Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Isanalyze.com adware infection?

adware isanalyze malware removal

  • This topic is locked This topic is locked

#1
SamStencil

SamStencil

    Member

  • Member
  • PipPip
  • 42 posts

Hello people!

I'm having another issue with another computer here at home :/

 

It's been a week and a half, my computer (runs windows 8.1) is kinda working strangely whats concerning the connection at around midnight, the usb wi-fi adapter is simply not recognized, so I have to sometimes pull it out and then in again so it will work.

Sometimes when I click something it wont work the first time, so that I have to click twice, three times, sometimes more, so it works.

And then today I just realized in a page I used to normally visit, when I click the search engine in it, it opens up an isanalyze link.

 

I googled it and it showed it is an adware issue, and I don't know if the two first problems have anything to do with that, but I just think it's weird that they are all happening at the same time, right?

 

Could anybody lend me a hand?

 

Thanks!


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
SamStencil

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Hi zep516!
Thanks for answering.
 

Following the FRST.txt (It's in portuguese, I hope there's no problem)

------

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 21-08-2016 01
Executado por Sâmia (administrador) em FRANK (25-08-2016 20:33:36)
Executando a partir de C:\Users\Sâmia\Desktop
Perfis Carregados: Sâmia (Perfis Disponíveis: Sâmia)
Platform: Windows 8.1 Pro (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) D:\Adobe Collection\Acrobat 10.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Hammer & Chisel, Inc.) C:\Users\Sâmia\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Sâmia\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Sâmia\AppData\Local\Discord\app-0.0.296\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registro (Whitelisted) ===========================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6603520 2016-06-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => D:\Adobe Collection\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Adobe Collection\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-23] (Dropbox, Inc.)
HKU\S-1-5-21-3829250189-3500746750-2784270290-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3829250189-3500746750-2784270290-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-3829250189-3500746750-2784270290-1001\...\Run: [GoogleChromeAutoLaunch_B066F74780E55CE6F72F236F30256F57] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1152840 2016-08-02] (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-18] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Tcpip\Parameters: [DhcpNameServer] 201.6.2.89 201.6.2.179
Tcpip\..\Interfaces\{07225615-874D-4087-AC5B-C0690520C127}: [DhcpNameServer] 201.6.2.89 201.6.2.179
Tcpip\..\Interfaces\{0E8615B2-051F-4D5B-964C-8AA3C28E0E9D}: [DhcpNameServer] 201.6.2.89 201.6.2.179
 
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-06-18] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-06-18] (AVAST Software)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> D:\VLC Media Player\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> D:\VLC Media Player\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\VLC Media Player\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> D:\Adobe Collection\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-18]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - D:\Adobe Collection\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Adobe Collection\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-06-19] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
 
Chrome: 
=======
CHR DefaultSearchURL: Profile 1 -> chrome-extension://klbibkeccnjlkjkiokjodocebajanakg/suspended.html#uri=hxxp://cronologiadoacaso.com.br/2016/07/24/como-e-por-onde-comecar-a-estudar-cinema/
CHR Profile: C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]
CHR Extension: (Google Docs) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]
CHR Extension: (Google Drive) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
CHR Extension: (YouTube) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
CHR Extension: (Adblock Plus) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (Avast SafePrice) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-17]
CHR Extension: (Planilhas do Google) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]
CHR Extension: (Documentos Google off-line) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18]
CHR Extension: (Avast Online Security) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-19]
CHR Extension: (Pinterest Save Button) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-07-19]
CHR Extension: (The Great Suspender) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-08-17]
CHR Extension: (Hangouts do Google) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-08-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
CHR Extension: (Gmail) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
CHR Extension: (Chrome Media Router) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
CHR Profile: C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Apresentações) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-25]
CHR Extension: (Google Docs) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-25]
CHR Extension: (Google Drive) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-25]
CHR Extension: (YouTube) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-25]
CHR Extension: (Adblock Plus) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-25]
CHR Extension: (Planilhas do Google) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-25]
CHR Extension: (Documentos Google off-line) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (Pinterest Save Button) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-08-25]
CHR Extension: (The Great Suspender) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-08-25]
CHR Extension: (Hangouts do Google) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-08-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-25]
CHR Extension: (Gmail) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-25]
CHR Extension: (Chrome Media Router) - C:\Users\Sâmia\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-06-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-18]
 
