Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 29-06-2016
Executado por Bruno (administrador) em BRUNO-PC (29-06-2016 20:27:33)
Executando a partir de C:\Users\Bruno\Downloads
Perfis Carregados: Bruno (Perfis Disponíveis: Bruno)
Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Safe Mode (with Networking)
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe [1997296 2015-12-31] (Baidu, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKLM\...\Run: [gmsd_br_005010261] => C:\Program Files\gmsd_br_005010261\gmsd_br_005010261.exe [4050608 2016-03-08] ()
HKLM\...\Run: [comoBoss] => C:\Program Files\comoBoss\comowin.exe [3714048 2016-06-27] ()
HKLM\...\Run: [sun21] => C:\Program Files\zebi\SunnyDay.exe [3724456 2016-06-27] ()
HKLM\...\RunOnce: [systwin] => C:\Windows\systwin.exe [305881 2016-06-27] ( )
HKLM\...\RunOnce: [usun.exe] => C:\Users\Bruno\AppData\Local\SunnyDay21\usun.exe [3270656 2016-06-27] ()
HKLM\...\RunOnce: [upgmsd_br_005010261.exe] => C:\Users\Bruno\AppData\Local\gmsd_br_005010261\upgmsd_br_005010261.exe [3153584 2016-03-08] ()
HKLM\...\RunOnce: [OTUTPRODUCT_LBTR8] => "C:\Program Files\sunnyday\otutnetwork.exe"
HKLM\...\RunOnce: [AdBlock2] => [X]
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [uTorrent] => C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-16] (BitTorrent Inc.)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26196672 2016-03-17] (Slimware Utilities Holdings, Inc.)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [msiql] => C:\Users\Bruno\AppData\Roaming\UPUpdata\msiql.exe [1912832 2016-06-27] ()
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [Chromium] => c:\users\bruno\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {15cf8693-e2e8-11e5-a5be-00269eaf8327} - F:\AutoRun.exe
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {9cecdc9b-afc9-11e5-9a03-00269eaf8327} - F:\AutoRun.exe
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {d24eac5b-c853-11e5-a677-00269eaf8327} - F:\AutoRun.exe
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {e291072f-b7e1-11e5-b147-00269eaf8327} - G:\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavShx.dll [2015-12-31] (Baidu, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{81E4EFA2-E39F-4C38-B5BC-635661B2882B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{81EE8EB3-F3D3-475D-8F82-733AD579B80B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{CBEFC252-A772-4559-B28C-95A25E7C392D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{CBEFC252-A772-4559-B28C-95A25E7C392D}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f564aed59d05795cc718941698c02d61
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f564aed59d05795cc718941698c02d61
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4209435366-4163187811-3843655850-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4209435366-4163187811-3843655850-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4209435366-4163187811-3843655850-1000 -> {FC7A0D20-9221-413F-9EA6-3CE0E378D17D} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Dhgaqkunnak -> {326495EB-0850-4CF4-b639-D911604055CC} -> C:\Program Files\Dhgaqkunnak\Ovubir.dll [2016-06-27] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO: Lixjamalovjivti -> {DE5F47EA-706D-4296-8F85-12156C29924F} -> C:\Program Files\Lixjamalovjivti\Ouelem.dll [2016-06-27] ()
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default
FF NewTab: hxxp://www.trotux.com/?z=e8f6c116dd9c653d622688dg3z9qbm2eaq3bfc0t5e&from=t4c&uid=SAMSUNGXHM500JI_S1YUJ9BSC00270&type=hp
FF DefaultSearchEngine: trotux
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF Homepage: hxxp://www.yoursearching.com/?type=hp&ts=1467068079&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=SAMSUNGXHM500JI_S1YUJ9BSC00270
FF Keyword.URL: hxxp://www.trotux.com/search/?z=e8f6c116dd9c653d622688dg3z9qbm2eaq3bfc0t5e&from=t4c&uid=SAMSUNGXHM500JI_S1YUJ9BSC00270&type=sp&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\user.js [2016-06-27]
FF user.js: detected! => C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\user.js [2016-06-27]
FF SearchPlugin: C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\searchplugins\yahoo! powered.xml [2016-06-27]
FF SearchPlugin: C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\searchplugins\08sjz8ld.xml [2016-06-27]
FF Extension: FirefixTab - C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\extensions\deskCutv2@gmail.com [2016-06-27] [não assinado]
FF Extension: FirefixTab - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\Extensions\deskCutv2@gmail.com [2016-06-27] [não assinado]
FF Extension: GsearchFinder - C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-06-24]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S2 01F5AE87-9180-4BEF-89F5-D1D27A5EFA7F; C:\Program Files\Lixjamalovjivti\Fomek.exe [270848 2016-06-27] () [Arquivo não assinado]
S2 B53F9D65-CBBF-4831-89C3-08823BDD9065; C:\Program Files\Dhgaqkunnak\Ynylz.exe [271872 2016-06-27] () [Arquivo não assinado]
R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe [2572928 2015-12-31] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdSandboxSrv.exe [391200 2015-03-05] (Baidu, Inc.)
