Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 04-11-2016 Executado por Guilherme (administrador) em GUILHERME-PC (08-11-2016 11:37:06) Executando a partir de C:\Users\Guilherme\Downloads Perfis Carregados: Guilherme (Perfis Disponíveis: Guilherme) Platform: Windows 7 Professional (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: FF) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Akamai Technologies, Inc.) C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILDE.EXE (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILDE.EXE (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Akamai Technologies, Inc.) C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe () C:\Program Files (x86)\Pingzapper\PZService.exe (Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe (Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2012-02-21] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2180680 2016-10-10] () HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.) HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginUni: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [2015-07-06] (Banco Itaú Unibanco) HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\Policies\Explorer: [] HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\MountPoints2: {49649d16-7cde-11e4-b478-806e6f6e6963} - D:\AUTORUN.EXE HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\...\MountPoints2: {a85bca62-74f7-11e5-a47c-dc0ea1c54e0f} - E:\Autorun.exe ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1759992 2015-07-06] (Banco Itaú Unibanco) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2016-02-07] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo Startup: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-04-26] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5649EE60-5781-426B-BEE1-A83FCC16AD05}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{BD63E25E-FF24-4B2F-AE8D-B0542A7B6CD3}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=mbtkv3&uid=S2TTJ9AC636529_ST1000LM024HN-M101MBB&tm=1434923330 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=mbtkv3&uid=S2TTJ9AC636529_ST1000LM024HN-M101MBB&tm=1434923330 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=S2TTJ9AC636529_ST1000LM024HN-M101MBB&tm=1434923330 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=S2TTJ9AC636529_ST1000LM024HN-M101MBB&tm=1434923330 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={FDBB7C9B-67F7-4B3C-B477-813CDCA84AC6}&mid=e3a8d8b7b30847cdb60d8d8095f6df41-675c6c60652511d999fa99f116a6f6d0721fb2a2&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-04-25 17:59:16&v=4.3.5.160&pid=wtu&sg=&sap=hp HKU\S-1-5-21-3773353831-1587287919-3041611652-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv3&uid=S2TTJ9AC636529_ST1000LM024HN-M101MBB&tm=1434923330 SearchScopes: HKU\S-1-5-21-3773353831-1587287919-3041611652-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FDBB7C9B-67F7-4B3C-B477-813CDCA84AC6}&mid=e3a8d8b7b30847cdb60d8d8095f6df41-675c6c60652511d999fa99f116a6f6d0721fb2a2&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-04-25 17:59:16&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3773353831-1587287919-3041611652-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FDBB7C9B-67F7-4B3C-B477-813CDCA84AC6}&mid=e3a8d8b7b30847cdb60d8d8095f6df41-675c6c60652511d999fa99f116a6f6d0721fb2a2&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=0616tb&pr=fr&d=2016-04-25 17:59:16&v=4.3.5.160&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll [2016-10-10] (AVG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll [2015-07-06] (Banco Itaú Unibanco) IE Session Restore: HKU\S-1-5-21-3773353831-1587287919-3041611652-1000 -> está habilitado. Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: b6kk878s.default FF ProfilePath: C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\b6kk878s.default [2016-11-08] FF NewTab: Mozilla\Firefox\Profiles\b6kk878s.default -> www.123rede.com?oem=mbtkv3&uid=S2TTJ9AC636529_ST1000LM024HN-M101MBB&tm=1443123962 FF Homepage: Mozilla\Firefox\Profiles\b6kk878s.default -> www.123rede.com?oem=mbtkv3&uid=S2TTJ9AC636529_ST1000LM024HN-M101MBB&tm=1443123962 FF Session Restore: Mozilla\Firefox\Profiles\b6kk878s.default -> está habilitado. FF Extension: (AVG Web TuneUp) - C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\b6kk878s.default\Extensions\avg@toolbar.xpi [2016-10-10] FF SearchPlugin: C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\b6kk878s.default\searchplugins\avg-secure-search.xml [2016-10-10] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-10-10] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-28] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-28] () FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.6\\npsitesafety.dll [Nenhum Arquivo] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default [2016-11-08] CHR Extension: (Torrent dos Filmes) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcljimiclefoalalnkempegggobplbe [2016-02-06] CHR Extension: (Skype) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-21] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Chrome Media Router) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.) S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia) S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-08-19] () [Arquivo não assinado] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3190784 2015-05-19] (INCA Internet Co., Ltd.) R2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [632320 2016-05-22] () [Arquivo não assinado] R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Arquivo não assinado] R2 vToolbarUpdater40.3.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.6\ToolbarUpdater.exe [1349704 2016-10-10] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [980552 2016-10-10] () ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.) R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-07-03] (GAS Tecnologia LTDA) S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-11-08 11:35 - 2016-11-08 11:35 - 00042360 _____ C:\Users\Guilherme\Downloads\Addition.txt 2016-11-08 11:34 - 2016-11-08 11:37 - 00020512 _____ C:\Users\Guilherme\Downloads\FRST.txt 2016-11-08 11:34 - 2016-11-08 11:37 - 00000000 ____D C:\FRST 2016-11-08 11:34 - 2016-11-08 11:34 - 02410496 _____ (Farbar) C:\Users\Guilherme\Downloads\FRST64.exe 2016-11-08 11:32 - 2016-11-08 11:32 - 00000000 ____D C:\Users\Guilherme\Desktop\Games 2016-11-08 01:42 - 2016-11-08 01:42 - 00002285 _____ C:\Users\Guilherme\Desktop\Instalar agora Autodesk® AutoCAD® 2017.lnk 2016-11-08 01:36 - 2016-11-08 01:36 - 00002100 _____ C:\Users\Public\Desktop\AutoCAD 2017 - Português - Brasil (Brazilian Portuguese).lnk 2016-11-07 22:55 - 2016-11-07 22:55 - 18633896 _____ C:\Users\Guilherme\Downloads\AutoCAD_2017_Brazilian_Portuguese_Win_32_64bit_wi_pt-BR_Setup.exe 2016-11-07 22:55 - 2016-11-07 22:55 - 00338296 _____ (Autodesk Inc.) C:\Users\Guilherme\Downloads\AutoCAD_2017_Brazilian_Portuguese_Win_32_64bit_wi_pt-BR_Setup_webinstall.exe 2016-11-07 17:07 - 2016-11-07 17:19 - 00000000 ____D C:\Windows\system32\MRT 2016-11-07 17:06 - 2016-11-07 17:06 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-07 16:40 - 2011-04-09 04:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2016-11-07 16:40 - 2011-04-09 04:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-11-07 16:40 - 2011-04-09 04:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-11-07 16:40 - 2011-04-09 04:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-11-07 16:40 - 2011-04-09 03:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2016-11-07 16:39 - 2016-06-25 14:03 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe 2016-11-07 11:51 - 2012-06-02 20:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-11-07 11:51 - 2012-06-02 20:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-11-07 11:51 - 2012-06-02 20:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-11-07 11:51 - 2012-06-02 20:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-11-07 11:51 - 2012-06-02 20:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-11-07 11:51 - 2012-06-02 20:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-11-07 11:51 - 2012-06-02 20:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-11-07 11:51 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-11-07 11:51 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-11-07 11:45 - 2016-11-07 11:45 - 00629006 _____ C:\Users\Guilherme\Downloads\Windows6.1-KB2999226-x86.msu 2016-11-07 11:44 - 2016-11-07 11:44 - 01034556 _____ C:\Users\Guilherme\Downloads\Windows6.1-KB2999226-x64.msu 2016-11-07 11:39 - 2016-11-07 11:39 - 00001991 _____ C:\Users\Guilherme\Downloads\__32-api-ms-win-crt-heap-l1-1-0.dll10.0.10046.0.zip 2016-11-04 12:07 - 2016-11-04 12:07 - 00000000 ____D C:\Users\Guilherme\Downloads\The Walking Dead S06E01 720p WEB-DL x264-Belex - Dual Audio 2016-11-02 18:07 - 2016-11-02 18:07 - 00002028 _____ C:\Users\Public\Desktop\Aeria Ignite.lnk 2016-11-02 18:07 - 2016-11-02 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames 2016-11-02 18:07 - 2016-11-02 18:07 - 00000000 ____D C:\Program Files (x86)\Aeria Games 2016-11-02 18:06 - 2016-11-02 18:06 - 03541664 _____ (Aeria Games & Entertainment) C:\Users\Guilherme\Downloads\aeria_ignite_install.exe 2016-11-02 13:47 - 2016-11-03 07:14 - 00000000 ____D C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E05.720p.WEB-DL.DD5.1.H.264-Cyphanix.DUAL-RK 2016-11-02 12:43 - 2016-11-03 08:58 - 00000000 ____D C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E04.720p.WEB-DL.DD5.1.H.264-Cyphanix.DUAL-RK 2016-11-02 12:43 - 2016-11-03 04:31 - 00000000 ____D C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E02.720p.HDTV.x264-KILLERS.Dual.kayne 2016-11-02 12:42 - 2016-11-02 12:42 - 00000000 ____D C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E03.720p.Dublado.WEB-DL.H.264-PiA 2016-11-02 12:42 - 2016-11-02 12:42 - 00000000 ____D C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E01.PROPER.720p.HDTV.x264-KILLERS.Dual.kayne 2016-11-02 12:41 - 2016-11-02 12:41 - 00030186 _____ C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E05.720p.WEB.DUAL.rar 2016-11-02 12:41 - 2016-11-02 12:41 - 00028489 _____ C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E02.720p.Dual.rar 2016-11-02 12:41 - 2016-11-02 12:41 - 00026414 _____ C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E03.720p.Dublado.rar 2016-11-02 12:41 - 2016-11-02 12:41 - 00023605 _____ C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E04.720p.DUAL.rar 2016-11-02 12:40 - 2016-11-02 12:40 - 00037568 _____ C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E01.720p.Dual.rar 2016-11-02 12:39 - 2016-11-02 12:59 - 00000000 ____D C:\Users\Guilherme\Downloads\Os Caçadores de Fantasmas 2016 WWW.BLUDV.COM 