==================== Serviços (Whitelisted) ========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-18] (AVAST Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-20] (Dropbox, Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [Arquivo não assinado]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23808 2016-06-02] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-18] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-18] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [101376 2016-06-02] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S4 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-06-18] (Basil Projects)
S2 SADP_NPF; \??\D:\npf64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2016-08-25 20:33 - 2016-08-25 20:33 - 00020101 _____ C:\Users\Sâmia\Desktop\FRST.txt
2016-08-25 20:32 - 2016-08-25 20:33 - 00000000 ____D C:\FRST
2016-08-25 20:32 - 2016-08-25 20:32 - 02396160 _____ (Farbar) C:\Users\Sâmia\Desktop\FRST64.exe
2016-08-25 02:31 - 2016-08-25 02:31 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome
2016-08-24 21:27 - 2016-08-24 21:27 - 00010648 _____ C:\Users\Sâmia\Downloads\Gone_Girl_(2014)_720p_BrRip_x264_-_YIFY.torrent
2016-08-23 21:55 - 2016-08-23 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-23 20:28 - 2016-08-24 23:36 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\discord
2016-08-23 20:28 - 2016-08-24 23:29 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-08-23 20:28 - 2016-08-24 23:29 - 00000000 ____D C:\Users\Sâmia\AppData\Local\Discord
2016-08-23 20:28 - 2016-08-23 20:28 - 00000000 ____D C:\Users\Sâmia\AppData\Local\SquirrelTemp
2016-08-23 20:25 - 2016-08-23 20:28 - 50899640 _____ (Hammer & Chisel, Inc.) C:\Users\Sâmia\Downloads\DiscordSetup.exe
2016-08-20 00:39 - 2016-08-20 00:39 - 00136912 _____ C:\Users\Sâmia\Downloads\boleto.pdf
2016-08-18 20:59 - 2016-08-18 21:17 - 00000000 ____D C:\Users\Sâmia\Downloads\Stranger Series
2016-08-17 21:53 - 2016-08-17 21:54 - 59842687 _____ C:\Users\Sâmia\Downloads\Tree.of.Savior.Addon.Manager-win32-ia32.zip
2016-08-13 17:30 - 2016-08-13 17:30 - 00025639 _____ C:\Users\Sâmia\Downloads\the.double.(2013).pob.1cd.(5798713).zip
2016-08-12 23:02 - 2016-08-12 23:02 - 00021445 _____ C:\Users\Sâmia\Downloads\The_Truth_About_Emanuel_2013_BRRip_XviD_MP3-RARBG.torrent
2016-08-12 22:58 - 2016-08-12 22:58 - 00026610 _____ C:\Users\Sâmia\Downloads\Honeymoon_2014_BRRip_XviD_AC3-RARBG.torrent
2016-08-12 22:12 - 2016-08-12 22:12 - 00020117 _____ C:\Users\Sâmia\Downloads\The_Crow_4_-_Wicked_Prayer_(Action_2005)_720p_BrRip.torrent
2016-08-12 22:05 - 2016-08-12 22:05 - 00024969 _____ C:\Users\Sâmia\Downloads\The_Crow_1994_720p_BluRay_H264_AAC-RARBG.torrent
2016-08-12 21:59 - 2016-08-12 21:59 - 00022485 _____ C:\Users\Sâmia\Downloads\Young_Adam_2003_BRRip_XviD_MP3-RARBG.torrent
2016-08-11 19:54 - 2016-08-11 19:54 - 00015680 _____ C:\Users\Sâmia\Downloads\Batman_Mask_Of_The_Phantasm_(1993)_x264_576p_HDRiP_{Dual_Audio}_[Hindi_2.0_-_English_2.0]-DREDD.torrent
2016-08-03 20:39 - 2016-08-03 20:50 - 00001456 _____ C:\Users\Sâmia\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-07-31 16:53 - 2016-07-31 16:53 - 00000000 ___RD C:\Users\Sâmia\Documents\Scanned Documents
2016-07-31 16:53 - 2016-07-31 16:53 - 00000000 ____D C:\Users\Sâmia\Documents\Fax
2016-07-29 19:41 - 2016-07-29 19:42 - 312297650 _____ C:\Users\Sâmia\Desktop\Sakura Card Captors Episodio 1.avi
2016-07-28 21:43 - 2016-07-28 21:43 - 00000000 ____D C:\Users\Sâmia\AppData\Local\Sony
2016-07-26 21:20 - 2016-07-26 21:20 - 06906002 _____ C:\Users\Sâmia\Documents\SAM_animatoons_09.wav
