Povoa\AppData\Local\Temp\130214_a2.exe
C:\Users\Povoa\AppData\Local\Temp\130214_l.exe
C:\Users\Povoa\AppData\Local\Temp\130214_p.exe
C:\Users\Povoa\AppData\Local\Temp\130214_y.exe
C:\Users\Povoa\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634(1).exe
C:\Users\Povoa\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe
C:\Users\Povoa\AppData\Local\Temp\BavPro_Setup_Mini_115.exe
C:\Users\Povoa\AppData\Local\Temp\bitool.dll
C:\Users\Povoa\AppData\Local\Temp\CloudBackup7574.exe
C:\Users\Povoa\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Povoa\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-black.exe
C:\Users\Povoa\AppData\Local\Temp\IEHistory.exe
C:\Users\Povoa\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\Povoa\AppData\Local\Temp\mefqzki6.dll
C:\Users\Povoa\AppData\Local\Temp\PriceMeterUpdateVer.exe
C:\Users\Povoa\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Povoa\AppData\Local\Temp\sqlite3.exe
C:\Users\Povoa\AppData\Local\Temp\tbuTor.dll
C:\Users\Povoa\AppData\Local\Temp\uttA6FF.tmp.exe
C:\Users\Povoa\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Povoa\AppData\Local\Temp\_is1E97.exe
C:\Users\Povoa\AppData\Local\Temp\_is43E2.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-05-30 18:17
==================== Fim de FRST.txt ============================
Executado por Povoa (administrador) em POVOA-PC (14-06-2016 12:32:24)
Executando a partir de C:\Users\Povoa\Downloads
Perfis Carregados: Povoa (Perfis Disponíveis: Povoa)
Platform: Microsoft Windows 7 Professional (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Mindspark) C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
() C:\Program Files\WeatherTool\2.0.1.11297\WeatherService.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files\WeatherTool\2.0.1.11297\weather.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\WSE_Astromenda\BRS\brs.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDL.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(WinDS PRO Central) C:\Users\Public\Documents\WinDS PRO\windspro.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-07] (Avast Software s.r.o.)
HKLM\...\Run: [FromDocToPDF EPM Support] => C:\Program Files\FromDocToPDF_65\bar\1.bin\65medint.exe [11600 2015-10-28] (Mindspark)
HKLM\...\Run: [MapsGalaxy EPM Support] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39medint.exe [11600 2015-10-28] (Mindspark)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe
HKLM\...\RunOnce: [Monopesali] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Povoa\AppData\Local\5CDC1E~1\Fekuc.dat"
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [GoogleChromeAutoLaunch_9D5A8538BD2E6B2E6F5EB6E2414EC312] => C:\Program Files\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [BRS] => C:\Program Files\WSE_Astromenda\BRS\brs.exe [1072128 2014-08-25] ()
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [EPSON TX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDL.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\Povoa\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-07] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Escola Flex.lnk [2015-03-29]
ShortcutTarget: Escola Flex.lnk -> C:\Program Files\Sistema Flex\Escola Flex\EscolaFlex.exe (Sistema Flex)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 200.189.80.121 200.189.80.126
Tcpip\..\Interfaces\{DA3AA30E-41B3-45DF-ABB4-0DF440297B2C}: [DhcpNameServer] 200.189.80.121 200.189.80.126
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ir_14_36_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0SzyyCzztN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByDtDyCyD0AtAtDtG0DtByDtCtGtAtBtC0FtGyB0D0E0FtGyEtA0EzytB0D0E0E0E0DyCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyB0AzztAtBzytGzy0A0A0BtGzyyEtCyCtG0CyEyCzytGtByE0CyEzzyD0DyB0FyBtAtA2Q&cr=590479816&ir=
URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo
URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyC0DtDyEyCtBtGtD0EyD0AtGtB0A0EyDtGyCzztCtDtG0AyD0BtDyDtAyE0AzztDyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D1158292297%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm063^LAPTBR^br&si=CMHpgZ64n8kCFYSBkQodg7IArQ&ptb=DB15D7FF-75CA-401A-987B-0DC5D288DD8C&ind=2015112011&n=781c2b4b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Web URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pc0102&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1L1G1B1V1N2Y1L1Qzu2SyCyCtD0F0EyEzztDtG0BzzyDtAtG0EyEyDyEtG0E0F0D0BtGtByC0EyE0D0BtA0EtB0A0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyB0AzztAtBzytGzy0A0A0BtGzyyEtCyCtG0CyEyCzytGtByE0CyEzzyD0DyB0FyBtAtA2Q&cr=910937190&ir=
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {09BE1E29-1876-4D8B-B2C3-B70078BEC9ED} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN69085808327231258&UM=1
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyC0DtDyEyCtBtGtD0EyD0AtGtB0A0EyDtGyCzztCtDtG0AyD0BtDyDtAyE0AzztDyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D1158292297%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.iminent.com/?appId=EC2F7334-9649-4ABA-90BE-F696832743F0&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm063^LAPTBR^br&si=CMHpgZ64n8kCFYSBkQodg7IArQ&ptb=DB15D7FF-75CA-401A-987B-0DC5D288DD8C&ind=2015112011&n=781c2b4b&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}
BHO: Sem Nome -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Nenhum Arquivo
BHO: Sem Nome -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> Nenhum Arquivo
BHO: Sem Nome -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> Nenhum Arquivo
BHO: Sem Nome -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Nenhum Arquivo
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-07] (Avast Software s.r.o.)
