Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 27-07-2016 Executado por Rafael (administrador) em RAFAEL-PC (29-07-2016 14:36:23) Executando a partir de C:\Users\Rafael\Downloads Perfis Carregados: Rafael (Perfis Disponíveis: Rafael) Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmcore.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (Aeria Games & Entertainment) C:\Program Files\Aeria Games\Ignite\aeriaignite.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Kingsoft Corporation) C:\Program Files\cmcm\Clean Master\cmtray.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe (Akamai Technologies, Inc.) C:\Users\Rafael\AppData\Local\Akamai\netsession_win.exe (SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe () C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe (Autodesk Inc.) C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (Akamai Technologies, Inc.) C:\Users\Rafael\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Autodesk) C:\Program Files\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe () C:\Program Files\WeatherTool\2.0.1.11245\WeatherService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (ShenZhen Enode Techology co,.Ltd) C:\Program Files\WeatherTool\2.0.1.11245\weather.exe (Autodesk) C:\Program Files\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Autodesk) C:\Program Files\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-11] (AVAST Software) HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3837552 2012-01-16] (VIA) HKLM\...\Run: [cmsc] => c:\program files\cmcm\Clean Master\cmtray.exe [468840 2015-07-27] (Kingsoft Corporation) HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Run: [Autodesk Desktop App] => C:\Program Files\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.) HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\...\Run: [uTorrent] => C:\Users\Rafael\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-15] (BitTorrent Inc.) HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\...\Run: [GoogleChromeAutoLaunch_598C37F90B40CD6A2DE809244F52F945] => C:\Users\Rafael\AppData\Local\Chromium\Application\chrome.exe [659456 2015-06-01] (The Chromium Authors) HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Rafael\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1151016 2016-02-02] (Autodesk, Inc.) HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\...\Policies\Explorer: [] HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\...\MountPoints2: {288cbee4-a272-11e5-b383-c89cdccf47bb} - F:\LGAutoRun.exe HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1151016 2016-02-02] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-07-11] (AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\..\Interfaces\{81B19F91-3A5D-4C5F-BF19-D6DD97FA6B64}: [DhcpNameServer] 192.168.1.20 Tcpip\..\Interfaces\{C6E958D8-6A08-411B-8956-8C4330307A66}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_06_hao123_br&guid=ec3461b1def4ed15260fed7f15288780 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1438041799&z=f061a4e2f728f4e0c320184g6z1c1b1eez9gem1w2c&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1438041799&z=f061a4e2f728f4e0c320184g6z1c1b1eez9gem1w2c&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1438041799&z=f061a4e2f728f4e0c320184g6z1c1b1eez9gem1w2c&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955&q={searchTerms} HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1438041799&z=f061a4e2f728f4e0c320184g6z1c1b1eez9gem1w2c&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955&q={searchTerms} HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_06_hao123_br&guid=ec3461b1def4ed15260fed7f15288780 HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1438041799&z=f061a4e2f728f4e0c320184g6z1c1b1eez9gem1w2c&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955 HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1438041799&z=f061a4e2f728f4e0c320184g6z1c1b1eez9gem1w2c&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955&q={searchTerms} URLSearchHook: HKLM -> Padrão = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955&version=2.3.0.8724&pid=414031160&tid=422&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2445349563-3392045865-2520311989-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2445349563-3392045865-2520311989-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955&ts=1438041855&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-2445349563-3392045865-2520311989-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2445349563-3392045865-2520311989-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SAMSUNGXHD502HI_S1ZVJ50SB32955&ts=1438041855&type=default&q={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-07] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-11] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-07] (Oracle Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-07] (Oracle Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-10-08] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-10-08] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-11] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-11] FF HKU\S-1-5-21-2445349563-3392045865-2520311989-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi => não encontrado (a) Chrome: ======= CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=ec3461b1def4ed15260fed7f15288780 CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=ec3461b1def4ed15260fed7f15288780" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (FVD Video Downloader) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gldknmojgmahkakabglgepoehpplajld [2015-07-28] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-06] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-06] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdAppMgrSvc; C:\Program Files\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-11] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 cmcore; c:\program files\cmcm\Clean Master\cmcore.exe [315240 2015-07-27] (Kingsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1233376 2016-07-29] (Flexera Software LLC) R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.1.11245\WeatherService.exe [141960 2016-03-21] () R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S2 scsvc_1.10.0.16; "C:\Program Files\SuperClick_1.10.0.16\Service\scsvc.exe" [X] S2 Util Swift Record; "C:\Program Files\Swift Record\bin\utilSwiftRecord.exe" [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.) R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-11] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-11] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-11] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-11] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-11] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-11] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-17] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-11] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [222056 2016-07-11] (AVAST Software) R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.) R3 ksapi; C:\Windows\system32\drivers\ksapi.sys [81768 2015-07-27] (Kingsoft Corporation) S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation) [Arquivo não assinado] R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] () S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2016-07-29] (SlimWare Utilities, Inc.) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1822832 2012-01-10] (VIA Technologies, Inc.) R2 vusbbus; C:\Windows\System32\DRIVERS\vusbbus.sys [18432 2009-03-02] (Chingachguk & Denger2k (HL mod)) [Arquivo não assinado] S3 XDva511; \??\C:\Windows\system32\XDva511.sys [X] S3 XDva533; \??\C:\Windows\system32\XDva533.sys [X] S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-07-29 14:36 - 2016-07-29 14:36 - 00017600 _____ C:\Users\Rafael\Downloads\FRST.txt 2016-07-29 14:36 - 2016-07-29 14:36 - 00000000 ____D C:\FRST 2016-07-29 14:35 - 2016-07-29 14:35 - 01744384 _____ (Farbar) C:\Users\Rafael\Downloads\FRST.exe 2016-07-29 14:27 - 2016-07-29 14:27 - 00000033 _____ C:\Users\Rafael\Desktop\1000.txt 2016-07-29 14:13 - 2016-07-29 14:14 - 13969576 _____ (Microsoft Corporation) C:\Users\Rafael\Downloads\vc_redist.x86.exe 2016-07-29 13:47 - 2016-07-29 13:47 - 00001489 _____ C:\Users\Public\Desktop\Aplicativo da área de trabalho Autodesk.lnk 2016-07-29 13:45 - 2016-07-29 13:45 - 00002003 _____ C:\Users\Public\Desktop\A360 Desktop.lnk 2016-07-29 13:43 - 2016-07-29 14:02 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2016-07-29 13:43 - 2016-07-29 13:43 - 00002098 _____ C:\Users\Public\Desktop\AutoCAD 2017 - English.lnk 