2016-11-02 12:39 - 2016-11-02 12:39 - 00017055 _____ C:\Users\Guilherme\Downloads\Os.Cacadores.de.Fantasmas.2016.720p.Dual.rar 2016-11-02 12:38 - 2016-11-02 12:38 - 00010207 _____ C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E01.PROPER.HDTV.rar 2016-11-02 12:38 - 2016-11-02 12:38 - 00000000 ____D C:\Users\Guilherme\Downloads\The.Walking.Dead.S06E01.PROPER.HDTV.x264-KILLERS[ettv] 2016-11-02 12:11 - 2016-11-02 12:11 - 14749120 _____ (Microsoft Corporation) C:\Users\Guilherme\Downloads\vc_redist.x64.exe 2016-10-28 20:12 - 2016-10-28 20:12 - 00002175 _____ C:\Users\Guilherme\Desktop\Install Now Autodesk® AutoCAD® 2017.lnk 2016-10-28 20:11 - 2016-10-28 20:11 - 00002098 _____ C:\Users\Public\Desktop\AutoCAD 2017 - English.lnk 2016-10-28 20:09 - 2016-10-28 20:09 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2016-10-28 19:58 - 2016-10-28 19:58 - 18661360 _____ C:\Users\Guilherme\Downloads\AutoCAD_2017_English_Win_32_64bit_Trial_en-us_Setup.exe 2016-10-28 19:58 - 2016-10-28 19:58 - 00338280 _____ (Autodesk Inc.) C:\Users\Guilherme\Downloads\AutoCAD_2017_English_Win_32_64bit_Trial_en-us_Setup_webinstall.exe 2016-10-28 12:23 - 2016-10-28 20:11 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2016-10-28 12:13 - 2016-11-08 01:42 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-10-28 12:10 - 2016-10-28 12:12 - 00000000 ____D C:\Program Files (x86)\Autodesk 2016-10-28 12:01 - 2016-10-28 12:01 - 00000000 ____D C:\Users\Todos os Usuários\boost_interprocess 2016-10-28 12:01 - 2016-10-28 12:01 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-10-28 10:49 - 2016-11-06 23:11 - 00000000 ____D C:\MuAwaY 2016-10-28 10:49 - 2016-10-28 10:49 - 00000618 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuAwaY.lnk 2016-10-28 10:20 - 2016-10-28 10:21 - 00865792 ____H C:\Users\Guilherme\Downloads\~WRL3859.tmp 2016-10-28 10:20 - 2016-10-28 10:20 - 00081996 _____ C:\Users\Guilherme\Downloads\RELAÇÃO DESCRITIVA DAS RODOVIAS ESTADUAIS Sistema Rodoviário do Estado de Goiás.pdf 2016-10-28 10:20 - 2016-10-28 10:20 - 00081996 _____ C:\Users\Guilherme\Downloads\RELAÇÃO DESCRITIVA DAS RODOVIAS ESTADUAIS Sistema Rodoviário do Estado de Goiás (1).pdf 2016-10-28 01:49 - 2016-10-28 03:14 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\TS3Client 2016-10-28 01:39 - 2016-10-28 01:39 - 00000967 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2016-10-28 01:39 - 2016-10-28 01:39 - 00000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk 2016-10-28 01:39 - 2016-10-28 01:39 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client 2016-10-28 01:33 - 2016-10-28 01:34 - 32019840 _____ (TeamSpeak Systems GmbH) C:\Users\Guilherme\Downloads\TeamSpeak3-Client-win64-3.0.19.4 (2).exe 2016-10-28 01:01 - 2016-10-28 01:04 - 106092128 _____ (MuAwaY) C:\Users\Guilherme\Downloads\MuAwaY_Setup_v2.12.2.exe 2016-10-22 10:12 - 2016-10-22 10:12 - 00000000 ____D C:\Users\Guilherme\Downloads\Os.Caçadores.1080p.WWW.TORRENTDOSFILMES.COM 2016-10-22 10:12 - 2016-10-22 10:12 - 00000000 ____D C:\Users\Guilherme\Downloads\O.Bom.Gigante.Amigo.HDTS.XviD.DUBLADO-TOM 2016-10-20 11:35 - 2016-10-20 11:35 - 00500832 _____ (Aeria Games & Entertainment) C:\Users\Guilherme\Downloads\grandfantasia_pt_downloader (1).exe 2016-10-19 11:41 - 2016-10-19 11:53 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\ComfortSoftware 2016-10-19 11:41 - 2016-10-19 11:41 - 06244552 _____ (Comfort Software Group ) C:\Users\Guilherme\Downloads\Baixaki_hot-virtual-keyboard [1].exe 2016-10-19 11:41 - 2016-10-19 11:41 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2016-10-19 11:41 - 2016-10-19 11:41 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-10-19 11:41 - 2016-10-19 11:41 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-10-19 11:41 - 2016-10-19 11:41 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-10-19 11:41 - 2016-10-19 11:41 - 00000000 ____D C:\ProgramData\AVAST Software 2016-10-19 11:40 - 2016-10-19 11:40 - 01816736 _____ ( ) C:\Users\Guilherme\Downloads\Baixaki_hot-virtual-keyboard.exe 2016-10-17 17:13 - 2014-01-23 15:34 - 00427376 _____ (Network Tunnel Lab) C:\Windows\SysWOW64\networkdlllsp.dll 2016-10-17 17:00 - 2016-10-17 17:10 - 00000000 ____D C:\Program Files (x86)\Pingzapper 2016-10-17 17:00 - 2016-10-17 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pingzapper 2016-10-17 11:56 - 2016-10-17 11:57 - 21619033 _____ C:\Users\Guilherme\Downloads\pz_setup_2.1.1.zip 2016-10-17 11:40 - 2016-10-17 11:42 - 50152415 _____ C:\Users\Guilherme\Downloads\vipermu_patch.rar 2016-10-17 01:07 - 2016-10-17 01:07 - 02386444 _____ C:\Users\Guilherme\Downloads\Data.rar 2016-10-17 00:45 - 2016-10-19 11:54 - 00000000 ____D C:\ViperMu_Evolution 2016-10-17 00:25 - 2016-10-17 00:39 - 351923732 _____ () C:\Users\Guilherme\Downloads\Cliente ViperMu.exe 2016-10-07 02:06 - 2016-03-04 00:19 - 00579072 _____ (X-Team) C:\Windows\SysWOW64\MHPVerify.dll 2016-10-07 01:53 - 2016-10-07 01:53 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuAida 2016-10-07 01:50 - 2016-11-06 23:09 - 00000000 ____D C:\MuAida 2016-10-07 01:38 - 2016-10-07 01:50 - 496300621 _____ () C:\Users\Guilherme\Downloads\Cliente MuAida.exe 2016-10-06 02:06 - 2016-10-06 02:06 - 00000000 ____D C:\Users\Guilherme\Downloads\www.TorrentDosFilmes.com.Pets.A.Vida.Secreta.dos.Bichos.720p 2016-10-04 23:20 - 2016-10-04 23:20 - 00012043 _____ C:\Users\Guilherme\Downloads\Detalhamento_do_Agendamento (1).pdf 2016-10-04 18:23 - 2016-10-04 18:23 - 00014216 _____ C:\Users\Guilherme\Downloads\Detalhamento_do_Agendamento.pdf 2016-09-30 17:56 - 2016-09-30 17:58 - 00000000 ____D C:\Users\Guilherme\Desktop\Silicon Valley 1ª Temporada Completa 720p (2014) Dual Áudio BluRay -- By - Lucas Firmo 2016-09-30 17:48 - 2016-09-30 17:48 - 00000000 ____D C:\Users\Guilherme\Desktop\MR ROBOT - 1° Temporada 2016-09-30 17:42 - 2016-09-30 17:47 - 00000000 ____D C:\Users\Guilherme\Desktop\Fear.the.Walking.Dead.1.Temporada.2015.1080p.Dual-JefePsb-WOLVERDONFILMES.COM 2016-09-27 01:31 - 2016-10-19 11:57 - 00000000 ____D C:\Users\Guilherme\AppData\Local\TeamSpeak 3 Client 2016-09-27 01:05 - 2016-09-27 01:05 - 32019840 _____ (TeamSpeak Systems GmbH) C:\Users\Guilherme\Downloads\TeamSpeak3-Client-win64-3.0.19.4 (1).exe 2016-09-26 18:19 - 2016-09-26 18:19 - 00254208 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2016-09-26 01:52 - 2016-09-26 01:52 - 00000000 ____D C:\Users\Guilherme\Downloads\WWW.TORRENTDOSFILMES.COM - Caca.Fantasmas.2016 2016-09-25 20:11 - 2016-09-26 01:53 - 00000000 ____D C:\Users\Guilherme\Downloads\As Tartarugas Ninja - Fora das Sombras 2016 [1080p] WWW.BLUDV.COM 2016-09-25 16:10 - 2016-09-25 16:14 - 00000000 ____D C:\Users\Guilherme\Downloads\Vizinhos 2 2016 Bluray 720p Dublado - WWW.THEPIRATEFILMES.COM 2016-09-22 14:44 - 2016-09-22 14:44 - 00311552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2016-09-21 01:43 - 2016-11-07 14:21 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2016-09-20 16:55 - 2016-09-20 16:55 - 00265472 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2016-09-16 02:30 - 2016-09-16 02:30 - 00000460 _____ C:\Users\Guilherme\Desktop\Estrada1.2.txt 2016-09-16 02:21 - 2016-09-16 02:21 - 00001750 _____ C:\Users\Guilherme\Desktop\Estrada1.1.txt 2016-09-14 03:10 - 2016-09-14 03:11 - 32019840 _____ (TeamSpeak Systems GmbH) C:\Users\Guilherme\Downloads\TeamSpeak3-Client-win64-3.0.19.4.exe 2016-09-12 13:00 - 2016-09-12 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldRAG Full 2016-09-12 00:32 - 2016-09-12 02:37 - 1966321691 _____ (WorldRAG ) C:\Users\Guilherme\Downloads\WorldRAGFull-03-07-2015.exe 2016-09-09 00:16 - 2004-12-30 10:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys 2016-09-09 00:16 - 2003-07-15 19:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd 2016-09-08 20:10 - 2016-11-02 12:38 - 00000000 ____D C:\Users\Guilherme\AppData\LocalLow\uTorrent 2016-09-08 19:55 - 2016-09-08 21:11 - 1884394008 _____ (Level Up! Games ) C:\Users\Guilherme\Downloads\Instalador_Client_Ragnarok_1.1.1.2.exe 2016-09-08 19:54 - 2016-09-08 19:54 - 00018696 _____ C:\Users\Guilherme\Downloads\Instalador_Client_Ragnarok_1.1.1.2.exe.torrent 2016-09-01 12:57 - 2016-10-19 11:56 - 00000000 ____D C:\Program Files\Microvirt 2016-08-31 22:09 - 2016-08-31 22:30 - 346529904 _____ (Microvirt) C:\Users\Guilherme\Downloads\Memu-PokemonGO-Setup-2.exe 2016-08-30 12:32 - 2016-09-01 13:00 - 00000000 ____D C:\Users\Guilherme\MEmu 2016-08-28 23:30 - 2016-08-28 23:33 - 63658806 _____ C:\Users\Guilherme\Downloads\com.nianticlabs.pokemongo_0.35.0-2016082200_minAPI19(armeabi-v7a)(nodpi)_apkmirror.com.apk 2016-08-28 23:30 - 2015-09-16 04:07 - 00127432 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2016-08-28 23:30 - 2015-09-16 01:29 - 00253384 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys 2016-08-28 23:29 - 2016-08-29 01:32 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Nox 2016-08-28 23:29 - 2016-08-28 23:29 - 00003192 _____ C:\Windows\System32\Tasks\{EBDC96CD-E181-4FD4-AC51-2D66087BDEA5} 2016-08-26 12:35 - 2016-08-26 12:35 - 00000000 ____D C:\Users\Guilherme\Desktop\Catchem_1.4.6.5 2016-08-26 12:34 - 2016-08-26 12:34 - 10266640 _____ C:\Users\Guilherme\Desktop\Catchem_1.4.6.5.7z 2016-08-26 12:34 - 2016-08-26 12:34 - 00051712 _____ C:\Users\Guilherme\Downloads\DATAS_N1_e_N2_-_2o_semestre 2016.xls 2016-08-21 22:41 - 2016-08-21 22:45 - 00000000 ____D C:\Users\Guilherme\Downloads\Sucker Punch - Mundo Surreal 2016-08-21 12:41 - 2016-08-21 12:41 - 00000000 ____D C:\Users\Guilherme\Downloads\TorrentDosFilmes.com.Um.Espiao.e.Meio.2016.1080p.Dual.Áudio 2016-08-18 02:20 - 2016-08-18 02:20 - 00000000 ____D C:\Users\Guilherme\AppData\Local\GMap.NET 2016-08-13 20:14 - 2016-08-13 20:16 - 00000000 ____D C:\Users\Guilherme\Downloads\Ele Nunca Morre 2016 WWW.BLUDV.COM 2016-08-13 20:10 - 2016-08-13 20:11 - 00000000 ____D C:\Users\Guilherme\Downloads\WWW.TORRENTDOSFILMES.COM - O Mestre da Guerra BluRay 1080p 2016-08-13 20:10 - 2016-08-13 20:11 - 00000000 ____D C:\Users\Guilherme\Downloads\WWW.TORRENTDOSFILMES.COM - O Mestre da Guerra 2 BluRay 1080p 2016-08-13 15:55 - 2016-08-13 16:01 - 00000000 ____D C:\Users\Guilherme\Downloads\Deus Não Está Morto 2 2016 Bluray 720p Dublado - WWW.THEPIRATEFILMES.COM 2016-08-13 15:48 - 2016-08-13 15:48 - 00000000 ____D C:\Users\Guilherme\Downloads\WWW.TORRENTDOSFILMES.COM - Um Espião e Meio 1080p 2016-08-10 02:21 - 2016-08-10 02:21 - 00000000 ____D C:\Users\Guilherme\Downloads\SU1C1D4.CAM.XviD.DUBLADO-TORRENTDOSFILMES.COM ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-11-08 11:27 - 2016-04-07 18:27 - 00000913 _____ C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {281746D3-5078-439C-A785-FAAB92C8D6F3}.job 2016-11-08 11:27 - 2016-04-07 18:27 - 00000727 _____ C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {281746D3-5078-439C-A785-FAAB92C8D6F3}.job 2016-11-08 11:21 - 2014-12-06 00:04 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Skype 2016-11-08 11:17 - 2015-11-28 16:05 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-11-08 11:10 - 2014-12-06 01:41 - 00000000 ____D C:\Users\Todos os Usuários\MFAData 2016-11-08 11:10 - 2014-12-06 01:41 - 00000000 ____D C:\ProgramData\MFAData 2016-11-08 11:07 - 2015-08-07 09:40 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-11-08 11:05 - 2015-06-21 23:13 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-11-08 11:05 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-08 08:06 - 2009-07-14 02:45 - 00009600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-08 08:06 - 2009-07-14 02:45 - 00009600 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-08 08:01 - 2015-06-21 23:13 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-08 08:01 - 2015-01-09 18:01 - 00000913 _____ C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {933653A9-CC7F-4A9E-8119-3B3B1D79C38D}.job 2016-11-08 08:01 - 2015-01-09 18:01 - 00000727 _____ C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {933653A9-CC7F-4A9E-8119-3B3B1D79C38D}.job 2016-11-08 01:36 - 2016-01-12 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-11-08 01:34 - 2016-01-12 16:57 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2016-11-08 01:34 - 2009-07-14 03:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-11-08 01:21 - 2016-01-12 16:57 - 00000000 ____D C:\Program Files\Autodesk 2016-11-07 22:55 - 2016-01-12 16:40 - 00000000 ____D C:\Autodesk 2016-11-07 21:55 - 2015-06-21 23:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-11-07 21:55 - 2015-06-21 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-11-07 17:27 - 2014-12-06 01:05 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-11-07 17:21 - 2009-07-14 00:34 - 00000478 _____ C:\Windows\win.ini 2016-11-07 17:04 - 2015-06-21 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-11-07 12:33 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\rescache 2016-11-05 16:20 - 2015-11-14 13:47 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-11-04 12:07 - 2015-06-18 18:28 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\uTorrent 2016-11-02 18:07 - 2016-01-24 23:31 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2016-11-02 17:32 - 2015-08-31 12:47 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\vlc 2016-11-02 12:16 - 2014-12-06 03:06 - 00141256 _____ C:\Users\Guilherme\AppData\Local\GDIPFONTCACHEV1.DAT 2016-11-02 12:13 - 2015-04-25 02:45 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-11-02 12:13 - 2015-04-25 02:45 - 00000000 ____D C:\ProgramData\Package Cache 2016-10-31 16:17 - 2015-12-15 11:12 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk 2016-10-31 16:17 - 2015-12-15 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen 2016-10-30 14:31 - 2009-07-14 02:45 - 00489872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-10-28 20:11 - 2016-01-12 17:12 - 00000000 ____D C:\Users\Guilherme\AppData\Local\Autodesk 2016-10-28 20:11 - 2016-01-12 16:44 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Autodesk 2016-10-28 20:09 - 2016-01-12 16:44 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk 2016-10-28 20:09 - 2016-01-12 16:44 - 00000000 ____D C:\ProgramData\Autodesk 2016-10-28 19:52 - 2009-07-29 13:58 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2016-10-28 19:52 - 2009-07-29 13:58 - 00147108 _____ C:\Windows\system32\prfc0416.dat 2016-10-28 19:52 - 2009-07-14 03:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2016-10-28 19:52 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2016-10-28 