Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by lienio (administrator) on LIENIO-PC (31-08-2016 12:49:04)
Running from C:\Users\lienio\Desktop\FRST
Loaded Profiles: lienio (Available Profiles: lienio)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Baidu, Inc.) C:\Users\lienio\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Spotify Ltd) C:\Users\lienio\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 6\FMCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [Spotify Web Helper] => C:\Users\lienio\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-30] (Spotify Ltd)
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [Spotify] => C:\Users\lienio\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-30] (Spotify Ltd)
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [FMCore.exe] => C:\Program Files (x86)\Extensis\Suitcase Fusion 6\FMCore.exe [10434560 2015-08-27] (Celartem, Inc., doing business as Extensis.)
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\MountPoints2: {222217c9-defc-11e3-99a1-d43d7e299d76} - H:\SISetup.exe
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\MountPoints2: {fe344481-d187-11e3-80dc-d43d7e299d76} - K:\setup.exe
Startup: C:\Users\lienio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USB Control Center.lnk [2016-01-31]
ShortcutTarget: USB Control Center.lnk -> C:\Program Files\Belkin\USB Control Center\Connect.exe (Belkin International, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => 127.0.0.1:24019
ProxyServer: [HKLM-x32] => 127.0.0.1:34015
AutoConfigURL: [HKLM] => 127.0.0.1:34015
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:63564
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 201.6.2.157 201.6.2.17
Tcpip\..\Interfaces\{DFE342E9-F035-4B48-967F-A25A49103960}: [DhcpNameServer] 201.6.2.157 201.6.2.17
ManualProxies: 1127.0.0.1:24019
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-edebadaf
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-edebadaf
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-edebadaf
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?rd=1&ucc=BR&dcc=BR&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1149552576-3594769016-687212945-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1149552576-3594769016-687212945-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1149552576-3594769016-687212945-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\lienio\AppData\Roaming\Mozilla\Firefox\Profiles\x53387hr.default
FF SelectedSearchEngine: Search Provided by Bing
FF Homepage: hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1471965743&rver=6.6.6556.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3frealm%3dhotmail.com%26path%3d%252fmail%252finbox%252frp&id=292841&whr=hotmail.com&CBCXT=out&fl=wld&cobrandid=90015
hxxps://netshow.me/sound-people-band/4472-sound-people-band-live-concert
hxxp://ndrangheta-br.blogspot.com.br/search/label/Descender
hxxp://rapaduradoeudes.blogspot.com.br/
hxxp://hqvintage.blogspot.com.br/search?updated-max=2016-06-28T05:20:00-07:00&max-results=8&start=8&by-date=false
hxxp://minhateca.com.br/Eudes.B..Honorato/Filmes/Anima*c3*a7*c3*b5es+Alternativas/Fire+and+Ice
hxxp://minhateca.com.br/Eudes.B..Honorato/Filmes/Anima*c3*a7*c3*b5es+Alternativas/Wizards
hxxp://minhateca.com.br/Eudes.B..Honorato/Filmes/Anima*c3*a7*c3*b5es+Alternativas/Rock+and+Rule
hxxp://www.euescuto.com.br/
hxxp://www.euescuto.com.br/2016/08/11/the-outs-percipere-2016/
hxxp://pt.aliexpress.com/wholesale?spm=2114.02010208.13.2.9hd4n9&initiative_id=SC_20160823131634&SearchText=stabilizers
hxxp://pt.aliexpress.com/item/Steadycam-Handheld-Video-Stabilizer-Digital-Compact-Camera-Holder-Motion-Steadicam-For-Canon-Nikon-Sony-Gopro-Hero/32609092294.html?spm=2114.02010208.3.275.jIzI3n&ws_ab_test=searchweb201556_0,searchweb201602_1_10057_10056_10055_10054_10059_10058_10017_107_10060_10061_10052_414_10062_10053_413_10050_10051,searchweb201603_2&btsid=140c5498-f30a-4e24-b3ad-c12d21f1bbf2
hxxp://pt.aliexpress.com/item/Free-Shipping-Studio-Camera-Steadicam-Stabilizer-for-DSLR-GoPro-Hero-video-stabilizer-Gopro-Stabilizer-with-FREE/32307142778.html?spm=2114.02010208.3.93.jIzI3n&ws_ab_test=searchweb201556_0,searchweb201602_1_10057_10056_10055_10054_10059_10058_10017_107_10060_10061_10052_414_10062_10053_413_10050_10051,searchweb201603_2&btsid=140c5498-f30a-4e24-b3ad-c12d21f1bbf2
hxxps://www.google.com.br/search?q=Lgbt&biw=1680&bih=913&site=webhp&source=lnms&tbm=isch&sa=X&ved=0ahUKEwibjeSvsdjOAhXGDJAKHe6iCgEQ_AUIBygC
hxxp://www.bing.com/videos/search?q=rx+3+izotope&&view=detail&mid=1D00467846107A203F801D00467846107A203F80&FORM=VRDGAR
hxxps://kickasstop.com/fritz-the-cat-1972-ntsc-dvd-en-fr-subs-en-fr-es-t6049312.html
hxxps://ukpirate.org/torrent/4296739/Rock_and_Rule_(1983)
about:blank
hxxps://www.izotope.com/en/products/repair-and-edit/rx.html
hxxp://www.bing.com/search?q=automatic+lan+settings+disappear&FORM=AWRE
about:addons
hxxps://www.youtube.com/watch?v=Am8wCIk7_34
FF Session Restore: -> is enabled.
