Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 05-03-2017
Executado por admin (administrador) em EVO-20150814-C (06-03-2017 13:07:13)
Executando a partir de C:\Users\admin\Downloads
Perfis Carregados: admin (Perfis Disponíveis: admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe
() C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000028\weather_free.exe
() C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [AutorunReload] => C:\Windows\Autoload.exe [48128 2015-08-14] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [uTorrent] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-03] (BitTorrent Inc.)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-26] (Spotify Ltd)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-26] (Spotify Ltd)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [BingSvc] => C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\MountPoints2: {9a45bec7-42a4-11e5-bc01-806e6f6e6963} - D:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-08] (AVAST Software)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 189.7.64.27 189.7.64.18
Tcpip\..\Interfaces\{232FC4E4-1BCF-4BE4-8734-486A68C8BE6E}: [DhcpNameServer] 189.7.64.27 189.7.64.18
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=pt-br
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
SearchScopes: HKU\S-1-5-21-1118349665-2160840418-995444062-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-08-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-08-14] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\04p6dekb.default [2017-03-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\04p6dekb.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\04p6dekb.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\04p6dekb.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\04p6dekb.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Homepage: Mozilla\Firefox\Profiles\04p6dekb.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=pt-br
hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\04p6dekb.default\searchplugins\bingp.xml [2017-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2013-06-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2013-06-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2015-08-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2015-08-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => Nenhum Arquivo
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => Nenhum Arquivo
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-03-06]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-1118349665-2160840418-995444062-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-08] (AVAST Software)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
R3 TermService; C:\Windows\System32\termsrv.dll [680960 2015-08-14] (Microsoft Corporation) [Arquivo não assinado]
R2 TheFreeWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe [156784 2016-08-11] ()
R2 ThevSnapshotService; C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe [152264 2016-12-24] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-06 13:07 - 2017-03-06 13:07 - 02423808 _____ (Farbar) C:\Users\admin\Downloads\FRST64 (1).exe
2017-03-06 13:05 - 2017-03-06 13:06 - 00026760 _____ C:\Users\admin\Downloads\Addition.txt
2017-03-06 13:04 - 2017-03-06 13:07 - 00015074 _____ C:\Users\admin\Downloads\FRST.txt
2017-03-06 13:04 - 2017-03-06 13:07 - 00000000 ____D C:\FRST
2017-03-06 13:04 - 2017-03-06 13:04 - 02423808 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2017-03-05 13:35 - 2017-03-05 13:35 - 14749120 _____ (Microsoft Corporation) C:\Users\admin\Downloads\vc_redist.x64.exe
2017-03-05 13:07 - 2017-03-05 13:07 - 02729024 _____ (DLL-Files.com Client ) C:\Users\admin\Downloads\clientsetup_fde-0.exe
2017-03-05 13:01 - 2017-03-05 13:01 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-05 13:01 - 2017-03-05 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-05 13:01 - 2017-03-05 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-05 13:00 - 2017-03-05 13:00 - 01631200 _____ (Skype Technologies S.A.) C:\Users\admin\Downloads\SkypeSetup (1).exe
2017-03-05 12:42 - 2017-03-05 12:42 - 01631200 _____ (Skype Technologies S.A.) C:\Users\admin\Downloads\SkypeSetup.exe