11:51 - 2014-12-06 03:07 - 00000000 ____D C:\Users\Guilherme\AppData\Local\Google 2016-10-28 01:17 - 2015-11-28 16:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-10-28 01:17 - 2015-11-28 16:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-10-28 01:17 - 2015-11-28 16:05 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-10-28 01:17 - 2015-11-28 16:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-10-28 01:17 - 2015-11-28 16:05 - 00000000 ____D C:\Windows\system32\Macromed 2016-10-26 01:03 - 2015-06-21 23:19 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-10-26 01:03 - 2015-06-21 23:19 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-21 01:31 - 2016-04-21 23:10 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-20 17:02 - 2014-12-06 03:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2016-10-20 16:49 - 2014-12-06 00:04 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-10-20 16:49 - 2014-12-06 00:04 - 00000000 ____D C:\ProgramData\Skype 2016-10-20 12:10 - 2016-01-24 23:35 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2016-10-20 12:06 - 2016-02-02 01:32 - 00000000 ____D C:\AeriaGames 2016-10-19 11:56 - 2014-12-05 22:53 - 00000000 ____D C:\Users\Guilherme 2016-10-19 11:55 - 2009-07-14 01:20 - 00000000 __RHD C:\Users\Public\Libraries 2016-10-12 08:59 - 2015-06-25 12:25 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-10-10 18:04 - 2016-04-25 18:59 - 00000000 ____D C:\Users\Todos os Usuários\AVG Web TuneUp 2016-10-10 18:04 - 2016-04-25 18:59 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2016-10-10 18:04 - 2016-04-25 18:58 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp ==================== Arquivos na raiz de alguns diretórios ======= 2016-08-21 23:20 - 2016-08-21 23:20 - 0000559 _____ () C:\Users\Guilherme\AppData\Local\Nox_crash.log 2015-05-02 21:01 - 2015-05-02 21:01 - 0260876 _____ (VuuPC Limited) C:\Users\Guilherme\AppData\Local\nsh2840.tmp 2015-06-15 01:23 - 2015-06-15 01:23 - 0628688 _____ (CMI Limited) C:\Users\Guilherme\AppData\Local\nsj9738.tmp 2015-05-02 22:03 - 2015-05-02 22:03 - 0628688 _____ (CMI Limited) C:\Users\Guilherme\AppData\Local\nsz6CEE.tmp 2015-02-11 02:15 - 2015-02-11 02:15 - 0000227 _____ () C:\ProgramData\bc.ini Alguns arquivos em TEMP: ==================== C:\Users\Guilherme\AppData\Local\Temp\AcDeltree.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_081055663997.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_081294527296.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_081344063777.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_081585476655.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_081694900683.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_081784322096.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_08191389143.exe C:\Users\Guilherme\AppData\Local\Temp\avguirn_08554209614.exe C:\Users\Guilherme\AppData\Local\Temp\BluestacksUninstaller.exe C:\Users\Guilherme\AppData\Local\Temp\HD-LibraryHandler.dll C:\Users\Guilherme\AppData\Local\Temp\HD-Logger-Native.dll C:\Users\Guilherme\AppData\Local\Temp\s3.exe C:\Users\Guilherme\AppData\Local\Temp\SkypeSetup.exe C:\Users\Guilherme\AppData\Local\Temp\_unps.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll [2009-07-13 21:38] - [2009-07-13 23:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E C:\Windows\SysWOW64\User32.dll [2014-12-06 01:17] - [2014-12-06 01:17] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356 C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-11-05 18:16 ==================== Fim de FRST.txt ============================