2016-07-26 21:09 - 2016-07-26 21:23 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\Audacity
2016-07-26 21:09 - 2016-07-26 21:09 - 00000560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-07-26 21:09 - 2016-07-26 21:09 - 00000000 ____D C:\Users\Sâmia\AppData\Local\Audacity
2016-07-26 21:08 - 2016-07-26 21:08 - 26496761 _____ (Audacity Team ) C:\Users\Sâmia\Downloads\audacity-win-2.1.2.exe
2016-07-26 19:17 - 2016-07-26 19:18 - 00000000 ____D C:\AOC
2016-07-26 19:15 - 2016-07-26 19:15 - 00059928 _____ C:\Users\Sâmia\Downloads\drivers_serie_70.zip
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2016-08-25 20:26 - 2016-06-18 12:50 - 00000000 __SHD C:\Users\Sâmia\AppData\LocalLow\EmieUserList
2016-08-25 20:26 - 2016-06-18 12:50 - 00000000 __SHD C:\Users\Sâmia\AppData\LocalLow\EmieSiteList
2016-08-25 20:12 - 2016-06-18 12:57 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-25 20:04 - 2016-06-20 23:59 - 00001030 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-25 18:12 - 2016-06-18 12:57 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-25 17:54 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2016-08-25 16:46 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
2016-08-25 13:19 - 2016-06-18 00:46 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3829250189-3500746750-2784270290-1001
2016-08-25 11:58 - 2016-06-20 23:59 - 00001026 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-25 02:46 - 2016-06-18 13:56 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\Skype
2016-08-25 02:40 - 2016-06-22 18:56 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\uTorrent
2016-08-24 21:45 - 2016-06-22 19:41 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\vlc
2016-08-23 21:55 - 2016-06-20 23:59 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-23 18:13 - 2016-06-19 11:48 - 00000000 ____D C:\Users\Sâmia\AppData\Local\Battle.net
2016-08-18 16:54 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2016-08-17 17:21 - 2016-07-03 19:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-17 17:13 - 2016-06-18 13:47 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-08-10 17:12 - 2016-06-18 12:58 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 12:10 - 2014-03-18 07:33 - 01707228 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-08 12:10 - 2014-03-18 06:45 - 00737880 _____ C:\Windows\system32\prfh0416.dat
2016-08-08 12:10 - 2014-03-18 06:45 - 00150516 _____ C:\Windows\system32\prfc0416.dat
2016-08-05 18:24 - 2016-06-18 13:47 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-03 20:40 - 2016-06-18 12:50 - 00000000 __SHD C:\Users\Sâmia\AppData\Local\EmieUserList
2016-08-03 20:40 - 2016-06-18 12:50 - 00000000 __SHD C:\Users\Sâmia\AppData\Local\EmieSiteList
2016-08-03 20:38 - 2014-03-18 08:28 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\Adobe
2016-08-02 21:50 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-02 18:38 - 2016-06-18 13:47 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.147043227518701
2016-07-28 22:06 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\PLA
2016-07-28 21:43 - 2016-07-11 21:42 - 00000000 ____D C:\Users\Sâmia\AppData\Roaming\Sony
2016-07-28 18:07 - 2016-06-18 12:57 - 00004060 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 18:07 - 2016-06-18 12:57 - 00003824 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 18:21 - 2016-06-18 13:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-27 18:21 - 2016-06-18 13:56 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-07-27 18:21 - 2016-06-18 13:56 - 00000000 ____D C:\ProgramData\Skype
2016-07-26 19:19 - 2013-08-22 10:25 - 00262144 ___SH C:\Windows\system32\config\BBI
 
