Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01
Executado por Familia (administrador) em FAMILIA-PC (31-03-2016 22:34:09)
Executando a partir de C:\Users\Familia\Desktop
Perfis Carregados: Familia (Perfis Disponíveis: Familia)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(BitTorrent Inc.) C:\Users\Familia\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\knsa43F4.tmpfs
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\hnsv79CB.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
() C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\jnsa5FB4.tmp
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Windows\Installer\{3742121C-1529-9ED2-79D3-E3375930E43F}\syshost.exe
(BitTorrent Inc.) C:\Users\Familia\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Familia\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
() C:\Windows\Temp\ABA6.tmp
() C:\Users\Familia\AppData\Roaming\Xosypujn\Xosypujn.exe
() C:\Users\Familia\AppData\Roaming\DensOfe\Momroak.exe
() C:\Users\Familia\AppData\Roaming\Xosypujn\Kieekwohup.exe
() C:\Users\Familia\AppData\Roaming\Xosypujn\Kiowtocj.exe
(Microsoft Corporation) C:\Users\Familia\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\SFK\SSFK.exe
() C:\Program Files (x86)\SFK\SSFK.exe
(xcbxnbcbxcn) C:\Program Files (x86)\Max Driver Updater\idscservice.exe
(xcbxnbcbxcn) C:\Program Files\SpaceSoundPro\idscservice.exe
(xcbxnbcbxcn) C:\Program Files\SpaceSoundPro\idscservice.exe
() C:\Program Files (x86)\Max Driver Updater\idsccom_5YM.exe
() C:\Program Files\SpaceSoundPro\idsccom_M9X.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(Enigma Software Group USA, LLC.) C:\Users\Familia\Downloads\SpyHunter-Installer.exe
() C:\Users\Familia\AppData\Local\Donquotex.exe
() C:\Program Files (x86)\Max Driver Updater\idsccom_5YM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Run: [IDSCCOM5YM] => C:\Program Files (x86)\Max Driver Updater\idsccom_5YM.exe [4050432 2016-03-31] ()
HKLM\...\Run: [IDSCCOMM9X] => C:\Program Files\SpaceSoundPro\idsccom_M9X.exe [4050432 2016-03-31] ()
HKLM\...\Run: [WINCOMTIL] => "C:\Program Files (x86)\sunnyday\wincom_TIL.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-10] (AVAST Software)
HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{3742121C-1529-9ED2-79D3-E3375930E43F}\syshost.exe
HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
HKLM-x32\...\Run: [mbot_en_037050284] => [X]
HKLM-x32\...\Run: [mpck_en_005030284] => [X]
HKLM-x32\...\Run: [rec_en_238] => [X]
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\SpaceSoundPro\idscservice.exe [426496 2016-03-31] (xcbxnbcbxcn)
HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-03-31] (Wizzservices)
HKLM\...\RunOnce: [OTUTPRODUCT_EF8YT] => "C:\Program Files (x86)\sunnyday\otutnetwork.exe"
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [Wizzwifihotspot] => "C:\Program Files (x86)\WizzWifiHotspot\WizzWifiHotspot.exe" /minimized /regrun
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [{7AF74BFE-3D0B-4FCA-977B-34F870A0268C}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\hkKRgdpVDWs').VAWNTXGVIW)));
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [uTorrent] => C:\Users\Familia\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-31] (BitTorrent Inc.)
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [WindApp] => "C:\Users\Familia\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [Selection Tools] => "C:\Users\Familia\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2041856 2016-03-31] ()
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [MSConfig] => C:\Users\Familia\ssbbpann.exe [135168 2016-03-31] ()
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msciekkon.exe <===== ATENÇÃO
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL Nenhum Arquivo
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-03-31] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{3464A359-769E-456C-9925-8018F8657D4C}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3464A359-769E-456C-9925-8018F8657D4C}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_OSALJBGiSOpiug_o6WyrrYq-X5gHtivSt4m67VhtK8ZhUQFbqdV-laXNgUle2udFBgVGtpIUnPRmrlA5KsmxM_nRPOPjHJCkEkUNbrWLTijBlrIHa0UBZYM7ZJ5JLeClnwYsZtQqQkPueZQ_Gut2Nm5aA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_OSALJBGiSOpiug_o6WyrrYq-X5gHtivSt4m67VhtK8ZhUQFbqdV-laXNgUle2udFBgVGtpIUnPRmrlA5KsmxM_nRPOPjHJCkEkUNbrWLTijBlrIHa0UBZYM7ZJ5JLeClnwYsZtQqQkPueZQ_Gut2Nm5aA,,&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1459471461&z=f5e1525712724e94109bd82g2zfw0t4z0meg3z3m1e&from=face&uid=SAMSUNGXHD322HJ_S1RLJ50S806248
FireFox:
========
FF ProfilePath: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF SelectedSearchEngine: hohosearch
FF Homepage: about:home
FF Keyword.URL: hxxp://www.hohosearch.com/chrome.php?uid=22D0EA20CA12662F12B1DB1210563266&ptid=isr&ts=AHEpCHEqC3ArBE..&v=20160329&mode=ffexttoolbar&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\5krm01w6.default\user.js [2016-03-31]
FF user.js: detected! => C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-03-31]
FF SearchPlugin: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\5krm01w6.default\searchplugins\yahoo_ff.xml [2016-03-31]
FF SearchPlugin: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo_ff.xml [2016-03-31]
FF Extension: NetVideoHunter - C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\netvideohunter@netvideohunter.com [2016-03-31]
FF Extension: NetVideoHunter - C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\5krm01w6.default\Extensions\netvideohunter@netvideohunter.com [2016-02-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com => não encontrado (a)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=1459471461&z=f5e1525712724e94109bd82g2zfw0t4z0meg3z3m1e&from=face&uid=SAMSUNGXHD322HJ_S1RLJ50S806248
Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1459471461&z=f5e1525712724e94109bd82g2zfw0t4z0meg3z3m1e&from=face&uid=SAMSUNGXHD322HJ_S1RLJ50S806248"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll => Nenhum Arquivo
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-10]
CHR Extension: (Google Docs) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-10]
CHR Extension: (Google Drive) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-10]
CHR Extension: (YouTube) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-10]
CHR Extension: (Google Search) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-10]
CHR Extension: (Planilhas do Google) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-31]
CHR Extension: (Avast Online Security) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-10]
CHR Extension: (Gmail) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-10]
CHR HKLM\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-10]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
"3f61e50199c2bc75" => serviço não pode ser desbloqueado. <===== ATENÇÃO
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-10] (AVAST Software)
R2 Befbie; C:\Users\Familia\AppData\Roaming\DensOfe\Momroak.exe [125792 2016-03-31] ()
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-03-31] () [Arquivo não assinado]
R2 Cidsooj; C:\Users\Familia\AppData\Roaming\Xosypujn\Xosypujn.exe [174432 2016-03-31] ()
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1127936 2016-03-31] () [Arquivo não assinado]
S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1609280 2016-03-29] ()
S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-31] (DotC United Inc)
R2 prodnct; C:\Users\Familia\AppData\Local\Donquotex.exe [28160 2016-03-31] () [Arquivo não assinado]
R2 rijufoze; C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\hnsv79CB.tmp [138240 2016-03-31] () [Arquivo não assinado]
R2 rocufyky; C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\jnsa5FB4.tmp [389632 2016-03-31] () [Arquivo não assinado]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-31] (Enigma Software Group USA, LLC.)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [173760 2016-03-31] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [316472 2016-03-29] ()
R2 XBox; C:\Users\Familia\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
R2 moderepozbt; C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\knsa43F4.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
U5 3f61e50199c2bc75; C:\Windows\System32\Drivers\3f61e50199c2bc75.sys [71640 2016-03-09] () <===== ATENÇÃO Necurs Rootkit?