2016-07-29 13:38 - 2016-07-29 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-07-29 13:32 - 2016-07-29 13:32 - 00000040 _____ C:\Users\Rafael\Desktop\Serie e Key CAD 2017.txt 2016-07-29 13:23 - 2016-07-29 13:05 - 1785471804 ____R C:\Users\Rafael\Desktop\Autodesk AutoCAD 2017 (x86) + Keygen [SadeemPC].zip 2016-07-29 11:57 - 2016-07-29 13:05 - 1785471804 ____R C:\Users\Rafael\Downloads\Autodesk AutoCAD 2017 (x86) + Keygen [SadeemPC].zip 2016-07-29 11:56 - 2016-07-29 11:56 - 00002697 _____ C:\Users\Rafael\Downloads\Flash_Upgrade-win_504.vbs 2016-07-29 00:05 - 2016-07-29 00:05 - 00000000 ____D C:\Users\Rafael\Documents\Inventor Server SDK ACAD 2013 2016-07-29 00:04 - 2016-07-29 00:04 - 00000147 _____ C:\Users\Todos os Usuários\Microsoft.SqlServer.Compact.351.32.bc 2016-07-29 00:04 - 2016-07-29 00:04 - 00000147 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2016-07-29 00:03 - 2016-07-29 00:03 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2016-07-28 23:46 - 2016-07-28 23:46 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2016-07-28 23:46 - 2016-07-28 23:46 - 00000000 ____D C:\ProgramData\TEMP 2016-07-28 23:28 - 2016-07-28 23:29 - 00000000 ____D C:\Users\Rafael\Desktop\AutoCad 2014 2016-07-28 23:26 - 2016-07-29 13:47 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk 2016-07-28 23:26 - 2016-07-29 13:47 - 00000000 ____D C:\ProgramData\Autodesk 2016-07-28 23:25 - 2016-07-29 13:30 - 00000000 ____D C:\Autodesk 2016-07-25 21:21 - 2016-07-25 21:21 - 323885334 _____ C:\Windows\MEMORY.DMP 2016-07-25 21:21 - 2016-07-25 21:21 - 00469280 _____ C:\Windows\Minidump\072516-20950-01.dmp 2016-07-25 19:58 - 2016-07-25 19:58 - 00000036 _____ C:\Users\Rafael\Desktop\BUILD.txt 2016-07-24 11:49 - 2016-07-29 14:30 - 00008224 _____ C:\Users\Rafael\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-24 11:47 - 2016-07-29 13:51 - 00339328 _____ C:\Windows\system32\FNTCACHE.DAT 2016-07-17 14:41 - 2016-07-17 14:41 - 03597748 _____ C:\Users\Rafael\Downloads\20160517_SU_SA_B1_2TUNER_2GB_OPTMO_FANTASIA.ssu 2016-07-17 14:28 - 2016-07-17 14:28 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk 2016-07-17 14:28 - 2016-07-17 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-07-17 14:28 - 2016-07-17 14:28 - 00000000 ____D C:\Program Files\Common Files\Skype 2016-07-17 14:19 - 2016-07-17 14:19 - 00000000 ____D C:\Users\Rafael\AppData\Local\CEF 2016-07-17 14:17 - 2016-07-17 14:17 - 00001118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-07-11 14:21 - 2016-07-11 14:20 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-07-11 14:20 - 2016-07-11 14:20 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll 2016-07-11 14:20 - 2016-07-11 14:20 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-07-11 14:20 - 2016-07-11 14:20 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-07-07 19:25 - 2016-06-25 12:43 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-07-29 14:34 - 2016-05-12 14:15 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-07-29 14:34 - 2016-05-12 14:15 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-29 14:34 - 2015-11-27 15:11 - 00000000 ____D C:\Program Files\Opera 2016-07-29 14:32 - 2015-06-06 18:08 - 00000388 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2016-07-29 14:31 - 2015-06-06 17:47 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-29 14:30 - 2016-05-15 12:57 - 00000000 ____D C:\Users\Rafael\AppData\LocalLow\uTorrent 2016-07-29 14:30 - 2015-07-28 17:35 - 00000420 _____ C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job 2016-07-29 14:30 - 2015-06-06 18:09 - 00000664 _____ C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job 2016-07-29 14:30 - 2015-06-06 18:08 - 00013368 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys 2016-07-29 14:30 - 2015-06-06 17:47 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-29 14:30 - 2015-06-06 17:39 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA 2016-07-29 14:30 - 2015-06-06 17:39 - 00000000 ____D C:\ProgramData\NVIDIA 2016-07-29 14:29 - 2015-07-28 17:35 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform 2016-07-29 14:29 - 2015-07-28 17:35 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform 2016-07-29 14:29 - 2015-06-06 17:50 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\uTorrent 2016-07-29 14:29 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-29 