==================== Arquivos na raiz de alguns diretórios =======
 
2016-08-03 20:39 - 2016-08-03 20:50 - 0001456 _____ () C:\Users\Sâmia\AppData\Local\Adobe Save for Web 13.0 Prefs
 
==================== Bamital & volsnap =================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
 
LastRegBack: 2016-08-19 13:54
 
==================== Fim de FRST.txt ============================
 
 
 
And the Addition.txt
---
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 21-08-2016 01
Executado por Sâmia (25-08-2016 20:34:03)
Executando a partir de C:\Users\Sâmia\Desktop
Windows 8.1 Pro (Update) (X64) (2014-03-18 11:27:58)
Modo da Inicialização: Normal
==========================================================
 
 
==================== Contas: =============================
 
Administrador (S-1-5-21-3829250189-3500746750-2784270290-500 - Administrator - Disabled)
Convidado (S-1-5-21-3829250189-3500746750-2784270290-501 - Limited - Disabled)
Sâmia (S-1-5-21-3829250189-3500746750-2784270290-1001 - Administrator - Enabled) => C:\Users\Sâmia
 
==================== Central de Segurança ========================
 
(Se uma entrada for incluída na fixlist, será removida.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Programas Instalados ======================
 
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
 
µTorrent (HKU\S-1-5-21-3829250189-3500746750-2784270290-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Affinity Designer Public Beta (HKLM\...\{2BF745E5-0956-40DF-AE8F-81A95AC24DA7}) (Version: 1.5.0.4 - Serif)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
Awesomenauts (HKLM\...\Steam App 204300) (Version:  - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0602.1651.28487 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse)
Discord (HKU\S-1-5-21-3829250189-3500746750-2784270290-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.43.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
NVIDIA PhysX v8.09.04 (HKLM-x32\...\{A7E07C2B-2220-4415-87E3-784D5814BC93}) (Version: 8.09.04 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PewDiePie: Legend of the Brofist (HKLM\...\Steam App 390520) (Version:  - Outerminds Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Relic Hunters Zero (HKLM\...\Steam App 382490) (Version:  - Rogue Snail)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Slender: The Arrival (HKLM\...\Steam App 252330) (Version:  - Blue Isle Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
To the Moon (HKLM\...\Steam App 206440) (Version:  - Freebird Games)
Transistor (HKLM\...\Steam App 237930) (Version:  - Supergiant Games)
Tree of Savior (English Ver.) (HKLM\...\Steam App 372000) (Version:  - IMCGAMES Co.,Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.0 (HKLM\...\VulkanRT1.0.11.0) (Version: 1.0.11.0 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Exame Personalizado CLSID (Whitelisted): ==========================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Tarefas Agendadas (Whitelisted) =============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
Task: {0970DB51-220C-4024-B745-0257237480AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {12DC4638-7B97-4D9E-BC3F-1CF421096737} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-06-02] (Advanced Micro Devices, Inc.)
Task: {14B17A21-B4D6-4B08-92D9-D53661D4E318} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {27C4FC57-54F5-4E88-98A2-11C29453128C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-18] (AVAST Software)
Task: {5059EA28-68A7-4D19-9979-1A21CE27A4C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
Task: {90000C45-5D51-4831-B7BD-422C1A6F5964} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-20] (Dropbox, Inc.)
Task: {93E79D31-D839-47D3-82CC-45767F7E01F3} - System32\Tasks\SafeZone scheduled Autoupdate 1466268627 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
Task: {9903A445-4472-4F8B-BF79-C184C21C9DDE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-20] (Dropbox, Inc.)
Task: {CDAC3860-E28B-4ECE-9CC6-72653D58C4C7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-18] (AVAST Software)
Task: {DDD83EF9-254B-4046-A3E2-872ABFD7ED85} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
 
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Atalhos =============================
 
(As entradas podem ser listadas para serem restauradas ou removidas.)
 