BHO: Sem Nome -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Nenhum Arquivo
BHO: Sem Nome -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> Nenhum Arquivo
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO: Sem Nome -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> Nenhum Arquivo
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Sem Nome - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - Nenhum Arquivo
Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Sem Nome - {364EA597-E728-4CE4-BB4A-ED846EF47970} - Nenhum Arquivo
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default
FF DefaultSearchEngine: Avast Search
FF DefaultSearchUrl: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Avast Search
FF SelectedSearchEngine: Avast Search
FF Homepage: hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b
FF Keyword.URL: hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] ()
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [Nenhum Arquivo]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Astromenda.xml [2014-08-31]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\avast-search.xml [2016-04-26]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Mysearchdial.xml [2014-05-11]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Search Provided by Yahoo.xml [2016-04-23]
FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\yahoo-avast.xml [2014-12-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-09]
FF HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [não assinado]
Chrome:
=======
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b
CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b"
CHR Profile: C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee Security Scan+) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-30]
CHR Extension: (Avast Online Security) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Quick Start) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2015-12-07]
CHR Extension: (Search Manager) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-06-12]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx"
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-20]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-07] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-17] (Avast Software)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36936 2014-09-21] (Just Develop It) <==== ATENÇÃO
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
R2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89424 2015-10-28] (Mindspark)
R2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [89424 2015-10-28] (Mindspark)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6399360 2016-05-27] (Reimage®)
R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.1.11297\WeatherService.exe [141960 2016-04-05] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-07] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-17] (Avast Software)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 cpuz134; \??\C:\Users\Povoa\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-14 12:32 - 2016-06-14 12:32 - 00020993 _____ C:\Users\Povoa\Downloads\FRST.txt
2016-06-14 12:31 - 2016-06-14 12:32 - 00000000 ____D C:\FRST
2016-06-14 12:31 - 2016-06-14 12:31 - 01736192 _____ (Farbar) C:\Users\Povoa\Downloads\FRST.exe
2016-06-14 12:24 - 2016-06-14 12:24 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-06-14 12:24 - 2016-06-14 12:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-14 12:23 - 2016-06-14 12:23 - 00002155 _____ C:\Users\Public\Desktop\WinDS PRO.lnk
2016-06-14 12:21 - 2016-06-14 12:23 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO
2016-06-14 12:11 - 2016-06-14 12:19 - 43698377 _____ C:\Users\Povoa\Desktop\WinDS PRO 2016.04.08.zip
2016-06-13 11:59 - 2016-06-13 11:59 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-06-13 11:58 - 2016-06-13 11:58 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-05-15 11:36 - 2016-05-15 11:36 - 00144944 _____ C:\Windows\Minidump\051516-18018-01.dmp