14:01 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-29 14:01 - 2009-07-14 01:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-29 13:48 - 2015-06-18 21:31 - 00000000 ____D C:\Users\Rafael\AppData\Local\Autodesk 2016-07-29 13:47 - 2015-06-18 21:31 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Autodesk 2016-07-29 13:47 - 2015-06-18 21:29 - 00000000 ____D C:\Program Files\Autodesk 2016-07-29 13:42 - 2015-06-18 21:29 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2016-07-29 13:42 - 2009-07-14 01:52 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-07-29 12:15 - 2015-08-13 17:35 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\WeatherTool 2016-07-28 23:54 - 2015-06-06 17:35 - 01595976 _____ C:\Windows\system32\PerfStringBackup.INI 2016-07-28 23:54 - 2009-07-17 15:48 - 00703370 _____ C:\Windows\system32\prfh0416.dat 2016-07-28 23:54 - 2009-07-17 15:48 - 00146156 _____ C:\Windows\system32\prfc0416.dat 2016-07-28 23:54 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2016-07-28 23:25 - 2015-07-31 10:32 - 00000000 ____D C:\Windows\system32\appmgmt 2016-07-28 23:24 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\Help 2016-07-28 23:24 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-07-28 23:20 - 2009-07-14 01:53 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-07-27 16:56 - 2015-11-05 14:44 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Skype 2016-07-27 16:37 - 2015-11-05 14:43 - 00000000 ___RD C:\Program Files\Skype 2016-07-27 16:37 - 2015-11-05 14:43 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-07-27 16:37 - 2015-11-05 14:43 - 00000000 ____D C:\ProgramData\Skype 2016-07-26 14:24 - 2015-06-06 18:00 - 00406184 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-07-25 21:23 - 2015-11-25 20:37 - 00000000 ____D C:\Users\Rafael\AppData\LocalLow\Temp 2016-07-25 21:21 - 2015-07-27 22:02 - 00000000 ____D C:\Windows\Minidump 2016-07-24 11:47 - 2015-06-06 17:34 - 00000000 ____D C:\Program Files\WinRAR 2016-07-24 02:55 - 2015-06-06 17:34 - 00000000 ____D C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-07-24 02:55 - 2015-06-06 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-07-24 02:50 - 2016-04-12 19:56 - 00000000 ____D C:\Program Files\Nanjing Swansoft 2016-07-23 23:28 - 2015-07-29 18:46 - 00000000 ____D C:\Users\Rafael\AppData\Local\Akamai 2016-07-23 12:07 - 2015-09-05 12:00 - 00000000 ____D C:\Users\Rafael\AppData\Local\node-webkit 2016-07-17 19:59 - 2015-08-05 14:16 - 00000000 ____D C:\Windows\system32\MRT 2016-07-17 19:56 - 2015-08-05 14:16 - 141983760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-07-17 14:28 - 2015-11-05 14:44 - 00000000 ____D C:\Users\Rafael\AppData\Local\Skype 2016-07-17 14:28 - 2015-06-06 18:15 - 00438296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2016-07-11 14:20 - 2015-06-06 18:15 - 00816304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-07-11 14:20 - 2015-06-06 18:15 - 00222056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-07-11 14:20 - 2015-06-06 18:15 - 00118152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-07-11 14:20 - 2015-06-06 18:15 - 00091680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-07-11 14:20 - 2015-06-06 18:15 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-07-11 14:20 - 2015-06-06 18:15 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-07-11 14:20 - 2015-06-06 18:15 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-07-11 14:20 - 2015-06-06 18:14 - 00000000 ____D C:\Program Files\AVAST Software 2016-07-11 14:20 - 2015-06-06 18:12 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2016-07-11 14:20 - 2015-06-06 18:12 - 00000000 ____D C:\ProgramData\AVAST Software ==================== Arquivos na raiz de alguns diretórios ======= 2015-06-06 18:32 - 2015-06-06 18:31 - 0613255 _____ (CMI Limited) C:\Users\Rafael\AppData\Local\nsd4316.tmp 2016-07-29 00:04 - 2016-07-29 00:04 - 0000147 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Arquivos para serem movidos ou deletados: ==================== C:\Windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job Alguns arquivos em TEMP: ==================== C:\Users\Rafael\AppData\Local\Temp\AcDeltree.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-07-24 17:14 ==================== Fim de FRST.txt ============================