Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:13-06-2016 Executado por Paulo (administrador) em PAULO-PC (14-06-2016 19:28:54) Executando a partir de C:\Users\Paulo\Desktop Perfis Carregados: Paulo (Perfis Disponíveis: Paulo & Mcx1-PAULO-PC & DefaultAppPool) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1") Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe (Microsoft Corporation) C:\Users\Paulo\AppData\Roaming\XBox\XBLive.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\ProgramData\Microsoft\Network\Dsq\browser\syshostctl.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.2.1.1\Lightshot.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe (Maxthon International ltd.) C:\Program Files\Maxthon\Bin\MAXthon.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKU\S-1-5-21-2240306623-60622281-3918578315-1000\...\Run: [MzGameAccelerator] => C:\Program Files\Mz Ultimate Tools\Mz Game Accelerator\MzGameAccelerator.exe [316416 2010-12-18] (Mz Ultimate Tools) HKU\S-1-5-21-2240306623-60622281-3918578315-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2240306623-60622281-3918578315-1000\...\MountPoints2: {fa177140-2b37-11e5-ae07-7071bc06e0f7} - E:\LGAutoRun.exe AppInit_DLLs: d3dgearload.dll => C:\windows\system32\d3dgearload.dll [208896 2014-09-18] (D3DGear Technologies.) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Paulo\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Paulo\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Paulo\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] () ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo Startup: C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stay Live 2000.lnk [2015-08-07] ShortcutTarget: Stay Live 2000.lnk -> C:\Program Files\Software by Design\StayLive.exe (Gregory Braun -- Software Design) BootExecute: autocheck autochk * sdnclean.exe GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyEnable: [.DEFAULT] => Proxy está habilitado. ProxyServer: [.DEFAULT] => http=127.0.0.1:3189;https=127.0.0.1:3189; AutoConfigURL: [.DEFAULT] => http=127.0.0.1:3189;https=127.0.0.1:3189; ProxyServer: [S-1-5-21-2240306623-60622281-3918578315-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080 AutoConfigURL: [S-1-5-21-2240306623-60622281-3918578315-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080 Winsock: Catalog5 07 C:\windows\system32\PrxerNsp.dll [84040 2015-03-28] () Winsock: Catalog5 08 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-04-05] () Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{025FF533-BD95-4D83-86AA-83A6A99EBB9C}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{70FAB3A6-2764-4512-B30E-8C4F7452B1DF}: [DhcpNameServer] 192.168.1.254 0.0.0.0 ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2240306623-60622281-3918578315-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/pt-br/?ocid=U218DHP&pc=U218 HKU\S-1-5-21-2240306623-60622281-3918578315-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11PTBR/WOL_WCP SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2240306623-60622281-3918578315-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2240306623-60622281-3918578315-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2240306623-60622281-3918578315-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-14] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @raidcall.en/RCplugin -> C:\Users\Paulo\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-09-02] (Raidcall) FF Plugin: @raidcall.tw/RCplugin -> C:\Users\Paulo\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2240306623-60622281-3918578315-1000: @mail.ru/GameCenter -> C:\Users\Paulo\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-2240306623-60622281-3918578315-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Paulo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2240306623-60622281-3918578315-1000: SkypePlugin -> C:\Users\Paulo\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.) FF user.js: detected! => C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\user.js [2015-07-27] FF user.js: detected! => C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2015-07-27] FF Extension: Fasterfox - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2016-03-06] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\adblockpopups@jessehakanen.net.xpi [2016-03-11] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\Extensions\adblockpopups@jessehakanen.net.xpi [2016-03-11] FF Extension: Come back "Block image from ad.sites" - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\Extensions\come.back.block.image.from@cat-in-136.blogspot.com.xpi [2016-03-11] FF Extension: Cookies Export/import - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\Extensions\CookiesIE@yahoo.com.xpi [2015-06-16] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\Extensions\elemhidehelper@adblockplus.org.xpi [2016-03-07] FF Extension: Element Inspector - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\Extensions\InspectElement@zbinlin.xpi [2016-03-13] FF Extension: Fasterfox - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2016-03-06] FF Extension: Adblock Plus - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\xgrqy1d4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-07] FF Extension: GsearchFinder - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29] FF Extension: Come back "Block image from ad.sites" - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\come.back.block.image.from@cat-in-136.blogspot.com.xpi [2016-03-11] FF Extension: Cookies Export/import - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\CookiesIE@yahoo.com.xpi [2015-06-16] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\elemhidehelper@adblockplus.org.xpi [2016-03-07] FF Extension: Element Inspector - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\InspectElement@zbinlin.xpi [2016-03-13] FF Extension: Adblock Plus - C:\Users\Paulo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-07] FF HKU\S-1-5-21-2240306623-60622281-3918578315-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files\DAP\DAPFireFox => não encontrado (a) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com.br/?gws_rd=ssl CHR StartupUrls: Default -> "chrome://newtab/","hxxp://br.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_31¶m1=1¶m2=f%3D7%26b%3DChrome%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDyBtC0B0CtDyC0EtD0FyB0DtAzy0AtN0D0Tzu0StCtAtDtBtN1L2XzutAtFtCtBtFyDtFyCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyCzz0EyEtD0C0BtBtGyCyD0DtBtG0DtB0AyDtGtC0C0E0CtG0D0DtDtBtB0E0Azyzy0BtD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzztByBzytAtAtCtGzytCtCyCtGyE0ByEyEtGzzyCyE0AtGyByDyB0EtD0FyC0A0F0B0AyB2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzzyC%26cr%3D640163696%26a%3Dwncy_bxi01_15_31%26os%3DWindows%2B7%2BProfessional","hxxp://br.hao123.com/?tn=sdkp_inner_protection_04_hao123_br&guid=bfd549523ccc2cfe4d58ded33813e8e3","hxxp://www.hohosearch.com/?mode=nnnb&ptid=amz&uid=6C24722A23F1E0A9AA52041F9013419D&v=20160329&ts=AHEpCHUsAX8kBU.." CHR Profile: C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (AdBlock) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-02] CHR Extension: (Channel Sub Box for YouTube™) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc [2015-07-27] CHR Extension: (A User Finder for Facebook tool) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\loindpnjhobmpflpacokkffaecemclgk [2015-09-16] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Late Night) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm [2015-07-27] CHR Extension: (Gmail) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27] CHR Profile: C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Apresentações) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28] CHR Extension: (Google Docs) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28] CHR Extension: (Google Drive) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Planilhas do Google) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28] CHR Extension: (Documentos Google off-line) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (A User Finder for Facebook tool) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\loindpnjhobmpflpacokkffaecemclgk [2015-09-17] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08] CHR Extension: (Gmail) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28] CHR Profile: C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2 CHR Extension: (Google Apresentações) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-27] CHR Extension: (Google Docs) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-27] CHR Extension: (Google Drive) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-27] CHR Extension: (YouTube) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-27] CHR Extension: (Google Search) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-27] CHR Extension: (Planilhas do Google) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-27] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-27] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27] CHR Extension: (Gmail) - C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27] Opera: ======= OPR Extension: (AdBlock) - C:\Users\Paulo\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2016-03-25] OPR Extension: (CyberGhost VPN - Free Proxy) - C:\Users\Paulo\AppData\Roaming\Opera Software\Opera Stable\Extensions\mapjiibffmopkdcncmaifgdjjiooifnn [2016-03-19] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S4 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.) S4 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.) S4 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.) R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [618920 2015-09-09] (cFos Software GmbH) S4 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [98304 2010-09-17] (Firebird Project) [Arquivo não assinado] S4 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [3735552 2010-09-17] (Firebird Project) [Arquivo não assinado] R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1898504 2016-06-08] (LogMeIn Inc.) R2 IISADMIN; C:\windows\system32\inetsrv\inetinfo.exe [13824 2009-07-13] (Microsoft Corporation) S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-17] (IObit) S4 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [405424 2016-06-07] (LogMeIn, Inc.) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MSMQTriggers; C:\windows\system32\mqtgsvc.exe [126464 2010-11-20] (Microsoft Corporation) S4 MustangService_2016.01.10.18.43.25; C:\Program Files\Mustang Browser\Mustang\bin\MusServer.exe [362584 2015-08-22] (Rafotech) S4 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado] S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [48872 2015-11-19] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [2121728 2016-05-27] (Microsoft Corporation) [Arquivo não assinado] R2 XBox; C:\Users\Paulo\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation) S4 BsrSvc; "C:\Program Files\PC Faster\5.1.0.0\System Repair\BsrSvc.exe" -service [X] S4 SpyHunter 4 Service; não ImagePath ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 Bhbase; C:\windows\System32\drivers\Bhbase.sys [46440 2015-04-15] (Baidu, Inc.) R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [112344 2014-10-07] (BlueStack Systems) R1 cFosSpeed; C:\windows\System32\DRIVERS\cfosspeed6.sys [1426856 2015-09-09] (cFos Software GmbH) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] () S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2014-11-22] () R3 GUCI_AVS; C:\windows\System32\DRIVERS\GUCI_AVS.sys [598016 2009-06-23] (PixArt Imaging Incorporation) R3 hamachi; C:\windows\System32\DRIVERS\hamachi.sys [27040 2016-03-22] (LogMeIn, Inc.) R3 ManyCam; C:\windows\System32\DRIVERS\mcvidrv.sys [40736 2013-11-26] (Visicom Media Inc.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2016-06-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\windows\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.) R1 ndisrd; C:\windows\System32\DRIVERS\ndisrd.sys [37408 2014-08-14] (NT Kernel Resources) S3 netr28u; C:\windows\System32\DRIVERS\netr28u.sys [1553608 2014-01-03] (Ralink Technology Corp.) S3 RTL8187B; C:\windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-13] (Realtek Semiconductor Corporation ) R3 Serenum; C:\windows\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows (R) Win 7 DDK provider) R3 Serial; C:\windows\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.) S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project) S3 VCSVADHWSer; C:\windows\System32\DRIVERS\vcsvad.sys [17792 2008-12-26] (Avnex) [Arquivo não assinado] S3 Baidu PC Faster FileShredder; \??\C:\Program Files\PC Faster\5.1.0.0\FileKill_x86.sys [X] S3 BprotectEx; \??\C:\windows\System32\drivers\BprotectEx.sys [X] S1 dhsgomnd; \??\C:\windows\system32\drivers\dhsgomnd.sys [X] S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [X] S3 esgiguard; não ImagePath S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] S3 PCFApiUtil; \??\C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [X] S3 taphss6; system32\DRIVERS\taphss6.sys [X] S3 xhunter1; \??\C:\windows\xhunter1.sys [X] S3 xspirit; \??\C:\windows\xspirit.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-06-14 19:28 - 2016-06-14 19:30 - 00024699 _____ C:\Users\Paulo\Desktop\FRST.txt 2016-06-14 16:56 - 2016-06-14 16:56 - 00044996 _____ C:\ZA-Scan.txt 2016-06-14 16:48 - 2016-06-14 16:48 - 00000000 ____D C:\zoek_backup 2016-06-14 16:44 - 2016-06-14 16:44 - 01370112 _____ C:\Users\Paulo\Desktop\ZA-Scan.exe 2016-06-13 16:27 - 2016-06-13 16:30 - 00062595 _____ C:\Users\Paulo\Desktop\Addition.txt 2016-06-13 16:04 - 2016-06-13 16:04 - 00797760 _____ C:\Users\Paulo\Downloads\delfix_1.013.exe 2016-06-13 16:03 - 2016-06-13 16:08 - 00063587 _____ C:\Users\Paulo\Downloads\Addition.txt 2016-06-13 15:59 - 2016-06-14 19:28 - 00000000 ____D C:\FRST 2016-06-13 15:59 - 2016-06-13 16:08 - 00039650 _____ C:\Users\Paulo\Downloads\FRST.txt 2016-06-13 15:57 - 2016-06-13 15:57 - 01736192 _____ (Farbar) C:\Users\Paulo\Desktop\FRST.exe 2016-06-13 15:53 - 2016-06-13 15:53 - 02215424 _____ C:\Users\Paulo\ZHPDiag3.exe 2016-06-13 15:52 - 2016-06-13 15:57 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\ZHP 2016-06-13 15:52 - 2016-06-13 15:52 - 02213888 _____ C:\Users\Paulo\Downloads\ZHPDiag3.exe 2016-06-13 15:49 - 2016-06-13 15:49 - 00834970 _____ C:\Users\Paulo\Desktop\1Box_cFSTR.exe 2016-06-13 15:39 - 2016-06-14 15:15 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-13 15:39 - 2016-06-13 15:39 - 00001085 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-13 15:39 - 2016-06-13 15:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-06-13 15:39 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2016-06-13 15:39 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2016-06-13 15:39 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2016-06-13 14:04 - 2016-06-13 14:04 - 00000000 ____D C:\windows\7 2016-06-12 15:51 - 2016-06-13 20:17 - 00001471 _____ C:\Users\Paulo\Downloads\moderarpp.txt 2016-06-08 23:35 - 2016-06-08 23:35 - 00451454 _____ C:\Users\Paulo\Downloads\Pets.rar 2016-06-08 17:19 - 2016-06-08 17:19 - 00000000 ____D C:\Users\Public\Documents\PC Faster 2016-06-08 16:42 - 2016-06-08 16:42 - 00091594 _____ C:\Users\Paulo\Documents\cc_20160608_164218.reg 2016-06-08 16:28 - 2016-06-08 16:28 - 00000000 ____D C:\Program Files\LogMeIn Hamachi 2016-06-08 16:18 - 2016-06-08 16:18 - 03677248 _____ C:\Users\Paulo\Downloads\adwcleaner_5.119(1).exe 2016-06-08 16:15 - 2016-06-08 16:17 - 01367648 _____ C:\Users\Paulo\Downloads\adwcleaner_5.119.exe 2016-06-08 01:24 - 2016-06-08 01:24 - 00320764 _____ C:\Users\Paulo\Downloads\elephants.swf 2016-06-07 01:59 - 2016-06-07 01:59 - 00001954 _____ C:\Users\Paulo\Downloads\1 Novo Efeito Trampolim - Criando Habbos.rar 2016-06-07 01:59 - 2016-06-07 01:59 - 00001870 _____ C:\Users\Paulo\Downloads\1 Novo Efeito Treadmill - Criando Habbos.rar 2016-06-06 14:38 - 2016-06-06 14:38 - 00102041 _____ C:\Users\Paulo\Downloads\pikachupet1.swf 2016-06-06 14:29 - 2016-06-06 14:29 - 00370148 _____ C:\Users\Paulo\Downloads\bebesp.swf 2016-06-06 14:29 - 2016-06-06 14:29 - 00263860 _____ C:\Users\Paulo\Downloads\mario_viter_hh.swf 2016-06-06 14:26 - 2016-06-06 14:26 - 00272609 _____ C:\Users\Paulo\Downloads\babyBH.swf 2016-05-31 11:26 - 2016-05-31 11:26 - 00738368 _____ (Oracle Corporation) C:\Users\Paulo\Downloads\chromeinstall-8u91(1).exe 2016-05-31 11:15 - 2016-05-31 11:15 - 00067188 _____ C:\Users\Paulo\Downloads\SJs2aIQ.htm 2016-05-31 11:14 - 2016-05-31 11:14 - 00737856 _____ (Oracle Corporation) C:\Users\Paulo\Downloads\chromeinstall-8u91.exe 2016-05-24 20:49 - 2016-05-24 20:49 - 00000000 ____D C:\Users\Paulo\Documents\FD Trillix 2016-05-24 20:47 - 2016-05-24 20:47 - 00263860 _____ C:\Users\Paulo\Downloads\mario.swf 2016-05-22 19:40 - 2016-05-22 19:40 - 09678647 _____ C:\Users\Paulo\Downloads\Plus Emu Fixes - DevHabbos.zip 2016-05-20 17:23 - 2016-05-20 17:23 - 00000125 _____ C:\windows\FlashDecompiler.INI 2016-05-17 23:10 - 2016-05-17 23:10 - 00003307 _____ C:\Users\Paulo\Downloads\upload.zip 2016-05-16 05:02 - 2016-05-16 05:02 - 00000000 ____D C:\Users\Paulo\Downloads\PlusEMU 2016-05-16 05:02 - 2016-01-11 20:55 - 00000000 ____D C:\Users\Paulo\Downloads\Database 2016-05-16 05:00 - 2016-01-11 18:16 - 00000000 ____D C:\Users\Paulo\Desktop\PlusEMU 2016-05-16 04:59 - 2016-05-16 04:59 - 07863593 _____ C:\Users\Paulo\Downloads\PlusEMU 16-2-2016.rar 2016-05-14 01:34 - 2016-05-14 01:34 - 09663088 _____ (TeamViewer GmbH) C:\Users\Paulo\Downloads\TeamViewer_Setup_pt.exe 2016-05-12 22:43 - 2016-05-12 22:46 - 00000600 _____ C:\Users\Paulo\AppData\Local\PUTTY.RND 2016-05-11 21:21 - 2016-05-11 21:21 - 01170320 _____ C:\Users\Paulo\Downloads\Wesley12312-arcturus-81908a183a21.zip 2016-05-07 20:23 - 2016-05-25 17:49 - 00000000 ____D C:\Users\Paulo\Downloads\db line 2016-05-07 20:22 - 2016-05-07 20:22 - 01142321 _____ C:\Users\Paulo\Downloads\furnitureline.sql 2016-05-07 20:22 - 2016-05-07 20:22 - 00048407 _____ C:\Users\Paulo\Downloads\catalog_pagesline.sql 2016-05-05 21:04 - 2016-05-05 21:08 - 00000000 ____D C:\Users\Paulo\Desktop\Boon-master 2016-05-05 20:55 - 2016-05-05 20:59 - 09511246 _____ C:\Users\Paulo\Downloads\Boon-master.zip 2016-05-03 00:41 - 2016-05-03 00:41 - 00000017 _____ C:\Users\Paulo\Desktop\netflix.txt 2016-05-02 18:11 - 2016-03-15 07:56 - 00000000 ____D C:\Users\Paulo\Desktop\Yupi-1.1.0-jesus 2016-05-02 18:09 - 2016-05-02 18:10 - 01225967 _____ C:\Users\Paulo\Downloads\Yupi-1.1.0-jesus.zip 2016-05-01 00:38 - 2016-05-01 00:38 - 00001576 _____ C:\Users\Paulo\Downloads\rankcampanha.sql 2016-04-30 21:05 - 2016-05-06 20:21 - 00026420 _____ C:\Users\Paulo\Desktop\hall.php 2016-04-29 17:36 - 2016-04-29 17:36 - 00000881 _____ C:\Users\Paulo\Downloads\rankevento.sql 2016-04-29 00:25 - 2016-04-29 00:25 - 00007976 _____ C:\Users\Paulo\Downloads\Efeito Regador Habbo - Criando Habbos.rar 2016-04-29 00:24 - 2016-04-29 00:24 - 00049931 _____ C:\Users\Paulo\Downloads\3 Novos Efeitos Habbo - Criando Habbos.rar 2016-04-24 18:53 - 2016-04-24 18:54 - 00633872 _____ (Nsasoft LLC. ) C:\Users\Paulo\Downloads\FreePortScanner.exe 2016-04-23 12:52 - 2016-04-23 12:52 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse 2016-04-23 12:23 - 2016-04-23 12:23 - 00000000 ____D C:\Users\Paulo\eclipse 2016-04-23 12:22 - 2016-04-23 12:23 - 00000000 ____D C:\Users\Paulo\.p2 2016-04-23 12:22 - 2016-04-23 12:23 - 00000000 ____D C:\Users\Paulo\.eclipse 2016-04-23 12:21 - 2016-04-23 12:22 - 06481378 _____ C:\Users\Paulo\Downloads\Habbonew.swf 2016-04-23 11:01 - 2016-04-23 11:08 - 46890808 _____ C:\Users\Paulo\Downloads\eclipse-inst-win32(1).exe 2016-04-21 21:19 - 2016-04-21 21:38 - 00000000 ____D C:\Users\Paulo\Desktop\Comet 2016-04-21 21:17 - 2016-04-21 21:18 - 01403381 _____ C:\Users\Paulo\Downloads\eInEun9YJYc2.zip 2016-04-21 04:19 - 2016-06-08 13:53 - 00000000 ____D C:\Users\Todos os Usuários\Windows Security 2016-04-19 13:06 - 2016-04-19 13:06 - 00024813 _____ C:\Users\Paulo\Downloads\cms_news.sql 2016-04-19 05:01 - 2016-04-19 05:02 - 01123322 _____ C:\Users\Paulo\Downloads\furniture.sql 2016-04-19 05:01 - 2016-04-19 05:01 - 00604534 _____ C:\Users\Paulo\Downloads\catalog_items(1).sql 2016-04-19 05:01 - 2016-04-19 05:01 - 00065661 _____ C:\Users\Paulo\Downloads\catalog_pages(7).sql 2016-04-18 21:48 - 2016-04-18 21:48 - 00398403 _____ C:\Users\Paulo\Downloads\Furnis 1 By Glavez.rar 2016-04-17 22:58 - 2016-04-17 22:58 - 11319984 _____ C:\Users\Paulo\Downloads\Luan Martins FIX.rar 2016-04-14 04:13 - 2016-04-14 04:13 - 00005971 _____ C:\Users\Paulo\Downloads\Esconder Client - www.likehotel.com.br - By LoToS.rar 2016-04-14 03:05 - 2016-04-14 03:05 - 00065337 _____ C:\Users\Paulo\Downloads\catalog_pages(6).sql 2016-04-14 01:37 - 2016-04-14 01:37 - 00065335 _____ C:\Users\Paulo\Downloads\catalog_pages(5).sql 2016-04-14 01:28 - 2016-04-14 01:28 - 00065320 _____ C:\Users\Paulo\Downloads\catalog_pages(4).sql 2016-04-14 00:53 - 2016-04-14 00:53 - 00601241 _____ C:\Users\Paulo\Downloads\catalog_items.sql 2016-04-14 00:53 - 2016-04-14 00:53 - 00065354 _____ C:\Users\Paulo\Downloads\catalog_pages(3).sql 2016-04-14 00:34 - 2016-04-14 00:35 - 07371812 _____ C:\Users\Paulo\Downloads\line(2).sql 2016-04-13 22:30 - 2016-04-13 22:30 - 06947653 _____ C:\Users\Paulo\Downloads\line(1).sql 2016-04-13 00:00 - 2016-04-13 00:00 - 04540690 _____ C:\Users\Paulo\Downloads\line.sql 2016-04-12 15:31 - 2016-04-12 15:31 - 00065424 _____ C:\Users\Paulo\Downloads\catalog_pages(2).sql 2016-04-12 15:30 - 2016-04-12 15:30 - 00065309 _____ C:\Users\Paulo\Downloads\catalog_pages(1).sql 2016-04-12 14:05 - 2016-04-12 14:05 - 00019674 _____ C:\Users\Paulo\Downloads\rooms.sql 2016-04-12 03:59 - 2016-04-12 04:00 - 10595984 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\Paulo\Downloads\stellar-photo-recovery.exe 2016-04-12 03:46 - 2016-04-12 03:46 - 00000000 ____D C:\Users\Todos os Usuários\AutoUpdate 2016-04-12 03:46 - 2016-04-12 03:46 - 00000000 ____D C:\Users\Paulo\Documents\DbgLogs 2016-04-12 03:46 - 2016-04-12 03:46 - 00000000 ____D C:\Program Files\Eltima Software 2016-04-12 03:45 - 2016-04-12 03:46 - 28165480 _____ (Eltima Software ) C:\Users\Paulo\Downloads\flash_decompiler.exe 2016-04-12 03:42 - 2016-04-12 03:42 - 00065313 _____ C:\Users\Paulo\Downloads\catalog_pages.sql 2016-04-12 03:35 - 2016-04-12 03:35 - 00000000 ____D C:\Users\Paulo\Documents\Navicat 2016-04-12 03:35 - 2016-04-12 03:35 - 00000000 ____D C:\Program Files\PremiumSoft 2016-04-12 03:33 - 2016-04-12 03:34 - 34071840 _____ (PremiumSoft CyberTech Ltd. ) C:\Users\Paulo\Downloads\navicat112_premium_en_x86.exe 2016-04-09 08:42 - 2016-04-09 09:21 - 426172168 _____ C:\Users\Paulo\Desktop\wwwroot.rar 2016-04-08 03:40 - 2016-04-08 03:40 - 00008738 _____ C:\Users\Paulo\Desktop\1 Novo Efeito Habbo Março - Criando Habbos.rar 2016-04-07 15:44 - 2016-04-07 15:46 - 03864866 _____ C:\Users\Paulo\Desktop\line.sql 2016-04-06 16:03 - 2016-06-08 10:56 - 00027040 ____H (LogMeIn, Inc.) C:\windows\system32\hamachi.sys 2016-04-06 00:00 - 2016-04-06 00:00 - 00000010 _____ C:\Users\Paulo\Desktop\Vps.txt 2016-04-05 16:37 - 2016-04-05 16:37 - 00065312 _____ C:\Users\Paulo\Desktop\catalog_pages.sql 2016-04-05 16:04 - 2016-04-05 16:04 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\HeidiSQL 2016-04-05 16:01 - 2016-04-05 16:01 - 00000000 ____D C:\Users\Todos os Usuários\HeidiSQL 2016-04-05 16:01 - 2016-04-05 16:01 - 00000000 ____D C:\Program Files\HeidiSQL 2016-04-05 15:58 - 2016-05-31 11:30 - 00000000 ____D C:\Program Files\cFosSpeed 2016-04-05 15:58 - 2015-09-09 16:42 - 01426856 _____ (cFos Software GmbH) C:\windows\system32\Drivers\cfosspeed6.sys 2016-04-05 15:54 - 2016-06-13 17:37 - 00000000 ____D C:\Users\Todos os Usuários\System32 2016-04-05 15:48 - 2016-04-05 15:48 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\XBox 2016-04-05 15:48 - 2016-04-05 15:48 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\FrivLauncher 2016-04-04 12:33 - 2016-04-04 12:34 - 04017792 _____ C:\Users\Paulo\Downloads\heidisql32.r5063.exe 2016-04-04 12:29 - 2016-04-04 12:30 - 04449808 _____ (Ansgar Becker ) C:\Users\Paulo\Downloads\HeidiSQL_9.3.0.5062-32_Setup.exe 2016-04-03 22:26 - 2016-04-03 22:26 - 00182951 _____ C:\Users\Paulo\Desktop\badge_definitions.sql 2016-04-03 21:52 - 2016-04-03 21:52 - 00004513 _____ C:\Users\Paulo\Desktop\permissions_commands.sql 2016-04-03 19:17 - 2016-03-09 23:07 - 02210224 _____ C:\Users\Paulo\Desktop\BOOM DB.sql 2016-04-03 19:16 - 2016-04-03 19:17 - 00247670 _____ C:\Users\Paulo\Desktop\BOOMDB.rar 2016-04-02 21:25 - 2016-04-09 01:40 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Maxthon3 2016-04-02 21:25 - 2016-04-02 21:25 - 00000000 ____D C:\Program Files\Maxthon 2016-04-02 21:01 - 2016-04-02 21:24 - 46798944 _____ (Maxthon International ltd.) C:\Users\Paulo\Downloads\mx4.9.1.1000.exe 2016-04-02 15:55 - 2016-04-02 15:55 - 00272319 _____ C:\Users\Paulo\Downloads\fix para db horizon.rar 2016-04-02 14:53 - 2016-04-02 14:56 - 07575791 _____ C:\Users\Paulo\Downloads\Comet-swf.zip 2016-04-02 13:57 - 2016-06-08 23:38 - 00000000 ____D C:\Users\Paulo\Desktop\Habbline 2016-03-30 21:58 - 2016-03-30 21:58 - 00009062 _____ C:\Users\Paulo\Desktop\client.php 2016-03-29 01:34 - 2016-03-29 01:34 - 00056680 _____ C:\Users\Paulo\Downloads\contacts.vcf 2016-03-28 22:42 - 2016-03-28 15:28 - 00001603 _____ C:\Users\Paulo\Desktop\^D35B6C5EDF5752311555158B0D58B7C69DA654B400E4BEDB4A^pimgpsh_fullsize_distr.png 2016-03-27 23:08 - 2016-03-27 23:08 - 00220836 _____ C:\Users\Paulo\Downloads\DiagnosticTool.zip 2016-03-27 18:06 - 2016-03-27 18:06 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Microsoft FxCop 2016-03-27 17:29 - 2016-03-27 17:32 - 09191870 _____ C:\Users\Paulo\Downloads\Emulator.rar 2016-03-27 16:56 - 2016-03-07 20:07 - 00000000 ____D C:\Users\Paulo\Desktop\Plus Emulador (Habboon Edit) - Criando Habbos 2016-03-27 16:55 - 2016-03-27 16:56 - 07890870 _____ C:\Users\Paulo\Downloads\Plus Emulador (Habboon Edit) - Criando Habbos.rar 2016-03-27 14:05 - 2016-06-14 16:16 - 00000000 ____D C:\Users\Paulo\AppData\Local\LogMeIn Hamachi 2016-03-27 14:05 - 2016-03-27 14:05 - 00000000 ____D C:\Users\Todos os Usuários\LogMeIn 2016-03-27 14:05 - 2016-03-27 14:05 - 00000000 ____D C:\Users\Paulo\AppData\Local\LogMeIn 2016-03-27 14:03 - 2016-03-27 14:03 - 02321075 _____ C:\Users\Paulo\Downloads\database.sql 2016-03-27 14:00 - 2016-03-27 14:02 - 08818688 _____ C:\Users\Paulo\Downloads\hamachi.msi 2016-03-27 03:19 - 2016-03-27 03:20 - 03026176 _____ (Microsoft Corporation) C:\Users\Paulo\Downloads\vs_langpack (1).exe 2016-03-27 02:48 - 2016-03-27 02:48 - 00000000 ____D C:\Program Files\AppInsights 2016-03-27 02:45 - 2016-03-27 02:45 - 00000000 ____D C:\Users\Todos os Usuários\PreEmptive Solutions 2016-03-27 02:07 - 2016-03-27 02:07 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0 2016-03-27 01:57 - 2016-03-27 01:57 - 00000000 ____D C:\Program Files\IIS Express 2016-03-27 01:54 - 2016-03-27 01:54 - 00000000 ____D C:\Users\Todos os Usuários\NuGet 2016-03-27 01:54 - 2016-03-27 01:54 - 00000000 ____D C:\Program Files\NuGet 2016-03-27 01:53 - 2016-03-27 01:53 - 00000000 ____D C:\Users\Paulo\AppData\Local\VSIXInstaller 2016-03-27 01:53 - 2016-03-27 01:53 - 00000000 ____D C:\Program Files\Microsoft Office365 Tools 2016-03-27 01:14 - 2016-03-27 01:33 - 00000000 ____D C:\c25e3f8bcfa20058264293 2016-03-27 00:45 - 2016-03-27 00:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-03-27 00:42 - 2016-03-27 00:42 - 00000000 ____D C:\Program Files\ShellDir 2016-03-27 00:33 - 2016-03-27 00:33 - 00000000 ____D C:\Program Files\Microsoft DNX 2016-03-27 00:07 - 2016-03-27 00:07 - 00000000 ____D C:\Program Files\Microsoft WCF Data Services 2016-03-26 23:53 - 2016-03-27 00:43 - 00000000 ____D C:\Program Files\Windows Kits 2016-03-26 23:53 - 2016-03-26 23:53 - 00000000 ____D C:\windows\symbols 2016-03-26 23:49 - 2016-03-26 23:49 - 00000000 ____D C:\Program Files\Common Files\Merge Modules 2016-03-26 23:35 - 2016-03-26 23:35 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2016-03-26 22:14 - 2016-03-26 22:14 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-03-26 15:33 - 2016-03-26 15:33 - 00211592 _____ (Microsoft Corporation) C:\Users\Paulo\Downloads\vs_community_ENU.exe 2016-03-26 11:20 - 2016-03-26 11:21 - 09438784 _____ C:\Users\Paulo\Downloads\SirioEMU - Criando Habbos.zip 2016-03-25 23:11 - 2016-03-25 23:12 - 04204144 _____ C:\Users\Paulo\Downloads\npp.6.9.Installer.exe 2016-03-24 13:29 - 2016-03-24 13:29 - 00000000 ____D C:\Program Files\Common Files\Java 2016-03-22 16:20 - 2016-03-22 16:20 - 00027040 ____H (LogMeIn, Inc.) C:\windows\system32\Drivers\hamachi.sys 2016-03-21 02:44 - 2016-03-24 13:28 - 00095808 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll 2016-03-21 02:41 - 2016-03-21 02:41 - 00734816 _____ (Oracle Corporation) C:\Users\Paulo\Downloads\jre-8u73-windows-i586-iftw (1).exe 2016-03-17 17:57 - 2016-05-25 00:30 - 00000000 ___RD C:\Program Files\Skype 2016-03-17 17:37 - 2016-03-17 17:37 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Paulo\Downloads\SkypeSetup (2).exe 2016-03-17 15:39 - 2016-06-11 21:48 - 00000964 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-03-17 15:33 - 2016-03-17 15:35 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\Paulo\Downloads\flashplayer21pp_fa_install.exe 2016-03-17 15:19 - 2016-03-17 15:19 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Opera Software 2016-03-17 15:19 - 2016-03-17 15:19 - 00000000 ____D C:\Users\Paulo\AppData\Local\Opera Software 2016-03-17 15:15 - 2016-03-31 17:49 - 00000000 ____D C:\Program Files\Opera 2016-03-17 15:14 - 2016-03-17 15:14 - 00724864 _____ (Opera Software) C:\Users\Paulo\Downloads\OperaSetup.exe ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-06-14 19:30 - 2014-09-28 11:28 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Skype 2016-06-14 19:09 - 2014-06-22 06:48 - 00001058 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-14 17:36 - 2014-10-22 23:31 - 00000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240306623-60622281-3918578315-1000UA.job 2016-06-14 16:46 - 2009-07-13 23:04 - 00000579 _____ C:\windows\win.ini 2016-06-14 15:36 - 2009-07-14 01:34 - 00025216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-14 15:36 - 2009-07-14 01:34 - 00025216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-14 15:17 - 2009-07-13 23:37 - 00000000 ____D C:\windows\system32\inetsrv 2016-06-14 15:15 - 2015-07-31 21:28 - 00000640 _____ C:\windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job 2016-06-14 15:15 - 2014-06-22 06:48 - 00001054 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-14 15:15 - 2009-07-14 01:53 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-06-14 15:15 - 2009-07-14 01:34 - 00000000 ____D C:\windows\Setup 2016-06-13 23:36 - 2014-10-22 23:31 - 00000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2240306623-60622281-3918578315-1000Core.job 2016-06-13 22:56 - 2015-08-01 20:30 - 00000000 ____D C:\Users\Paulo\Documents\Visual Studio 2015 2016-06-13 22:56 - 2014-10-09 23:21 - 00000000 ____D C:\Users\Paulo\AppData\Local\CrashDumps 2016-06-13 18:41 - 2014-10-24 23:15 - 00002052 ____H C:\Users\Paulo\Documents\Default.rdp 2016-06-13 17:31 - 2014-09-28 13:49 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\foobar2000 2016-06-13 15:53 - 2014-09-27 17:27 - 00000000 ____D C:\Users\Paulo 2016-06-11 14:40 - 2014-11-19 12:26 - 00000000 ____D C:\Users\Paulo\AppData\Roaming\Notepad++ 2016-06-10 20:41 - 2011-02-04 14:30 - 01771280 _____ C:\windows\system32\PerfStringBackup.INI 2016-06-10 20:41 - 2009-07-14 05:31 - 00759062 _____ C:\windows\system32\prfh0416.dat 2016-06-10 20:41 - 2009-07-14 05:31 - 00164778 _____ C:\windows\system32\prfc0416.dat 2016-06-10 20:41 - 2009-07-13 23:37 - 00000000 ____D C:\windows\inf 2016-06-10 17:52 - 2014-11-20 18:56 - 00000000 ____D C:\AdwCleaner 2016-06-09 14:37 - 2014-09-06 18:22 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-06-08 18:08 - 2009-07-13 23:37 - 00000000 ____D C:\windows\system32\NDF 2016-06-08 17:55 - 2014-09-29 00:09 - 00000000 ____D C:\Users\Paulo\AppData\Local\ElevatedDiagnostics 2016-06-08 16:41 - 2015-05-03 20:26 - 00000000 ____D C:\Program Files\Steam 2016-05-31 11:26 - 2014-06-22 07:00 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2016-05-31 11:25 - 2016-02-09 21:00 - 00000000 ____D C:\Program Files\RapidTyping 5 2016-05-31 11:24 - 2015-07-25 16:35 - 00000000 ____D C:\Users\Paulo\AppData\Local\Deployment 2016-05-31 11:21 - 2014-12-22 23:45 - 00000000 ____D C:\Program Files\Baixo Cidade 2016-05-30 15:06 - 2014-06-22 06:50 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-05-24 21:36 - 2014-09-28 11:09 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2016-05-22 17:59 - 2014-11-13 17:43 - 00000000 ____D C:\Users\Paulo\Desktop\Emblemas 2016-05-15 16:04 - 2014-11-18 23:00 - 00000902 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2016-05-15 16:04 - 2009-07-14 01:33 - 03814048 _____ C:\windows\system32\FNTCACHE.DAT ==================== Arquivos na raiz de alguns diretórios ======= 2014-11-13 17:46 - 2014-11-13 17:46 - 0000132 _____ () C:\Users\Paulo\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2015-12-23 10:27 - 2015-12-23 10:29 - 0000016 _____ () C:\Users\Paulo\AppData\Roaming\translate.ini 2014-11-24 00:35 - 2014-11-24 00:35 - 0000045 _____ () C:\Users\Paulo\AppData\Roaming\WB.CFG 2014-10-01 10:38 - 2015-10-11 17:05 - 0007168 _____ () C:\Users\Paulo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-05-12 22:43 - 2016-05-12 22:46 - 0000600 _____ () C:\Users\Paulo\AppData\Local\PUTTY.RND 2014-09-30 18:15 - 2014-11-14 17:22 - 0000437 _____ () C:\Users\Paulo\AppData\Local\UserProducts.xml 2014-09-27 18:09 - 2014-09-27 18:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-12-29 02:12 - 2015-12-29 02:12 - 0004999 _____ () C:\ProgramData\wwznqdpf.eax Arquivos para serem movidos ou deletados: ==================== C:\Users\Paulo\intel display adapter agement tool by x[a]rtur.exe C:\Users\Paulo\MemoryOptimizerProSetup.exe C:\Users\Paulo\raidcall_7.3.6.exe C:\Users\Paulo\ZHPDiag3.exe C:\Windows\Tasks\At1.job C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job Alguns arquivos em TEMP: ==================== C:\Users\Paulo\AppData\Local\Temp\npp.6.9.2.Installer.exe C:\Users\Paulo\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\windows\explorer.exe => O arquivo é assinado digitalmente C:\windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\windows\system32\services.exe => O arquivo é assinado digitalmente C:\windows\system32\User32.dll => O arquivo é assinado digitalmente C:\windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-06-08 20:45 ==================== Fim de FRST.txt ============================