ShortcutWithArgument: C:\Users\Sâmia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Hangouts do Google.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Sâmia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Módulos Carregados (Whitelisted) ==============
 
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-08-10 17:12 - 2016-08-02 20:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-10 17:12 - 2016-08-02 20:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-03-11 17:31 - 2016-03-11 17:31 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1046.dll
2016-06-18 13:47 - 2016-06-18 13:47 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-06-18 13:47 - 2016-06-18 13:47 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-02 18:33 - 2016-08-02 18:33 - 03002880 _____ () C:\Program Files\AVAST Software\Avast\defs\16080201\algo.dll
2016-06-18 13:47 - 2016-06-18 13:47 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-06-18 13:47 - 2016-06-18 13:47 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-03 18:05 - 2016-08-03 18:05 - 03004416 _____ () C:\Program Files\AVAST Software\Avast\defs\16080301\algo.dll
2016-08-25 20:03 - 2016-08-25 20:03 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082505\algo.dll
2016-06-18 13:47 - 2016-06-18 13:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-21 00:02 - 2016-07-11 23:07 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-23 21:55 - 2016-07-11 23:07 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-23 21:55 - 2016-07-11 23:07 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-23 21:55 - 2016-07-11 23:07 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-21 00:02 - 2016-07-11 23:07 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-06-21 00:02 - 2016-07-11 23:07 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-06-21 00:02 - 2016-08-23 20:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-06-21 00:02 - 2016-07-11 23:07 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-21 00:02 - 2016-07-11 23:07 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-04 19:10 - 2016-08-23 20:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 19:10 - 2016-08-23 20:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-08-23 21:55 - 2016-07-11 23:07 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-23 21:55 - 2016-07-11 23:09 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-06-21 00:02 - 2016-08-23 20:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-21 00:02 - 2016-08-23 20:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-21 00:02 - 2016-08-23 20:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-06-21 00:02 - 2016-08-23 20:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-21 00:02 - 2016-07-11 23:07 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-04 19:10 - 2016-07-11 23:08 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-06-21 00:02 - 2016-08-23 20:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-06-21 00:02 - 2016-08-23 20:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-23 21:55 - 2016-07-11 23:09 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-23 21:55 - 2016-08-23 20:17 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-23 21:55 - 2016-08-23 20:17 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-21 00:02 - 2016-07-11 23:07 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-04 19:10 - 2016-08-23 20:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-06-21 00:02 - 2016-07-11 23:09 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-04 19:10 - 2016-08-23 20:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-23 21:55 - 2016-08-23 20:17 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-08-24 23:29 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Sâmia\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-24 23:36 - 2016-08-24 23:36 - 01050296 _____ () \\?\C:\Users\Sâmia\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-24 23:36 - 2016-08-24 23:36 - 03793080 _____ () \\?\C:\Users\Sâmia\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-24 23:36 - 2016-08-24 23:36 - 00894136 _____ () \\?\C:\Users\Sâmia\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-24 23:36 - 2016-08-24 23:36 - 01119416 _____ () \\?\C:\Users\Sâmia\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-24 23:29 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Sâmia\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-24 23:29 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Sâmia\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-08-25 17:59 - 2016-08-25 17:59 - 00170496 _____ () \\?\C:\Users\Sâmia\AppData\Local\Temp\2EC9.tmp.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
 
==================== Modo de Segurança (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
 
 
==================== Associação (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
 
 
==================== Internet Explorer confiável/restrito ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro.)
 
 
==================== Hosts Conteúdo: ===============================
 
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
 
2013-08-22 10:25 - 2013-08-22 10:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Outras Áreas ============================
 
(Atualmente não há nenhuma correção automática para esta seção.)
 
HKU\S-1-5-21-3829250189-3500746750-2784270290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sâmia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 201.6.2.89 - 201.6.2.179
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
 
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
 
(Atualmente não há nenhuma correção automática para esta seção.)
 