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 24019
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 24019
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-09-02] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: gastecnologia.com.br/sf/abn -> C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-22] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-27] (Ubisoft)
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF SearchPlugin: C:\Users\lienio\AppData\Roaming\Mozilla\Firefox\Profiles\x53387hr.default\searchplugins\Search Provided by Bing.xml [2016-06-08]
FF Extension: (System.IO.PathTooLongException) - C:\Users\lienio\AppData\Roaming\Mozilla\Firefox\Profiles\x53387hr.default\Extensions\{C01578EB-BD71-C2A7-FAF3-C1A097D506DA} [2016-08-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-29] [not signed]
FF HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-01-26] [not signed]
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Módulo de Proteção - Banco Santander (Brasil) S.A.) - C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
CHR Profile: C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (Adobe Acrobat – Criar PDF) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (PicMonkey) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-10-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Documentos Google off-line) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (PhotoShop Online) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieoafhfglafamjhnjbicbngnlkcokp [2014-05-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (feedly) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-09-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Pixlr Express) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-05-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2014-09-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Flatbook) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-07-27]
CHR Extension: (Google Wallet) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Conversor de áudio) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2014-11-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Cortador de áudio) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2014-11-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2016-01-31] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed]
S2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-08] (Luis Cobian, CobianSoft) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-02-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-02-03] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-05-02] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [983936 2009-06-05] (Creative Technology Ltd.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [304480 2016-01-31] (silex technology, Inc.)
R3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)
R3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)
R3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S1 cashnbackdrv; system32\drivers\cashnbackdrv.sys [X]
S3 DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-31 12:48 - 2016-08-31 12:49 - 00000000 ____D C:\Users\lienio\Desktop\FRST
2016-08-31 12:45 - 2016-08-31 12:49 - 00000000 ____D C:\FRST
2016-08-31 11:34 - 2016-08-31 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 09:45 - 2016-08-31 09:45 - 00169802 _____ C:\Windows\ntbtlog.txt
2016-08-30 08:33 - 2016-08-31 11:13 - 00000000 ____D C:\Windows\SysWOW64\Java
2016-08-30 08:33 - 2016-08-30 08:33 - 00003362 _____ C:\Windows\System32\Tasks\aaaaaaaaaaaa
2016-08-30 08:25 - 2016-08-30 08:28 - 00000000 ____D C:\Users\lienio\AppData\Local\Etprtion
2016-08-30 08:25 - 2016-08-30 08:25 - 00000000 ____D C:\Users\lienio\AppData\Local\Adnwworks
2016-08-30 00:44 - 2016-08-30 00:44 - 00950529 _____ C:\Users\lienio\Desktop\Fatura Net.pdf
2016-08-29 04:11 - 2016-08-29 04:11 - 00030971 _____ C:\Users\lienio\Desktop\[limetorrents.cc]Extensis.Suitcase.Fusion.6.17.2.1.torrent
2016-08-24 10:40 - 2016-08-24 10:40 - 23518510 _____ C:\Users\lienio\Desktop\Descender #01 [Ndrangheta & DecKArte].cbr
2016-08-24 09:08 - 2016-08-24 09:10 - 00000000 ____D C:\Users\lienio\Desktop\VCOFv1.3.5C_DownloadPirate.com
2016-08-24 07:42 - 2016-08-24 07:42 - 00002107 _____ C:\Users\Public\Desktop\iZotope RX 3.lnk
2016-08-24 07:42 - 2016-08-24 07:42 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-08-22 06:29 - 2016-08-22 06:29 - 00014505 _____ C:\Users\lienio\Desktop\The Last Flight of Noah's Ark ---[www.btstorrent.cc]--- .torrent
2016-08-22 06:26 - 2016-08-22 06:26 - 00014318 _____ C:\Users\lienio\Desktop\download.torrent
2016-08-18 06:51 - 2016-08-18 06:51 - 00000000 ____D C:\Users\lienio\Downloads\MAGIC LANTERN REBEL 01
2016-08-15 08:19 - 2016-08-24 07:41 - 00000000 ____D C:\Users\lienio\Documents\iZotope
2016-08-15 08:19 - 2016-08-15 08:19 - 00001223 _____ C:\Users\Public\Desktop\iZotope RX.lnk
2016-08-15 08:19 - 2016-08-15 08:19 - 00000000 ____D C:\Users\lienio\Documents\iZotope RX 2 Presets
2016-08-15 08:19 - 2016-08-15 08:19 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-08-08 09:11 - 2016-08-08 09:11 - 00000766 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2016-08-08 09:11 - 2016-08-08 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-08-08 09:10 - 2016-08-08 09:10 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2016-08-08 08:33 - 2016-08-08 08:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 11
2016-08-08 08:12 - 2016-08-08 09:12 - 00014911 _____ C:\Users\lienio\Documents\starburn.txt
2016-08-08 08:12 - 2016-08-08 08:12 - 00000000 ____D C:\Users\lienio\AppData\Local\Wondershare