2017-03-05 12:41 - 2017-03-05 12:41 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-05 12:32 - 2017-03-05 13:37 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-05 12:32 - 2017-03-05 13:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-23 19:39 - 2017-02-23 16:52 - 00035784 _____ C:\Users\admin\Desktop\Legion.S01E03.HDTV.x264-SVA.srt
2017-02-23 19:38 - 2017-02-23 19:39 - 00094965 _____ C:\Users\admin\Downloads\legendas_tv_20170223165851000000.rar
2017-02-11 20:01 - 2017-02-11 20:01 - 00135234 _____ C:\Users\admin\Desktop\ContratoMatriculaPDF.pdf
2017-02-08 16:09 - 2017-02-08 16:09 - 00095298 _____ C:\Users\admin\Desktop\BoletoBancario (1).pdf
2017-02-04 11:01 - 2017-02-04 17:18 - 00000000 ____D C:\Users\admin\Downloads\Batman Assault on Arkham (2014) [1080p]
2017-02-04 11:01 - 2017-02-04 11:01 - 00012917 _____ C:\Users\admin\Downloads\Batman Assault on Arkham (2014) [1080p].1.torrent
2017-02-04 10:56 - 2017-02-04 10:56 - 00135740 _____ C:\Users\admin\Downloads\legendas_tv_20140808160529.rar
2017-02-01 09:39 - 2017-03-06 12:51 - 00000512 _____ C:\Windows\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}.job
2017-02-01 09:39 - 2017-02-01 09:39 - 00003614 _____ C:\Windows\System32\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\Users\Todos os Usuários\tools
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Tools
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\ProgramData\tools
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\Program Files (x86)\Tools
2017-02-01 09:38 - 2017-03-06 12:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\vSnapshot
2017-02-01 09:38 - 2017-02-01 09:38 - 00000000 ____D C:\Program Files (x86)\vSnapshot
2017-01-11 01:39 - 2017-01-23 22:26 - 00000000 ____D C:\Users\admin\Desktop\tatto projeto
2016-12-29 00:42 - 2017-01-03 10:20 - 00000000 ____D C:\Users\admin\Desktop\fotos galax 2016
2016-12-19 00:13 - 2016-12-19 00:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\AirDroid
2016-12-13 14:49 - 2016-12-13 14:50 - 00180229 _____ C:\Users\admin\Downloads\legendas_tv_20161213012714000000.rar
2016-12-12 17:25 - 2016-12-12 06:35 - 00042220 _____ C:\Users\admin\Downloads\The.Walking.Dead.S07E08.PROPER.HDTV.x264-KILLERS[eztv].srt
2016-12-12 15:22 - 2016-12-12 15:44 - 737428525 _____ C:\Users\admin\Downloads\The.Walking.Dead.S07E08.PROPER.HDTV.x264-KILLERS[eztv].mkv
2016-12-12 15:21 - 2016-12-12 15:21 - 00028273 _____ C:\Users\admin\Downloads\The.Walking.Dead.S07E08.PROPER.HDTV.x264-KILLERS[eztv].mkv.1.torrent
2016-12-12 15:16 - 2016-12-12 15:16 - 00207764 _____ C:\Users\admin\Downloads\legendas_tv_20161212074919000000.rar
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-06 13:07 - 2015-12-27 14:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2017-03-06 12:59 - 2009-07-14 01:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-06 12:59 - 2009-07-14 01:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-06 12:58 - 2010-11-21 06:37 - 00654470 _____ C:\Windows\system32\prfh0416.dat
2017-03-06 12:58 - 2010-11-21 06:37 - 00124922 _____ C:\Windows\system32\prfc0416.dat
2017-03-06 12:58 - 2009-07-14 02:13 - 01491932 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-06 12:58 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-03-06 12:53 - 2016-11-12 19:00 - 00000000 ____D C:\Users\admin\AppData\Local\Spotify
2017-03-06 12:53 - 2016-11-12 18:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
2017-03-06 12:52 - 2016-11-26 19:54 - 00000000 ____D C:\Users\admin\AppData\LocalLow\uTorrent
2017-03-06 12:52 - 2016-02-09 23:02 - 00000000 ___SD C:\Users\admin\AppData\LocalLow\Temp
2017-03-06 12:52 - 2015-08-14 14:46 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2017-03-06 12:51 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 12:50 - 2016-08-22 16:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\WeatherTool
2017-03-05 13:01 - 2015-08-14 14:27 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-05 13:01 - 2015-08-14 14:27 - 00000000 ____D C:\ProgramData\Skype
2017-03-05 12:32 - 2015-08-14 14:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2017-02-26 13:04 - 2015-08-14 14:52 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-02-26 13:01 - 2015-12-25 00:10 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2017-02-26 13:01 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-22 13:54 - 2015-12-27 15:52 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2017-02-14 23:20 - 2016-08-22 16:11 - 00000000 ____D C:\Users\admin\Documents\AirDroid
