Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:13-06-2016 Executado por Povoa (administrador) em POVOA-PC (14-06-2016 12:32:24) Executando a partir de C:\Users\Povoa\Downloads Perfis Carregados: Povoa (Perfis Disponíveis: Povoa) Platform: Microsoft Windows 7 Professional (X86) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (Mindspark) C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe (Mindspark) C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe () C:\Program Files\WeatherTool\2.0.1.11297\WeatherService.exe (ShenZhen Enode Techology co,.Ltd) C:\Program Files\WeatherTool\2.0.1.11297\weather.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe () C:\Program Files\WSE_Astromenda\BRS\brs.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDL.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (WinDS PRO Central) C:\Users\Public\Documents\WinDS PRO\windspro.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-07] (Avast Software s.r.o.) HKLM\...\Run: [FromDocToPDF EPM Support] => C:\Program Files\FromDocToPDF_65\bar\1.bin\65medint.exe [11600 2015-10-28] (Mindspark) HKLM\...\Run: [MapsGalaxy EPM Support] => C:\Program Files\MapsGalaxy_39\bar\1.bin\39medint.exe [11600 2015-10-28] (Mindspark) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe HKLM\...\RunOnce: [Monopesali] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Povoa\AppData\Local\5CDC1E~1\Fekuc.dat" HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [GoogleChromeAutoLaunch_9D5A8538BD2E6B2E6F5EB6E2414EC312] => C:\Program Files\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.) HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [BRS] => C:\Program Files\WSE_Astromenda\BRS\brs.exe [1072128 2014-08-25] () HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Run: [EPSON TX210 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDL.EXE [199680 2008-11-05] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\Povoa\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-07] (Avast Software s.r.o.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Escola Flex.lnk [2015-03-29] ShortcutTarget: Escola Flex.lnk -> C:\Program Files\Sistema Flex\Escola Flex\EscolaFlex.exe (Sistema Flex) CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 200.189.80.121 200.189.80.126 Tcpip\..\Interfaces\{DA3AA30E-41B3-45DF-ABB4-0DF440297B2C}: [DhcpNameServer] 200.189.80.121 200.189.80.126 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms} HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_ir_14_36_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0SzyyCzztN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByDtDyCyD0AtAtDtG0DtByDtCtGtAtBtC0FtGyB0D0E0FtGyEtA0EzytB0D0E0E0E0DyCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyB0AzztAtBzytGzy0A0A0BtGzyyEtCyCtG0CyEyCzytGtByE0CyEzzyD0DyB0FyBtAtA2Q&cr=590479816&ir= URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - Nenhum Arquivo URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark) URLSearchHook: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 - (Sem Nome) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (Mindspark) SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyC0DtDyEyCtBtGtD0EyD0AtGtB0A0EyDtGyCzztCtDtG0AyD0BtDyDtAyE0AzztDyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D1158292297%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms} SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm063^LAPTBR^br&si=CMHpgZ64n8kCFYSBkQodg7IArQ&ptb=DB15D7FF-75CA-401A-987B-0DC5D288DD8C&ind=2015112011&n=781c2b4b&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Web URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pc0102&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0SyBzyyEtN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1L1G1B1V1N2Y1L1Qzu2SyCyCtD0F0EyEzztDtG0BzzyDtAtG0EyEyDyEtG0E0F0D0BtGtByC0EyE0D0BtA0EtB0A0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0EyB0AzztAtBzytGzy0A0A0BtGzyyEtCyCtG0CyEyCzytGtByE0CyEzzyD0DyB0FyBtAtA2Q&cr=910937190&ir= SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StB0B0FyCyByBtCtCtGtA0CzytCtGyCtDyB0AtGyB0AtA0FtG0DyD0E0AyDzz0Ezzzy0Bzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D635422264%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {09BE1E29-1876-4D8B-B2C3-B70078BEC9ED} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN69085808327231258&UM=1 SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_lvrms_16_16¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtBtByCzzyE0FyEyEtCyD0AtDyDzytN0D0Tzu0StCyDyByEtN1L2XzutAtFtBtCtFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCzzyC0DtDyEyCtBtGtD0EyD0AtGtB0A0EyDtGyCzztCtDtG0AyD0BtDyDtAyE0AzztDyByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0CtBzz0C0A0C0CtGyDyDtAzztGyEyCtD0CtGzyzzyByDtG0AtDzz0D0B0AyDyC0B0Azyzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzzyB%26cr%3D1158292297%26a%3Dwncy_lvrms_16_16%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.iminent.com/?appId=EC2F7334-9649-4ABA-90BE-F696832743F0&ref=toolbox&q={searchTerms} SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393957250&from=pcm&uid=SAMSUNGXHD161GJ_S1ZWJ50S831706&q={searchTerms} SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm063^LAPTBR^br&si=CMHpgZ64n8kCFYSBkQodg7IArQ&ptb=DB15D7FF-75CA-401A-987B-0DC5D288DD8C&ind=2015112011&n=781c2b4b&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms} BHO: Sem Nome -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> Nenhum Arquivo BHO: Sem Nome -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> Nenhum Arquivo BHO: Sem Nome -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> Nenhum Arquivo BHO: Sem Nome -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Nenhum Arquivo BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-07] (Avast Software s.r.o.) BHO: Sem Nome -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Nenhum Arquivo BHO: Sem Nome -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> Nenhum Arquivo BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) BHO: Sem Nome -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> Nenhum Arquivo Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Sem Nome - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - Nenhum Arquivo Toolbar: HKU\S-1-5-21-1583950776-1410139741-2967775968-1001 -> Sem Nome - {364EA597-E728-4CE4-BB4A-ED846EF47970} - Nenhum Arquivo DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default FF DefaultSearchEngine: Avast Search FF DefaultSearchUrl: hxxps://search.avast.com/AV772/search/web?q={searchTerms} FF SearchEngineOrder.1: Avast Search FF SelectedSearchEngine: Avast Search FF Homepage: hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b FF Keyword.URL: hxxps://search.avast.com/AV772/search/web?q={searchTerms} FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-14] () FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll [Nenhum Arquivo] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Astromenda.xml [2014-08-31] FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\avast-search.xml [2016-04-26] FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Mysearchdial.xml [2014-05-11] FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\Search Provided by Yahoo.xml [2016-04-23] FF SearchPlugin: C:\Users\Povoa\AppData\Roaming\Mozilla\Firefox\Profiles\2kh1othv.default\searchplugins\yahoo-avast.xml [2014-12-17] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-09] FF HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [não assinado] Chrome: ======= CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=5ad0fcc8320554874a40d309b3d66f1b" CHR Profile: C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (McAfee Security Scan+) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-30] CHR Extension: (Avast Online Security) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-08] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08] CHR Extension: (Quick Start) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2015-12-07] CHR Extension: (Search Manager) - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-06-12] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17] CHR HKLM\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files\Iminent\Iminent.crx" CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Povoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-20] CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1583950776-1410139741-2967775968-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-07] (Avast Software s.r.o.) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-17] (Avast Software) R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36936 2014-09-21] (Just Develop It) <==== ATENÇÃO R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) R2 FromDocToPDF_65Service; C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe [89424 2015-10-28] (Mindspark) R2 MapsGalaxy_39Service; C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe [89424 2015-10-28] (Mindspark) R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6399360 2016-05-27] (Reimage®) R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.1.11297\WeatherService.exe [141960 2016-04-05] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-07] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-07] (Avast Software s.r.o.) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-07] (Avast Software s.r.o.) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-07] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-07] (Avast Software s.r.o.) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-07] (Avast Software s.r.o.) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-07] (Avast Software s.r.o.) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-07] () R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-17] (Avast Software) S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X] S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 cpuz134; \??\C:\Users\Povoa\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X] S1 hlnfd; system32\drivers\hlnfd.sys [X] S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-06-14 12:32 - 2016-06-14 12:32 - 00020993 _____ C:\Users\Povoa\Downloads\FRST.txt 2016-06-14 12:31 - 2016-06-14 12:32 - 00000000 ____D C:\FRST 2016-06-14 12:31 - 2016-06-14 12:31 - 01736192 _____ (Farbar) C:\Users\Povoa\Downloads\FRST.exe 2016-06-14 12:24 - 2016-06-14 12:24 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-06-14 12:24 - 2016-06-14 12:24 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-14 12:23 - 2016-06-14 12:23 - 00002155 _____ C:\Users\Public\Desktop\WinDS PRO.lnk 2016-06-14 12:21 - 2016-06-14 12:23 - 00000000 ____D C:\Users\Public\Documents\WinDS PRO 2016-06-14 12:11 - 2016-06-14 12:19 - 43698377 _____ C:\Users\Povoa\Desktop\WinDS PRO 2016.04.08.zip 2016-06-13 11:59 - 2016-06-13 11:59 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-06-13 11:58 - 2016-06-13 11:58 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-05-15 11:36 - 2016-05-15 11:36 - 00144944 _____ C:\Windows\Minidump\051516-18018-01.dmp ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-06-14 12:24 - 2014-02-27 19:05 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-14 12:23 - 2014-03-08 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDS PRO 2016-06-14 12:20 - 2014-03-04 15:20 - 00000292 _____ C:\Windows\Tasks\Funmoods.job 2016-06-14 12:05 - 2014-03-22 14:50 - 00000292 _____ C:\Windows\Tasks\MySearchDial.job 2016-06-14 12:03 - 2014-04-21 12:54 - 00000292 _____ C:\Windows\Tasks\Price Meter Updater.job 2016-06-14 12:03 - 2014-02-27 19:05 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-14 12:03 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-14 10:43 - 2009-07-14 01:34 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-14 10:43 - 2009-07-14 01:34 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-14 10:08 - 2016-04-23 21:12 - 00000000 ____D C:\Users\Povoa\AppData\Roaming\WeatherTool 2016-06-14 09:47 - 2014-02-23 16:04 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-13 20:53 - 2014-02-27 19:06 - 00002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-13 20:53 - 2014-02-27 19:06 - 00002087 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-13 11:59 - 2016-04-23 21:12 - 00000000 ____D C:\Program Files\WeatherTool 2016-06-11 15:22 - 2016-04-26 09:51 - 00000000 ___HD C:\Users\Povoa\Desktop\Matheus 2016-06-11 15:12 - 2015-12-21 19:25 - 00000150 _____ C:\Windows\Reimage.ini 2016-05-27 23:09 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF 2016-05-27 22:59 - 2014-06-07 11:24 - 00000000 ____D C:\Users\Povoa\AppData\LocalLow\Temp 2016-05-15 11:36 - 2014-03-08 17:40 - 176323524 _____ C:\Windows\MEMORY.DMP 2016-05-15 11:36 - 2014-03-08 17:40 - 00000000 ____D C:\Windows\Minidump ==================== Arquivos na raiz de alguns diretórios ======= 2015-09-27 14:34 - 2015-09-27 14:34 - 2170899 _____ () C:\Users\Povoa\AppData\Roaming\sb669.dat 2015-11-20 12:55 - 2015-11-20 12:55 - 0410624 _____ () C:\Users\Povoa\AppData\Roaming\Setup50259.exe 2015-09-27 14:33 - 2015-09-27 14:33 - 0581120 _____ () C:\Users\Povoa\AppData\Roaming\Setup52511.exe 2014-03-04 15:20 - 2015-12-03 18:04 - 0000332 _____ () C:\Users\Povoa\AppData\Roaming\WB.CFG 2014-12-06 19:00 - 2014-12-17 18:10 - 0000010 _____ () C:\Users\Povoa\AppData\Local\DSI.DAT 2014-12-06 19:00 - 2014-12-06 19:00 - 0022528 _____ () C:\Users\Povoa\AppData\Local\dsisetup2300852.exe 2014-12-17 18:10 - 2014-12-17 18:10 - 0022528 _____ () C:\Users\Povoa\AppData\Local\dsisetup41068042.exe 2014-10-06 19:13 - 2014-10-06 19:13 - 0000020 _____ () C:\ProgramData\bc.ini 2014-01-15 02:15 - 2014-01-15 02:15 - 0167784 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\FileSplitUpLoad.dll C:\Users\Todos os Usuários\FileSplitUpLoad.dll Alguns arquivos em TEMP: ==================== C:\Users\Povoa\AppData\Local\Temp\130214_a2.exe C:\Users\Povoa\AppData\Local\Temp\130214_l.exe C:\Users\Povoa\AppData\Local\Temp\130214_p.exe C:\Users\Povoa\AppData\Local\Temp\130214_y.exe C:\Users\Povoa\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634(1).exe C:\Users\Povoa\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe C:\Users\Povoa\AppData\Local\Temp\BavPro_Setup_Mini_115.exe C:\Users\Povoa\AppData\Local\Temp\bitool.dll C:\Users\Povoa\AppData\Local\Temp\CloudBackup7574.exe C:\Users\Povoa\AppData\Local\Temp\dotNetFx40_Client_setup.exe C:\Users\Povoa\AppData\Local\Temp\ICReinstall_CR_Downloader_for_pokemon-black.exe C:\Users\Povoa\AppData\Local\Temp\IEHistory.exe C:\Users\Povoa\AppData\Local\Temp\InstalledPrograms.exe C:\Users\Povoa\AppData\Local\Temp\mefqzki6.dll C:\Users\Povoa\AppData\Local\Temp\PriceMeterUpdateVer.exe C:\Users\Povoa\AppData\Local\Temp\ReimagePackage.exe C:\Users\Povoa\AppData\Local\Temp\sqlite3.exe C:\Users\Povoa\AppData\Local\Temp\tbuTor.dll C:\Users\Povoa\AppData\Local\Temp\uttA6FF.tmp.exe C:\Users\Povoa\AppData\Local\Temp\vcredist_x86.exe C:\Users\Povoa\AppData\Local\Temp\_is1E97.exe C:\Users\Povoa\AppData\Local\Temp\_is43E2.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-05-30 18:17 ==================== Fim de FRST.txt ============================