Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:03-06-2016
Executado por Dani (administrador) em DANI-PC (04-06-2016 08:12:50)
Executando a partir de C:\Users\Dani\Desktop
Perfis Carregados: Dani (Perfis Disponíveis: Dani)
Platform: Microsoft Windows 10 Pro (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\Program Files\CalendarTool\2.0.0.11356\CalendarServ.exe
(Popcorn Time) C:\Program Files\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files\CalendarTool\2.0.0.11356\calendar.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Dani\AppData\Roaming\cpuminer\cpm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\ProgramData\msiql.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1565992 2016-02-22] (Synaptics Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [apphide] => C:\Program Files\badu\uc.exe
HKLM\...\Run: [cpuminer] => C:\Users\Dani\AppData\Roaming\cpuminer\cpm.exe [4621824 2016-04-12] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-727165953-1638059719-37826139-1000\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-727165953-1638059719-37826139-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [1931776 2016-06-01] ()
HKU\S-1-5-21-727165953-1638059719-37826139-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe [1920000 2016-06-01] ()
HKU\S-1-5-21-727165953-1638059719-37826139-1000\...\Run: [svchost0] => C:\Program Files\UCBrowser\Application\UUC0789.exe
HKU\S-1-5-21-727165953-1638059719-37826139-1000\...\Run: [apphide2] => C:\Program Files\badu\uc.exe
ShellExecuteHooks:  - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} -  Nenhum Arquivo [ ]
Startup: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2016-05-16]
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{723648a0-650c-45f0-b8cf-0f0b66d38de5}: [DhcpNameServer] 192.168.2.1
ManualProxies: 0hxxp://unstops.biz/wpad.dat?f3d2bca210f869570349dcc59988462d10878629

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131093918798630624&GUID=9B6A80A3-A5CF-45BE-A7D7-F5DD633A6904
SearchScopes: HKU\S-1-5-21-727165953-1638059719-37826139-1000 -> {664DFA79-DA6A-45B7-857A-5D07F5B80142} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=639975&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: ChromeDefaultData -> hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=a3f08998dbf9a3ba0cb11f82455eb8d4
CHR StartupUrls: ChromeDefaultData -> "hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=a3f08998dbf9a3ba0cb11f82455eb8d4"
CHR Profile: C:\Users\Dani\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Google Docs) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-16]
CHR Extension: (Google Drive) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-16]
CHR Extension: (YouTube) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-16]

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 GoogleChromeUpService; C:\ProgramData\service.exe [1753600 2016-06-01] () [Arquivo não assinado]
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11356\CalendarServ.exe [152200 2016-05-10] ()
R2 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [Arquivo não assinado]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
S2 dowidoly; C:\Program Files\6D3F2A14-1464809647-D347-9776-00269EFADE44\jnsj4D85.tmp [X]
S2 nevovuqezbt; C:\Program Files\6D3F2A14-1464809647-D347-9776-00269EFADE44\knsl1565.tmp [X]
S2 rijufoze; C:\Program Files\6D3F2A14-1464809647-D347-9776-00269EFADE44\hnsy7226.tmp [X]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 MpKsl08b301ae; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8C8CA04-9393-45E5-8FF0-620E001056D2}\MpKsl08b301ae.sys [39168 2016-06-03] (Microsoft Corporation)
R1 MpKsl43ec94b0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8C8CA04-9393-45E5-8FF0-620E001056D2}\MpKsl43ec94b0.sys [39168 2016-06-02] (Microsoft Corporation)
R1 MpKsl6a2d51b0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8C8CA04-9393-45E5-8FF0-620E001056D2}\MpKsl6a2d51b0.sys [39168 2016-06-03] (Microsoft Corporation)
R1 MpKsl7cf3e8db; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8C8CA04-9393-45E5-8FF0-620E001056D2}\MpKsl7cf3e8db.sys [39168 2016-06-03] (Microsoft Corporation)
R1 MpKslae1e0293; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8C8CA04-9393-45E5-8FF0-620E001056D2}\MpKslae1e0293.sys [39168 2016-06-03] (Microsoft Corporation)
R1 MpKslbe08cd95; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8C8CA04-9393-45E5-8FF0-620E001056D2}\MpKslbe08cd95.sys [39168 2016-06-03] (Microsoft Corporation)
S1 MpKslde3b9ef0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8C8CA04-9393-45E5-8FF0-620E001056D2}\MpKslde3b9ef0.sys [39168 2016-06-03] () [Arquivo não assinado]
S1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [71040 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.)
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\System32\drivers\WUDFRd.sys [161792 2015-07-10] (Microsoft Corporation)
S3 blNetFilter; \??\C:\WINDOWS\system32\drivers\blNetFilter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-04 08:12 - 2016-06-04 08:13 - 00010394 _____ C:\Users\Dani\Desktop\FRST.txt
2016-06-04 08:12 - 2016-06-04 08:12 - 00000000 ____D C:\FRST
2016-06-04 08:06 - 2016-06-04 08:12 - 01734656 _____ (Farbar) C:\Users\Dani\Desktop\FRST.exe
2016-06-04 08:05 - 2016-06-04 08:05 - 01734656 _____ (Farbar) C:\Users\Dani\Downloads\FRST.exe
2016-06-04 07:40 - 2016-06-04 07:40 - 00016148 _____ C:\WINDOWS\system32\DANI-PC_Dani_HistoryPrediction.bin
2016-06-03 21:35 - 2016-06-03 22:23 - 00000678 _____ C:\WINDOWS\Tasks\PPTAssistantUpdateTask_SISTEMA.job
2016-06-03 21:10 - 2016-06-03 21:10 - 00000000 ____D C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PPT美化大师
2016-06-03 20:03 - 2016-06-03 20:03 - 00000000 _____ C:\WINDOWS\system32\vns8861.tmp
2016-06-03 17:02 - 2016-06-03 17:02 - 00353226 ____T C:\Users\Dani\Documents\doc tio.pdf
2016-06-03 17:01 - 2016-06-03 17:01 - 00358623 _____ C:\Users\Dani\Downloads\Documento.pdf
2016-06-03 16:58 - 2016-06-03 21:10 - 00000000 ____D C:\Users\Dani\AppData\Roaming\pptassist
2016-06-03 13:18 - 2016-06-03 13:18 - 00000000 ____D C:\Users\Dani\AppData\Roaming\update
2016-06-02 23:37 - 2016-06-02 23:37 - 00000000 ____D C:\Users\Dani\AppData\Roaming\kingsoft
2016-06-02 23:36 - 2016-06-03 16:24 - 00000000 ____D C:\Users\Dani\AppData\Roaming\ADSKIP
2016-06-02 22:53 - 2016-06-02 22:58 - 00000000 ____D C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-06-02 22:50 - 2016-06-03 21:36 - 00002255 _____ C:\Users\Todos os Usuários\webad.xml
2016-06-02 22:49 - 2016-06-01 02:36 - 10599032 _____ () C:\Users\Todos os Usuários\ADSkip.v1.0.523.2105_Silent.exe
2016-06-02 22:38 - 2016-06-04 07:52 - 00000458 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2016-06-02 22:38 - 2016-04-25 15:55 - 00071040 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
2016-06-01 18:23 - 2016-06-01 22:48 - 01920000 _____ C:\Users\Todos os Usuários\msiql.exe
2016-06-01 18:22 - 2016-06-04 07:58 - 00000342 _____ C:\WINDOWS\Tasks\PPTAssistantNotifyTask_Dani.job
2016-06-01 18:22 - 2016-06-03 21:35 - 00000000 ____D C:\Users\Todos os Usuários\kingsoft
2016-06-01 18:22 - 2016-06-03 21:31 - 00000000 ____D C:\Users\Dani\AppData\Local\PPTAssist
2016-06-01 18:22 - 2016-05-04 05:44 - 04232400 _____ (Kingsoft Corp. Ltd.) C:\Users\Todos os Usuários\OfficeAssist.0172.80.1384.exe
2016-06-01 18:21 - 2016-02-18 07:10 - 05267952 _____ () C:\Users\Todos os Usuários\ziptool_wc-9015_setup.exe
2016-06-01 18:19 - 2016-06-01 22:48 - 00343040 _____ C:\Users\Todos os Usuários\RandomDelJiheReg.exe
2016-06-01 16:42 - 2016-06-01 22:48 - 00114176 _____ C:\Users\Todos os Usuários\hp.exe
2016-06-01 16:42 - 2016-06-01 16:42 - 01753600 _____ C:\Users\Todos os Usuários\service.exe
2016-06-01 16:41 - 2016-06-01 16:41 - 00000000 ____D C:\Users\Dani\AppData\Roaming\gplyra
2016-06-01 16:41 - 2016-06-01 16:41 - 00000000 ____D C:\Users\Dani\AppData\Roaming\cpuminer
2016-06-01 16:40 - 2016-06-01 16:40 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-06-01 16:40 - 2016-05-28 11:42 - 05671936 _____ (Andrei Gourianov) C:\Users\Todos os Usuários\tasklist.exe
2016-06-01 16:39 - 2016-06-01 16:42 - 00000000 ____D C:\Users\Dani\AppData\Roaming\UPUpdata
2016-06-01 16:38 - 2016-06-04 07:45 - 00000000 ____D C:\Users\Dani\AppData\Roaming\CalendarTool
2016-06-01 16:38 - 2016-06-01 16:38 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-06-01 16:38 - 2016-06-01 16:38 - 00000000 ____D C:\Program Files\CalendarTool
2016-06-01 16:37 - 2016-06-01 16:37 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-06-01 16:34 - 2016-06-01 16:31 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2016-06-01 16:33 - 2016-06-01 16:33 - 00000000 ____D C:\Users\Dani\AppData\Roaming\SpringFiles
2016-06-01 16:31 - 2016-06-01 16:32 - 00000000 ____D C:\Users\Dani\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-06-01 10:53 - 2016-06-01 10:54 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-31 09:11 - 2016-05-31 09:11 - 00159513 _____ C:\Users\Dani\Downloads\DAS-PGMEI-22301643000108 (3).pdf
2016-05-31 09:06 - 2016-05-31 09:06 - 00014536 _____ C:\Users\Dani\Downloads\DASNSIMEI-Recibo-22301643000108.pdf
2016-05-31 08:53 - 2016-05-31 09:06 - 00000000 ____D C:\Users\Dani\Downloads\The Ultimate Zumba Fitness Experience (7 DVDRips)
2016-05-30 11:18 - 2016-05-30 19:39 - 00000000 ____D C:\Users\Dani\Desktop\Pendrive Leylson
2016-05-30 10:04 - 2016-05-30 10:05 - 00134705 _____ C:\Users\Dani\Downloads\DAS-PGMEI-22301643000108 (2).pdf
2016-05-24 09:10 - 2016-04-22 02:44 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-24 09:10 - 2016-04-15 03:43 - 00916800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-24 09:10 - 2016-04-15 02:55 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-24 09:10 - 2016-04-15 02:49 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-05-24 09:10 - 2016-04-15 02:42 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-24 09:10 - 2016-04-15 02:41 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-24 09:10 - 2016-04-15 02:39 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-24 09:10 - 2016-04-15 02:37 - 02986496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-24 09:10 - 2016-04-15 02:36 - 01132544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-24 09:10 - 2016-04-09 07:54 - 06266200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-24 09:10 - 2016-04-09 07:52 - 00502504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-24 09:10 - 2016-04-09 07:50 - 01537112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-24 09:10 - 2016-04-09 07:47 - 01707872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-24 09:10 - 2016-04-09 07:46 - 00274272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-24 09:10 - 2016-04-09 07:45 - 01855328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-05-24 09:10 - 2016-04-09 07:45 - 01396072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-24 09:10 - 2016-04-09 07:45 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-24 09:10 - 2016-04-09 06:50 - 01515936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-24 09:10 - 2016-04-09 05:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-05-24 09:10 - 2016-04-09 05:13 - 05160960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-24 09:10 - 2016-04-09 05:09 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-24 09:10 - 2016-04-09 05:09 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-24 09:10 - 2016-04-09 05:09 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-24 09:10 - 2016-04-09 04:55 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-24 09:10 - 2016-04-09 04:54 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-24 09:10 - 2016-04-09 04:52 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2016-05-24 09:10 - 2016-04-09 04:38 - 00464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-24 09:10 - 2016-04-09 04:18 - 11264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-24 09:10 - 2016-04-09 04:18 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-24 09:10 - 2016-04-09 04:14 - 18798080 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-20 12:03 - 2016-05-20 12:03 - 00000000 ____D C:\Users\Dani\Desktop\Álbum desconhecido (22-05-2012 10-40-27)
2016-05-20 11:59 - 2016-05-20 12:00 - 00000000 ____D C:\Users\Dani\Desktop\HIP HOP {BASS}
2016-05-20 11:58 - 2016-05-20 11:58 - 00000000 ____D C:\Users\Dani\Desktop\axe kilesse 2014
2016-05-20 11:58 - 2016-05-20 11:58 - 00000000 ____D C:\Users\Dani\Desktop\AXE
2016-05-19 09:09 - 2016-05-25 15:40 - 00000000 ____D C:\Users\Dani\Desktop\IFNMG
2016-05-19 08:35 - 2016-05-19 08:35 - 00001479 _____ C:\Users\Dani\Downloads\3120102_sintese.csv
2016-05-16 12:57 - 2016-05-16 12:58 - 00478704 ____T C:\Users\Dani\Documents\rodizio.pdf
2016-05-11 11:19 - 2016-05-11 11:20 - 01160758 _____ C:\Users\Dani\Documents\Rodiziio.psd
2016-05-11 11:02 - 2016-05-11 11:02 - 00451969 _____ C:\Users\Dani\Documents\Flayer 2.psd
2016-05-11 10:25 - 2016-05-11 11:03 - 02543214 _____ C:\Users\Dani\Documents\Flayer 1.psd

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-04 08:11 - 2016-03-16 10:31 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-04 07:42 - 2016-03-16 10:06 - 00001076 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-03 22:49 - 2016-02-22 15:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-03 22:46 - 2016-02-22 15:26 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-03 22:44 - 2016-02-22 16:04 - 00000000 ____D C:\Users\Dani
2016-06-03 22:17 - 2016-03-16 10:06 - 00001080 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-03 21:22 - 2016-02-22 15:26 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-03 16:59 - 2016-02-22 16:10 - 01810446 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-03 16:59 - 2016-02-22 15:32 - 00782022 _____ C:\WINDOWS\system32\prfh0416.dat
2016-06-03 16:59 - 2016-02-22 15:32 - 00153010 _____ C:\WINDOWS\system32\prfc0416.dat
2016-06-03 16:59 - 2016-02-22 15:24 - 00000000 ____D C:\WINDOWS\INF
2016-06-03 00:12 - 2013-08-18 14:23 - 00000000 ____D C:\704649e4e1e13c0beb
2016-06-02 22:57 - 2016-02-22 16:07 - 00000000 ____D C:\Users\Dani\AppData\Local\Packages
2016-06-01 16:27 - 2016-03-31 08:37 - 00000000 ____D C:\Users\Dani\AppData\Roaming\uTorrent
2016-06-01 10:56 - 2016-02-22 15:41 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-31 10:59 - 2016-02-22 15:26 - 00000000 ____D C:\WINDOWS\rescache
2016-05-31 09:13 - 2015-07-03 11:58 - 00000000 ____D C:\Users\Dani\Desktop\Pastel São Paulo
2016-05-31 08:44 - 2016-04-26 08:25 - 00000000 ____D C:\Users\Dani\Downloads\Adobe CS6 Master Collection
2016-05-25 23:05 - 2016-04-25 18:01 - 00000000 ___RD C:\Users\Dani\Downloads\62632UNETA.492836F161CC8_rmspfwnbz040j!App
2016-05-25 22:20 - 2016-02-22 15:12 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-05-25 22:19 - 2016-02-22 15:26 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-25 16:05 - 2016-02-22 15:18 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-25 16:03 - 2016-03-15 19:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-05-25 16:01 - 2016-04-14 17:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-25 15:53 - 2016-04-14 17:54 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 16:50 - 2016-02-22 15:28 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-05-11 16:50 - 2016-02-22 15:28 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Arquivos na raiz de alguns diretórios =======

2016-06-02 22:49 - 2016-06-01 02:36 - 10599032 _____ () C:\ProgramData\ADSkip.v1.0.523.2105_Silent.exe
2016-06-01 16:42 - 2016-06-01 22:48 - 0114176 _____ () C:\ProgramData\hp.exe
2016-06-01 18:23 - 2016-06-01 22:48 - 1920000 _____ () C:\ProgramData\msiql.exe
2016-06-01 18:22 - 2016-05-04 05:44 - 4232400 _____ (Kingsoft Corp. Ltd.) C:\ProgramData\OfficeAssist.0172.80.1384.exe
2016-06-01 18:19 - 2016-06-01 22:48 - 0343040 _____ () C:\ProgramData\RandomDelJiheReg.exe
2016-06-01 16:42 - 2016-06-01 16:42 - 1753600 _____ () C:\ProgramData\service.exe
2016-06-01 16:40 - 2016-05-28 11:42 - 5671936 _____ (Andrei Gourianov) C:\ProgramData\tasklist.exe
2016-06-02 22:50 - 2016-06-03 21:36 - 0002255 _____ () C:\ProgramData\webad.xml
2016-06-01 18:21 - 2016-02-18 07:10 - 5267952 _____ () C:\ProgramData\ziptool_wc-9015_setup.exe

Arquivos para serem movidos ou deletados:
====================
C:\Users\Todos os Usuários\ADSkip.v1.0.523.2105_Silent.exe
C:\Users\Todos os Usuários\hp.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\OfficeAssist.0172.80.1384.exe
C:\Users\Todos os Usuários\RandomDelJiheReg.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\tasklist.exe
C:\Users\Todos os Usuários\ziptool_wc-9015_setup.exe


Alguns arquivos em TEMP:
====================
C:\Users\Dani\AppData\Local\Temp\1ZeF0ZlDY2.exe
C:\Users\Dani\AppData\Local\Temp\23333.exe
C:\Users\Dani\AppData\Local\Temp\299F.tmp.exe
C:\Users\Dani\AppData\Local\Temp\5345.tmp.exe
C:\Users\Dani\AppData\Local\Temp\5879.tmp.exe
C:\Users\Dani\AppData\Local\Temp\B8WuH7lknf.exe
C:\Users\Dani\AppData\Local\Temp\Browser_V5.6.12150.8_f_4730_(Build1604251144).exe
C:\Users\Dani\AppData\Local\Temp\DSh4c2ooNC.exe
C:\Users\Dani\AppData\Local\Temp\F228.tmp.exe
C:\Users\Dani\AppData\Local\Temp\fsd8D69.exe
C:\Users\Dani\AppData\Local\Temp\fsdDFCA.exe
C:\Users\Dani\AppData\Local\Temp\ICReinstall_F228.tmp.exe
C:\Users\Dani\AppData\Local\Temp\L0kHIiD3PK.exe
C:\Users\Dani\AppData\Local\Temp\nst1FFD.tmp.exe
C:\Users\Dani\AppData\Local\Temp\NZ2QV28UFJ.exe
C:\Users\Dani\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_72623_Silence.exe
C:\Users\Dani\AppData\Local\Temp\RUKHS3WXYV.exe
C:\Users\Dani\AppData\Local\Temp\sdf6E3A.exe
C:\Users\Dani\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-05-30 10:18

==================== Fim de FRST.txt ============================