 
==================== Regras do Firewall (Whitelisted) ===============
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BA4D5914-7FD7-4F16-A0FA-FA12C7458D24}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{71C26B77-9718-4CE3-9704-0F7BF8A972E5}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{CE79A663-0AD0-48CA-9DF1-D6D83C926D13}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{4755AD27-5745-4383-8094-6A2D73E3B209}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{77F481E2-7B64-4278-8CBD-F8527BCE216F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{CADE9DCD-41A2-4057-B28E-5F0DAD6014BB}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{84CC6A00-7CD5-4E9E-9803-20513FF0DD86}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{82A8FB11-48CE-48FD-A00D-E1A03F064598}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{484AD646-2CDA-4961-B73A-7724B700B4E2}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D72F189-3745-41FA-A7F1-31957ECE27BE}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{DF5DE3D9-03F8-4A66-B31D-E79E5FA25131}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{4F4D121F-0EBE-4F7D-B659-CA851E88F8F3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{327B5BB8-830D-4BFB-A55C-0770A37DDEDA}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B645D703-D9EB-46B7-8DB5-E36FF6ADC4BE}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{F1CA4505-3B8B-41E3-9583-35799D660EB6}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7CEA44E1-A43E-4FF7-9CDA-6089D07322B5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1884FC94-9CDF-43A5-BB03-29058509E33A}] => (Allow) D:\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{A1343403-8C4B-4346-AAB9-92FA740EEC84}] => (Allow) D:\Steam\steamapps\common\Relic Hunters Zero\RelicHuntersZero.exe
FirewallRules: [{AE801869-BCB4-481B-B9E3-2740B2409000}] => (Allow) D:\Steam\steamapps\common\PewDiePie Legend of the Brofist\PewDiePieLegendOfTheBrofist.exe
FirewallRules: [{DB64F170-3034-4189-8C84-CA9E2D727F3A}] => (Allow) D:\Steam\steamapps\common\PewDiePie Legend of the Brofist\PewDiePieLegendOfTheBrofist.exe
FirewallRules: [{B33DAB71-BC23-4631-B35B-0F35F7976DDC}] => (Allow) LPort=1688
FirewallRules: [{4F7AFFA1-17A8-4BE5-B13D-5CE8585320D1}] => (Allow) C:\Users\Sâmia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EE7A2DAF-817D-4A67-9846-D5D2BB58EBA0}] => (Allow) C:\Users\Sâmia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C087A7C-E912-4664-8CEB-4EA48742D1AD}] => (Allow) C:\Users\Sâmia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6F93E60E-03CF-4D67-B036-C9FBB1609104}] => (Allow) C:\Users\Sâmia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6564297F-E644-462E-B48D-57ACA2FF3FF5}] => (Allow) C:\Users\Sâmia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0A0CD037-2546-4ADF-9915-C824E4A6135C}] => (Allow) C:\Users\Sâmia\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C144B2A4-260B-48F3-8E86-0678FA64E13B}D:\battle.net\games\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\games\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1C4C7FA4-F9FD-4D19-A3D6-E95977A75263}D:\battle.net\games\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\games\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [{F8AABD58-4A4B-4BBE-88AC-C24782D52F8E}] => (Allow) D:\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{351E0093-5FFD-453D-B4B7-5F57EE288838}] => (Allow) D:\Steam\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{EB8436B1-D157-4B2E-8804-3E926A31D8F5}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{AE8CBD86-6455-4A09-A5C3-4BDFCB05DB82}] => (Allow) D:\Steam\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [TCP Query User{73E254E7-0328-49D4-9567-1D941F1A68E4}D:\cms.exe] => (Allow) D:\cms.exe
FirewallRules: [UDP Query User{5EC408FF-E4A2-4137-B02B-66EE7D764079}D:\cms.exe] => (Allow) D:\cms.exe
FirewallRules: [{92BD84C8-8719-454F-A1B1-DE45144B45D5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{CAFC1842-C40E-430A-BBB4-AEDAAA048B5B}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{D77629D8-EE06-4AE3-A95A-8497B4E47195}D:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) D:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{DF0BC9CC-1FFF-47B4-AD38-E80EB01CBF2D}D:\battle.net\games\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\games\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{BDCC4DEA-5414-4012-891E-BA19FCC310ED}D:\battle.net\games\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe] => (Allow) D:\battle.net\games\heroes of the storm\versions\base45228\heroesofthestorm_x64.exe
FirewallRules: [{F2C76AB2-009D-42E0-B9DD-1587AA088785}] => (Allow) D:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{85B25FF8-3C90-449E-8441-DA6707113C4C}] => (Allow) D:\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{8987AFD2-A52C-4B84-8C55-45E5D40B0DB4}] => (Allow) D:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{562B26BB-4AEA-46A5-BDB4-0D04576A0A8D}] => (Allow) D:\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{097373C6-F2AE-428E-A6EF-877E14EA5087}] => (Allow) D:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{C7275F6E-C6E9-44FF-A635-FA6B31E4DD4D}] => (Allow) D:\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{405CA752-6A1D-4AD2-8C2E-62A3421D7C0A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Pontos de Restauração =========================
 