2017-02-13 12:57 - 2016-08-22 16:10 - 00001939 _____ C:\Users\Public\Desktop\AirDroid.lnk
2017-02-10 21:58 - 2016-10-17 20:29 - 00131829 _____ C:\Users\admin\Desktop\^249E6D69D67A499652C802D7215F110684941B9790A11989AC^pimgpsh_fullsize_distr.jpg
2017-02-06 22:17 - 2015-08-14 14:28 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 22:17 - 2015-08-14 14:28 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-05 14:27 - 2016-10-24 12:21 - 00000000 ____D C:\Users\admin\Desktop\alugue temporada
==================== Arquivos na raiz de alguns diretórios =======
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\Baidu Security
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\DealPly
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\Iminent
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\IminentToolbar
2015-08-14 14:05 - 2015-08-14 14:05 - 0509952 _____ () C:\ProgramData\DRV10.tmp
2015-08-14 14:11 - 2015-08-14 14:13 - 4721152 _____ (OEM) C:\ProgramData\E1010.tmp
Alguns arquivos em TEMP:
====================
2017-03-05 13:02 - 2017-03-05 13:03 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\BSvcProcessor.exe
2017-03-05 13:02 - 2017-03-05 13:02 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\BSvcUpdater.exe
2017-03-05 12:29 - 2017-03-05 12:30 - 56756184 _____ (Skype Technologies S.A.) C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
2017-03-05 12:44 - 2017-03-05 13:00 - 14456872 _____ (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\vc_redist.x86.exe
Alguns com tamanho de zero byte arquivos/pastas:
==========================
C:\Windows\System32\sysmgr.exe
C:\Windows\System32\system.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-03-04 12:51
==================== Fim de FRST.txt ============================
Executado por admin (administrador) em EVO-20150814-C (06-03-2017 13:07:13)
Executando a partir de C:\Users\admin\Downloads
Perfis Carregados: admin (Perfis Disponíveis: admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 9 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe
() C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.5000028\weather_free.exe
() C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [AutorunReload] => C:\Windows\Autoload.exe [48128 2015-08-14] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [uTorrent] => C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe [2143936 2017-02-03] (BitTorrent Inc.)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-26] (Spotify Ltd)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-26] (Spotify Ltd)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [BingSvc] => C:\Users\admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\...\MountPoints2: {9a45bec7-42a4-11e5-bc01-806e6f6e6963} - D:\setup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-08] (AVAST Software)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 189.7.64.27 189.7.64.18
Tcpip\..\Interfaces\{232FC4E4-1BCF-4BE4-8734-486A68C8BE6E}: [DhcpNameServer] 189.7.64.27 189.7.64.18
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=pt-br
HKU\S-1-5-21-1118349665-2160840418-995444062-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
SearchScopes: HKU\S-1-5-21-1118349665-2160840418-995444062-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-08-14] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-08-14] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\04p6dekb.default [2017-03-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\04p6dekb.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\04p6dekb.default -> Bing
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\04p6dekb.default -> Bing
FF Keyword.URL: Mozilla\Firefox\Profiles\04p6dekb.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
FF Homepage: Mozilla\Firefox\Profiles\04p6dekb.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=pt-br
hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=741d06bab4b49dcef29525e0f592ca27
FF SearchPlugin: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\04p6dekb.default\searchplugins\bingp.xml [2017-03-05]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\buscape.xml [2013-06-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolivre.xml [2013-06-18]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll [2015-08-14] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll [2015-08-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Nenhum Arquivo
