Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 22-01-2017
Executado por Convidado (administrador) em LUDMILLA-PC (23-01-2017 12:11:56)
Executando a partir de C:\Users\Convidado\Desktop
Perfis Carregados: Convidado (Perfis Disponíveis: Ludmilla & Convidado)
Platform: Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Baidu Inc.) C:\Program Files\baidu\Baidu Browser43.23.1000.467.1\sparkservice.exe
() C:\Program Files\CalendarTool\2.0.0.11061\CalendarServ.exe
(Yahoo Inc.) C:\Program Files\Yahoo!\yset\{A8BF9EA3-FB37-B04C-A23B-C2D34D2B9FB3}\YSearchUtilSVC.exe
() C:\Program Files\CalendarTool\2.0.0.11061\calendar.exe
(Safer Technologies LLC) C:\Program Files\Safer Technologies\Update\SaferUpdate.exe
(Safer Technologies LLC) C:\Program Files\Safer Technologies\Update\1.3.193.9\SaferCrashHandler.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe
(Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe
(Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2006-11-01] (Avast Software s.r.o.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe [1997296 2006-11-01] (Baidu, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [Baidu PC Faster 5.1.0.0] => C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-07] (Baidu, Inc.)
HKLM\...\RunOnce: [Run_dregol] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Ludmilla\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
HKLM\...\RunOnce: [SymInstallStub] => C:\Windows\System32\Adobe\Shockwave 12\SymInstallStub.exe [482104 2016-12-25] (Symantec Corporation)
HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\Run: [SecureBrowserAutoLaunch_CEEDB44BF361B7FAA6E33C5349BA3217] => C:\Program Files\Safer Technologies\Secure Browser\Application\secure.exe [879992 2017-01-01] (Safer Technologies LLC)
HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\MountPoints2: E - E:\Windows/AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [Run_dregol] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Ludmilla\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2006-11-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavShx.dll [2006-11-01] (Baidu, Inc.)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 187.64.0.122 187.64.0.34
Tcpip\..\Interfaces\{11EAECB9-497F-4840-86DF-1E403C8E3421}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2554F3AD-8BE3-4DDC-95A2-AB41AC129935}: [DhcpNameServer] 187.64.0.122 187.64.0.34
Tcpip\..\Interfaces\{470B89AC-EE02-4663-AB51-D323652ED352}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D6AE76F1-62F2-4949-8170-88B645CE729E}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4217796398-667816934-1768120610-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKU\S-1-5-21-4217796398-667816934-1768120610-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> DefaultScope {589CCA72-D902-4867-B4DF-AB37AAB7FF3B} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzztCzztN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtD0D0BtC0DyEyEtGtDzy0C0EtGtAtDzyyBtGtDyD0AyBtGyBtB0DtCtCyCtDyDyEyEtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByCyD%26cr%3D901935336%26a%3Dwbf_bxinw_16_51%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {589CCA72-D902-4867-B4DF-AB37AAB7FF3B} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzztCzztN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtD0D0BtC0DyEyEtGtDzy0C0EtGtAtDzyyBtGtDyD0AyBtGyBtB0DtCtCyCtDyDyEyEtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByCyD%26cr%3D901935336%26a%3Dwbf_bxinw_16_51%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = hxxp://start.myplaycity.com/results.php?category=web&s={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2006-11-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Ludmilla\AppData\Roaming\Mozilla\Firefox\Profiles\sbjdduki.default\extensions\faststartff@gmail.com
FF Extension: (Fast Start) - C:\Users\Ludmilla\AppData\Roaming\Mozilla\Firefox\Profiles\sbjdduki.default\extensions\faststartff@gmail.com [2014-11-21] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4217796398-667816934-1768120610-501: @nsroblox.roblox.com/launcher -> C:\Users\Convidado\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4217796398-667816934-1768120610-501: @nsroblox.roblox.com/launcher64 -> C:\Users\Convidado\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://br.hao123.com/?tn=sdkb_inner_protection_04_hao123_br&guid=b3503dce53c05377789829850c361367","hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_43_wbf_bxinw_16_41¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyB0CyE0C0B0AtCtByEtC0C0A0CtN0D0Tzu0StCyByCtCtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0EyB0Azz0ByDyDtGtAyEzy0FtGtDzy0DyEtGtD0EyByEtG0E0B0AyBtB0FtD0BtA0AyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDyEtA0FyByDyCtGyEyEtAzztGyEtAyDzytGzztA0FyCtGyDtD0FtA0AtCzzyD0C0A0E0B2QtN0A0LzuyE%26cr%3D1035550219%26a%3Dhdr_s_16_43_wbf_bxinw_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=c030ee0198f712d9f16eee887a3bb759","hxxp://www.bing.com/search?FORM=INCOH2&PC=IC06&PTAG=ICO-82378b19","hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_50_wbf_bxinw_16_41¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyB0CyE0C0B0AtCtByEtC0C0A0CtN0D0Tzu0StCzztDyBtN1L2XzutAtFtByEtFtBtDtFyDyEtN1L1Czu1M1Q1CtAtCtFzytFtDtN1L1G1B1V1N2Y1L1Qzu2StDtD0CyCyEtD0EyBtGyByByE0AtG0ByBtA0DtGtA0ByCtCtGyE0DyCtCyE0B0Dzz0Czz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDyEtA0FyByDyCtGyEyEtAzztGyEtAyDzytGzztA0FyCtGyDtD0FtA0AtCzzyD0C0A0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtCtCyB%26cr%3D822272122%26a%3Dhdr_s_16_50_wbf_bxinw_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm","hxxps://www.bing.com/search?FORM=INCOH2&PC=IC06&PTAG=ICO-df48df09"
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default [2017-01-23]