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-14 12:24 - 2014-02-27 19:05 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-14 12:23 - 2014-03-08 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO
2016-06-14 12:20 - 2014-03-04 15:20 - 00000292 _____ C:\Windows\Tasks\Funmoods.job
2016-06-14 12:05 - 2014-03-22 14:50 - 00000292 _____ C:\Windows\Tasks\MySearchDial.job
2016-06-14 12:03 - 2014-04-21 12:54 - 00000292 _____ C:\Windows\Tasks\Price Meter Updater.job
2016-06-14 12:03 - 2014-02-27 19:05 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-14 12:03 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-14 10:43 - 2009-07-14 01:34 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-14 10:43 - 2009-07-14 01:34 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-14 10:08 - 2016-04-23 21:12 - 00000000 ____D C:\Users\Povoa\AppData\Roaming\WeatherTool
2016-06-14 09:47 - 2014-02-23 16:04 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-13 20:53 - 2014-02-27 19:06 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-13 20:53 - 2014-02-27 19:06 - 00002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-13 11:59 - 2016-04-23 21:12 - 00000000 ____D C:\Program Files\WeatherTool
2016-06-11 15:22 - 2016-04-26 09:51 - 00000000 ___HD C:\Users\Povoa\Desktop\Matheus
2016-06-11 15:12 - 2015-12-21 19:25 - 00000150 _____ C:\Windows\Reimage.ini
2016-05-27 23:09 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2016-05-27 22:59 - 2014-06-07 11:24 - 00000000 ____D C:\Users\Povoa\AppData\LocalLow\Temp
2016-05-15 11:36 - 2014-03-08 17:40 - 176323524 _____ C:\Windows\MEMORY.DMP
2016-05-15 11:36 - 2014-03-08 17:40 - 00000000 ____D C:\Windows\Minidump
==================== Arquivos na raiz de alguns diretórios =======
2015-09-27 14:34 - 2015-09-27 14:34 - 2170899 _____ () C:\Users\Povoa\AppData\Roaming\sb669.dat
2015-11-20 12:55 - 2015-11-20 12:55 - 0410624 _____ () C:\Users\Povoa\AppData\Roaming\Setup50259.exe
2015-09-27 14:33 - 2015-09-27 14:33 - 0581120 _____ () C:\Users\Povoa\AppData\Roaming\Setup52511.exe
2014-03-04 15:20 - 2015-12-03 18:04 - 0000332 _____ () C:\Users\Povoa\AppData\Roaming\WB.CFG
2014-12-06 19:00 - 2014-12-17 18:10 - 0000010 _____ () C:\Users\Povoa\AppData\Local\DSI.DAT
2014-12-06 19:00 - 2014-12-06 19:00 - 0022528 _____ () C:\Users\Povoa\AppData\Local\dsisetup2300852.exe
2014-12-17 18:10 - 2014-12-17 18:10 - 0022528 _____ () C:\Users\Povoa\AppData\Local\dsisetup41068042.exe
2014-10-06 19:13 - 2014-10-06 19:13 - 0000020 _____ () C:\ProgramData\bc.ini
2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
Alguns arquivos em TEMP:
====================
C:\Users\Povoa\AppData\Local\Temp\130214_a2.exe
C:\Users\Povoa\AppData\Local\Temp\130214_l.exe
C:\Users\Povoa\AppData\Local\Temp\130214_p.exe
C:\Users\Povoa\AppData\Local\Temp\130214_y.exe
C:\Users\Povoa\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634(1).exe
C:\Users\Povoa\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe
C:\Users\Povoa\AppData\Local\Temp\BavPro_Setup_Mini_115.exe
C:\Users\Povoa\AppData\Local\Temp\bitool.dll
C:\Users\Povoa\AppData\Local\Temp\CloudBackup7574.exe
C:\Users\Povoa\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Povoa\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-black.exe
C:\Users\Povoa\AppData\Local\Temp\IEHistory.exe
C:\Users\Povoa\AppData\Local\Temp\InstalledPrograms.exe
C:\Users\Povoa\AppData\Local\Temp\mefqzki6.dll
C:\Users\Povoa\AppData\Local\Temp\PriceMeterUpdateVer.exe
C:\Users\Povoa\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Povoa\AppData\Local\Temp\sqlite3.exe
C:\Users\Povoa\AppData\Local\Temp\tbuTor.dll
C:\Users\Povoa\AppData\Local\Temp\uttA6FF.tmp.exe
C:\Users\Povoa\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Povoa\AppData\Local\Temp\_is1E97.exe
C:\Users\Povoa\AppData\Local\Temp\_is43E2.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-05-30 18:17
==================== Fim de FRST.txt ============================