S2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe [531232 2015-12-31] (Baidu, Inc.)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2114816 2016-06-10] (Microsoft Corporation)
S2 COMLiveService; C:\Program Files\Viva\viva.exe [346624 2015-10-05] () [Arquivo não assinado]
S2 Cupar; C:\Users\Bruno\AppData\Roaming\Iluuxwol\Iluuxwol.exe [170496 2016-06-27] () [Arquivo não assinado]
S2 Dhgaqkunnak Updater; C:\Program Files\Dhgaqkunnak\Ifeeb.exe [263680 2016-06-27] () [Arquivo não assinado]
S2 dowidoly; C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327\jnsuE234.tmp [244224 2016-06-27] () [Arquivo não assinado]
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2295992 2016-03-16] (Comodo)
S2 fisusyscheduleCherbsy.exe; C:\Program Files\Shociph\fisusyscheduleCherbsy.exe [705760 2016-06-24] ()
S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [23040 2016-05-17] () [Arquivo não assinado]
S2 Lixjamalovjivti Updater; C:\Program Files\Lixjamalovjivti\Agerbh.exe [269312 2016-06-27] () [Arquivo não assinado]
S2 moxohobi; C:\Program Files\39464E43-1452807196-3834-5A39-00269EAF8327\znsgAE3F.tmp [220160 2016-01-14] () [Arquivo não assinado]
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Arquivo não assinado]
S2 rijufoze; C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327\hnsz2869.tmp [138240 2016-06-27] () [Arquivo não assinado]
S2 RocOrix; C:\Program Files\Dhgaqkunnak\RocOrix.exe [1683456 2016-06-27] () [Arquivo não assinado]
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [229568 2016-03-17] (SlimWare Utilities, Inc.)
S2 SSFK; C:\Program Files\SFK\SSFK.exe [196288 2016-06-27] ()
S2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
S2 Tioalbo; C:\Users\Bruno\AppData\Roaming\AhilgeIlak\Mechh.exe [121344 2016-06-27] () [Arquivo não assinado]
S2 WaxceIpuehbe; C:\Program Files\Lixjamalovjivti\WaxceIpuehbe.exe [1682432 2016-06-27] () [Arquivo não assinado]
S2 WdMan; C:\ProgramData\8WdM8\WdMan.exe [304808 2016-06-27] (TFuns LIMITED)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X]
S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S2 kihocuvezbt; C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327\knso94F8.tmpfs [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 AtiDCM; C:\Users\Bruno\AppData\Local\Temp\atidcmxx.sys [28872 2015-12-03] (Advanced Micro Devices, Inc.)
S3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdApiUtil.sys [101448 2015-12-31] (Baidu, Inc.)
S3 bdark; C:\Windows\system32\drivers\bdark.sys [82376 2015-05-15] ()
S3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdCameraProtect.sys [21384 2015-12-31] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [197624 2015-03-05] (Baidu, Inc.)
S1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51144 2015-12-31] (Baidu, Inc.)
S1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31176 2015-12-31] (Baidu, Inc.)
S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74888 2015-12-31] (Baidu, Inc.)
S3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [138184 2015-12-31] (Baidu, Inc.)
S1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75400 2015-12-31] (Baidu, Inc.)
S1 Bndef; C:\Windows\System32\drivers\bndef.sys [461192 2015-12-31] (Baidu, Inc.)
S3 BNmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\Bnmon.sys [84936 2015-12-31] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [195528 2015-12-31] (Baidu, Inc.)
R1 bsdp32; C:\Windows\system32\Drivers\bsdp32.sys [32576 2016-06-27] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-06-27] (Cherimoya Ltd)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-03-21] (REALiX(tm))
S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [225896 2015-05-14] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [48784 2015-04-16] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2015-08-20] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [52712 2015-08-20] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2015-11-27] (Elex do Brasil Participações Ltda)
S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [58640 2015-09-09] (Elex do Brasil Participações Ltda)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2016-03-21] (JMicron Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10384656 2016-03-21] (Intel Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2016-06-29] (SlimWare Utilities, Inc.)
R1 vivadrv; C:\Windows\System32\drivers\vivadrv.sys [48384 2015-09-17] (Windows (R) Win 7 DDK provider)
S3 STHDA; system32\DRIVERS\stwrt.sys [X]
S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-29 20:25 - 2016-06-29 20:25 - 00001864 _____ C:\Users\Public\Desktop\YAC.lnk
2016-06-29 20:24 - 2016-06-29 20:25 - 00032157 _____ C:\Users\Bruno\Downloads\Addition.txt
2016-06-29 20:24 - 2016-06-29 20:24 - 00000000 ____D C:\Program Files\Elex-tech
2016-06-29 20:23 - 2016-06-29 20:27 - 00013682 _____ C:\Users\Bruno\Downloads\FRST.txt
2016-06-29 20:22 - 2016-06-29 20:27 - 00000000 ____D C:\FRST
2016-06-29 20:21 - 2016-06-29 20:21 - 01740288 _____ (Farbar) C:\Users\Bruno\Downloads\FRST.exe
2016-06-29 20:11 - 2016-06-29 20:11 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk
2016-06-29 20:07 - 2016-06-29 20:07 - 00003554 _____ C:\Users\Bruno\Downloads\Activate Sound in SafeMode.reg
2016-06-29 20:02 - 2016-06-29 20:05 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\Bruno\Downloads\yet_another_cleaner_sk_0.exe
2016-06-29 19:46 - 2016-06-29 19:46 - 06621658 _____ C:\Users\Bruno\Downloads\DLL.Files Fixer - Ms Tutors.rar
2016-06-29 19:46 - 2015-01-01 09:41 - 00000000 ____D C:\Users\Bruno\Downloads\DLL.Files Fixer - Ms Tutors
2016-06-29 12:02 - 2016-06-29 19:58 - 00000270 _____ C:\Windows\Tasks\RDReminder.job
2016-06-29 12:02 - 2016-06-29 19:46 - 00000000 ____D C:\Program Files\Dll-Files.com Fixer
2016-06-29 12:02 - 2016-06-29 12:02 - 00001050 _____ C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\dll-files.com
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\ProgramData\TEMP
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2016-06-29 12:01 - 2016-06-29 12:01 - 05443584 _____ (Dll-Files.com ) C:\Users\Bruno\Downloads\dffsetup.exe
2016-06-29 11:58 - 2016-06-29 12:35 - 00001116 _____ C:\Users\Public\Desktop\SoftPlanet Software Assistant.lnk
2016-06-29 11:58 - 2016-06-29 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPlanet Software Assistant
2016-06-29 11:38 - 2016-06-29 12:35 - 00000000 ____D C:\Program Files\SoftPlanet Software Assistant
2016-06-29 11:38 - 2016-06-29 11:38 - 00000000 ____D C:\Users\Bruno\AppData\Local\SoftPlanet
2016-06-29 11:37 - 2016-06-29 11:37 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Bruno\Downloads\setup [1].exe
2016-06-27 23:44 - 2016-06-27 23:44 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-06-27 23:44 - 2016-06-27 23:44 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-06-27 23:40 - 2016-06-27 23:40 - 00000000 ____D C:\Users\Todos os Usuários\Synaptics
2016-06-27 23:40 - 2016-06-27 23:40 - 00000000 ____D C:\ProgramData\Synaptics
2016-06-27 22:54 - 2016-06-27 22:54 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\x5VbR
2016-06-27 22:52 - 2016-06-29 20:01 - 00000000 ____D C:\Program Files\sunnyday
2016-06-27 22:51 - 2016-06-29 20:08 - 00002371 _____ C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-06-27 22:50 - 2016-06-27 22:51 - 00000000 ____D C:\Users\Bruno\AppData\Local\Chromium
2016-06-27 22:49 - 2016-06-27 22:49 - 00002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-06-27 22:49 - 2016-06-27 22:49 - 00000978 _____ C:\Windows\Tasks\Yahoo! Powered ralit.job
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Todos os Usuários\{DF6C1A0F-552E-90C9-D3E8-0E8B49AA8545}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\PriceFountainUpdateVer
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Local\EmbolismsCouthier
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Local\{B67380C8-9321-EDBE-F817-CA6C24C53752}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Local\{B62E8072-9286-ECCA-FF1E-C922DB7635BA}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\ProgramData\{DF6C1A0F-552E-90C9-D3E8-0E8B49AA8545}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Program Files\ByteFence
2016-06-27 22:48 - 2016-06-27 22:55 - 00000000 ____D C:\Program Files\SunnyDay21
2016-06-27 22:44 - 2016-06-27 22:47 - 00000000 ____D C:\Program Files\Caster
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Iluuxwol
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\AhilgeIlak
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Users\Bruno\AppData\Local\Tempfolder
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Program Files\DhgaqkunnakUn
2016-06-27 22:43 - 2016-06-27 22:44 - 00000000 ____D C:\Program Files\Dhgaqkunnak
2016-06-27 22:43 - 2016-06-27 22:43 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\LInJp
2016-06-27 22:43 - 2016-06-27 22:43 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\hIkks
2016-06-27 22:42 - 2016-06-27 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2016-06-27 22:42 - 2015-09-09 22:56 - 00058640 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2016-06-27 22:42 - 2015-04-16 05:55 - 00048784 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2016-06-27 22:41 - 2016-06-27 22:44 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-06-27 22:39 - 2016-06-27 22:39 - 00001234 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Elex-tech
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Users\Bruno\AppData\Local\VS Revo Group
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Program Files\VS Revo Group
2016-06-27 22:39 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-06-27 22:34 - 2016-06-27 22:30 - 00001560 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-06-27 22:33 - 2016-06-27 22:34 - 00000000 ____D C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\CalendarTool
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\ASPackage
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Program Files\CalendarTool
2016-06-27 22:30 - 2016-06-27 22:30 - 00000000 ____D C:\Program Files\Ajiodfojc
2016-06-27 21:42 - 2016-06-27 22:29 - 00000000 ____D C:\Users\Todos os Usuários\BavSvc_exe
2016-06-27 21:42 - 2016-06-27 22:29 - 00000000 ____D C:\ProgramData\BavSvc_exe
2016-06-27 21:38 - 2016-06-29 20:13 - 01422762 _____ C:\Windows\ntbtlog.txt
2016-06-27 20:09 - 2016-06-27 23:46 - 00000000 ____D C:\Users\Bruno\AppData\Local\SunnyDay21
2016-06-27 20:09 - 2016-06-27 20:09 - 00000000 ____D C:\Program Files\zebi
2016-06-27 20:05 - 2016-06-27 20:05 - 00000000 ____D C:\Users\Bruno\AppData\Local\csdi_monetize_220160627
2016-06-27 20:05 - 2016-06-27 20:05 - 00000000 ____D C:\Program Files\comoBoss
2016-06-27 20:04 - 2016-06-27 20:04 - 00000000 ____D C:\Users\Bruno\AppData\Local\tuto_monetize_120160627
2016-06-27 20:03 - 2016-06-27 22:55 - 00000000 ____D C:\Program Files\AdsToolBar
2016-06-27 20:03 - 2016-06-27 21:08 - 00305881 _____ ( ) C:\Windows\systwin.exe
2016-06-27 20:03 - 2016-06-21 00:50 - 00304223 _____ ( ) C:\Windows\AdBlock.exe
2016-06-27 20:02 - 2016-06-27 22:54 - 00128512 _____ C:\Users\Bruno\AppData\Roaming\Installer.dat
2016-06-27 20:02 - 2016-06-27 22:54 - 00011568 _____ C:\Users\Bruno\AppData\Roaming\InstallationConfiguration.xml
2016-06-27 20:02 - 2016-06-27 20:02 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\WUlrr
2016-06-27 20:00 - 2016-06-27 20:00 - 00000000 ____D C:\Users\Bruno\AppData\LocalLow\Company
2016-06-27 20:00 - 2016-06-27 20:00 - 00000000 ____D C:\Users\Bruno\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-06-27 20:00 - 2016-06-27 20:00 - 00000000 ____D C:\uninst