CHR Extension: (Google Docs) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2006-11-01]
CHR Extension: (YouTube) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2006-11-01]
CHR Extension: (Google Search) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2006-11-01]
CHR Extension: (Documentos Google off-line) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2006-11-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]
CHR Extension: (Chrome Media Router) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2006-11-01]
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-08-16]
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-22]
CHR Extension: (dregol New Tab) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2016-12-23]
CHR Extension: (Skype) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-23]
CHR Extension: (Search Manager) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-12-23]
CHR Extension: (Gmail) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22]
CHR HKLM\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2006-11-01]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4217796398-667816934-1768120610-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4217796398-667816934-1768120610-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2006-11-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2006-11-01] (Avast Software)
S4 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.)
R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe [2572928 2006-11-01] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdSandboxSrv.exe [391200 2015-03-05] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe [531232 2006-11-01] (Baidu, Inc.)
S3 BsrSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3464504 2015-05-22] (Baidu, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [272136 2016-12-14] (McAfee, Inc.)
R2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe [793584 2014-09-25] (Baidu Inc.) [Arquivo não assinado]
R2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448 2015-05-07] (Baidu, Inc.)
S2 safer; C:\Program Files\Safer Technologies\Update\SaferUpdate.exe [156064 2017-01-22] (Safer Technologies LLC)
S3 saferm; C:\Program Files\Safer Technologies\Update\SaferUpdate.exe [156064 2017-01-22] (Safer Technologies LLC)
R2 SparkSvc; C:\Program Files\baidu\Baidu Browser43.23.1000.467.1\sparkservice.exe [97080 2016-01-15] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2016-01-15] (Baidu.com, Inc.)
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files\Yahoo!\yset\{A8BF9EA3-FB37-B04C-A23B-C2D34D2B9FB3}\YSearchUtilSvc.exe [182736 2016-11-15] (Yahoo Inc.)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2006-11-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2006-11-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2006-11-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2006-11-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2006-11-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2006-11-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2006-11-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2006-11-01] ()
S3 Baidu PC Faster FileShredder; C:\Program Files\PC Faster\5.1.0.0\FileKill_x86.sys [18880 2013-03-19] ()
R3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdApiUtil.sys [101448 2006-11-01] (Baidu, Inc.)
R3 bdark; C:\Windows\system32\drivers\bdark.sys [82376 2015-05-15] ()
R3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdCameraProtect.sys [21384 2006-11-01] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [197624 2015-03-05] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51144 2006-11-01] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31176 2006-11-01] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74888 2006-11-01] (Baidu, Inc.)
S3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [138184 2006-11-01] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75400 2006-11-01] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [461192 2006-11-01] (Baidu, Inc.)
R3 Bnmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\Bnmon.sys [84936 2006-11-01] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [195528 2006-11-01] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [113992 2015-03-31] (Baidu, Inc.)
S4 bsrbc; C:\Windows\System32\drivers\bsrbc.sys [54672 2006-11-01] ()
R2 msvesexpanded; C:\Windows\system32\drivers\msijhelper.sys [124088 2010-11-20] ()
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [37408 2014-08-14] (NT Kernel Resources)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.)
R3 PCFApiUtil; C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [118152 2015-03-31] (Baidu, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2006-11-01] (Avast Software)
S3 AppProtectEx; \??\C:\Windows\System32\drivers\AppProtectEx.sys [X]
S3 UNDPX2A; \??\C:\Windows\system32\drivers\UNDPX2A.SYS [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-23 12:04 - 2017-01-23 12:04 - 00000000 ____D C:\FRST
2017-01-23 10:44 - 2017-01-23 10:44 - 00000000 ____D C:\MSIcfcb8.tmp
2017-01-23 10:41 - 2017-01-23 10:41 - 00000000 ____D C:\Program Files\Common Files\Java
2017-01-23 10:41 - 2017-01-23 10:41 - 00000000 ____D C:\MSIcfcb3.tmp
2017-01-23 10:40 - 2017-01-23 10:40 - 00000000 ____D C:\MSIcfcab.tmp
2017-01-23 10:31 - 2017-01-23 10:31 - 00000000 ____D C:\MSIcfca6.tmp
2017-01-22 19:44 - 2017-01-22 19:44 - 00000000 ____D C:\MSI7879.tmp
2017-01-22 19:38 - 2017-01-23 10:46 - 00000908 _____ C:\Windows\Tasks\SaferUpdateTaskMachineUA.job
2017-01-22 19:38 - 2017-01-22 19:42 - 00000000 ____D C:\Program Files\Safer Technologies
2017-01-22 19:38 - 2006-11-01 00:01 - 00000904 _____ C:\Windows\Tasks\SaferUpdateTaskMachineCore.job
2017-01-10 14:07 - 2017-01-10 14:07 - 00000000 ____D C:\Program Files\Yahoo!