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => Nenhum Arquivo
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => Nenhum Arquivo
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => Nenhum Arquivo
CHR Plugin: (Java Deployment Toolkit 7.0.550.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2017-03-06]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-1118349665-2160840418-995444062-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-08] (AVAST Software)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
R3 TermService; C:\Windows\System32\termsrv.dll [680960 2015-08-14] (Microsoft Corporation) [Arquivo não assinado]
R2 TheFreeWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.5000028\WeatherService.exe [156784 2016-08-11] ()
R2 ThevSnapshotService; C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe [152264 2016-12-24] ()
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R2 SoilIO; C:\Windows\System32\Drivers\SoilIO.sys [17912 2009-12-11] ()
R3 soilkbc; C:\Windows\System32\Drivers\soilkbc.sys [13816 2009-12-03] (Systems Internals)
R3 SoilMC; C:\Windows\System32\Drivers\SoilMC.sys [13304 2009-12-03] (Systems Internals)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-06 13:07 - 2017-03-06 13:07 - 02423808 _____ (Farbar) C:\Users\admin\Downloads\FRST64 (1).exe
2017-03-06 13:05 - 2017-03-06 13:06 - 00026760 _____ C:\Users\admin\Downloads\Addition.txt
2017-03-06 13:04 - 2017-03-06 13:07 - 00015074 _____ C:\Users\admin\Downloads\FRST.txt
2017-03-06 13:04 - 2017-03-06 13:07 - 00000000 ____D C:\FRST
2017-03-06 13:04 - 2017-03-06 13:04 - 02423808 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2017-03-05 13:35 - 2017-03-05 13:35 - 14749120 _____ (Microsoft Corporation) C:\Users\admin\Downloads\vc_redist.x64.exe
2017-03-05 13:07 - 2017-03-05 13:07 - 02729024 _____ (DLL-Files.com Client ) C:\Users\admin\Downloads\clientsetup_fde-0.exe
2017-03-05 13:01 - 2017-03-05 13:01 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-05 13:01 - 2017-03-05 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-05 13:01 - 2017-03-05 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-05 13:00 - 2017-03-05 13:00 - 01631200 _____ (Skype Technologies S.A.) C:\Users\admin\Downloads\SkypeSetup (1).exe
2017-03-05 12:42 - 2017-03-05 12:42 - 01631200 _____ (Skype Technologies S.A.) C:\Users\admin\Downloads\SkypeSetup.exe
2017-03-05 12:41 - 2017-03-05 12:41 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-05 12:32 - 2017-03-05 13:37 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-05 12:32 - 2017-03-05 13:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-23 19:39 - 2017-02-23 16:52 - 00035784 _____ C:\Users\admin\Desktop\Legion.S01E03.HDTV.x264-SVA.srt
2017-02-23 19:38 - 2017-02-23 19:39 - 00094965 _____ C:\Users\admin\Downloads\legendas_tv_20170223165851000000.rar
2017-02-11 20:01 - 2017-02-11 20:01 - 00135234 _____ C:\Users\admin\Desktop\ContratoMatriculaPDF.pdf
2017-02-08 16:09 - 2017-02-08 16:09 - 00095298 _____ C:\Users\admin\Desktop\BoletoBancario (1).pdf
2017-02-04 11:01 - 2017-02-04 17:18 - 00000000 ____D C:\Users\admin\Downloads\Batman Assault on Arkham (2014) [1080p]
2017-02-04 11:01 - 2017-02-04 11:01 - 00012917 _____ C:\Users\admin\Downloads\Batman Assault on Arkham (2014) [1080p].1.torrent
2017-02-04 10:56 - 2017-02-04 10:56 - 00135740 _____ C:\Users\admin\Downloads\legendas_tv_20140808160529.rar
2017-02-01 09:39 - 2017-03-06 12:51 - 00000512 _____ C:\Windows\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}.job
2017-02-01 09:39 - 2017-02-01 09:39 - 00003614 _____ C:\Windows\System32\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\Users\Todos os Usuários\tools
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Tools
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\ProgramData\tools
2017-02-01 09:39 - 2017-02-01 09:39 - 00000000 ____D C:\Program Files (x86)\Tools
2017-02-01 09:38 - 2017-03-06 12:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\vSnapshot
2017-02-01 09:38 - 2017-02-01 09:38 - 00000000 ____D C:\Program Files (x86)\vSnapshot
2017-01-11 01:39 - 2017-01-23 22:26 - 00000000 ____D C:\Users\admin\Desktop\tatto projeto
2016-12-29 00:42 - 2017-01-03 10:20 - 00000000 ____D C:\Users\admin\Desktop\fotos galax 2016
2016-12-19 00:13 - 2016-12-19 00:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\AirDroid
