Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:18-01-2016
Executado por Benjamin (administrador) em BENJAMIN-PC (20-01-2016 15:43:44)
Executando a partir de C:\Users\Benjamin\Desktop
Perfis Carregados: Benjamin (Perfis Disponíveis: Benjamin)
Platform: Microsoft Windows 7 Professional  (X86) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\PSafe\Total\safemon\QHSafeTray.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl11] => C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe [230696 2011-09-14] (CyberLink Corp.)
HKLM\...\Run: [USB Antivirus] => C:\Program Files\USB Disk Security\RunUSBGuard.exe [86016 2010-01-10] (Zbshareware Lab)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3744552 2011-11-28] (AVAST Software)
HKLM\...\Run: [UIExec] => C:\Program Files\Join Air\UIExec.exe [156448 2012-05-03] ()
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1699400 2016-01-04] (APN)
HKLM\...\Run: [e29] => C:\Program Files\e39d\e29.js [68045 2015-08-30] ()
HKLM\...\Run: [XP-A7F1AAE7] => C:\Windows\system32\XP-A7F1AAE7.EXE
HKLM\...\Run: [QHSafeTray] => C:\Program Files\PSafe\Total\safemon\QHSafeTray.exe [2406208 2015-08-04] ()
HKLM\...\RunOnce: [] => [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATENÇÃO
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\Run: [Media Finder] => "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\Run: [HW_OPENEYE_OUC_VIVO INTERNET] => C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20918432 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {2899f857-5a6c-11e1-b87a-001b249c11f4} - G:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {2899f85d-5a6c-11e1-b87a-001b249c11f4} - G:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {2899f86a-5a6c-11e1-b87a-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {36827dbd-3eb7-11e1-ab7a-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {4ae6d362-44ff-11e1-88a4-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {81c9005a-8ada-11e3-88b1-54844d5e440f} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {896f4288-ccc7-11e2-a65f-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {896f4294-ccc7-11e2-a65f-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {896f42a2-ccc7-11e2-a65f-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {896f42fd-ccc7-11e2-a65f-001b249c11f4} - F:\LGAutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {896f43cd-ccc7-11e2-a65f-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {8b47572f-88d3-11e3-baf2-54844d5e440f} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {977b067f-93e5-11e2-8258-001b249c11f4} - F:\Autorun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {977b0695-93e5-11e2-8258-001b249c11f4} - F:\Autorun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {a609fb85-3895-11e1-93ae-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {b11e5801-386d-11e1-8ab1-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {b11e5817-386d-11e1-8ab1-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {b11e585b-386d-11e1-8ab1-001b249c11f4} - F:\AutoRun.exe
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\...\MountPoints2: {d89c88ce-eaaf-11e3-b68f-54844d5e440f} - F:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2011-11-28] (AVAST Software)
Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk [2013-12-31]
ShortcutTarget: lollipop.lnk -> C:\Users\Benjamin\AppData\Local\Lollipop\Lollipop.exe (Nenhum Arquivo)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{679AC398-FE5A-4B8C-9505-09C57FF51D73}: [DhcpNameServer] 201.21.192.151 201.21.192.156
Tcpip\..\Interfaces\{67C500CA-126F-4CF0-933F-323D40A92C4E}: [DhcpNameServer] 192.168.1.1 8.8.8.8
Tcpip\..\Interfaces\{F028F73B-1993-4D6A-9C9B-A1558D6825E2}: [DhcpNameServer] 172.29.53.1 200.130.24.200

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinaminternet.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinaminternet.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1388290784&from=tugs&uid=WDCXWD1200BEVS-60RST0_WD-WXE807F4389143891&q={searchTerms}
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinaminternet.com/
HKU\S-1-5-21-3965939723-1240834976-2073343781-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.latinaminternet.com/
SearchScopes: HKLM -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm022^YYA^br&si=pconverter&ptb=B9644B3B-331F-4224-A86D-1ED232A9574C&ind=2013102817&n=77fd82e1&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3965939723-1240834976-2073343781-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=012513&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3965939723-1240834976-2073343781-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3965939723-1240834976-2073343781-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=012513&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3965939723-1240834976-2073343781-1000 -> {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^HJ^xdm022^YYA^br&si=pconverter&ptb=B9644B3B-331F-4224-A86D-1ED232A9574C&ind=2013102817&n=77fd82e1&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3965939723-1240834976-2073343781-1000 -> {FFD7957A-129B-4B2E-B33C-201922CB3554} URL = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=115131&tt=120812_bandext_3312_2&babsrc=SP_iclro&mntrId=bec62096000000000000000000000000
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO: avast! WebRep -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Help the General-Search Project -> {CA4520F3-AE13-4FB1-A513-58E23991C86D} -> C:\Users\Benjamin\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll [2012-03-06] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28] (AVAST Software)
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} hxxps://bnioficina.inep.gov.br/CSHELL/extender.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {F84A1F8A-89B2-411E-BA71-B6FFE295A64D} hxxp://www.sophotos.com.br/components/com_aurigmaphotoorder/assets/Uploader8.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll Nenhum Arquivo
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll Nenhum Arquivo
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\qw2nfg3i.default
FF DefaultSearchEngine: Ask Search
FF SearchEngineOrder.1: Ask Search
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Ask Search
FF Homepage: hxxp://login.latinaminternet.com/search.php?q=
FF Keyword.URL: hxxp://login.latinaminternet.com/search.php?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2011-12-27] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-13] (Google Inc.)
FF Plugin: @VideoDownloadConverter_4z.com/Plugin -> C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll [2013-10-28] (MindSpark)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\qw2nfg3i.default\user.js [2015-08-18]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\qw2nfg3i.default\searchplugins\ask-search.xml [2014-01-20]
FF SearchPlugin: C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\qw2nfg3i.default\searchplugins\bingp.xml [2013-01-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012-08-13]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\buscape.xml [2013-07-12]
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml [2013-07-12]
FF Extension: General Crawler - C:\Users\Benjamin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-08-13] [não assinado]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-01-25] [não assinado]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-27] [não assinado]