2017-01-10 14:05 - 2017-01-10 14:05 - 00000000 ____D C:\MSI8bcd3.tmp
2017-01-10 14:02 - 2017-01-23 10:33 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-01-10 13:57 - 2017-01-23 10:45 - 00000000 ____D C:\Program Files\Java
2017-01-10 13:56 - 2017-01-10 13:56 - 00000000 ____D C:\MSI8bccd.tmp
2017-01-10 13:53 - 2017-01-10 13:53 - 00000000 ____D C:\MSI8bcc5.tmp
2017-01-10 13:50 - 2017-01-10 13:50 - 00000000 ____D C:\MSI8bbfe.tmp
2016-12-31 18:02 - 2006-11-01 00:03 - 00000540 _____ C:\Windows\Tasks\Norton Product Installer.job
2016-12-31 18:01 - 2006-11-01 00:03 - 00000548 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Windows\system32\Drivers\NSS
2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Program Files\NortonInstaller
2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Program Files\Norton Security Scan
2016-12-30 14:00 - 2015-07-30 10:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-12-30 13:53 - 2016-07-22 11:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-12-27 23:28 - 2016-12-27 23:28 - 00010224 _____ C:\downlevel_2016_12_28_10_28_24_240.log
2016-12-27 21:19 - 2016-12-27 21:19 - 00034732 _____ C:\compatcheck_2016_12_28_08_19_25_378.log
2016-12-27 21:19 - 2016-12-27 21:19 - 00000000 ____D C:\$GetCurrent
2016-12-27 21:18 - 2006-11-01 00:25 - 00000000 ____D C:\Windows10Upgrade
2016-12-27 16:53 - 2016-12-27 16:54 - 00000000 ____D C:\Program Files\Booking.com
2016-12-27 16:51 - 2016-12-27 16:53 - 00000000 ____D C:\Program Files\AliExpress
2016-12-26 20:19 - 2016-12-26 20:19 - 00000000 ____D C:\MSId4714.tmp
2016-12-26 20:16 - 2016-12-26 20:19 - 00000000 ___RD C:\Program Files\Skype
2016-12-26 20:16 - 2016-12-26 20:16 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-12-26 20:16 - 2016-12-26 20:16 - 00000000 ____D C:\MSId470d.tmp
2016-12-25 22:17 - 2016-12-25 22:17 - 00000000 ____D C:\MSI22709.tmp
2016-12-24 01:15 - 2016-12-24 01:15 - 00000000 ____D C:\MSIfc01d.tmp
2016-12-24 01:14 - 2016-12-24 01:14 - 00000000 ____D C:\MSIfc013.tmp
2016-12-23 20:07 - 2016-12-23 20:07 - 00000000 ____D C:\SWDownload
2016-12-23 20:04 - 2006-11-01 00:00 - 00000000 ____D C:\Program Files\PC App Store
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\MSI5f2d7.tmp
2016-12-23 19:51 - 2016-12-23 19:51 - 00000000 ____D C:\MSI5f2a6.tmp
2016-12-23 19:49 - 2016-12-23 19:49 - 00000000 ____D C:\MSI5f2a4.tmp
2016-12-23 19:23 - 2016-12-23 19:23 - 00000000 ____D C:\MSI17474.tmp
2016-12-23 18:48 - 2016-12-23 18:48 - 00000000 ____D C:\MSI1ac42.tmp
2016-12-23 18:48 - 2016-12-23 18:48 - 00000000 ____D C:\MSI1ac3a.tmp
2016-12-23 18:25 - 2016-09-30 10:50 - 00023232 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-23 16:26 - 2016-12-23 16:26 - 00000000 ____D C:\MSIe0dea.tmp
2016-12-23 16:24 - 2016-12-23 16:24 - 00000000 ____D C:\MSIe0de4.tmp
2016-12-23 15:01 - 2017-01-22 19:48 - 00000000 ____D C:\Program Files\ByteFence
2016-12-19 14:24 - 2016-12-19 14:24 - 00000000 ____D C:\MSId78f5.tmp
2016-12-19 14:24 - 2016-12-19 14:24 - 00000000 ____D C:\MSId78f3.tmp
2016-12-19 14:17 - 2016-12-19 14:17 - 00000000 ____D C:\MSId78e5.tmp
2016-12-19 14:15 - 2016-12-19 14:15 - 00000000 ____D C:\MSId78de.tmp
2016-12-17 21:20 - 2016-12-17 21:20 - 00000000 ____D C:\MSI3f51a.tmp
2016-12-13 16:09 - 2016-12-13 16:09 - 00000000 ____D C:\MSI70e26.tmp
2016-12-08 20:18 - 2016-12-08 20:18 - 00000000 ____D C:\MSI6347a.tmp
2016-12-08 20:16 - 2016-12-08 20:16 - 00000000 ____D C:\MSI63473.tmp
2016-12-08 19:45 - 2016-12-08 19:45 - 00000000 ____D C:\MSIefee0.tmp
2016-12-08 18:12 - 2016-12-08 18:12 - 00000000 ____D C:\MSIc08bf.tmp
2016-12-08 09:47 - 2016-12-08 09:47 - 00000000 ____D C:\AI_RecycleBin
2016-12-08 09:45 - 2016-12-08 09:45 - 00000000 ____D C:\MSIff09b.tmp
2016-12-08 08:24 - 2016-12-08 08:24 - 00000000 ____D C:\MSI5b61b.tmp
2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\MSI5116e.tmp
2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\MSI5116c.tmp
2016-12-07 19:54 - 2016-12-07 19:54 - 00000000 ____D C:\MSI51166.tmp
2016-12-07 19:50 - 2016-12-07 19:50 - 00000000 ____D C:\MSI51160.tmp
2016-11-26 10:20 - 2016-11-26 10:20 - 00000000 ____D C:\Program Files\MegaDownloader
2016-11-23 20:11 - 2016-11-23 20:11 - 00000000 ____D C:\MSI790f6.tmp
2016-11-23 20:09 - 2016-11-23 20:09 - 00000000 ____D C:\MSI790f1.tmp
2016-11-23 20:09 - 2016-11-23 20:09 - 00000000 ____D C:\MSI790e9.tmp
2016-11-23 20:05 - 2016-11-23 20:05 - 00000000 ____D C:\MSI790e4.tmp
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-23 12:06 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2017-01-23 12:05 - 2009-07-14 01:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-23 12:05 - 2009-07-14 01:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-09 14:01 - 2014-11-21 13:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-09 14:01 - 2014-11-21 13:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-09 14:01 - 2014-11-21 13:16 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-01 16:01 - 2011-04-12 01:47 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2017-01-01 16:01 - 2011-04-12 01:47 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2017-01-01 16:01 - 2010-11-20 18:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-30 15:55 - 2006-11-01 00:23 - 00000000 ____D C:\Windows\Prefetch
2016-12-30 15:07 - 2010-10-22 00:43 - 00000000 __SHD C:\System Volume Information
2016-12-30 14:05 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\winsxs
2016-12-25 22:16 - 2014-11-21 12:34 - 00000000 ____D C:\Program Files\WinRAR
2016-12-25 22:16 - 2006-11-01 00:04 - 00000000 ____D C:\Windows\system32\Adobe
==================== Arquivos na raiz de alguns diretórios =======
2016-01-21 21:55 - 2016-01-22 13:13 - 27673724 _____ () C:\Users\Convidado\AppData\Roaming\.minecraft.rar
2006-11-01 01:24 - 2006-11-01 01:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-22 20:15 - 2017-01-22 20:15 - 0004096 _____ () C:\ProgramData\dfnpcrng.nwi
2014-11-21 13:18 - 2017-01-23 12:02 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2017-01-22 20:15 - 2017-01-22 20:15 - 0000016 _____ () C:\ProgramData\mntemp
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-09-24 17:56
==================== Fim de FRST.txt ============================
Executado por Convidado (administrador) em LUDMILLA-PC (23-01-2017 12:11:56)
Executando a partir de C:\Users\Convidado\Desktop
Perfis Carregados: Convidado (Perfis Disponíveis: Ludmilla & Convidado)
Platform: Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Baidu Inc.) C:\Program Files\baidu\Baidu Browser43.23.1000.467.1\sparkservice.exe
() C:\Program Files\CalendarTool\2.0.0.11061\CalendarServ.exe
(Yahoo Inc.) C:\Program Files\Yahoo!\yset\{A8BF9EA3-FB37-B04C-A23B-C2D34D2B9FB3}\YSearchUtilSVC.exe
() C:\Program Files\CalendarTool\2.0.0.11061\calendar.exe
(Safer Technologies LLC) C:\Program Files\Safer Technologies\Update\SaferUpdate.exe
(Safer Technologies LLC) C:\Program Files\Safer Technologies\Update\1.3.193.9\SaferCrashHandler.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe
(Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe
(Baidu, Inc.) C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2006-11-01] (Avast Software s.r.o.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe [1997296 2006-11-01] (Baidu, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Run: [Baidu PC Faster 5.1.0.0] => C:\Program Files\PC Faster\5.1.0.0\PCFTray.exe [2333152 2015-05-07] (Baidu, Inc.)
HKLM\...\RunOnce: [Run_dregol] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Ludmilla\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
HKLM\...\RunOnce: [SymInstallStub] => C:\Windows\System32\Adobe\Shockwave 12\SymInstallStub.exe [482104 2016-12-25] (Symantec Corporation)
HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\Run: [SecureBrowserAutoLaunch_CEEDB44BF361B7FAA6E33C5349BA3217] => C:\Program Files\Safer Technologies\Secure Browser\Application\secure.exe [879992 2017-01-01] (Safer Technologies LLC)
HKU\S-1-5-21-4217796398-667816934-1768120610-501\...\MountPoints2: E - E:\Windows/AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [Run_dregol] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Ludmilla\AppData\Roaming\Run_dregol\UpdateProc\bkup.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2006-11-01] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavShx.dll [2006-11-01] (Baidu, Inc.)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 187.64.0.122 187.64.0.34
Tcpip\..\Interfaces\{11EAECB9-497F-4840-86DF-1E403C8E3421}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2554F3AD-8BE3-4DDC-95A2-AB41AC129935}: [DhcpNameServer] 187.64.0.122 187.64.0.34
Tcpip\..\Interfaces\{470B89AC-EE02-4663-AB51-D323652ED352}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D6AE76F1-62F2-4949-8170-88B645CE729E}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4217796398-667816934-1768120610-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br
HKU\S-1-5-21-4217796398-667816934-1768120610-501\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> DefaultScope {589CCA72-D902-4867-B4DF-AB37AAB7FF3B} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzztCzztN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtD0D0BtC0DyEyEtGtDzy0C0EtGtAtDzyyBtGtDyD0AyBtGyBtB0DtCtCyCtDyDyEyEtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByCyD%26cr%3D901935336%26a%3Dwbf_bxinw_16_51%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzzyEzztN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtA0B0D0Czzzz0DtGyBtAyDyBtG0AyDzz0BtGtC0ByB0EtG0BtAyDtBtD0CzzyEtD0Azy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutB%26cr%3D1711633002%26a%3Dwbf_bxinw_17_03%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {589CCA72-D902-4867-B4DF-AB37AAB7FF3B} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_51¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyCyEyE0CzytB0EyCtByEtBtAzztN0D0Tzu0StCzztCzztN1L2XzutAtFtByDtFtCtFyBzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyDtD0D0BtC0DyEyEtGtDzy0C0EtGtAtDzyyBtGtDyD0AyBtGyBtB0DtCtCyCtDyDyEyEtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzzyC0AtDyDyE0BtGzyzytA0EtGyE0ByCtCtG0BzztCtBtG0E0DyD0FtB0E0C0EtAtDtCtD2QtN0A0LzutBtN1B2Z1V1T1S1NzutCtCtByCyD%26cr%3D901935336%26a%3Dwbf_bxinw_16_51%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4217796398-667816934-1768120610-501 -> {9AD09901-06DD-4DDD-A62D-6D2243B771AB} URL = hxxp://start.myplaycity.com/results.php?category=web&s={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2006-11-01] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Ludmilla\AppData\Roaming\Mozilla\Firefox\Profiles\sbjdduki.default\extensions\faststartff@gmail.com
FF Extension: (Fast Start) - C:\Users\Ludmilla\AppData\Roaming\Mozilla\Firefox\Profiles\sbjdduki.default\extensions\faststartff@gmail.com [2014-11-21] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-09] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-4217796398-667816934-1768120610-501: @nsroblox.roblox.com/launcher -> C:\Users\Convidado\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4217796398-667816934-1768120610-501: @nsroblox.roblox.com/launcher64 -> C:\Users\Convidado\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://br.hao123.com/?tn=sdkb_inner_protection_04_hao123_br&guid=b3503dce53c05377789829850c361367","hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_43_wbf_bxinw_16_41¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyB0CyE0C0B0AtCtByEtC0C0A0CtN0D0Tzu0StCyByCtCtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByCtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2SyD0EyB0Azz0ByDyDtGtAyEzy0FtGtDzy0DyEtGtD0EyByEtG0E0B0AyBtB0FtD0BtA0AyEzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDyEtA0FyByDyCtGyEyEtAzztGyEtAyDzytGzztA0FyCtGyDtD0FtA0AtCzzyD0C0A0E0B2QtN0A0LzuyE%26cr%3D1035550219%26a%3Dhdr_s_16_43_wbf_bxinw_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium","hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=c030ee0198f712d9f16eee887a3bb759","hxxp://www.bing.com/search?FORM=INCOH2&PC=IC06&PTAG=ICO-82378b19","hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_50_wbf_bxinw_16_41¶m1=1¶m2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutDtDtCyB0CyE0C0B0AtCtByEtC0C0A0CtN0D0Tzu0StCzztDyBtN1L2XzutAtFtByEtFtBtDtFyDyEtN1L1Czu1M1Q1CtAtCtFzytFtDtN1L1G1B1V1N2Y1L1Qzu2StDtD0CyCyEtD0EyBtGyByByE0AtG0ByBtA0DtGtA0ByCtCtGyE0DyCtCyE0B0Dzz0Czz0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByDyEtA0FyByDyCtGyEyEtAzztGyEtAyDzytGzztA0FyCtGyDtD0FtA0AtCzzyD0C0A0E0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCtCtCyB%26cr%3D822272122%26a%3Dhdr_s_16_50_wbf_bxinw_16_41%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&uref=chmm","hxxps://www.bing.com/search?FORM=INCOH2&PC=IC06&PTAG=ICO-df48df09"
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default [2017-01-23]
CHR Extension: (Google Docs) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2006-11-01]
CHR Extension: (YouTube) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2006-11-01]
CHR Extension: (Google Search) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2006-11-01]
CHR Extension: (Documentos Google off-line) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2006-11-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-22]
CHR Extension: (Gmail) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]
CHR Extension: (Chrome Media Router) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2006-11-01]
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-08-16]
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-01-22]
CHR Extension: (dregol New Tab) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2016-12-23]
CHR Extension: (Skype) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-23]
CHR Extension: (Search Manager) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-12-23]
CHR Extension: (Gmail) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]
CHR Extension: (Chrome Media Router) - C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]
CHR Profile: C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-22]
CHR HKLM\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fabhkdeopjkcpkmofliimbjckmocfiom] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2006-11-01]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4217796398-667816934-1768120610-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4217796398-667816934-1768120610-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2006-11-01] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2006-11-01] (Avast Software)
S4 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.)
R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe [2572928 2006-11-01] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdSandboxSrv.exe [391200 2015-03-05] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe [531232 2006-11-01] (Baidu, Inc.)
S3 BsrSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3464504 2015-05-22] (Baidu, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [272136 2016-12-14] (McAfee, Inc.)
R2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files\Baidu Security\PC Faster\5.0.0.0\PCFasterSvc.exe [793584 2014-09-25] (Baidu Inc.) [Arquivo não assinado]
R2 PCFasterSvc_{PCFaster_5.1.0.0}; C:\Program Files\PC Faster\5.1.0.0\PCFasterSvc.exe [1714448 2015-05-07] (Baidu, Inc.)
S2 safer; C:\Program Files\Safer Technologies\Update\SaferUpdate.exe [156064 2017-01-22] (Safer Technologies LLC)
S3 saferm; C:\Program Files\Safer Technologies\Update\SaferUpdate.exe [156064 2017-01-22] (Safer Technologies LLC)
R2 SparkSvc; C:\Program Files\baidu\Baidu Browser43.23.1000.467.1\sparkservice.exe [97080 2016-01-15] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe [1372472 2016-01-15] (Baidu.com, Inc.)
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 YSearchUtilSvc; C:\Program Files\Yahoo!\yset\{A8BF9EA3-FB37-B04C-A23B-C2D34D2B9FB3}\YSearchUtilSvc.exe [182736 2016-11-15] (Yahoo Inc.)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2006-11-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2006-11-01] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2006-11-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2006-11-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2006-11-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2006-11-01] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2006-11-01] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2006-11-01] ()
S3 Baidu PC Faster FileShredder; C:\Program Files\PC Faster\5.1.0.0\FileKill_x86.sys [18880 2013-03-19] ()
R3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdApiUtil.sys [101448 2006-11-01] (Baidu, Inc.)
R3 bdark; C:\Windows\system32\drivers\bdark.sys [82376 2015-05-15] ()
R3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdCameraProtect.sys [21384 2006-11-01] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [197624 2015-03-05] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51144 2006-11-01] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31176 2006-11-01] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74888 2006-11-01] (Baidu, Inc.)
S3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [138184 2006-11-01] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75400 2006-11-01] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [461192 2006-11-01] (Baidu, Inc.)
R3 Bnmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\Bnmon.sys [84936 2006-11-01] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [195528 2006-11-01] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [113992 2015-03-31] (Baidu, Inc.)
S4 bsrbc; C:\Windows\System32\drivers\bsrbc.sys [54672 2006-11-01] ()
R2 msvesexpanded; C:\Windows\system32\drivers\msijhelper.sys [124088 2010-11-20] ()
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [37408 2014-08-14] (NT Kernel Resources)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.)
R3 PCFApiUtil; C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [118152 2015-03-31] (Baidu, Inc.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2006-11-01] (Avast Software)
S3 AppProtectEx; \??\C:\Windows\System32\drivers\AppProtectEx.sys [X]
S3 UNDPX2A; \??\C:\Windows\system32\drivers\UNDPX2A.SYS [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-23 12:04 - 2017-01-23 12:04 - 00000000 ____D C:\FRST
2017-01-23 10:44 - 2017-01-23 10:44 - 00000000 ____D C:\MSIcfcb8.tmp
2017-01-23 10:41 - 2017-01-23 10:41 - 00000000 ____D C:\Program Files\Common Files\Java
2017-01-23 10:41 - 2017-01-23 10:41 - 00000000 ____D C:\MSIcfcb3.tmp
2017-01-23 10:40 - 2017-01-23 10:40 - 00000000 ____D C:\MSIcfcab.tmp
2017-01-23 10:31 - 2017-01-23 10:31 - 00000000 ____D C:\MSIcfca6.tmp
2017-01-22 19:44 - 2017-01-22 19:44 - 00000000 ____D C:\MSI7879.tmp
2017-01-22 19:38 - 2017-01-23 10:46 - 00000908 _____ C:\Windows\Tasks\SaferUpdateTaskMachineUA.job
2017-01-22 19:38 - 2017-01-22 19:42 - 00000000 ____D C:\Program Files\Safer Technologies
2017-01-22 19:38 - 2006-11-01 00:01 - 00000904 _____ C:\Windows\Tasks\SaferUpdateTaskMachineCore.job
2017-01-10 14:07 - 2017-01-10 14:07 - 00000000 ____D C:\Program Files\Yahoo!
2017-01-10 14:05 - 2017-01-10 14:05 - 00000000 ____D C:\MSI8bcd3.tmp
2017-01-10 14:02 - 2017-01-23 10:33 - 00095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2017-01-10 13:57 - 2017-01-23 10:45 - 00000000 ____D C:\Program Files\Java
2017-01-10 13:56 - 2017-01-10 13:56 - 00000000 ____D C:\MSI8bccd.tmp
2017-01-10 13:53 - 2017-01-10 13:53 - 00000000 ____D C:\MSI8bcc5.tmp
2017-01-10 13:50 - 2017-01-10 13:50 - 00000000 ____D C:\MSI8bbfe.tmp
2016-12-31 18:02 - 2006-11-01 00:03 - 00000540 _____ C:\Windows\Tasks\Norton Product Installer.job
2016-12-31 18:01 - 2006-11-01 00:03 - 00000548 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Windows\system32\Drivers\NSS
2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Program Files\NortonInstaller
2016-12-30 16:01 - 2016-12-30 16:01 - 00000000 ____D C:\Program Files\Norton Security Scan
2016-12-30 14:00 - 2015-07-30 10:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-12-30 13:53 - 2016-07-22 11:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-12-27 23:28 - 2016-12-27 23:28 - 00010224 _____ C:\downlevel_2016_12_28_10_28_24_240.log
2016-12-27 21:19 - 2016-12-27 21:19 - 00034732 _____ C:\compatcheck_2016_12_28_08_19_25_378.log
2016-12-27 21:19 - 2016-12-27 21:19 - 00000000 ____D C:\$GetCurrent
2016-12-27 21:18 - 2006-11-01 00:25 - 00000000 ____D C:\Windows10Upgrade
2016-12-27 16:53 - 2016-12-27 16:54 - 00000000 ____D C:\Program Files\Booking.com
2016-12-27 16:51 - 2016-12-27 16:53 - 00000000 ____D C:\Program Files\AliExpress
2016-12-26 20:19 - 2016-12-26 20:19 - 00000000 ____D C:\MSId4714.tmp
2016-12-26 20:16 - 2016-12-26 20:19 - 00000000 ___RD C:\Program Files\Skype
2016-12-26 20:16 - 2016-12-26 20:16 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-12-26 20:16 - 2016-12-26 20:16 - 00000000 ____D C:\MSId470d.tmp
2016-12-25 22:17 - 2016-12-25 22:17 - 00000000 ____D C:\MSI22709.tmp
2016-12-24 01:15 - 2016-12-24 01:15 - 00000000 ____D C:\MSIfc01d.tmp
2016-12-24 01:14 - 2016-12-24 01:14 - 00000000 ____D C:\MSIfc013.tmp
2016-12-23 20:07 - 2016-12-23 20:07 - 00000000 ____D C:\SWDownload
2016-12-23 20:04 - 2006-11-01 00:00 - 00000000 ____D C:\Program Files\PC App Store
2016-12-23 19:55 - 2016-12-23 19:55 - 00000000 ____D C:\MSI5f2d7.tmp
2016-12-23 19:51 - 2016-12-23 19:51 - 00000000 ____D C:\MSI5f2a6.tmp
2016-12-23 19:49 - 2016-12-23 19:49 - 00000000 ____D C:\MSI5f2a4.tmp
2016-12-23 19:23 - 2016-12-23 19:23 - 00000000 ____D C:\MSI17474.tmp
2016-12-23 18:48 - 2016-12-23 18:48 - 00000000 ____D C:\MSI1ac42.tmp
2016-12-23 18:48 - 2016-12-23 18:48 - 00000000 ____D C:\MSI1ac3a.tmp
2016-12-23 18:25 - 2016-09-30 10:50 - 00023232 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-12-23 16:26 - 2016-12-23 16:26 - 00000000 ____D C:\MSIe0dea.tmp
2016-12-23 16:24 - 2016-12-23 16:24 - 00000000 ____D C:\MSIe0de4.tmp
2016-12-23 15:01 - 2017-01-22 19:48 - 00000000 ____D C:\Program Files\ByteFence
2016-12-19 14:24 - 2016-12-19 14:24 - 00000000 ____D C:\MSId78f5.tmp
2016-12-19 14:24 - 2016-12-19 14:24 - 00000000 ____D C:\MSId78f3.tmp
2016-12-19 14:17 - 2016-12-19 14:17 - 00000000 ____D C:\MSId78e5.tmp
2016-12-19 14:15 - 2016-12-19 14:15 - 00000000 ____D C:\MSId78de.tmp
2016-12-17 21:20 - 2016-12-17 21:20 - 00000000 ____D C:\MSI3f51a.tmp
2016-12-13 16:09 - 2016-12-13 16:09 - 00000000 ____D C:\MSI70e26.tmp
2016-12-08 20:18 - 2016-12-08 20:18 - 00000000 ____D C:\MSI6347a.tmp
2016-12-08 20:16 - 2016-12-08 20:16 - 00000000 ____D C:\MSI63473.tmp
2016-12-08 19:45 - 2016-12-08 19:45 - 00000000 ____D C:\MSIefee0.tmp
2016-12-08 18:12 - 2016-12-08 18:12 - 00000000 ____D C:\MSIc08bf.tmp
2016-12-08 09:47 - 2016-12-08 09:47 - 00000000 ____D C:\AI_RecycleBin
2016-12-08 09:45 - 2016-12-08 09:45 - 00000000 ____D C:\MSIff09b.tmp
2016-12-08 08:24 - 2016-12-08 08:24 - 00000000 ____D C:\MSI5b61b.tmp
2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\MSI5116e.tmp
2016-12-07 20:01 - 2016-12-07 20:01 - 00000000 ____D C:\MSI5116c.tmp
2016-12-07 19:54 - 2016-12-07 19:54 - 00000000 ____D C:\MSI51166.tmp
2016-12-07 19:50 - 2016-12-07 19:50 - 00000000 ____D C:\MSI51160.tmp
2016-11-26 10:20 - 2016-11-26 10:20 - 00000000 ____D C:\Program Files\MegaDownloader
2016-11-23 20:11 - 2016-11-23 20:11 - 00000000 ____D C:\MSI790f6.tmp
2016-11-23 20:09 - 2016-11-23 20:09 - 00000000 ____D C:\MSI790f1.tmp
2016-11-23 20:09 - 2016-11-23 20:09 - 00000000 ____D C:\MSI790e9.tmp
2016-11-23 20:05 - 2016-11-23 20:05 - 00000000 ____D C:\MSI790e4.tmp
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-01-23 12:06 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2017-01-23 12:05 - 2009-07-14 01:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-23 12:05 - 2009-07-14 01:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-09 14:01 - 2014-11-21 13:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-01-09 14:01 - 2014-11-21 13:16 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-01-09 14:01 - 2014-11-21 13:16 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-01 16:01 - 2011-04-12 01:47 - 00705268 _____ C:\Windows\system32\prfh0416.dat
2017-01-01 16:01 - 2011-04-12 01:47 - 00147108 _____ C:\Windows\system32\prfc0416.dat
2017-01-01 16:01 - 2010-11-20 18:01 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-30 15:55 - 2006-11-01 00:23 - 00000000 ____D C:\Windows\Prefetch
2016-12-30 15:07 - 2010-10-22 00:43 - 00000000 __SHD C:\System Volume Information
2016-12-30 14:05 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\winsxs
2016-12-25 22:16 - 2014-11-21 12:34 - 00000000 ____D C:\Program Files\WinRAR
2016-12-25 22:16 - 2006-11-01 00:04 - 00000000 ____D C:\Windows\system32\Adobe
==================== Arquivos na raiz de alguns diretórios =======
2016-01-21 21:55 - 2016-01-22 13:13 - 27673724 _____ () C:\Users\Convidado\AppData\Roaming\.minecraft.rar
2006-11-01 01:24 - 2006-11-01 01:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-01-22 20:15 - 2017-01-22 20:15 - 0004096 _____ () C:\ProgramData\dfnpcrng.nwi
2014-11-21 13:18 - 2017-01-23 12:02 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js
2017-01-22 20:15 - 2017-01-22 20:15 - 0000016 _____ () C:\ProgramData\mntemp
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-09-24 17:56
==================== Fim de FRST.txt ============================