2016-08-08 08:12 - 2016-08-08 08:12 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-08 08:11 - 2016-08-08 08:22 - 00000000 ____D C:\Users\lienio\Documents\Wondershare Filmora
2016-08-08 08:07 - 2016-08-08 08:11 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-08-08 07:18 - 2016-08-08 07:18 - 00000000 ____D C:\Users\lienio\AppData\Local\Movavi
2016-08-08 07:17 - 2016-08-08 07:17 - 00000000 ____D C:\Users\lienio\AppData\Local\VideoEditor
2016-08-08 07:16 - 2016-08-08 07:16 - 00005116 _____ C:\ProgramData\rxsmznjf.zcp
2016-08-08 07:16 - 2016-08-08 07:16 - 00000016 _____ C:\ProgramData\mntemp
2016-08-08 07:16 - 2016-08-08 07:16 - 00000000 ____D C:\ProgramData\Movavi Video Editor 11
2016-08-05 04:09 - 2016-08-05 07:50 - 00000822 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2016-08-03 05:39 - 2016-08-03 05:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Video Converter
2016-08-03 05:39 - 2006-09-16 19:44 - 00314368 _____ (The Public) C:\Windows\SysWOW64\avisynth.dll
2016-08-03 05:39 - 2004-05-26 21:37 - 00719872 _____ (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2016-08-03 05:39 - 2003-03-19 11:03 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71d.dll
2016-08-03 00:55 - 2016-08-03 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 24
2016-08-03 00:55 - 1997-05-12 17:53 - 00314368 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-08-03 00:13 - 2016-08-03 00:13 - 00000000 ____D C:\Windows\system32\appmgmt
2016-08-02 22:49 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-02 22:49 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-08-02 22:49 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-02 22:49 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-02 22:49 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-02 22:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-02 22:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-02 22:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-02 22:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-02 14:23 - 2016-08-02 14:23 - 00002041 _____ C:\Users\Public\Desktop\VideoStabilizer.lnk
2016-08-02 14:23 - 2016-08-02 14:23 - 00000000 ____D C:\Users\lienio\AppData\Roaming\ArcSoft
2016-08-02 14:23 - 2016-08-02 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft VideoStabilizer
2016-08-02 14:23 - 2016-08-02 14:23 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2016-08-02 14:23 - 2004-04-19 09:18 - 00047616 _____ (Arcsoft Inc.) C:\Windows\SysWOW64\mpgaudio.ax
2016-08-02 14:23 - 2004-04-09 10:10 - 00048128 _____ (Arcsoft Inc.) C:\Windows\SysWOW64\mpgvideo.ax
2016-08-02 14:23 - 2004-02-22 18:01 - 00192512 _____ (Arcsoft) C:\Windows\SysWOW64\AdavVideoDec.dll
2016-08-02 14:23 - 2003-12-18 09:03 - 00126976 _____ (Arcsoft (HZ)) C:\Windows\SysWOW64\AdavAudioDec.dll
2016-08-02 14:16 - 2016-08-02 14:16 - 00003150 _____ C:\Windows\System32\Tasks\{028442EA-20F0-4A95-8673-516B278974BB}
2016-08-02 13:52 - 2016-08-02 13:52 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-08-02 13:52 - 2016-08-02 13:52 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-08-02 13:52 - 2016-08-02 13:52 - 00000000 ____D C:\Windows\en
2016-08-02 13:52 - 2016-08-02 13:52 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-08-02 13:50 - 2016-08-02 13:54 - 00000000 ____D C:\Users\lienio\AppData\Local\Windows Live
2016-08-01 13:10 - 2016-08-01 13:39 - 00000000 ____D C:\Users\lienio\Downloads\Firmware da Rebel t1i
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-31 12:25 - 2014-05-02 07:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-31 12:13 - 2014-06-16 12:12 - 00000296 _____ C:\Windows\Tasks\Funmoods Chat.job
2016-08-31 11:37 - 2014-05-26 10:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-31 11:26 - 2015-07-29 11:57 - 00000000 ____D C:\Users\lienio\AppData\Local\Spotify
2016-08-31 11:20 - 2009-07-14 12:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 11:20 - 2009-07-14 12:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 11:18 - 2014-05-13 12:56 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-31 11:13 - 2015-07-29 11:57 - 00000000 ____D C:\Users\lienio\AppData\Roaming\Spotify
2016-08-31 11:13 - 2015-06-13 16:49 - 00000656 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2016-08-31 11:13 - 2014-05-02 07:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-31 11:13 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 10:49 - 2015-12-07 04:07 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-08-31 08:53 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-31 07:01 - 2014-11-23 07:55 - 00000000 ____D C:\Users\lienio\AppData\Local\ElevatedDiagnostics
2016-08-31 01:25 - 2015-03-19 10:51 - 00000000 ____D C:\Users\lienio\AppData\Local\Extensis
2016-08-31 01:23 - 2009-07-14 12:45 - 05038392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-31 01:20 - 2015-03-25 08:18 - 00086872 _____ C:\Users\lienio\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-31 01:19 - 2014-06-17 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis
2016-08-31 01:19 - 2014-06-17 00:24 - 00000000 ____D C:\Program Files (x86)\Extensis
2016-08-30 23:28 - 2014-06-17 00:24 - 00000000 ____D C:\ProgramData\Extensis
2016-08-30 12:17 - 2014-12-29 04:00 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-30 08:39 - 2014-05-02 05:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-30 07:27 - 2014-10-25 06:23 - 00000000 ____D C:\KMPlayer
2016-08-29 08:26 - 2014-05-07 10:27 - 00000000 ____D C:\Users\lienio\AppData\Roaming\uTorrent
2016-08-29 03:56 - 2015-04-12 09:32 - 00001456 _____ C:\Users\lienio\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-28 11:13 - 2014-05-02 09:16 - 00000321 _____ C:\Users\lienio\AppData\Roaming\WB.CFG