Chrome: 
=======
CHR HomePage: Default -> hxxp://isearch.claro-search.com/?affID=115131&tt=120812_bandext_3312_2&babsrc=HP_iclro&mntrId=bec62096000000000000000000000000
CHR StartupUrls: Default -> "hxxp://www.hotmail.com/","hxxp://www.search.ask.com/?tpid=ORJ-V7C&o=APN11412&pf=V7&trgb=CR&p2=%5EBBK%5EOSJ000%5EYY%5EBR&gct=hp&apn_ptnrs=BBK&apn_dtid=%5EOSJ000%5EYY%5EBR&apn_dbr=cr_35.0.1916.153&apn_uid=E42FD555-3DA6-49FB-8439-4682B53FA29B&itbv=12.12.2.83&doi=2014-06-22&psv=&pt=tb"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\pdf.dll => Nenhum Arquivo
CHR Plugin: (Skype Click to Call) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll => Nenhum Arquivo
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll => Nenhum Arquivo
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Nenhum Arquivo
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll => Nenhum Arquivo
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (General Crawler) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel [2012-10-31] [UpdateUrl: hxxp://1.update.general-crawler.com/updates/update_chrome.xml] <==== ATENÇÃO
CHR Extension: (Site down?) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dimhcblkpgmkpldmpfimhkhfcnmckodj [2014-01-01]
CHR Extension: (Skype) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-13]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-18]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-18]
CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Benjamin\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-03-06]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-12-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Benjamin\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx <não encontrado (a)>

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-04] (APN LLC.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-11-28] (AVAST Software)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CLHNServiceForPowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-08-23] ()
S2 clr_optimization_v4.0.30128_32; C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [130384 2010-01-28] (Microsoft Corporation)
R2 cpextender; C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [355504 2011-06-02] (Check Point Software Technologies)
S2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [75048 2011-09-02] (CyberLink)
S2 CyberLink PowerDVD 11.0 Service; C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [292136 2011-09-02] (CyberLink)
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Arquivo não assinado]
R2 QHActiveDefense; C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe [704664 2015-08-04] ()
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 UI Assistant Service; C:\Program Files\Join Air\AssistantServices.exe [274208 2012-05-03] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 VideoDownloadConverter_4zService; C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbarsvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [88136 2015-08-04] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [65608 2015-08-04] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [202312 2015-08-04] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-08-04] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [174536 2015-08-04] (360安全中心)
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [20568 2011-11-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [55128 2011-11-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [34392 2011-11-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [435032 2011-11-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [314456 2011-11-28] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [52952 2011-11-28] (AVAST Software)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [165968 2015-08-04] (Qihu 360 Software Co., Ltd.)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23752 2015-08-04] (360安全中心)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [54856 2015-08-04] (360安全中心)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 massfilter; C:\Windows\System32\drivers\massfilter.sys [9216 2011-08-29] (MBB Incorporated)
R2 ntk_PowerDVD; C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys [71664 2011-08-23] (Cyberlink Corp.)
R1 qutmdserv; C:\Windows\System32\DRIVERS\qutmdrv.sys [257352 2015-08-04] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [45896 2015-08-04] (360.cn)
R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [129304 2011-06-02] (Check Point Software Technologies)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [77296 2011-09-02] (CyberLink Corp.)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-01-20 15:43 - 2016-01-20 15:44 - 00024058 _____ C:\Users\Benjamin\Desktop\FRST.txt
2016-01-20 15:43 - 2016-01-20 15:43 - 00000000 ____D C:\FRST
2016-01-20 15:43 - 2016-01-20 15:41 - 01721856 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST.exe
2016-01-20 15:40 - 2016-01-20 15:41 - 01721856 _____ (Farbar) C:\Users\Benjamin\Downloads\FRST.exe
2016-01-19 18:06 - 2016-01-19 18:06 - 00006072 _____ C:\Users\Benjamin\Desktop\UsbFix_Report.txt
2016-01-19 17:40 - 2016-01-19 17:38 - 03071552 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Benjamin\Desktop\UsbFix_2016_8.181 (1).exe
2016-01-19 17:38 - 2016-01-19 17:38 - 03071552 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Benjamin\Downloads\UsbFix_2016_8.181 (1).exe
2016-01-17 23:43 - 2016-01-17 23:44 - 03071552 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\Benjamin\Downloads\UsbFix_2016_8.181.exe
2016-01-17 20:19 - 2016-01-17 20:20 - 00010752 ___SH C:\Users\Benjamin\Thumbs.db
2016-01-14 16:09 - 2016-01-14 16:10 - 00000000 ____D C:\Program Files\ZHPFix
2016-01-14 16:09 - 2016-01-14 16:09 - 00001759 _____ C:\Users\Public\Desktop\ZHPFix.lnk
2016-01-14 16:09 - 2016-01-14 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-01-14 16:08 - 2016-01-14 16:06 - 03521617 _____ (Nicolas Coolman ) C:\Users\Benjamin\Desktop\ZHPFix.exe
2016-01-14 16:05 - 2016-01-14 16:06 - 03521617 _____ (Nicolas Coolman ) C:\Users\Benjamin\Downloads\ZHPFix.exe
2016-01-13 23:01 - 2016-01-13 23:01 - 00145908 _____ C:\Users\Benjamin\Desktop\ZHPDiag.txt
2016-01-13 22:45 - 2016-01-14 16:10 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\ZHP
2016-01-13 22:45 - 2016-01-13 22:51 - 00000826 _____ C:\Users\Benjamin\Desktop\ZHPDiag.lnk
2016-01-13 22:32 - 2016-01-13 22:32 - 02068992 _____ C:\Users\Benjamin\Downloads\ZHPDiag3.exe

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-01-20 15:43 - 2009-07-14 00:37 - 00000000 ____D C:\Windows
2016-01-20 15:42 - 2015-08-30 20:54 - 00000000 ____D C:\UsbFix
2016-01-20 15:42 - 2011-12-27 10:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-20 15:35 - 2012-02-26 16:24 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-19 18:02 - 2009-07-14 02:34 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-19 18:02 - 2009-07-14 02:34 - 00020512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-19 18:00 - 2011-12-26 17:39 - 01634728 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-19 18:00 - 2009-07-29 16:38 - 00705984 _____ C:\Windows\system32\prfh0416.dat
2016-01-19 18:00 - 2009-07-29 16:38 - 00146710 _____ C:\Windows\system32\prfc0416.dat
2016-01-19 18:00 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf
2016-01-19 17:55 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-19 17:34 - 2012-07-09 15:59 - 00000000 ____D C:\Users\Benjamin\AppData\Roaming\Skype
2016-01-19 16:12 - 2015-08-28 17:22 - 00000000 ____D C:\Users\Benjamin\AppData\LocalLow\360WD
2016-01-17 20:19 - 2011-12-26 17:34 - 00000000 ____D C:\Users\Benjamin
2016-01-15 15:23 - 2012-07-09 15:58 - 00000000 ___RD C:\Program Files\Skype
2016-01-13 22:06 - 2012-02-26 16:24 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

==================== Arquivos na raiz de alguns diretórios =======

2013-06-23 00:14 - 2013-06-23 00:14 - 0000288 _____ () C:\Users\Benjamin\AppData\Roaming\.backup.dm
2011-12-27 10:47 - 2011-12-27 10:47 - 0000000 _____ () C:\Users\Benjamin\AppData\Local\AtStart.txt
2011-12-28 00:59 - 2015-04-06 14:30 - 0016384 _____ () C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-27 10:47 - 2011-12-27 10:47 - 0000000 _____ () C:\Users\Benjamin\AppData\Local\DSwitch.txt
2012-03-19 21:39 - 2015-08-26 11:49 - 0000000 _____ () C:\Users\Benjamin\AppData\Local\FnF4.txt
2011-12-27 10:47 - 2011-12-27 10:47 - 0000000 _____ () C:\Users\Benjamin\AppData\Local\QSwitch.txt
2013-07-12 12:49 - 2013-09-17 21:48 - 0001832 _____ () C:\Users\Benjamin\AppData\Local\SLC_Benjamin.prx
2012-03-10 16:43 - 2012-03-10 16:47 - 0000662 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2014-08-12 21:42

==================== Fim de FRST.txt ============================