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-25] (AVAST Software) [Arquivo não assinado]
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-10] (AVAST Software)
S1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34720 2016-03-31] ()
S1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82752 2016-03-31] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 egg_protect; C:\Windows\EProtect_amd64.sys [20352 2016-03-31] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-31] ()
S1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-31] (DotC United Inc)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-21] () [Arquivo não assinado]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2010-11-21] () [Arquivo não assinado]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [287744 2010-11-21] () [Arquivo não assinado]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2010-11-21] () [Arquivo não assinado]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] () [Arquivo não assinado]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [Arquivo não assinado]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] () [Arquivo não assinado]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] () [Arquivo não assinado]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] () [Arquivo não assinado]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] () [Arquivo não assinado]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] () [Arquivo não assinado]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] () [Arquivo não assinado]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] () [Arquivo não assinado]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] () [Arquivo não assinado]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] () [Arquivo não assinado]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] () [Arquivo não assinado]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-21] () [Arquivo não assinado]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] () [Arquivo não assinado]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] () [Arquivo não assinado]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [Arquivo não assinado]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [Arquivo não assinado]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] () [Arquivo não assinado]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [Arquivo não assinado]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-13] () [Arquivo não assinado]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] () [Arquivo não assinado]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659776 2010-11-21] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] () [Arquivo não assinado]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2010-11-21] () [Arquivo não assinado]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2010-11-21] () [Arquivo não assinado]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-13] () [Arquivo não assinado]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] () [Arquivo não assinado]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] () [Arquivo não assinado]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75136 2010-11-21] () [Arquivo não assinado]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [Arquivo não assinado]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] () [Arquivo não assinado]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-13] () [Arquivo não assinado]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] () [Arquivo não assinado]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] () [Arquivo não assinado]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [Arquivo não assinado]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] () [Arquivo não assinado]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [Arquivo não assinado]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-13] () [Arquivo não assinado]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-13] () [Arquivo não assinado]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] () [Arquivo não assinado]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] () [Arquivo não assinado]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] () [Arquivo não assinado]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [Arquivo não assinado]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] () [Arquivo não assinado]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] () [Arquivo não assinado]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [Arquivo não assinado]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] () [Arquivo não assinado]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] () [Arquivo não assinado]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-21] () [Arquivo não assinado]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] () [Arquivo não assinado]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] () [Arquivo não assinado]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2010-11-21] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [Arquivo não assinado]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] () [Arquivo não assinado]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [941272 2014-06-17] () [Arquivo não assinado]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-21] () [Arquivo não assinado]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [Arquivo não assinado]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [Arquivo não assinado]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] () [Arquivo não assinado]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] () [Arquivo não assinado]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] () [Arquivo não assinado]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] () [Arquivo não assinado]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] () [Arquivo não assinado]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [Arquivo não assinado]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] () [Arquivo não assinado]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-13] () [Arquivo não assinado]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-13] () [Arquivo não assinado]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] () [Arquivo não assinado]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] () [Arquivo não assinado]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [468992 2010-11-21] () [Arquivo não assinado]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [413184 2010-11-21] () [Arquivo não assinado]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [167936 2010-11-21] () [Arquivo não assinado]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-13] () [Arquivo não assinado]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-21] () [Arquivo não assinado]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-21] () [Arquivo não assinado]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] () [Arquivo não assinado]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1924480 2010-11-21] () [Arquivo não assinado]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1924480 2010-11-21] () [Arquivo não assinado]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-21] () [Arquivo não assinado]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] () [Arquivo não assinado]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] () [Arquivo não assinado]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [Arquivo não assinado]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [Arquivo não assinado]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-21] () [Arquivo não assinado]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [Arquivo não assinado]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [Arquivo não assinado]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [Arquivo não assinado]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-13] () [Arquivo não assinado]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [Arquivo não assinado]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-13] () [Arquivo não assinado]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [Arquivo não assinado]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] () [Arquivo não assinado]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2010-11-21] () [Arquivo não assinado]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-13] () [Arquivo não assinado]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2010-11-21] () [Arquivo não assinado]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2010-11-21] () [Arquivo não assinado]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2009-07-13] () [Arquivo não assinado]
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-13] () [Arquivo não assinado]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2010-11-21] () [Arquivo não assinado]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2009-07-13] () [Arquivo não assinado]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] () [Arquivo não assinado]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] () [Arquivo não assinado]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] () [Arquivo não assinado]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [Arquivo não assinado]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-13] () [Arquivo não assinado]
S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [199552 2010-11-21] () [Arquivo não assinado]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-21] () [Arquivo não assinado]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [Arquivo não assinado]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [Arquivo não assinado]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] () [Arquivo não assinado]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-13] () [Arquivo não assinado]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-13] () [Arquivo não assinado]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] () [Arquivo não assinado]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [Arquivo não assinado]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [Arquivo não assinado]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-13] () [Arquivo não assinado]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] () [Arquivo não assinado]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] () [Arquivo não assinado]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] () [Arquivo não assinado]
R3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [Arquivo não assinado]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] () [Arquivo não assinado]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] () [Arquivo não assinado]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-21] () [Arquivo não assinado]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-21] () [Arquivo não assinado]
U5 3f61e50199c2bc75; <===== ATENÇÃO: Serviço Bloqueado
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-31 22:34 - 2016-03-31 22:34 - 00033214 _____ C:\Users\Familia\Desktop\FRST.txt
2016-03-31 22:34 - 2016-03-31 22:34 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-03-31 22:34 - 2016-03-31 22:34 - 00001087 _____ C:\Users\Familia\Desktop\SpyHunter.lnk
2016-03-31 22:34 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Enigma Software Group
2016-03-31 22:34 - 2016-03-31 22:34 - 00000000 ____D C:\FRST
2016-03-31 22:33 - 2016-03-31 22:34 - 00000000 ____D C:\sh4ldr
2016-03-31 22:33 - 2016-03-31 22:33 - 02374144 _____ (Farbar) C:\Users\Familia\Desktop\FRST64.exe
2016-03-31 22:23 - 2016-03-31 22:23 - 00003580 _____ C:\Windows\System32\Tasks\{B6C21B30-2F62-4460-9117-38C7856592F4}
2016-03-31 22:22 - 2016-03-31 22:22 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-31 22:20 - 2016-03-31 22:20 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-31 22:15 - 2016-03-31 22:15 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 22:15 - 2016-03-31 22:15 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-31 22:12 - 2016-03-31 22:17 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-31 22:12 - 2016-03-31 22:17 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-31 22:12 - 2016-03-31 22:12 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-31 22:12 - 2016-03-31 22:12 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-31 22:11 - 2016-03-31 22:11 - 00987728 _____ (Google Inc.) C:\Users\Familia\Downloads\ChromeSetup.exe
2016-03-31 21:56 - 2016-03-31 21:56 - 00135168 ____H C:\Users\Familia\ssbbpann.exe
2016-03-31 21:53 - 2016-03-31 21:58 - 00000000 ____D C:\Users\Familia\AppData\Local\app
2016-03-31 21:50 - 2016-03-31 22:21 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-31 21:50 - 2016-03-31 22:21 - 00000000 ____D C:\ProgramData\System32
2016-03-31 21:50 - 2016-03-31 22:20 - 00020352 _____ C:\Windows\EProtect_amd64.sys
2016-03-31 21:49 - 2016-03-31 21:50 - 00000000 ____D C:\Program Files\BitTorrent
2016-03-31 21:49 - 2016-03-31 21:49 - 06504960 _____ C:\Users\Familia\AppData\Roaming\agent.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 01626416 _____ C:\Users\Familia\AppData\Roaming\Ding-Air.tst
2016-03-31 21:49 - 2016-03-31 21:49 - 00189644 _____ () C:\Users\Familia\AppData\Roaming\Medis.bin
2016-03-31 21:49 - 2016-03-31 21:49 - 00126464 _____ C:\Users\Familia\AppData\Roaming\noah.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 00065424 _____ C:\Users\Familia\AppData\Roaming\Config.xml
2016-03-31 21:49 - 2016-03-31 21:49 - 00041472 _____ C:\Users\Familia\AppData\Local\Donquotex.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 00028160 _____ C:\Users\Familia\AppData\Local\Donquotex.exe
2016-03-31 21:49 - 2016-03-31 21:49 - 00018432 _____ C:\Users\Familia\AppData\Roaming\Main.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-03-31 21:49 - 2016-03-31 21:49 - 00000187 _____ C:\Users\Familia\AppData\Local\Donquotex.exe.config
2016-03-31 21:49 - 2016-03-31 21:49 - 00000000 ____D C:\Users\Todos os Usuários\Ronzaps
2016-03-31 21:49 - 2016-03-31 21:49 - 00000000 ____D C:\Users\Familia\AppData\Local\tuto_monetize_120160330
2016-03-31 21:49 - 2016-03-31 21:49 - 00000000 ____D C:\ProgramData\Ronzaps
2016-03-31 21:49 - 2016-03-31 21:47 - 01127936 _____ C:\Users\Familia\AppData\Roaming\Ding-Air.exe
2016-03-31 21:48 - 2016-03-31 22:06 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-03-31 21:48 - 2016-03-31 22:06 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Baidu
2016-03-31 21:48 - 2016-03-31 22:06 - 00000000 ____D C:\ProgramData\baidu
2016-03-31 21:48 - 2016-03-31 21:49 - 00005568 _____ C:\Users\Familia\AppData\Roaming\md.xml
2016-03-31 21:48 - 2016-03-31 21:48 - 00848437 _____ C:\Users\Familia\AppData\Roaming\X-Touch.bin
2016-03-31 21:48 - 2016-03-31 21:48 - 00126464 _____ C:\Users\Familia\AppData\Roaming\lobby.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 00072699 _____ C:\Users\Familia\AppData\Roaming\BetaTraxstring.tst
2016-03-31 21:48 - 2016-03-31 21:48 - 00054272 _____ C:\Users\Familia\AppData\Roaming\ApplicationHosting.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 00003026 _____ C:\Windows\System32\Tasks\ttwifi
2016-03-31 21:48 - 2016-03-31 21:48 - 00002922 _____ C:\Windows\System32\Tasks\osTip
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Familia\AppData\Local\tuto_monetize_220160330
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-03-31 21:48 - 2016-03-31 21:47 - 01127936 _____ C:\Users\Familia\AppData\Roaming\BetaTraxstring.exe
2016-03-31 21:47 - 2016-03-31 21:56 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-03-31 21:47 - 2016-03-31 21:47 - 00229095 _____ C:\Users\Familia\AppData\Roaming\inst.lat
2016-03-31 21:47 - 2016-03-31 21:47 - 00127488 _____ C:\Users\Familia\AppData\Roaming\Installer.dat
2016-03-31 21:47 - 2016-03-31 21:47 - 00016992 _____ C:\Users\Familia\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 21:47 - 2016-03-31 21:47 - 00000000 ____D C:\Users\Familia\AppData\Local\csdi_monetize_220160330
2016-03-31 21:47 - 2016-03-31 21:47 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-03-31 21:46 - 2016-03-31 22:01 - 00000000 ____D C:\Program Files (x86)\mpck_en_005030284
2016-03-31 21:46 - 2016-03-31 21:46 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-03-31 21:46 - 2016-03-31 21:46 - 00000000 ____D C:\Users\Familia\AppData\Local\csdi_monetize_120160330
2016-03-31 21:46 - 2016-03-31 21:46 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-31 21:45 - 2016-03-31 21:45 - 00000000 ____D C:\Users\Todos os Usuários\rWdMr
2016-03-31 21:45 - 2016-03-31 21:45 - 00000000 ____D C:\ProgramData\rWdMr
2016-03-31 21:44 - 2016-03-31 21:58 - 00000000 ____D C:\Users\Familia\AppData\Roaming\istartpageing
2016-03-31 21:44 - 2016-03-31 21:58 - 00000000 ____D C:\Program Files\Papo
2016-03-31 21:44 - 2016-03-31 21:52 - 00000000 ____D C:\Users\Familia\AppData\Roaming\yoursearching
2016-03-31 21:44 - 2016-03-31 21:45 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 21:44 - 2016-03-31 21:45 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 21:44 - 2016-03-31 21:45 - 00000000 ____D C:\Program Files (x86)\SFK
2016-03-31 21:44 - 2016-03-31 21:44 - 00034720 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2016-03-31 21:44 - 2016-03-31 21:44 - 00003334 _____ C:\Windows\System32\Tasks\Bepce
2016-03-31 21:44 - 2016-03-31 21:44 - 00000632 _____ C:\yoursearching.xml
2016-03-31 21:44 - 2016-03-31 21:44 - 00000631 _____ C:\istartpageing.xml
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Todos os Usuários\BWdMB
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Xosypujn
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Roaming\XBox
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Roaming\DensOfe
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\LocalLow\Company
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Local\Tempfolder
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\uninst
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\ProgramData\BWdMB
2016-03-31 21:43 - 2016-03-31 21:58 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-03-31 21:43 - 2016-03-31 21:49 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-03-31 21:43 - 2016-03-31 21:47 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-03-31 21:43 - 2016-03-31 21:43 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-03-31 21:43 - 2016-03-31 21:43 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-03-31 21:41 - 2016-03-31 22:25 - 00000000 ____D C:\Users\Familia\Downloads\Mariah Carey Discography (iTunes Edition) [theLEAK]
2016-03-31 21:12 - 2016-03-31 21:12 - 00000286 __RSH C:\Users\Familia\ntuser.pol
2016-03-31 21:06 - 2016-03-31 21:06 - 00000000 _____ C:\autoexec.bat
2016-03-31 21:00 - 2016-03-31 21:01 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Familia\Downloads\SpyHunter-Installer.exe
2016-03-31 20:57 - 2016-03-31 22:00 - 00000000 ____D C:\Users\Familia\AppData\Roaming\WTools
2016-03-31 20:57 - 2016-03-31 21:22 - 00000000 ____D C:\Users\Familia\AppData\Local\03DE0294-1459457820-05F0-2406-4D0700080009
2016-03-31 20:57 - 2016-03-31 20:58 - 00000908 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-03-31 20:56 - 2016-03-31 21:53 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Store
2016-03-31 20:56 - 2016-03-31 20:58 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Nosibay
2016-03-31 20:55 - 2016-03-31 20:55 - 00000680 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-03-31 20:55 - 2016-03-31 20:55 - 00000680 __RSH C:\ProgramData\ntuser.pol
2016-03-31 20:55 - 2016-03-31 20:55 - 00000000 ____D C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009
2016-03-31 20:55 - 2016-03-31 20:54 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-31 20:53 - 2016-03-31 20:54 - 00000000 ____D C:\Users\Familia\AppData\Roaming\ImageCropResize
2016-03-31 20:53 - 2016-03-31 20:53 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Familia\Downloads\libeay32.dll
2016-03-31 20:53 - 2016-03-31 20:53 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Familia\Downloads\ssleay32.dll
2016-03-31 20:53 - 2016-03-31 20:53 - 00000000 ____D C:\Users\Familia\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-31 20:52 - 2016-03-31 21:11 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-03-31 20:52 - 2016-03-31 20:52 - 00015168 _____ C:\Windows\System32\Tasks\WinTaske
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Program Files (x86)\WinTaske
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Program Files (x86)\Winsere
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 _____ C:\Users\Familia\Downloads\Mariah Carey _ Studio Discography
2016-03-31 20:51 - 2016-04-01 02:50 - 06179488 _____ () C:\Users\Familia\Downloads\Mariah Carey _ Studio Discography.exe
2016-03-31 17:40 - 2016-03-31 21:40 - 00000000 ____D C:\Users\Familia\Downloads\Various
2016-03-31 17:26 - 2016-03-31 19:14 - 00000000 ____D C:\Users\Familia\Downloads\Christina Aguilera - Discography
2016-03-31 17:22 - 2016-03-31 21:12 - 00000000 ____D C:\Users\Familia\AppData\LocalLow\uTorrent
2016-03-31 17:21 - 2016-03-31 17:21 - 00002611 _____ C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-03-31 17:14 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Familia\AppData\Roaming\uTorrent
2016-03-31 17:12 - 2016-03-31 17:13 - 02094080 _____ (BitTorrent Inc.) C:\Users\Familia\Downloads\uTorrent.exe
2016-03-31 08:39 - 2016-03-31 21:44 - 00082752 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-29 17:50 - 2016-03-29 19:11 - 00000000 ____D C:\Users\Familia\Desktop\PARA IMPRIMIR HOJE
2016-03-24 21:19 - 2016-03-27 18:22 - 00000000 ____D C:\Users\Familia\Desktop\Pascoa das crianças ADV
2016-03-14 20:43 - 2016-03-14 20:43 - 00044365 _____ C:\Users\Familia\Downloads\imparh.pdf
2016-03-09 15:52 - 2016-03-09 15:52 - 00071640 _____ C:\Windows\system32\Drivers\3f61e50199c2bc75.sys
2016-03-03 20:44 - 2016-03-03 21:13 - 00000000 ____D C:\Users\Familia\Documents\Carolcel
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-31 22:16 - 2009-07-14 01:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-31 22:16 - 2009-07-14 01:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-31 22:14 - 2016-01-10 13:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-31 21:58 - 2016-01-10 13:21 - 00001877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-31 21:58 - 2016-01-10 13:21 - 00001865 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-31 21:58 - 2016-01-05 07:31 - 00001423 _____ C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-31 21:58 - 2016-01-05 07:31 - 00001389 _____ C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-03-31 21:57 - 2016-01-05 07:31 - 00000000 ____D C:\Users\Familia
2016-03-31 21:18 - 2011-01-27 20:29 - 00704570 _____ C:\Windows\system32\prfh0416.dat
2016-03-31 21:18 - 2011-01-27 20:29 - 00146022 _____ C:\Windows\system32\prfc0416.dat
2016-03-31 21:18 - 2009-07-14 02:13 - 01632146 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-31 21:18 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-03-31 21:12 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-31 20:55 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-31 18:22 - 2016-01-13 10:12 - 00000000 ___SD C:\Users\Familia\AppData\LocalLow\Temp
2016-03-31 14:44 - 2016-01-10 13:59 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-20 09:47 - 2016-01-10 14:00 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-20 09:47 - 2016-01-10 13:53 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Audacity
2016-03-20 09:47 - 2016-01-05 18:57 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-03-20 09:47 - 2016-01-05 18:55 - 00000000 __RHD C:\MSOCache
2016-03-20 09:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-20 09:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2016-03-20 09:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\AppCompat
2016-03-15 15:18 - 2016-01-28 17:04 - 00000000 ____D C:\Users\Familia\AppData\Local\ElevatedDiagnostics
2016-03-09 23:05 - 2016-02-20 15:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-03-31 21:49 - 2016-03-31 21:49 - 6504960 _____ () C:\Users\Familia\AppData\Roaming\agent.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 0054272 _____ () C:\Users\Familia\AppData\Roaming\ApplicationHosting.dat
2016-03-31 21:48 - 2016-03-31 21:47 - 1127936 _____ () C:\Users\Familia\AppData\Roaming\BetaTraxstring.exe
2016-03-31 21:48 - 2016-03-31 21:48 - 0072699 _____ () C:\Users\Familia\AppData\Roaming\BetaTraxstring.tst
2016-03-31 20:54 - 2016-03-31 20:57 - 0001353 _____ () C:\Users\Familia\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-31 20:55 - 2016-03-31 20:56 - 0005725 _____ () C:\Users\Familia\AppData\Roaming\Bubble Dock.installation.log
2016-03-31 21:49 - 2016-03-31 21:49 - 0065424 _____ () C:\Users\Familia\AppData\Roaming\Config.xml
2016-03-31 21:49 - 2016-03-31 21:47 - 1127936 _____ () C:\Users\Familia\AppData\Roaming\Ding-Air.exe
2016-03-31 21:49 - 2016-03-31 21:49 - 1626416 _____ () C:\Users\Familia\AppData\Roaming\Ding-Air.tst
2016-03-31 21:47 - 2016-03-31 21:47 - 0229095 _____ () C:\Users\Familia\AppData\Roaming\inst.lat
2016-03-31 21:47 - 2016-03-31 21:47 - 0016992 _____ () C:\Users\Familia\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 21:47 - 2016-03-31 21:47 - 0127488 _____ () C:\Users\Familia\AppData\Roaming\Installer.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 0126464 _____ () C:\Users\Familia\AppData\Roaming\lobby.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 0018432 _____ () C:\Users\Familia\AppData\Roaming\Main.dat
2016-03-31 21:48 - 2016-03-31 21:49 - 0005568 _____ () C:\Users\Familia\AppData\Roaming\md.xml
2016-03-31 21:49 - 2016-03-31 21:49 - 0189644 _____ () C:\Users\Familia\AppData\Roaming\Medis.bin
2016-03-31 21:49 - 2016-03-31 21:49 - 0126464 _____ () C:\Users\Familia\AppData\Roaming\noah.dat
2016-03-31 20:57 - 2016-03-31 20:57 - 0000078 _____ () C:\Users\Familia\AppData\Roaming\Selection Tools.installation.log
2016-03-31 21:50 - 2016-03-31 21:50 - 0001150 _____ () C:\Users\Familia\AppData\Roaming\uninstall_temp.ico
2016-03-31 20:54 - 2016-03-31 20:54 - 0000097 _____ () C:\Users\Familia\AppData\Roaming\WindApp.boostrap.log
2016-03-31 20:56 - 2016-03-31 20:56 - 0000078 _____ () C:\Users\Familia\AppData\Roaming\WindApp.installation.log
2016-03-31 21:48 - 2016-03-31 21:48 - 0848437 _____ () C:\Users\Familia\AppData\Roaming\X-Touch.bin
2016-02-03 23:51 - 2016-02-03 23:51 - 0000000 ____H () C:\Users\Familia\AppData\Local\BITD335.tmp
2016-03-31 21:49 - 2016-03-31 21:49 - 0041472 _____ () C:\Users\Familia\AppData\Local\Donquotex.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 0028160 _____ () C:\Users\Familia\AppData\Local\Donquotex.exe
2016-03-31 21:49 - 2016-03-31 21:49 - 0000187 _____ () C:\Users\Familia\AppData\Local\Donquotex.exe.config
2016-02-03 23:51 - 2016-02-03 23:51 - 0000000 _____ () C:\Users\Familia\AppData\Local\{4EEC3633-0F96-4EFE-902C-0A73DBBB9C41}
2010-11-21 00:24 - 2010-11-21 00:24 - 85256960 ___SH () C:\ProgramData\msciekkon.exe
2016-03-31 21:44 - 2016-03-31 21:45 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\msciekkon.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Familia\ssbbpann.exe
C:\Users\Todos os Usuários\msciekkon.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Familia\AppData\Local\Temp\1459472783.exe
C:\Users\Familia\AppData\Local\Temp\2F5C.tmp.exe
C:\Users\Familia\AppData\Local\Temp\392JV8JWSQ.exe
C:\Users\Familia\AppData\Local\Temp\3EF4.tmp.exe
C:\Users\Familia\AppData\Local\Temp\7F8B.tmp.exe
C:\Users\Familia\AppData\Local\Temp\CA04.tmp.exe
C:\Users\Familia\AppData\Local\Temp\cdo2370623780.dll
C:\Users\Familia\AppData\Local\Temp\cdo3039158044.dll
C:\Users\Familia\AppData\Local\Temp\cdo3046938702.dll
C:\Users\Familia\AppData\Local\Temp\cdo3166775092.dll
C:\Users\Familia\AppData\Local\Temp\cdo3391933346.dll
C:\Users\Familia\AppData\Local\Temp\cdo3430491739.dll
C:\Users\Familia\AppData\Local\Temp\cdo533669282.dll
C:\Users\Familia\AppData\Local\Temp\cdo565066096.dll
C:\Users\Familia\AppData\Local\Temp\cdo685771195.dll
C:\Users\Familia\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Familia\AppData\Local\Temp\nsj1536.exe
C:\Users\Familia\AppData\Local\Temp\O2EV30X0I9.exe
C:\Users\Familia\AppData\Local\Temp\Q873XVYG5Q.exe
C:\Users\Familia\AppData\Local\Temp\WCNOP098AJ.exe
C:\Users\Familia\AppData\Local\Temp\YYHXC02DDX.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys
[2010-11-21 00:23] - [2010-11-21 00:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\Drivers\volsnap.sys => não Nome Da Empresa <===== ATENÇÃO
testsigning: ==> o 'modo de teste' está configurado. Cheque por possível driver não assinado <===== ATENÇÃO
LastRegBack: 2016-03-29 00:44
==================== Fim de FRST.txt ============================
Executado por Familia (administrador) em FAMILIA-PC (31-03-2016 22:34:09)
Executando a partir de C:\Users\Familia\Desktop
Perfis Carregados: Familia (Perfis Disponíveis: Familia)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(BitTorrent Inc.) C:\Users\Familia\AppData\Roaming\uTorrent\uTorrent.exe
() C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\knsa43F4.tmpfs
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\hnsv79CB.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
() C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\jnsa5FB4.tmp
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Windows\Installer\{3742121C-1529-9ED2-79D3-E3375930E43F}\syshost.exe
(BitTorrent Inc.) C:\Users\Familia\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Familia\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
() C:\Windows\Temp\ABA6.tmp
() C:\Users\Familia\AppData\Roaming\Xosypujn\Xosypujn.exe
() C:\Users\Familia\AppData\Roaming\DensOfe\Momroak.exe
() C:\Users\Familia\AppData\Roaming\Xosypujn\Kieekwohup.exe
() C:\Users\Familia\AppData\Roaming\Xosypujn\Kiowtocj.exe
(Microsoft Corporation) C:\Users\Familia\AppData\Roaming\XBox\XBLive.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\SFK\SSFK.exe
() C:\Program Files (x86)\SFK\SSFK.exe
(xcbxnbcbxcn) C:\Program Files (x86)\Max Driver Updater\idscservice.exe
(xcbxnbcbxcn) C:\Program Files\SpaceSoundPro\idscservice.exe
(xcbxnbcbxcn) C:\Program Files\SpaceSoundPro\idscservice.exe
() C:\Program Files (x86)\Max Driver Updater\idsccom_5YM.exe
() C:\Program Files\SpaceSoundPro\idsccom_M9X.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
(Enigma Software Group USA, LLC.) C:\Users\Familia\Downloads\SpyHunter-Installer.exe
() C:\Users\Familia\AppData\Local\Donquotex.exe
() C:\Program Files (x86)\Max Driver Updater\idsccom_5YM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Run: [IDSCCOM5YM] => C:\Program Files (x86)\Max Driver Updater\idsccom_5YM.exe [4050432 2016-03-31] ()
HKLM\...\Run: [IDSCCOMM9X] => C:\Program Files\SpaceSoundPro\idsccom_M9X.exe [4050432 2016-03-31] ()
HKLM\...\Run: [WINCOMTIL] => "C:\Program Files (x86)\sunnyday\wincom_TIL.exe"
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-10] (AVAST Software)
HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{3742121C-1529-9ED2-79D3-E3375930E43F}\syshost.exe
HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
HKLM-x32\...\Run: [mbot_en_037050284] => [X]
HKLM-x32\...\Run: [mpck_en_005030284] => [X]
HKLM-x32\...\Run: [rec_en_238] => [X]
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\SpaceSoundPro\idscservice.exe [426496 2016-03-31] (xcbxnbcbxcn)
HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-03-31] (Wizzservices)
HKLM\...\RunOnce: [OTUTPRODUCT_EF8YT] => "C:\Program Files (x86)\sunnyday\otutnetwork.exe"
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
HKLM-x32\...\RunOnce: [Wizzwifihotspot] => "C:\Program Files (x86)\WizzWifiHotspot\WizzWifiHotspot.exe" /minimized /regrun
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [{7AF74BFE-3D0B-4FCA-977B-34F870A0268C}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\hkKRgdpVDWs').VAWNTXGVIW)));
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [uTorrent] => C:\Users\Familia\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-31] (BitTorrent Inc.)
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [WindApp] => "C:\Users\Familia\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [Selection Tools] => "C:\Users\Familia\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2041856 2016-03-31] ()
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\Run: [MSConfig] => C:\Users\Familia\ssbbpann.exe [135168 2016-03-31] ()
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msciekkon.exe <===== ATENÇÃO
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-10] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL Nenhum Arquivo
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-03-31] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{3464A359-769E-456C-9925-8018F8657D4C}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3464A359-769E-456C-9925-8018F8657D4C}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-1966848566-3211705532-3823425575-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_OSALJBGiSOpiug_o6WyrrYq-X5gHtivSt4m67VhtK8ZhUQFbqdV-laXNgUle2udFBgVGtpIUnPRmrlA5KsmxM_nRPOPjHJCkEkUNbrWLTijBlrIHa0UBZYM7ZJ5JLeClnwYsZtQqQkPueZQ_Gut2Nm5aA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_OSALJBGiSOpiug_o6WyrrYq-X5gHtivSt4m67VhtK8ZhUQFbqdV-laXNgUle2udFBgVGtpIUnPRmrlA5KsmxM_nRPOPjHJCkEkUNbrWLTijBlrIHa0UBZYM7ZJ5JLeClnwYsZtQqQkPueZQ_Gut2Nm5aA,,&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1459471461&z=f5e1525712724e94109bd82g2zfw0t4z0meg3z3m1e&from=face&uid=SAMSUNGXHD322HJ_S1RLJ50S806248
FireFox:
========
FF ProfilePath: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
FF SelectedSearchEngine: hohosearch
FF Homepage: about:home
FF Keyword.URL: hxxp://www.hohosearch.com/chrome.php?uid=22D0EA20CA12662F12B1DB1210563266&ptid=isr&ts=AHEpCHEqC3ArBE..&v=20160329&mode=ffexttoolbar&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\5krm01w6.default\user.js [2016-03-31]
FF user.js: detected! => C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-03-31]
FF SearchPlugin: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\5krm01w6.default\searchplugins\yahoo_ff.xml [2016-03-31]
FF SearchPlugin: C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo_ff.xml [2016-03-31]
FF Extension: NetVideoHunter - C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\netvideohunter@netvideohunter.com [2016-03-31]
FF Extension: NetVideoHunter - C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\5krm01w6.default\Extensions\netvideohunter@netvideohunter.com [2016-02-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Familia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com => não encontrado (a)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=1459471461&z=f5e1525712724e94109bd82g2zfw0t4z0meg3z3m1e&from=face&uid=SAMSUNGXHD322HJ_S1RLJ50S806248
Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1459471461&z=f5e1525712724e94109bd82g2zfw0t4z0meg3z3m1e&from=face&uid=SAMSUNGXHD322HJ_S1RLJ50S806248"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll => Nenhum Arquivo
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-10]
CHR Extension: (Google Docs) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-10]
CHR Extension: (Google Drive) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-10]
CHR Extension: (YouTube) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-10]
CHR Extension: (Google Search) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-10]
CHR Extension: (Planilhas do Google) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-10]
CHR Extension: (Documentos Google off-line) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (AdBlock) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-31]
CHR Extension: (Avast Online Security) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-10]
CHR Extension: (Gmail) - C:\Users\Familia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-10]
CHR HKLM\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaapdcjfaomkafnbpoclmfakjianjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-10]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
"3f61e50199c2bc75" => serviço não pode ser desbloqueado. <===== ATENÇÃO
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-10] (AVAST Software)
R2 Befbie; C:\Users\Familia\AppData\Roaming\DensOfe\Momroak.exe [125792 2016-03-31] ()
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-03-31] () [Arquivo não assinado]
R2 Cidsooj; C:\Users\Familia\AppData\Roaming\Xosypujn\Xosypujn.exe [174432 2016-03-31] ()
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1127936 2016-03-31] () [Arquivo não assinado]
S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1609280 2016-03-29] ()
S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-31] (DotC United Inc)
R2 prodnct; C:\Users\Familia\AppData\Local\Donquotex.exe [28160 2016-03-31] () [Arquivo não assinado]
R2 rijufoze; C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\hnsv79CB.tmp [138240 2016-03-31] () [Arquivo não assinado]
R2 rocufyky; C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\jnsa5FB4.tmp [389632 2016-03-31] () [Arquivo não assinado]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-31] (Enigma Software Group USA, LLC.)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [173760 2016-03-31] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [316472 2016-03-29] ()
R2 XBox; C:\Users\Familia\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
R2 moderepozbt; C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009\knsa43F4.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
U5 3f61e50199c2bc75; C:\Windows\System32\Drivers\3f61e50199c2bc75.sys [71640 2016-03-09] () <===== ATENÇÃO Necurs Rootkit?
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-25] (AVAST Software) [Arquivo não assinado]
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-10] (AVAST Software)
S1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34720 2016-03-31] ()
S1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82752 2016-03-31] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 egg_protect; C:\Windows\EProtect_amd64.sys [20352 2016-03-31] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-31] ()
S1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-31] (DotC United Inc)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-21] () [Arquivo não assinado]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2010-11-21] () [Arquivo não assinado]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [287744 2010-11-21] () [Arquivo não assinado]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2010-11-21] () [Arquivo não assinado]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-21] () [Arquivo não assinado]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-21] () [Arquivo não assinado]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] () [Arquivo não assinado]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] () [Arquivo não assinado]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] () [Arquivo não assinado]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] () [Arquivo não assinado]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] () [Arquivo não assinado]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-21] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] () [Arquivo não assinado]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] () [Arquivo não assinado]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] () [Arquivo não assinado]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] () [Arquivo não assinado]
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] () [Arquivo não assinado]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-21] () [Arquivo não assinado]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] () [Arquivo não assinado]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] () [Arquivo não assinado]
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-21] () [Arquivo não assinado]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-21] () [Arquivo não assinado]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-21] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] () [Arquivo não assinado]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-21] () [Arquivo não assinado]
S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-13] () [Arquivo não assinado]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] () [Arquivo não assinado]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659776 2010-11-21] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] () [Arquivo não assinado]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2010-11-21] () [Arquivo não assinado]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2010-11-21] () [Arquivo não assinado]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-13] () [Arquivo não assinado]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] () [Arquivo não assinado]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] () [Arquivo não assinado]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75136 2010-11-21] () [Arquivo não assinado]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-21] () [Arquivo não assinado]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] () [Arquivo não assinado]
S3 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [220752 2009-07-13] () [Arquivo não assinado]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] () [Arquivo não assinado]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] () [Arquivo não assinado]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-21] () [Arquivo não assinado]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] () [Arquivo não assinado]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-21] () [Arquivo não assinado]
S3 ql2300; C:\Windows\system32\drivers\ql2300.sys [1524816 2009-07-13] () [Arquivo não assinado]
S3 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [128592 2009-07-13] () [Arquivo não assinado]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] () [Arquivo não assinado]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] () [Arquivo não assinado]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] () [Arquivo não assinado]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-21] () [Arquivo não assinado]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] () [Arquivo não assinado]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] () [Arquivo não assinado]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-21] () [Arquivo não assinado]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] () [Arquivo não assinado]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] () [Arquivo não assinado]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-21] () [Arquivo não assinado]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] () [Arquivo não assinado]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] () [Arquivo não assinado]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2010-11-21] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-21] () [Arquivo não assinado]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] () [Arquivo não assinado]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [941272 2014-06-17] () [Arquivo não assinado]
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-21] () [Arquivo não assinado]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-21] () [Arquivo não assinado]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-21] () [Arquivo não assinado]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] () [Arquivo não assinado]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] () [Arquivo não assinado]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] () [Arquivo não assinado]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] () [Arquivo não assinado]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] () [Arquivo não assinado]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-21] () [Arquivo não assinado]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] () [Arquivo não assinado]
S3 SiSRaid2; C:\Windows\system32\drivers\SiSRaid2.sys [43584 2009-07-13] () [Arquivo não assinado]
S3 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [80464 2009-07-13] () [Arquivo não assinado]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] () [Arquivo não assinado]
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2013-06-04] () [Arquivo não assinado]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [468992 2010-11-21] () [Arquivo não assinado]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [413184 2010-11-21] () [Arquivo não assinado]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [167936 2010-11-21] () [Arquivo não assinado]
S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-13] () [Arquivo não assinado]
R0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-21] () [Arquivo não assinado]
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-21] () [Arquivo não assinado]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] () [Arquivo não assinado]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1924480 2010-11-21] () [Arquivo não assinado]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1924480 2010-11-21] () [Arquivo não assinado]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-21] () [Arquivo não assinado]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] () [Arquivo não assinado]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] () [Arquivo não assinado]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-21] () [Arquivo não assinado]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63360 2010-11-21] () [Arquivo não assinado]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-21] () [Arquivo não assinado]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-21] () [Arquivo não assinado]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-21] () [Arquivo não assinado]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-21] () [Arquivo não assinado]
S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [64080 2009-07-13] () [Arquivo não assinado]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-21] () [Arquivo não assinado]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-13] () [Arquivo não assinado]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-21] () [Arquivo não assinado]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] () [Arquivo não assinado]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2010-11-21] () [Arquivo não assinado]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-13] () [Arquivo não assinado]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2010-11-21] () [Arquivo não assinado]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2010-11-21] () [Arquivo não assinado]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2009-07-13] () [Arquivo não assinado]
S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-13] () [Arquivo não assinado]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2010-11-21] () [Arquivo não assinado]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2009-07-13] () [Arquivo não assinado]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] () [Arquivo não assinado]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] () [Arquivo não assinado]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] () [Arquivo não assinado]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-21] () [Arquivo não assinado]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-13] () [Arquivo não assinado]
S3 vmbus; C:\Windows\system32\drivers\vmbus.sys [199552 2010-11-21] () [Arquivo não assinado]
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-21] () [Arquivo não assinado]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-21] () [Arquivo não assinado]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] () [Arquivo não assinado]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-21] () [Arquivo não assinado]
S3 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [161872 2009-07-13] () [Arquivo não assinado]
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-13] () [Arquivo não assinado]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] () [Arquivo não assinado]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [Arquivo não assinado]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-21] () [Arquivo não assinado]
S3 Wd; C:\Windows\system32\drivers\wd.sys [21056 2009-07-13] () [Arquivo não assinado]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] () [Arquivo não assinado]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] () [Arquivo não assinado]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] () [Arquivo não assinado]
R3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-21] () [Arquivo não assinado]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] () [Arquivo não assinado]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] () [Arquivo não assinado]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-21] () [Arquivo não assinado]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-21] () [Arquivo não assinado]
U5 3f61e50199c2bc75; <===== ATENÇÃO: Serviço Bloqueado
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-31 22:34 - 2016-03-31 22:34 - 00033214 _____ C:\Users\Familia\Desktop\FRST.txt
2016-03-31 22:34 - 2016-03-31 22:34 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-03-31 22:34 - 2016-03-31 22:34 - 00001087 _____ C:\Users\Familia\Desktop\SpyHunter.lnk
2016-03-31 22:34 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Enigma Software Group
2016-03-31 22:34 - 2016-03-31 22:34 - 00000000 ____D C:\FRST
2016-03-31 22:33 - 2016-03-31 22:34 - 00000000 ____D C:\sh4ldr
2016-03-31 22:33 - 2016-03-31 22:33 - 02374144 _____ (Farbar) C:\Users\Familia\Desktop\FRST64.exe
2016-03-31 22:23 - 2016-03-31 22:23 - 00003580 _____ C:\Windows\System32\Tasks\{B6C21B30-2F62-4460-9117-38C7856592F4}
2016-03-31 22:22 - 2016-03-31 22:22 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-31 22:20 - 2016-03-31 22:20 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-31 22:15 - 2016-03-31 22:15 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 22:15 - 2016-03-31 22:15 - 00002257 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-31 22:12 - 2016-03-31 22:17 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-31 22:12 - 2016-03-31 22:17 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-31 22:12 - 2016-03-31 22:12 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-31 22:12 - 2016-03-31 22:12 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-31 22:11 - 2016-03-31 22:11 - 00987728 _____ (Google Inc.) C:\Users\Familia\Downloads\ChromeSetup.exe
2016-03-31 21:56 - 2016-03-31 21:56 - 00135168 ____H C:\Users\Familia\ssbbpann.exe
2016-03-31 21:53 - 2016-03-31 21:58 - 00000000 ____D C:\Users\Familia\AppData\Local\app
2016-03-31 21:50 - 2016-03-31 22:21 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-31 21:50 - 2016-03-31 22:21 - 00000000 ____D C:\ProgramData\System32
2016-03-31 21:50 - 2016-03-31 22:20 - 00020352 _____ C:\Windows\EProtect_amd64.sys
2016-03-31 21:49 - 2016-03-31 21:50 - 00000000 ____D C:\Program Files\BitTorrent
2016-03-31 21:49 - 2016-03-31 21:49 - 06504960 _____ C:\Users\Familia\AppData\Roaming\agent.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 01626416 _____ C:\Users\Familia\AppData\Roaming\Ding-Air.tst
2016-03-31 21:49 - 2016-03-31 21:49 - 00189644 _____ () C:\Users\Familia\AppData\Roaming\Medis.bin
2016-03-31 21:49 - 2016-03-31 21:49 - 00126464 _____ C:\Users\Familia\AppData\Roaming\noah.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 00065424 _____ C:\Users\Familia\AppData\Roaming\Config.xml
2016-03-31 21:49 - 2016-03-31 21:49 - 00041472 _____ C:\Users\Familia\AppData\Local\Donquotex.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 00028160 _____ C:\Users\Familia\AppData\Local\Donquotex.exe
2016-03-31 21:49 - 2016-03-31 21:49 - 00018432 _____ C:\Users\Familia\AppData\Roaming\Main.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-03-31 21:49 - 2016-03-31 21:49 - 00000187 _____ C:\Users\Familia\AppData\Local\Donquotex.exe.config
2016-03-31 21:49 - 2016-03-31 21:49 - 00000000 ____D C:\Users\Todos os Usuários\Ronzaps
2016-03-31 21:49 - 2016-03-31 21:49 - 00000000 ____D C:\Users\Familia\AppData\Local\tuto_monetize_120160330
2016-03-31 21:49 - 2016-03-31 21:49 - 00000000 ____D C:\ProgramData\Ronzaps
2016-03-31 21:49 - 2016-03-31 21:47 - 01127936 _____ C:\Users\Familia\AppData\Roaming\Ding-Air.exe
2016-03-31 21:48 - 2016-03-31 22:06 - 00000000 ____D C:\Users\Todos os Usuários\baidu
2016-03-31 21:48 - 2016-03-31 22:06 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Baidu
2016-03-31 21:48 - 2016-03-31 22:06 - 00000000 ____D C:\ProgramData\baidu
2016-03-31 21:48 - 2016-03-31 21:49 - 00005568 _____ C:\Users\Familia\AppData\Roaming\md.xml
2016-03-31 21:48 - 2016-03-31 21:48 - 00848437 _____ C:\Users\Familia\AppData\Roaming\X-Touch.bin
2016-03-31 21:48 - 2016-03-31 21:48 - 00126464 _____ C:\Users\Familia\AppData\Roaming\lobby.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 00072699 _____ C:\Users\Familia\AppData\Roaming\BetaTraxstring.tst
2016-03-31 21:48 - 2016-03-31 21:48 - 00054272 _____ C:\Users\Familia\AppData\Roaming\ApplicationHosting.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 00003026 _____ C:\Windows\System32\Tasks\ttwifi
2016-03-31 21:48 - 2016-03-31 21:48 - 00002922 _____ C:\Windows\System32\Tasks\osTip
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\Users\Familia\AppData\Local\tuto_monetize_220160330
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-31 21:48 - 2016-03-31 21:48 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-03-31 21:48 - 2016-03-31 21:47 - 01127936 _____ C:\Users\Familia\AppData\Roaming\BetaTraxstring.exe
2016-03-31 21:47 - 2016-03-31 21:56 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-03-31 21:47 - 2016-03-31 21:47 - 00229095 _____ C:\Users\Familia\AppData\Roaming\inst.lat
2016-03-31 21:47 - 2016-03-31 21:47 - 00127488 _____ C:\Users\Familia\AppData\Roaming\Installer.dat
2016-03-31 21:47 - 2016-03-31 21:47 - 00016992 _____ C:\Users\Familia\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 21:47 - 2016-03-31 21:47 - 00000000 ____D C:\Users\Familia\AppData\Local\csdi_monetize_220160330
2016-03-31 21:47 - 2016-03-31 21:47 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-03-31 21:46 - 2016-03-31 22:01 - 00000000 ____D C:\Program Files (x86)\mpck_en_005030284
2016-03-31 21:46 - 2016-03-31 21:46 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-03-31 21:46 - 2016-03-31 21:46 - 00000000 ____D C:\Users\Familia\AppData\Local\csdi_monetize_120160330
2016-03-31 21:46 - 2016-03-31 21:46 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-31 21:45 - 2016-03-31 21:45 - 00000000 ____D C:\Users\Todos os Usuários\rWdMr
2016-03-31 21:45 - 2016-03-31 21:45 - 00000000 ____D C:\ProgramData\rWdMr
2016-03-31 21:44 - 2016-03-31 21:58 - 00000000 ____D C:\Users\Familia\AppData\Roaming\istartpageing
2016-03-31 21:44 - 2016-03-31 21:58 - 00000000 ____D C:\Program Files\Papo
2016-03-31 21:44 - 2016-03-31 21:52 - 00000000 ____D C:\Users\Familia\AppData\Roaming\yoursearching
2016-03-31 21:44 - 2016-03-31 21:45 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 21:44 - 2016-03-31 21:45 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 21:44 - 2016-03-31 21:45 - 00000000 ____D C:\Program Files (x86)\SFK
2016-03-31 21:44 - 2016-03-31 21:44 - 00034720 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2016-03-31 21:44 - 2016-03-31 21:44 - 00003334 _____ C:\Windows\System32\Tasks\Bepce
2016-03-31 21:44 - 2016-03-31 21:44 - 00000632 _____ C:\yoursearching.xml
2016-03-31 21:44 - 2016-03-31 21:44 - 00000631 _____ C:\istartpageing.xml
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Todos os Usuários\BWdMB
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Xosypujn
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Roaming\XBox
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Roaming\DensOfe
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\LocalLow\Company
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\Users\Familia\AppData\Local\Tempfolder
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\uninst
2016-03-31 21:44 - 2016-03-31 21:44 - 00000000 ____D C:\ProgramData\BWdMB
2016-03-31 21:43 - 2016-03-31 21:58 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-03-31 21:43 - 2016-03-31 21:49 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-03-31 21:43 - 2016-03-31 21:47 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-03-31 21:43 - 2016-03-31 21:43 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-03-31 21:43 - 2016-03-31 21:43 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-03-31 21:41 - 2016-03-31 22:25 - 00000000 ____D C:\Users\Familia\Downloads\Mariah Carey Discography (iTunes Edition) [theLEAK]
2016-03-31 21:12 - 2016-03-31 21:12 - 00000286 __RSH C:\Users\Familia\ntuser.pol
2016-03-31 21:06 - 2016-03-31 21:06 - 00000000 _____ C:\autoexec.bat
2016-03-31 21:00 - 2016-03-31 21:01 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Familia\Downloads\SpyHunter-Installer.exe
2016-03-31 20:57 - 2016-03-31 22:00 - 00000000 ____D C:\Users\Familia\AppData\Roaming\WTools
2016-03-31 20:57 - 2016-03-31 21:22 - 00000000 ____D C:\Users\Familia\AppData\Local\03DE0294-1459457820-05F0-2406-4D0700080009
2016-03-31 20:57 - 2016-03-31 20:58 - 00000908 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-03-31 20:56 - 2016-03-31 21:53 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Store
2016-03-31 20:56 - 2016-03-31 20:58 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Nosibay
2016-03-31 20:55 - 2016-03-31 20:55 - 00000680 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-03-31 20:55 - 2016-03-31 20:55 - 00000680 __RSH C:\ProgramData\ntuser.pol
2016-03-31 20:55 - 2016-03-31 20:55 - 00000000 ____D C:\Program Files (x86)\03DE0294-1459468531-05F0-2406-4D0700080009
2016-03-31 20:55 - 2016-03-31 20:54 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-31 20:53 - 2016-03-31 20:54 - 00000000 ____D C:\Users\Familia\AppData\Roaming\ImageCropResize
2016-03-31 20:53 - 2016-03-31 20:53 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Familia\Downloads\libeay32.dll
2016-03-31 20:53 - 2016-03-31 20:53 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Familia\Downloads\ssleay32.dll
2016-03-31 20:53 - 2016-03-31 20:53 - 00000000 ____D C:\Users\Familia\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-31 20:52 - 2016-03-31 21:11 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-03-31 20:52 - 2016-03-31 20:52 - 00015168 _____ C:\Windows\System32\Tasks\WinTaske
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Program Files (x86)\WinTaske
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 ____D C:\Program Files (x86)\Winsere
2016-03-31 20:52 - 2016-03-31 20:52 - 00000000 _____ C:\Users\Familia\Downloads\Mariah Carey _ Studio Discography
2016-03-31 20:51 - 2016-04-01 02:50 - 06179488 _____ () C:\Users\Familia\Downloads\Mariah Carey _ Studio Discography.exe
2016-03-31 17:40 - 2016-03-31 21:40 - 00000000 ____D C:\Users\Familia\Downloads\Various
2016-03-31 17:26 - 2016-03-31 19:14 - 00000000 ____D C:\Users\Familia\Downloads\Christina Aguilera - Discography
2016-03-31 17:22 - 2016-03-31 21:12 - 00000000 ____D C:\Users\Familia\AppData\LocalLow\uTorrent
2016-03-31 17:21 - 2016-03-31 17:21 - 00002611 _____ C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-03-31 17:14 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Familia\AppData\Roaming\uTorrent
2016-03-31 17:12 - 2016-03-31 17:13 - 02094080 _____ (BitTorrent Inc.) C:\Users\Familia\Downloads\uTorrent.exe
2016-03-31 08:39 - 2016-03-31 21:44 - 00082752 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-29 17:50 - 2016-03-29 19:11 - 00000000 ____D C:\Users\Familia\Desktop\PARA IMPRIMIR HOJE
2016-03-24 21:19 - 2016-03-27 18:22 - 00000000 ____D C:\Users\Familia\Desktop\Pascoa das crianças ADV
2016-03-14 20:43 - 2016-03-14 20:43 - 00044365 _____ C:\Users\Familia\Downloads\imparh.pdf
2016-03-09 15:52 - 2016-03-09 15:52 - 00071640 _____ C:\Windows\system32\Drivers\3f61e50199c2bc75.sys
2016-03-03 20:44 - 2016-03-03 21:13 - 00000000 ____D C:\Users\Familia\Documents\Carolcel
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-31 22:16 - 2009-07-14 01:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-31 22:16 - 2009-07-14 01:45 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-31 22:14 - 2016-01-10 13:33 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-31 21:58 - 2016-01-10 13:21 - 00001877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-31 21:58 - 2016-01-10 13:21 - 00001865 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-31 21:58 - 2016-01-05 07:31 - 00001423 _____ C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-31 21:58 - 2016-01-05 07:31 - 00001389 _____ C:\Users\Familia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-03-31 21:57 - 2016-01-05 07:31 - 00000000 ____D C:\Users\Familia
2016-03-31 21:18 - 2011-01-27 20:29 - 00704570 _____ C:\Windows\system32\prfh0416.dat
2016-03-31 21:18 - 2011-01-27 20:29 - 00146022 _____ C:\Windows\system32\prfc0416.dat
2016-03-31 21:18 - 2009-07-14 02:13 - 01632146 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-31 21:18 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-03-31 21:12 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-31 20:55 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-03-31 18:22 - 2016-01-13 10:12 - 00000000 ___SD C:\Users\Familia\AppData\LocalLow\Temp
2016-03-31 14:44 - 2016-01-10 13:59 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-20 09:47 - 2016-01-10 14:00 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-03-20 09:47 - 2016-01-10 13:53 - 00000000 ____D C:\Users\Familia\AppData\Roaming\Audacity
2016-03-20 09:47 - 2016-01-05 18:57 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-03-20 09:47 - 2016-01-05 18:55 - 00000000 __RHD C:\MSOCache
2016-03-20 09:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-20 09:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2016-03-20 09:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\AppCompat
2016-03-15 15:18 - 2016-01-28 17:04 - 00000000 ____D C:\Users\Familia\AppData\Local\ElevatedDiagnostics
2016-03-09 23:05 - 2016-02-20 15:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
==================== Arquivos na raiz de alguns diretórios =======
2016-03-31 21:49 - 2016-03-31 21:49 - 6504960 _____ () C:\Users\Familia\AppData\Roaming\agent.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 0054272 _____ () C:\Users\Familia\AppData\Roaming\ApplicationHosting.dat
2016-03-31 21:48 - 2016-03-31 21:47 - 1127936 _____ () C:\Users\Familia\AppData\Roaming\BetaTraxstring.exe
2016-03-31 21:48 - 2016-03-31 21:48 - 0072699 _____ () C:\Users\Familia\AppData\Roaming\BetaTraxstring.tst
2016-03-31 20:54 - 2016-03-31 20:57 - 0001353 _____ () C:\Users\Familia\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-31 20:55 - 2016-03-31 20:56 - 0005725 _____ () C:\Users\Familia\AppData\Roaming\Bubble Dock.installation.log
2016-03-31 21:49 - 2016-03-31 21:49 - 0065424 _____ () C:\Users\Familia\AppData\Roaming\Config.xml
2016-03-31 21:49 - 2016-03-31 21:47 - 1127936 _____ () C:\Users\Familia\AppData\Roaming\Ding-Air.exe
2016-03-31 21:49 - 2016-03-31 21:49 - 1626416 _____ () C:\Users\Familia\AppData\Roaming\Ding-Air.tst
2016-03-31 21:47 - 2016-03-31 21:47 - 0229095 _____ () C:\Users\Familia\AppData\Roaming\inst.lat
2016-03-31 21:47 - 2016-03-31 21:47 - 0016992 _____ () C:\Users\Familia\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 21:47 - 2016-03-31 21:47 - 0127488 _____ () C:\Users\Familia\AppData\Roaming\Installer.dat
2016-03-31 21:48 - 2016-03-31 21:48 - 0126464 _____ () C:\Users\Familia\AppData\Roaming\lobby.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 0018432 _____ () C:\Users\Familia\AppData\Roaming\Main.dat
2016-03-31 21:48 - 2016-03-31 21:49 - 0005568 _____ () C:\Users\Familia\AppData\Roaming\md.xml
2016-03-31 21:49 - 2016-03-31 21:49 - 0189644 _____ () C:\Users\Familia\AppData\Roaming\Medis.bin
2016-03-31 21:49 - 2016-03-31 21:49 - 0126464 _____ () C:\Users\Familia\AppData\Roaming\noah.dat
2016-03-31 20:57 - 2016-03-31 20:57 - 0000078 _____ () C:\Users\Familia\AppData\Roaming\Selection Tools.installation.log
2016-03-31 21:50 - 2016-03-31 21:50 - 0001150 _____ () C:\Users\Familia\AppData\Roaming\uninstall_temp.ico
2016-03-31 20:54 - 2016-03-31 20:54 - 0000097 _____ () C:\Users\Familia\AppData\Roaming\WindApp.boostrap.log
2016-03-31 20:56 - 2016-03-31 20:56 - 0000078 _____ () C:\Users\Familia\AppData\Roaming\WindApp.installation.log
2016-03-31 21:48 - 2016-03-31 21:48 - 0848437 _____ () C:\Users\Familia\AppData\Roaming\X-Touch.bin
2016-02-03 23:51 - 2016-02-03 23:51 - 0000000 ____H () C:\Users\Familia\AppData\Local\BITD335.tmp
2016-03-31 21:49 - 2016-03-31 21:49 - 0041472 _____ () C:\Users\Familia\AppData\Local\Donquotex.dat
2016-03-31 21:49 - 2016-03-31 21:49 - 0028160 _____ () C:\Users\Familia\AppData\Local\Donquotex.exe
2016-03-31 21:49 - 2016-03-31 21:49 - 0000187 _____ () C:\Users\Familia\AppData\Local\Donquotex.exe.config
2016-02-03 23:51 - 2016-02-03 23:51 - 0000000 _____ () C:\Users\Familia\AppData\Local\{4EEC3633-0F96-4EFE-902C-0A73DBBB9C41}
2010-11-21 00:24 - 2010-11-21 00:24 - 85256960 ___SH () C:\ProgramData\msciekkon.exe
2016-03-31 21:44 - 2016-03-31 21:45 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\msciekkon.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Familia\ssbbpann.exe
C:\Users\Todos os Usuários\msciekkon.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Familia\AppData\Local\Temp\1459472783.exe
C:\Users\Familia\AppData\Local\Temp\2F5C.tmp.exe
C:\Users\Familia\AppData\Local\Temp\392JV8JWSQ.exe
C:\Users\Familia\AppData\Local\Temp\3EF4.tmp.exe
C:\Users\Familia\AppData\Local\Temp\7F8B.tmp.exe
C:\Users\Familia\AppData\Local\Temp\CA04.tmp.exe
C:\Users\Familia\AppData\Local\Temp\cdo2370623780.dll
C:\Users\Familia\AppData\Local\Temp\cdo3039158044.dll
C:\Users\Familia\AppData\Local\Temp\cdo3046938702.dll
C:\Users\Familia\AppData\Local\Temp\cdo3166775092.dll
C:\Users\Familia\AppData\Local\Temp\cdo3391933346.dll
C:\Users\Familia\AppData\Local\Temp\cdo3430491739.dll
C:\Users\Familia\AppData\Local\Temp\cdo533669282.dll
C:\Users\Familia\AppData\Local\Temp\cdo565066096.dll
C:\Users\Familia\AppData\Local\Temp\cdo685771195.dll
C:\Users\Familia\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Familia\AppData\Local\Temp\nsj1536.exe
C:\Users\Familia\AppData\Local\Temp\O2EV30X0I9.exe
C:\Users\Familia\AppData\Local\Temp\Q873XVYG5Q.exe
C:\Users\Familia\AppData\Local\Temp\WCNOP098AJ.exe
C:\Users\Familia\AppData\Local\Temp\YYHXC02DDX.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys
[2010-11-21 00:23] - [2010-11-21 00:23] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\Drivers\volsnap.sys => não Nome Da Empresa <===== ATENÇÃO
testsigning: ==> o 'modo de teste' está configurado. Cheque por possível driver não assinado <===== ATENÇÃO
LastRegBack: 2016-03-29 00:44
==================== Fim de FRST.txt ============================