2016-12-13 14:49 - 2016-12-13 14:50 - 00180229 _____ C:\Users\admin\Downloads\legendas_tv_20161213012714000000.rar
2016-12-12 17:25 - 2016-12-12 06:35 - 00042220 _____ C:\Users\admin\Downloads\The.Walking.Dead.S07E08.PROPER.HDTV.x264-KILLERS[eztv].srt
2016-12-12 15:22 - 2016-12-12 15:44 - 737428525 _____ C:\Users\admin\Downloads\The.Walking.Dead.S07E08.PROPER.HDTV.x264-KILLERS[eztv].mkv
2016-12-12 15:21 - 2016-12-12 15:21 - 00028273 _____ C:\Users\admin\Downloads\The.Walking.Dead.S07E08.PROPER.HDTV.x264-KILLERS[eztv].mkv.1.torrent
2016-12-12 15:16 - 2016-12-12 15:16 - 00207764 _____ C:\Users\admin\Downloads\legendas_tv_20161212074919000000.rar
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-06 13:07 - 2015-12-27 14:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2017-03-06 12:59 - 2009-07-14 01:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-06 12:59 - 2009-07-14 01:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-06 12:58 - 2010-11-21 06:37 - 00654470 _____ C:\Windows\system32\prfh0416.dat
2017-03-06 12:58 - 2010-11-21 06:37 - 00124922 _____ C:\Windows\system32\prfc0416.dat
2017-03-06 12:58 - 2009-07-14 02:13 - 01491932 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-06 12:58 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-03-06 12:53 - 2016-11-12 19:00 - 00000000 ____D C:\Users\admin\AppData\Local\Spotify
2017-03-06 12:53 - 2016-11-12 18:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
2017-03-06 12:52 - 2016-11-26 19:54 - 00000000 ____D C:\Users\admin\AppData\LocalLow\uTorrent
2017-03-06 12:52 - 2016-02-09 23:02 - 00000000 ___SD C:\Users\admin\AppData\LocalLow\Temp
2017-03-06 12:52 - 2015-08-14 14:46 - 00000200 _____ C:\Windows\Tasks\AutoKMS.job
2017-03-06 12:51 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-06 12:50 - 2016-08-22 16:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\WeatherTool
2017-03-05 13:01 - 2015-08-14 14:27 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-05 13:01 - 2015-08-14 14:27 - 00000000 ____D C:\ProgramData\Skype
2017-03-05 12:32 - 2015-08-14 14:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2017-02-26 13:04 - 2015-08-14 14:52 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2017-02-26 13:01 - 2015-12-25 00:10 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2017-02-26 13:01 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2017-02-22 13:54 - 2015-12-27 15:52 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2017-02-14 23:20 - 2016-08-22 16:11 - 00000000 ____D C:\Users\admin\Documents\AirDroid
2017-02-13 12:57 - 2016-08-22 16:10 - 00001939 _____ C:\Users\Public\Desktop\AirDroid.lnk
2017-02-10 21:58 - 2016-10-17 20:29 - 00131829 _____ C:\Users\admin\Desktop\^249E6D69D67A499652C802D7215F110684941B9790A11989AC^pimgpsh_fullsize_distr.jpg
2017-02-06 22:17 - 2015-08-14 14:28 - 00002193 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 22:17 - 2015-08-14 14:28 - 00002181 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-05 14:27 - 2016-10-24 12:21 - 00000000 ____D C:\Users\admin\Desktop\alugue temporada
==================== Arquivos na raiz de alguns diretórios =======
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\Baidu Security
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\DealPly
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\Iminent
2015-08-14 14:26 - 2015-08-14 14:26 - 0000020 __RSH () C:\Program Files\IminentToolbar
2015-08-14 14:05 - 2015-08-14 14:05 - 0509952 _____ () C:\ProgramData\DRV10.tmp
2015-08-14 14:11 - 2015-08-14 14:13 - 4721152 _____ (OEM) C:\ProgramData\E1010.tmp
Alguns arquivos em TEMP:
====================
2017-03-05 13:02 - 2017-03-05 13:03 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\BSvcProcessor.exe
2017-03-05 13:02 - 2017-03-05 13:02 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\BSvcUpdater.exe
2017-03-05 12:29 - 2017-03-05 12:30 - 56756184 _____ (Skype Technologies S.A.) C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
2017-03-05 12:44 - 2017-03-05 13:00 - 14456872 _____ (Microsoft Corporation) C:\Users\admin\AppData\Local\Temp\vc_redist.x86.exe
Alguns com tamanho de zero byte arquivos/pastas:
==========================
C:\Windows\System32\sysmgr.exe
C:\Windows\System32\system.exe
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2017-03-04 12:51
==================== Fim de FRST.txt ============================