07-08-2016 09:34:52 Ponto de Verificação Agendado
16-08-2016 17:57:18 Ponto de Verificação Agendado
18-08-2016 16:03:52 DirectX instalado
 
==================== Dispositivos Apresentando Falhas No Gerenciador =============
 
 
==================== Erros no Log de eventos: =========================
 
Erros em Aplicativos:
==================
Error: (08/25/2016 01:19:46 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume Reservado pelo Sistema não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (08/25/2016 11:54:05 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/24/2016 09:34:43 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/23/2016 01:46:43 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/20/2016 04:26:36 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/20/2016 02:01:59 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/20/2016 07:31:37 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/19/2016 05:01:19 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (08/19/2016 02:08:36 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume Reservado pelo Sistema não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
Error: (08/19/2016 01:54:10 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: O volume Reservado pelo Sistema não foi otimizado porque houve um erro: Parâmetro incorreto. (0x80070057)
 
 
Erros de Sistema:
=============
Error: (08/25/2016 01:20:41 PM) (Source: DCOM) (EventID: 10010) (User: Frank)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/25/2016 01:20:11 PM) (Source: DCOM) (EventID: 10010) (User: Frank)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (08/25/2016 02:43:52 AM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT)
Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10.
 
Error: (08/25/2016 02:24:39 AM) (Source: usbehci) (EventID: 4) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.
 
Error: (08/24/2016 09:29:47 PM) (Source: Schannel) (EventID: 4120) (User: AUTORIDADE NT)
Description: Um alerta fatal foi gerado e enviado ao ponto de extremidade remoto. Isso pode resultar no término da conexão. O código de erro fatal definido do protocolo TLS é 10. O estado de erro do Windows SChannel é 10.
 
Error: (08/24/2016 09:50:04 AM) (Source: DCOM) (EventID: 10010) (User: Frank)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (08/24/2016 09:49:34 AM) (Source: DCOM) (EventID: 10010) (User: Frank)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (08/23/2016 11:58:03 PM) (Source: usbehci) (EventID: 4) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.
 
Error: (08/23/2016 07:33:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Steam Client Service devido ao seguinte erro: 
%%1053 = O serviço não respondeu à requisição de início ou controle em tempo hábil.
 
Error: (08/23/2016 07:33:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Steam Client Service.
 
 
==================== Informações da Memória =========================== 
 
Processador: AMD FX™-6300 Six-Core Processor 
Percentagem de memória em uso: 35%
RAM física total: 8174.11 MB
RAM física disponível: 5280.7 MB
Virtual Total: 10126.11 MB
Virtual disponível: 5405.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.45 GB) (Free:71.35 GB) NTFS
Drive d: (HD Slave) (Fixed) (Total:931.51 GB) (Free:746.36 GB) NTFS
 
==================== MBR & Tabela de Partições ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 5509673C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58BDA1F8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== Fim de Addition.txt ============================

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Do you know what this is,

C:\Program Files\KMSpico\Service_KMS.exe
  • 0

#5
SamStencil

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

Hey there,

 

It's supposed to be the program that activates Windows 8.1. My version is not original so it was used to activate it, as far as I know.

Avast also always warns about that but I was told it was normal if it shows there.


Edited by SamStencil, 25 August 2016 - 05:57 PM.

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
My version is not original

Windows activates by paying Microsoft for it


Where did you get the windows version from ?
  • 0

#7
SamStencil

SamStencil

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

I believe the person who built the machine for me had it downloaded :/ I have no idea where from.

But of course, since it's like that, as soon as I get a better payment I'll surely be able to afford it, although I thought I payed the person to do that (Y) lovely


Edited by SamStencil, 25 August 2016 - 07:19 PM.

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts

Please download to your desktop  --> http://demonworks.co...arl/wvcheck.exe

Please run the program. Once completed, WVCheck will open a notepad window with a log in it.

Please post the log in your next reply.


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: adware, isanalyze, malware, removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP