Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 12-01-2017 Executado por Eliane (administrador) em ELIANE-PC (12-01-2017 22:11:45) Executando a partir de C:\Users\Eliane\Desktop Perfis Carregados: Eliane (Perfis Disponíveis: Eliane) Platform: Windows 7 Home Premium (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: IE) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavSvc.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BHipsSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\FreePhotoViewer\1.0.0.7000079\FreePhotoViewerServ.exe () C:\Program Files (x86)\LitePDFReader\1.0.0.8000113\LitePDFReaderServ.exe () C:\Program Files (x86)\FreePhotoViewer\1.0.0.7000079\FreePhotoViewer.exe (Malwarebytes) C:\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files (x86)\LitePDFReader\1.0.0.8000113\LitePDFReader.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\bavhm.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (BitTorrent Inc.) C:\Users\Eliane\AppData\Roaming\BitTorrent\BitTorrent.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavTray.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (BitTorrent Inc.) C:\Users\Eliane\AppData\Roaming\BitTorrent\updates\7.9.9_43086\bittorrentie.exe (BitTorrent Inc.) C:\Users\Eliane\AppData\Roaming\BitTorrent\updates\7.9.9_43086\bittorrentie.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-06] (Realtek Semiconductor Corp.) HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavTray.exe [1997296 2016-01-25] (Baidu, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3389947125-4130275162-318697642-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3389947125-4130275162-318697642-1000\...\Run: [BitTorrent] => C:\Users\Eliane\AppData\Roaming\BitTorrent\BitTorrent.exe [2400456 2017-01-06] (BitTorrent Inc.) HKU\S-1-5-21-3389947125-4130275162-318697642-1000\...\MountPoints2: G - G:\LGAutoRun.exe HKU\S-1-5-21-3389947125-4130275162-318697642-1000\...\MountPoints2: {bfa28204-327a-11e6-b325-001fc69d798d} - I:\LGAutoRun.exe HKU\S-1-5-21-3389947125-4130275162-318697642-1000\...\MountPoints2: {f3480818-da49-11e5-b9ca-001fc69d798d} - F:\LGAutoRun.exe ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavShx64.dll [2016-01-25] (Baidu, Inc.) Startup: C:\Users\Eliane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2016-10-31] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Eliane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2540 series.lnk [2016-06-05] ShortcutTarget: Monitorar alertas de tinta - HP Deskjet 2540 series.lnk -> (Nenhum Arquivo) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{19EFC78C-5407-4F58-AF97-323EDB17614C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKU\S-1-5-21-3389947125-4130275162-318697642-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/?type=502468&fr=spigot-yhp-ie HKU\S-1-5-21-3389947125-4130275162-318697642-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3389947125-4130275162-318697642-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=BSR SearchScopes: HKU\S-1-5-21-3389947125-4130275162-318697642-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=BSR SearchScopes: HKU\S-1-5-21-3389947125-4130275162-318697642-1000 -> {C359C507-7C23-41B0-9FFB-BA6F6EBA152B} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-12-28] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: pvrozu2n.default FF ProfilePath: C:\Users\Eliane\AppData\Roaming\Mozilla\Firefox\Profiles\pvrozu2n.default [2017-01-12] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\pvrozu2n.default -> Yahoo! FF SelectedSearchEngine: Mozilla\Firefox\Profiles\pvrozu2n.default -> Yahoo! FF Keyword.URL: Mozilla\Firefox\Profiles\pvrozu2n.default -> hxxps://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=502468&p= FF Homepage: Mozilla\Firefox\Profiles\pvrozu2n.default -> hxxps://br.search.yahoo.com/?type=502468&fr=spigot-yhp-ff FF Homepage: Mozilla\Firefox\Profiles\pvrozu2n.default -> hxxp://br.hao123.com/?tn=sdkr_inner_hp_09_hao123_br&guid=7d275323b725e56890d71819973ba157 FF Homepage: Mozilla\Firefox\Profiles\pvrozu2n.default -> hxxp://br.hao123.com/?tn=sdkv_inner_hp_09_hao123_br&guid=7d275323b725e56890d71819973ba157 FF Extension: (Firefox Hotfix) - C:\Users\Eliane\AppData\Roaming\Mozilla\Firefox\Profiles\pvrozu2n.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-22] FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3389947125-4130275162-318697642-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eliane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxps://br.search.yahoo.com/?type=502468&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxps://www.google.com.br/" CHR Profile: C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default [2017-01-12] CHR Extension: (Google Drive) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-25] CHR Extension: (YouTube) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25] CHR Extension: (Adblock Plus) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26] CHR Extension: (Google Search) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-25] CHR Extension: (AdBlock) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30] CHR Extension: (NTabs) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhinokolmgnfenkflfinnjkgjgpdamao [2017-01-10] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-25] CHR Extension: (Chrome Media Router) - C:\Users\Eliane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavSvc.exe [2572928 2016-01-25] (Baidu, Inc.) S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdSandboxSrv64.exe [490528 2015-03-05] (Baidu, Inc.) R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BHipsSvc.exe [531232 2016-01-25] (Baidu, Inc.) S3 BsrSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BavAdvTools\128B4BEC-5D89-43AD-BAA8-207084AA0E4F\tool\BsrSvc.exe [3464504 2015-05-22] (Baidu, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation) R2 FreePhotoViewerService; C:\Program Files (x86)\FreePhotoViewer\1.0.0.7000079\FreePhotoViewerServ.exe [149608 2016-12-02] () R2 LitePDFReaderService; C:\Program Files (x86)\LitePDFReader\1.0.0.8000113\LitePDFReaderServ.exe [154216 2016-12-29] () U2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.) U3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdApiUtil64.sys [116936 2016-01-25] (Baidu, Inc.) R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-05-27] () U3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\BdCameraProtect64.sys [25032 2016-01-25] (Baidu, Inc.) S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu, Inc.) R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2016-01-25] (Baidu, Inc.) R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-01-25] (Baidu, Inc.) R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2016-01-25] (Baidu, Inc.) R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-01-25] (Baidu, Inc.) R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.147185.0\Bnmon64.sys [82376 2016-01-25] (Baidu, Inc.) R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [169416 2016-01-25] (Baidu, Inc.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-06] () R3 int0800; C:\Windows\System32\DRIVERS\flashud.sys [51712 2009-09-09] (Intel Corporation) R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-13] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider) R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.) U0 aswVmm; não ImagePath ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-12 22:11 - 2017-01-12 22:12 - 00017866 _____ C:\Users\Eliane\Desktop\FRST.txt 2017-01-12 22:11 - 2017-01-12 22:11 - 00000000 ____D C:\FRST 2017-01-12 22:08 - 2017-01-12 22:10 - 08932000 _____ (Solvusoft Corporation ) C:\Users\Eliane\Downloads\Setup_WinThruster_2016.exe 2017-01-12 22:07 - 2017-01-12 22:08 - 02419200 _____ (Farbar) C:\Users\Eliane\Desktop\FRST64.exe 2017-01-12 21:30 - 2017-01-12 21:47 - 00000000 ____D C:\Users\Eliane\Downloads\Virei um Gato 2016 WWW.BLUDV.COM 2017-01-12 21:21 - 2017-01-12 21:21 - 00000000 ____D C:\Users\Eliane\Downloads\Vizinhos.Nada.Secretos.2016.1080p.BluRay.ULTRAx264.DUAL-WWW.TORRENTDOSFILMES.COM 2017-01-12 21:20 - 2017-01-12 22:01 - 00000000 ____D C:\Users\Eliane\AppData\LocalLow\BitTorrent 2017-01-11 12:20 - 2017-01-11 12:20 - 02516452 _____ C:\Users\Eliane\Downloads\Facebook.html 2017-01-11 12:20 - 2017-01-11 12:20 - 00000000 ____D C:\Users\Eliane\Downloads\Facebook_files 2017-01-10 22:32 - 2017-01-12 21:21 - 00000000 ____D C:\Users\Eliane\Downloads\Tini - Depois de Violetta 720p (2016) Dual Áudio BluRay 5.1 -- By - Lucas Firmo 2017-01-10 22:32 - 2017-01-12 21:21 - 00000000 ____D C:\Users\Eliane\Downloads\Mark e Russell - Viajantes Inabilitados 720p (2017) Dual Áudio BluRay -- By - Lucas Firmo 2017-01-10 20:47 - 2017-01-12 21:21 - 00000000 ____D C:\Users\Eliane\Downloads\Teen Wolf 3ª Temporada - Parte I [2013 DUAL AUDIO] 720p 2017-01-10 14:09 - 2017-01-10 14:09 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2017-01-10 14:09 - 2017-01-10 14:09 - 00000286 __RSH C:\ProgramData\ntuser.pol 2017-01-09 22:00 - 2017-01-09 22:00 - 00772096 _____ C:\Users\Eliane\Downloads\pw clean - 1.0.6 - [atalhos].exe 2017-01-09 21:58 - 2017-01-09 21:58 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\pwclean 2017-01-09 09:50 - 2017-01-09 09:50 - 00412747 _____ C:\Users\Eliane\Downloads\Fatura (3).pdf 2017-01-09 09:49 - 2017-01-09 09:49 - 00412745 _____ C:\Users\Eliane\Downloads\Fatura (2).pdf 2017-01-08 20:06 - 2017-01-08 22:15 - 00000000 ____D C:\Users\Eliane\Downloads\A Entrevista (2015) - 5.1 CH Dublado 1080p (By-LuanHarper) 2017-01-07 14:03 - 2017-01-07 14:17 - 00000000 ____D C:\Users\Eliane\Downloads\A Saga Crepusculo Amanhecer Parte 1 (2011) BDrip 1080p Dublado - FSTPF 2017-01-07 14:01 - 2017-01-07 14:01 - 00000000 ____D C:\Users\Eliane\Downloads\Kite - Anjo da Vingança 2016 Bluray 1080p Dublado - TPF 2017-01-07 00:19 - 2017-01-07 00:19 - 00000000 ____D C:\Users\Eliane\Downloads\Sequestro na Ilha 2017 Bluray 1080p Dublado - TPF 2017-01-07 00:06 - 2017-01-06 23:52 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7C5B.tmp 2017-01-07 00:06 - 2017-01-06 23:51 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\asw76E8.tmp 2017-01-07 00:06 - 2017-01-06 23:51 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7BEC.tmp 2017-01-07 00:06 - 2017-01-06 23:50 - 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7EAC.tmp 2017-01-07 00:06 - 2017-01-06 23:50 - 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7B20.tmp 2017-01-07 00:06 - 2017-01-06 23:50 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7812.tmp 2017-01-07 00:06 - 2017-01-06 23:50 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7B8E.tmp 2017-01-07 00:06 - 2017-01-06 23:50 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\asw7AC1.tmp 2017-01-07 00:02 - 2017-01-07 00:02 - 00000000 ____D C:\Users\Eliane\AppData\Local\CEF 2017-01-06 23:52 - 2017-01-06 23:52 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\AVAST Software 2017-01-06 23:51 - 2017-01-06 23:51 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2017-01-06 23:51 - 2017-01-06 23:51 - 00000000 ____D C:\Program Files\Common Files\AV 2017-01-06 23:51 - 2017-01-06 23:50 - 00513496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.148375391824910 2017-01-06 23:51 - 2017-01-06 23:50 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148375392018412 2017-01-06 23:50 - 2017-01-06 23:50 - 00992960 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2017-01-06 23:50 - 2017-01-06 23:50 - 00969560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.148375391012207 2017-01-06 23:50 - 2017-01-06 23:50 - 00921280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2017-01-06 23:50 - 2017-01-06 23:50 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr 2017-01-06 23:48 - 2017-01-06 23:48 - 00002685 _____ C:\Users\Eliane\Desktop\BitTorrent.lnk 2017-01-06 23:48 - 2017-01-06 23:48 - 00002685 _____ C:\Users\Eliane\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2017-01-06 23:48 - 2017-01-06 23:48 - 00000000 ____D C:\Program Files\AVAST Software 2017-01-06 23:47 - 2017-01-06 23:47 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2017-01-06 23:47 - 2017-01-06 23:47 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-06 15:46 - 2017-01-06 15:46 - 00412745 _____ C:\Users\Eliane\Downloads\Fatura.pdf 2017-01-05 23:10 - 2017-01-11 14:07 - 00000000 ____D C:\Users\Eliane\Downloads\Originals 2017-01-05 12:50 - 2017-01-05 12:50 - 00412745 _____ C:\Users\Eliane\Downloads\Fatura (1).pdf 2017-01-04 18:11 - 2017-01-04 18:11 - 00000000 ____D C:\Users\Eliane\Downloads\O Contador 1080p Dublado WWW.TORRENTDOSFILMES.COM 2017-01-04 16:16 - 2017-01-04 16:17 - 00000000 ____D C:\Users\Eliane\Downloads\Mais Forte Que o Mundo a Historia de José Aldo 2016 WEBRip 720p Nacional - WWW.THEPIRATEFILMES.COM 2017-01-04 16:02 - 2017-01-04 16:02 - 00000000 ____D C:\Users\Eliane\Downloads\Velhos Tempos 2016 Bluray 720p Dublado - TPF 2017-01-04 15:18 - 2017-01-04 15:18 - 00000000 ____D C:\Program Files (x86)\LitePDFReader 2017-01-04 00:07 - 2017-01-12 12:46 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\FreePhotoViewer 2017-01-04 00:07 - 2017-01-04 15:19 - 00000000 ____D C:\Users\Todos os Usuários\tools 2017-01-04 00:07 - 2017-01-04 15:19 - 00000000 ____D C:\ProgramData\tools 2017-01-04 00:07 - 2017-01-04 00:07 - 00000000 ____D C:\Users\Public\Documents\Tools 2017-01-04 00:07 - 2017-01-04 00:07 - 00000000 ____D C:\Program Files (x86)\Tools 2017-01-04 00:07 - 2017-01-04 00:07 - 00000000 ____D C:\Program Files (x86)\FreePhotoViewer 2017-01-04 00:06 - 2017-01-04 00:06 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-12-24 22:09 - 2016-12-24 22:09 - 00000000 ____D C:\Users\Eliane\Downloads\Cantando de Galo 720p TORRENTDOSFILMES 2016-12-23 08:58 - 2016-12-23 08:58 - 00012715 _____ C:\Users\Eliane\Documents\Ingredientes bolo de coco gelado.docx 2016-12-21 23:35 - 2016-12-23 00:06 - 00000000 ____D C:\Users\Eliane\Downloads\Para Sempre Alice (2015) 5.1 CH Dublado 720p (By-LuanHarper) 2016-12-21 23:25 - 2016-12-21 23:25 - 00000000 ____D C:\Users\Eliane\Downloads\Perfeita é a Mãe 2016 Bluray 720p Dublado - TPF ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-01-12 22:12 - 2016-12-02 16:48 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\BitTorrent 2017-01-12 21:59 - 2009-07-14 03:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-01-12 21:59 - 2009-07-14 02:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-12 21:59 - 2009-07-14 02:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-12 16:35 - 2009-07-29 13:49 - 00705070 _____ C:\Windows\system32\prfh0416.dat 2017-01-12 16:35 - 2009-07-29 13:49 - 00146910 _____ C:\Windows\system32\prfc0416.dat 2017-01-12 16:35 - 2009-07-14 03:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2017-01-12 16:35 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\inf 2017-01-12 13:42 - 2016-01-25 15:43 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2017-01-12 13:42 - 2016-01-25 15:43 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-12 13:38 - 2016-01-25 15:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-01-12 13:08 - 2016-03-25 14:18 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\LitePDFReader 2017-01-11 15:04 - 2016-02-15 22:12 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\PhotoScape 2017-01-11 14:01 - 2016-02-15 22:13 - 00039936 ____H C:\Users\Eliane\Downloads\photothumb.db 2017-01-10 23:30 - 2016-01-25 15:41 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\vlc 2017-01-10 14:09 - 2009-07-14 01:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-01-08 18:45 - 2016-01-25 17:50 - 00000000 ____D C:\Users\Todos os Usuários\BavSvc_exe 2017-01-08 18:45 - 2016-01-25 17:50 - 00000000 ____D C:\ProgramData\BavSvc_exe 2017-01-07 19:14 - 2009-07-14 03:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-01-06 23:43 - 2016-02-10 22:48 - 00000000 ___SD C:\Users\Eliane\AppData\LocalLow\Temp 2017-01-05 22:55 - 2016-01-28 23:59 - 00000000 ____D C:\Users\Eliane\AppData\Roaming\Baidu 2017-01-05 22:55 - 2016-01-25 23:28 - 00005952 _____ C:\Windows\wininit.ini 2017-01-05 22:54 - 2016-01-28 23:59 - 00000000 ____D C:\Program Files (x86)\baidu 2017-01-05 22:51 - 2016-07-20 14:54 - 00000000 ____D C:\Users\Eliane\Downloads\imagens 2017-01-05 21:45 - 2016-01-28 23:55 - 00000000 ____D C:\Users\Eliane\AppData\Local\MiniService 2017-01-05 13:21 - 2015-01-21 14:14 - 00000000 ____D C:\Users\Eliane\Documents\Eliane 2016-12-30 14:50 - 2016-01-25 00:21 - 00000000 ___RD C:\Users\Eliane\Music 2016-12-26 00:13 - 2016-02-01 09:31 - 00000000 ____D C:\Users\Eliane\AppData\Local\Diagnostics 2016-12-26 00:12 - 2009-07-14 01:20 - 00000000 ____D C:\Windows\system32\NDF 2016-12-23 08:58 - 2016-01-25 00:21 - 00000000 ___RD C:\Users\Eliane\Documents 2016-12-18 00:38 - 2016-08-21 11:33 - 00524288 ___SH C:\Windows\system32\config\components{85d287e4-67a3-11e6-b40b-001fc69d798d}.TMContainer00000000000000000001.regtrans-ms 2016-12-16 22:19 - 2016-01-25 16:13 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-16 22:19 - 2016-01-25 16:13 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-14 21:26 - 2016-01-25 16:14 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-14 21:26 - 2016-01-25 16:14 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Arquivos na raiz de alguns diretórios ======= 2016-02-08 10:52 - 2016-02-08 10:52 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-02-01 20:32 - 2016-02-01 20:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll [2009-07-13 21:38] - [2016-01-25 00:25] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2009-07-13 21:24] - [2016-01-25 00:25] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2017-01-03 00:12 ==================== Fim de FRST.txt ============================