2016-08-24 11:05 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-24 11:05 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-08-24 08:40 - 2014-05-04 04:56 - 00000000 ____D C:\Users\lienio\AppData\Roaming\iZotope
2016-08-24 08:38 - 2014-05-04 02:58 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2016-08-24 07:42 - 2014-05-04 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-08-24 07:41 - 2014-05-04 04:56 - 00000000 ____D C:\Program Files (x86)\iZotope
2016-08-24 07:24 - 2014-05-07 13:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-23 07:14 - 2016-07-23 23:55 - 00000000 ____D C:\Users\lienio\Desktop\_musica
2016-08-23 03:07 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-08-22 14:22 - 2014-05-03 04:57 - 00000000 ____D C:\Users\lienio\AppData\Roaming\Adobe
2016-08-18 02:57 - 2014-05-04 02:59 - 00000000 ____D C:\Users\lienio\AppData\Roaming\Sony
2016-08-16 05:55 - 2014-05-19 13:10 - 00000000 ____D C:\Users\lienio\Documents\_Amil
2016-08-12 00:18 - 2009-07-14 13:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-10 13:12 - 2016-07-13 00:50 - 00000000 ____D C:\Users\lienio\Documents\Fotografia Cursos e escolas
2016-08-08 09:57 - 2016-02-09 02:29 - 00000000 ___SD C:\Users\lienio\AppData\LocalLow\Temp
2016-08-08 04:28 - 2016-02-09 08:00 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 07:46 - 2014-05-04 05:50 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-08-05 07:15 - 2013-01-18 23:36 - 00000000 ___HD C:\Users\lienio\AppData\Local\APNH0JnRDLoFiO
2016-08-05 04:10 - 2014-05-03 05:38 - 00000000 ____D C:\Users\lienio\Documents\Adobe
2016-08-05 04:09 - 2014-05-03 05:09 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-05 04:09 - 2014-05-03 05:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-08-03 23:49 - 2014-06-07 13:19 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1399956964
2016-08-03 08:04 - 2015-07-29 11:57 - 00001797 _____ C:\Users\lienio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-08-03 05:02 - 2015-03-25 11:57 - 00000010 _____ C:\Users\lienio\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2016-08-03 05:02 - 2015-03-19 11:28 - 00000010 _____ C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822
2016-08-02 14:23 - 2014-05-02 07:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-02 13:52 - 2014-05-29 12:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-08-02 13:52 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
==================== Files in the root of some directories =======
2015-05-13 11:01 - 2010-01-26 22:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2015-03-15 07:20 - 2015-04-09 12:14 - 0000132 _____ () C:\Users\lienio\AppData\Roaming\Adobe PNG Format CC Prefs
2016-01-08 11:37 - 2016-07-25 07:09 - 0000132 _____ () C:\Users\lienio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-22 10:06 - 2015-12-10 05:39 - 0000020 _____ () C:\Users\lienio\AppData\Roaming\appdataFr3.bin
2015-03-22 06:15 - 2015-03-22 06:15 - 0000112 _____ () C:\Users\lienio\AppData\Roaming\JP2K CS6 Prefs
2014-05-07 13:12 - 2014-07-15 09:31 - 0048635 _____ () C:\Users\lienio\AppData\Roaming\unins000.dat
2014-07-15 09:31 - 2014-07-15 09:31 - 0808609 _____ () C:\Users\lienio\AppData\Roaming\unins000.exe
2014-05-02 09:16 - 2016-08-28 11:13 - 0000321 _____ () C:\Users\lienio\AppData\Roaming\WB.CFG
2015-03-25 11:57 - 2016-08-03 05:02 - 0000010 _____ () C:\Users\lienio\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2015-04-12 09:32 - 2016-08-29 03:56 - 0001456 _____ () C:\Users\lienio\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-02-09 02:59 - 2016-02-09 02:59 - 0002453 _____ () C:\Users\lienio\AppData\Local\recently-used.xbel
2016-01-24 12:36 - 2016-01-24 12:36 - 0000017 _____ () C:\Users\lienio\AppData\Local\resmon.resmoncfg
2015-03-19 11:28 - 2016-08-03 05:02 - 0000010 _____ () C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822
2015-03-19 11:30 - 2015-03-19 11:30 - 0000098 _____ () C:\ProgramData\.SF170
2015-02-03 10:22 - 2009-02-24 22:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
2016-08-08 07:16 - 2016-08-08 07:16 - 0000016 _____ () C:\ProgramData\mntemp
2016-08-08 07:16 - 2016-08-08 07:16 - 0005116 _____ () C:\ProgramData\rxsmznjf.zcp
Files to move or delete:
====================
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
Some files in TEMP:
====================
C:\Users\lienio\AppData\Local\Temp\cr-extensis.exe
C:\Users\lienio\AppData\Local\Temp\payload.exe
C:\Users\lienio\AppData\Local\Temp\radB561B.tmp.exe
C:\Users\lienio\AppData\Local\Temp\Suitcase Fusion 6 v17.2.1.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-29 01:53
==================== End of FRST.txt ============================
Ran by lienio (administrator) on LIENIO-PC (31-08-2016 12:49:04)
Running from C:\Users\lienio\Desktop\FRST
Loaded Profiles: lienio (Available Profiles: lienio)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Baidu, Inc.) C:\Users\lienio\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\CheckUpdate.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Spotify Ltd) C:\Users\lienio\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion 6\FMCore.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4859592 2015-11-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [Spotify Web Helper] => C:\Users\lienio\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-30] (Spotify Ltd)
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [Spotify] => C:\Users\lienio\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-30] (Spotify Ltd)
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Run: [FMCore.exe] => C:\Program Files (x86)\Extensis\Suitcase Fusion 6\FMCore.exe [10434560 2015-08-27] (Celartem, Inc., doing business as Extensis.)
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\MountPoints2: {222217c9-defc-11e3-99a1-d43d7e299d76} - H:\SISetup.exe
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\MountPoints2: {fe344481-d187-11e3-80dc-d43d7e299d76} - K:\setup.exe
Startup: C:\Users\lienio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\USB Control Center.lnk [2016-01-31]
ShortcutTarget: USB Control Center.lnk -> C:\Program Files\Belkin\USB Control Center\Connect.exe (Belkin International, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => 127.0.0.1:24019
ProxyServer: [HKLM-x32] => 127.0.0.1:34015
AutoConfigURL: [HKLM] => 127.0.0.1:34015
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:63564
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 201.6.2.157 201.6.2.17
Tcpip\..\Interfaces\{DFE342E9-F035-4B48-967F-A25A49103960}: [DhcpNameServer] 201.6.2.157 201.6.2.17
ManualProxies: 1127.0.0.1:24019
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-edebadaf
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-edebadaf
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-edebadaf
HKU\S-1-5-21-1149552576-3594769016-687212945-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?rd=1&ucc=BR&dcc=BR&opt=0&ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1149552576-3594769016-687212945-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1149552576-3594769016-687212945-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-edebadaf&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1149552576-3594769016-687212945-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\lienio\AppData\Roaming\Mozilla\Firefox\Profiles\x53387hr.default
FF SelectedSearchEngine: Search Provided by Bing
FF Homepage: hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1471965743&rver=6.6.6556.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3frealm%3dhotmail.com%26path%3d%252fmail%252finbox%252frp&id=292841&whr=hotmail.com&CBCXT=out&fl=wld&cobrandid=90015
hxxps://netshow.me/sound-people-band/4472-sound-people-band-live-concert
hxxp://ndrangheta-br.blogspot.com.br/search/label/Descender
hxxp://rapaduradoeudes.blogspot.com.br/
hxxp://hqvintage.blogspot.com.br/search?updated-max=2016-06-28T05:20:00-07:00&max-results=8&start=8&by-date=false
hxxp://minhateca.com.br/Eudes.B..Honorato/Filmes/Anima*c3*a7*c3*b5es+Alternativas/Fire+and+Ice
hxxp://minhateca.com.br/Eudes.B..Honorato/Filmes/Anima*c3*a7*c3*b5es+Alternativas/Wizards
hxxp://minhateca.com.br/Eudes.B..Honorato/Filmes/Anima*c3*a7*c3*b5es+Alternativas/Rock+and+Rule
hxxp://www.euescuto.com.br/
hxxp://www.euescuto.com.br/2016/08/11/the-outs-percipere-2016/
hxxp://pt.aliexpress.com/wholesale?spm=2114.02010208.13.2.9hd4n9&initiative_id=SC_20160823131634&SearchText=stabilizers
hxxp://pt.aliexpress.com/item/Steadycam-Handheld-Video-Stabilizer-Digital-Compact-Camera-Holder-Motion-Steadicam-For-Canon-Nikon-Sony-Gopro-Hero/32609092294.html?spm=2114.02010208.3.275.jIzI3n&ws_ab_test=searchweb201556_0,searchweb201602_1_10057_10056_10055_10054_10059_10058_10017_107_10060_10061_10052_414_10062_10053_413_10050_10051,searchweb201603_2&btsid=140c5498-f30a-4e24-b3ad-c12d21f1bbf2
hxxp://pt.aliexpress.com/item/Free-Shipping-Studio-Camera-Steadicam-Stabilizer-for-DSLR-GoPro-Hero-video-stabilizer-Gopro-Stabilizer-with-FREE/32307142778.html?spm=2114.02010208.3.93.jIzI3n&ws_ab_test=searchweb201556_0,searchweb201602_1_10057_10056_10055_10054_10059_10058_10017_107_10060_10061_10052_414_10062_10053_413_10050_10051,searchweb201603_2&btsid=140c5498-f30a-4e24-b3ad-c12d21f1bbf2
hxxps://www.google.com.br/search?q=Lgbt&biw=1680&bih=913&site=webhp&source=lnms&tbm=isch&sa=X&ved=0ahUKEwibjeSvsdjOAhXGDJAKHe6iCgEQ_AUIBygC
hxxp://www.bing.com/videos/search?q=rx+3+izotope&&view=detail&mid=1D00467846107A203F801D00467846107A203F80&FORM=VRDGAR
hxxps://kickasstop.com/fritz-the-cat-1972-ntsc-dvd-en-fr-subs-en-fr-es-t6049312.html
hxxps://ukpirate.org/torrent/4296739/Rock_and_Rule_(1983)
about:blank
hxxps://www.izotope.com/en/products/repair-and-edit/rx.html
hxxp://www.bing.com/search?q=automatic+lan+settings+disappear&FORM=AWRE
about:addons
hxxps://www.youtube.com/watch?v=Am8wCIk7_34
FF Session Restore: -> is enabled.
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 24019
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 24019
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-09-02] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: gastecnologia.com.br/sf/abn -> C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll [2015-02-22] (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-27] (Ubisoft)
FF Plugin HKU\S-1-5-21-1149552576-3594769016-687212945-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF SearchPlugin: C:\Users\lienio\AppData\Roaming\Mozilla\Firefox\Profiles\x53387hr.default\searchplugins\Search Provided by Bing.xml [2016-06-08]
FF Extension: (System.IO.PathTooLongException) - C:\Users\lienio\AppData\Roaming\Mozilla\Firefox\Profiles\x53387hr.default\Extensions\{C01578EB-BD71-C2A7-FAF3-C1A097D506DA} [2016-08-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-29] [not signed]
FF HKU\S-1-5-21-1149552576-3594769016-687212945-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8874}] - C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\abn\xpi
FF Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\abn\xpi [2015-01-26] [not signed]
Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\PepperFlash\18.0.0.209\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Computer, Inc.)
CHR Plugin: (QuickTime Plug-in 7.1.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Computer, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Java Deployment Toolkit 7.0.600.19) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U60) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Módulo de Proteção - Banco Santander (Brasil) S.A.) - C:\Users\lienio\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (GAS Tecnologia)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
CHR Profile: C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (Adobe Acrobat – Criar PDF) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-11-28] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (PicMonkey) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-10-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Documentos Google off-line) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (PhotoShop Online) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmieoafhfglafamjhnjbicbngnlkcokp [2014-05-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (feedly) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-09-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Pixlr Express) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmjpdlmjopaeginhldhiokeidchjid [2014-05-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (GBBD Banco Santander (Brasil) S.A.) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnf [2014-09-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Flatbook) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-07-27]
CHR Extension: (Google Wallet) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Conversor de áudio) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2014-11-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Cortador de áudio) - C:\Users\lienio\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2014-11-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASTSRV; C:\Windows\SysWOW64\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2016-01-31] () [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed]
S2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-08] (Luis Cobian, CobianSoft) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-02-03] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-02-03] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-20] (Adobe Systems Incorporated) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307064 2015-07-31] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-05-02] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [983936 2009-06-05] (Creative Technology Ltd.)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [304480 2016-01-31] (silex technology, Inc.)
R3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [419160 2011-04-28] (TASCAM)
R3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [31576 2011-04-28] (TASCAM)
R3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [53080 2011-04-28] (TASCAM)
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S1 cashnbackdrv; system32\drivers\cashnbackdrv.sys [X]
S3 DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS [X]
S3 Spring; \??\C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Spring64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-31 12:48 - 2016-08-31 12:49 - 00000000 ____D C:\Users\lienio\Desktop\FRST
2016-08-31 12:45 - 2016-08-31 12:49 - 00000000 ____D C:\FRST
2016-08-31 11:34 - 2016-08-31 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 09:45 - 2016-08-31 09:45 - 00169802 _____ C:\Windows\ntbtlog.txt
2016-08-30 08:33 - 2016-08-31 11:13 - 00000000 ____D C:\Windows\SysWOW64\Java
2016-08-30 08:33 - 2016-08-30 08:33 - 00003362 _____ C:\Windows\System32\Tasks\aaaaaaaaaaaa
2016-08-30 08:25 - 2016-08-30 08:28 - 00000000 ____D C:\Users\lienio\AppData\Local\Etprtion
2016-08-30 08:25 - 2016-08-30 08:25 - 00000000 ____D C:\Users\lienio\AppData\Local\Adnwworks
2016-08-30 00:44 - 2016-08-30 00:44 - 00950529 _____ C:\Users\lienio\Desktop\Fatura Net.pdf
2016-08-29 04:11 - 2016-08-29 04:11 - 00030971 _____ C:\Users\lienio\Desktop\[limetorrents.cc]Extensis.Suitcase.Fusion.6.17.2.1.torrent
2016-08-24 10:40 - 2016-08-24 10:40 - 23518510 _____ C:\Users\lienio\Desktop\Descender #01 [Ndrangheta & DecKArte].cbr
2016-08-24 09:08 - 2016-08-24 09:10 - 00000000 ____D C:\Users\lienio\Desktop\VCOFv1.3.5C_DownloadPirate.com
2016-08-24 07:42 - 2016-08-24 07:42 - 00002107 _____ C:\Users\Public\Desktop\iZotope RX 3.lnk
2016-08-24 07:42 - 2016-08-24 07:42 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-08-22 06:29 - 2016-08-22 06:29 - 00014505 _____ C:\Users\lienio\Desktop\The Last Flight of Noah's Ark ---[www.btstorrent.cc]--- .torrent
2016-08-22 06:26 - 2016-08-22 06:26 - 00014318 _____ C:\Users\lienio\Desktop\download.torrent
2016-08-18 06:51 - 2016-08-18 06:51 - 00000000 ____D C:\Users\lienio\Downloads\MAGIC LANTERN REBEL 01
2016-08-15 08:19 - 2016-08-24 07:41 - 00000000 ____D C:\Users\lienio\Documents\iZotope
2016-08-15 08:19 - 2016-08-15 08:19 - 00001223 _____ C:\Users\Public\Desktop\iZotope RX.lnk
2016-08-15 08:19 - 2016-08-15 08:19 - 00000000 ____D C:\Users\lienio\Documents\iZotope RX 2 Presets
2016-08-15 08:19 - 2016-08-15 08:19 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-08-08 09:11 - 2016-08-08 09:11 - 00000766 _____ C:\Users\Public\Desktop\Wondershare Filmora.lnk
2016-08-08 09:11 - 2016-08-08 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-08-08 09:10 - 2016-08-08 09:10 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2016-08-08 08:33 - 2016-08-08 08:35 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 11
2016-08-08 08:12 - 2016-08-08 09:12 - 00014911 _____ C:\Users\lienio\Documents\starburn.txt
2016-08-08 08:12 - 2016-08-08 08:12 - 00000000 ____D C:\Users\lienio\AppData\Local\Wondershare
2016-08-08 08:12 - 2016-08-08 08:12 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-08 08:11 - 2016-08-08 08:22 - 00000000 ____D C:\Users\lienio\Documents\Wondershare Filmora
2016-08-08 08:07 - 2016-08-08 08:11 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-08-08 07:18 - 2016-08-08 07:18 - 00000000 ____D C:\Users\lienio\AppData\Local\Movavi
2016-08-08 07:17 - 2016-08-08 07:17 - 00000000 ____D C:\Users\lienio\AppData\Local\VideoEditor
2016-08-08 07:16 - 2016-08-08 07:16 - 00005116 _____ C:\ProgramData\rxsmznjf.zcp
2016-08-08 07:16 - 2016-08-08 07:16 - 00000016 _____ C:\ProgramData\mntemp
2016-08-08 07:16 - 2016-08-08 07:16 - 00000000 ____D C:\ProgramData\Movavi Video Editor 11
2016-08-05 04:09 - 2016-08-05 07:50 - 00000822 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
2016-08-03 05:39 - 2016-08-03 05:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Video Converter
2016-08-03 05:39 - 2006-09-16 19:44 - 00314368 _____ (The Public) C:\Windows\SysWOW64\avisynth.dll
2016-08-03 05:39 - 2004-05-26 21:37 - 00719872 _____ (Abysmal Software) C:\Windows\SysWOW64\devil.dll
2016-08-03 05:39 - 2003-03-19 11:03 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71d.dll
2016-08-03 00:55 - 2016-08-03 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 24
2016-08-03 00:55 - 1997-05-12 17:53 - 00314368 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2016-08-03 00:13 - 2016-08-03 00:13 - 00000000 ____D C:\Windows\system32\appmgmt
2016-08-02 22:49 - 2014-05-15 00:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-02 22:49 - 2014-05-15 00:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-08-02 22:49 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-08-02 22:49 - 2014-05-15 00:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-02 22:49 - 2014-05-15 00:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-02 22:49 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-02 22:49 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-02 22:49 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-02 22:49 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-02 22:49 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-02 14:23 - 2016-08-02 14:23 - 00002041 _____ C:\Users\Public\Desktop\VideoStabilizer.lnk
2016-08-02 14:23 - 2016-08-02 14:23 - 00000000 ____D C:\Users\lienio\AppData\Roaming\ArcSoft
2016-08-02 14:23 - 2016-08-02 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft VideoStabilizer
2016-08-02 14:23 - 2016-08-02 14:23 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2016-08-02 14:23 - 2004-04-19 09:18 - 00047616 _____ (Arcsoft Inc.) C:\Windows\SysWOW64\mpgaudio.ax
2016-08-02 14:23 - 2004-04-09 10:10 - 00048128 _____ (Arcsoft Inc.) C:\Windows\SysWOW64\mpgvideo.ax
2016-08-02 14:23 - 2004-02-22 18:01 - 00192512 _____ (Arcsoft) C:\Windows\SysWOW64\AdavVideoDec.dll
2016-08-02 14:23 - 2003-12-18 09:03 - 00126976 _____ (Arcsoft (HZ)) C:\Windows\SysWOW64\AdavAudioDec.dll
2016-08-02 14:16 - 2016-08-02 14:16 - 00003150 _____ C:\Windows\System32\Tasks\{028442EA-20F0-4A95-8673-516B278974BB}
2016-08-02 13:52 - 2016-08-02 13:52 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-08-02 13:52 - 2016-08-02 13:52 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-08-02 13:52 - 2016-08-02 13:52 - 00000000 ____D C:\Windows\en
2016-08-02 13:52 - 2016-08-02 13:52 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-08-02 13:50 - 2016-08-02 13:54 - 00000000 ____D C:\Users\lienio\AppData\Local\Windows Live
2016-08-01 13:10 - 2016-08-01 13:39 - 00000000 ____D C:\Users\lienio\Downloads\Firmware da Rebel t1i
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-31 12:25 - 2014-05-02 07:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-31 12:13 - 2014-06-16 12:12 - 00000296 _____ C:\Windows\Tasks\Funmoods Chat.job
2016-08-31 11:37 - 2014-05-26 10:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-31 11:26 - 2015-07-29 11:57 - 00000000 ____D C:\Users\lienio\AppData\Local\Spotify
2016-08-31 11:20 - 2009-07-14 12:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 11:20 - 2009-07-14 12:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 11:18 - 2014-05-13 12:56 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-31 11:13 - 2015-07-29 11:57 - 00000000 ____D C:\Users\lienio\AppData\Roaming\Spotify
2016-08-31 11:13 - 2015-06-13 16:49 - 00000656 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
2016-08-31 11:13 - 2014-05-02 07:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-31 11:13 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 10:49 - 2015-12-07 04:07 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-08-31 08:53 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-31 07:01 - 2014-11-23 07:55 - 00000000 ____D C:\Users\lienio\AppData\Local\ElevatedDiagnostics
2016-08-31 01:25 - 2015-03-19 10:51 - 00000000 ____D C:\Users\lienio\AppData\Local\Extensis
2016-08-31 01:23 - 2009-07-14 12:45 - 05038392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-31 01:20 - 2015-03-25 08:18 - 00086872 _____ C:\Users\lienio\AppData\Local\GDIPFONTCACHEV1.DAT
2016-08-31 01:19 - 2014-06-17 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis
2016-08-31 01:19 - 2014-06-17 00:24 - 00000000 ____D C:\Program Files (x86)\Extensis
2016-08-30 23:28 - 2014-06-17 00:24 - 00000000 ____D C:\ProgramData\Extensis
2016-08-30 12:17 - 2014-12-29 04:00 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-30 08:39 - 2014-05-02 05:46 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-30 07:27 - 2014-10-25 06:23 - 00000000 ____D C:\KMPlayer
2016-08-29 08:26 - 2014-05-07 10:27 - 00000000 ____D C:\Users\lienio\AppData\Roaming\uTorrent
2016-08-29 03:56 - 2015-04-12 09:32 - 00001456 _____ C:\Users\lienio\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-28 11:13 - 2014-05-02 09:16 - 00000321 _____ C:\Users\lienio\AppData\Roaming\WB.CFG
2016-08-24 11:05 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-24 11:05 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-08-24 08:40 - 2014-05-04 04:56 - 00000000 ____D C:\Users\lienio\AppData\Roaming\iZotope
2016-08-24 08:38 - 2014-05-04 02:58 - 00000000 ____D C:\Program Files (x86)\Vstplugins
2016-08-24 07:42 - 2014-05-04 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-08-24 07:41 - 2014-05-04 04:56 - 00000000 ____D C:\Program Files (x86)\iZotope
2016-08-24 07:24 - 2014-05-07 13:12 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-23 07:14 - 2016-07-23 23:55 - 00000000 ____D C:\Users\lienio\Desktop\_musica
2016-08-23 03:07 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-08-22 14:22 - 2014-05-03 04:57 - 00000000 ____D C:\Users\lienio\AppData\Roaming\Adobe
2016-08-18 02:57 - 2014-05-04 02:59 - 00000000 ____D C:\Users\lienio\AppData\Roaming\Sony
2016-08-16 05:55 - 2014-05-19 13:10 - 00000000 ____D C:\Users\lienio\Documents\_Amil
2016-08-12 00:18 - 2009-07-14 13:08 - 00032648 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-10 13:12 - 2016-07-13 00:50 - 00000000 ____D C:\Users\lienio\Documents\Fotografia Cursos e escolas
2016-08-08 09:57 - 2016-02-09 02:29 - 00000000 ___SD C:\Users\lienio\AppData\LocalLow\Temp
2016-08-08 04:28 - 2016-02-09 08:00 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 07:46 - 2014-05-04 05:50 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-08-05 07:15 - 2013-01-18 23:36 - 00000000 ___HD C:\Users\lienio\AppData\Local\APNH0JnRDLoFiO
2016-08-05 04:10 - 2014-05-03 05:38 - 00000000 ____D C:\Users\lienio\Documents\Adobe
2016-08-05 04:09 - 2014-05-03 05:09 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-05 04:09 - 2014-05-03 05:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-08-03 23:49 - 2014-06-07 13:19 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1399956964
2016-08-03 08:04 - 2015-07-29 11:57 - 00001797 _____ C:\Users\lienio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-08-03 05:02 - 2015-03-25 11:57 - 00000010 _____ C:\Users\lienio\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2016-08-03 05:02 - 2015-03-19 11:28 - 00000010 _____ C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822
2016-08-02 14:23 - 2014-05-02 07:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-02 13:52 - 2014-05-29 12:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-08-02 13:52 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
==================== Files in the root of some directories =======
2015-05-13 11:01 - 2010-01-26 22:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2015-03-15 07:20 - 2015-04-09 12:14 - 0000132 _____ () C:\Users\lienio\AppData\Roaming\Adobe PNG Format CC Prefs
2016-01-08 11:37 - 2016-07-25 07:09 - 0000132 _____ () C:\Users\lienio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-02-22 10:06 - 2015-12-10 05:39 - 0000020 _____ () C:\Users\lienio\AppData\Roaming\appdataFr3.bin
2015-03-22 06:15 - 2015-03-22 06:15 - 0000112 _____ () C:\Users\lienio\AppData\Roaming\JP2K CS6 Prefs
2014-05-07 13:12 - 2014-07-15 09:31 - 0048635 _____ () C:\Users\lienio\AppData\Roaming\unins000.dat
2014-07-15 09:31 - 2014-07-15 09:31 - 0808609 _____ () C:\Users\lienio\AppData\Roaming\unins000.exe
2014-05-02 09:16 - 2016-08-28 11:13 - 0000321 _____ () C:\Users\lienio\AppData\Roaming\WB.CFG
2015-03-25 11:57 - 2016-08-03 05:02 - 0000010 _____ () C:\Users\lienio\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2015-04-12 09:32 - 2016-08-29 03:56 - 0001456 _____ () C:\Users\lienio\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-02-09 02:59 - 2016-02-09 02:59 - 0002453 _____ () C:\Users\lienio\AppData\Local\recently-used.xbel
2016-01-24 12:36 - 2016-01-24 12:36 - 0000017 _____ () C:\Users\lienio\AppData\Local\resmon.resmoncfg
2015-03-19 11:28 - 2016-08-03 05:02 - 0000010 _____ () C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822
2015-03-19 11:30 - 2015-03-19 11:30 - 0000098 _____ () C:\ProgramData\.SF170
2015-02-03 10:22 - 2009-02-24 22:40 - 0001026 _____ () C:\ProgramData\cfSB0270.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001026 _____ () C:\ProgramData\cfSB0271.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001302 _____ () C:\ProgramData\cfSB0300.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001282 _____ () C:\ProgramData\cfSB0471.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001208 _____ () C:\ProgramData\cfSB0490.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001027 _____ () C:\ProgramData\cfSB0560.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001352 _____ () C:\ProgramData\cfSB0910.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0000590 _____ () C:\ProgramData\cfSB0950.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001352 _____ () C:\ProgramData\cfSB1090.ini
2015-02-03 10:22 - 2009-02-24 22:40 - 0001346 _____ () C:\ProgramData\cfSB1100.ini
2016-08-08 07:16 - 2016-08-08 07:16 - 0000016 _____ () C:\ProgramData\mntemp
2016-08-08 07:16 - 2016-08-08 07:16 - 0005116 _____ () C:\ProgramData\rxsmznjf.zcp
Files to move or delete:
====================
C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
Some files in TEMP:
====================
C:\Users\lienio\AppData\Local\Temp\cr-extensis.exe
C:\Users\lienio\AppData\Local\Temp\payload.exe
C:\Users\lienio\AppData\Local\Temp\radB561B.tmp.exe
C:\Users\lienio\AppData\Local\Temp\Suitcase Fusion 6 v17.2.1.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-29 01:53
==================== End of FRST.txt ============================