2016-06-27 19:59 - 2016-06-29 20:02 - 00000000 ____D C:\Program Files\Hostify
2016-06-27 19:59 - 2016-06-27 22:30 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\UPUpdata
2016-06-27 19:59 - 2016-06-27 20:12 - 00000000 ____D C:\Program Files\Shociph
2016-06-27 19:59 - 2016-06-27 20:00 - 00000000 ____D C:\Program Files\Lixjamalovjivti
2016-06-27 19:59 - 2016-06-27 19:59 - 00032576 _____ C:\Windows\system32\Drivers\bsdp32.sys
2016-06-27 19:59 - 2016-06-27 19:59 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-06-27 19:59 - 2016-06-27 19:59 - 00000000 ____D C:\Program Files\LixjamalovjivtiUn
2016-06-27 19:55 - 2016-06-27 23:45 - 00000000 ____D C:\Users\Bruno\AppData\Local\gmsd_br_005010261
2016-06-27 19:55 - 2016-06-27 21:01 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\yoursearching
2016-06-27 19:55 - 2016-06-27 19:56 - 00000000 ____D C:\Users\Todos os Usuários\8WdM8
2016-06-27 19:55 - 2016-06-27 19:56 - 00000000 ____D C:\ProgramData\8WdM8
2016-06-27 19:55 - 2016-06-27 19:55 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-06-27 19:55 - 2016-06-27 19:55 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-06-27 19:55 - 2016-06-27 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2016-06-27 19:55 - 2016-06-27 19:55 - 00000000 ____D C:\Program Files\SFK
2016-06-27 19:55 - 2016-06-27 19:55 - 00000000 ____D C:\Program Files\gmsd_br_005010261
2016-06-27 19:54 - 2016-06-27 19:54 - 00000632 _____ C:\yoursearching.xml
2016-06-26 13:00 - 2016-06-28 10:11 - 00000000 ____D C:\Users\Bruno\AppData\LocalLow\uTorrent
2016-06-24 21:36 - 2016-06-24 21:46 - 00000000 ____D C:\FirmwareInstall
2016-06-21 20:57 - 2016-06-21 20:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-20 18:55 - 2016-06-20 18:55 - 00000000 ____D C:\Windows\IObit
2016-06-17 00:25 - 2016-06-17 01:08 - 00000000 ____D C:\Users\Bruno\Documents\ARQUIVOS MOTO G3
2016-06-16 23:44 - 2016-06-16 23:44 - 00000000 ____D C:\Users\Todos os Usuários\Motorola
2016-06-16 23:44 - 2016-06-16 23:44 - 00000000 ____D C:\ProgramData\Motorola
2016-06-16 22:25 - 2016-06-21 19:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-13 21:08 - 2016-06-13 21:08 - 00000000 ___HD C:\Users\Bruno\Downloads\.picasaoriginals
2016-06-13 21:07 - 2016-06-13 21:08 - 00000050 ____H C:\Users\Bruno\Downloads\.picasa.ini
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-29 20:12 - 2016-03-22 21:08 - 00013368 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2016-06-29 20:11 - 2016-03-22 21:08 - 00000386 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2016-06-29 20:10 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-29 20:08 - 2016-01-12 22:03 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-29 20:08 - 2016-01-12 22:03 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-29 20:08 - 2015-12-31 11:21 - 00001431 _____ C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-28 10:34 - 2016-01-01 19:34 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\uTorrent
2016-06-27 23:46 - 2016-01-14 20:34 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-27 23:41 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-06-27 23:40 - 2014-05-25 15:42 - 00000000 ____D C:\Swsetup
2016-06-27 23:31 - 2016-03-22 21:41 - 00000000 ____D C:\Program Files\AMD
2016-06-27 23:12 - 2015-12-31 11:26 - 02495432 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-27 23:12 - 2010-05-09 02:43 - 00682280 _____ C:\Windows\system32\prfh0416.dat
2016-06-27 23:12 - 2010-05-09 02:43 - 00138094 _____ C:\Windows\system32\prfc0416.dat
2016-06-27 23:12 - 2009-07-14 05:48 - 00736646 _____ C:\Windows\system32\perfh00A.dat
2016-06-27 23:12 - 2009-07-14 05:48 - 00157728 _____ C:\Windows\system32\perfc00A.dat
2016-06-27 22:47 - 2016-01-24 14:43 - 00000000 ____D C:\Program Files\Bonjour
2016-06-27 22:22 - 2016-03-03 00:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-06-27 22:21 - 2016-03-21 23:00 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2016-06-27 22:21 - 2016-03-21 23:00 - 00000000 ____D C:\ProgramData\ProductData
2016-06-27 22:20 - 2015-12-31 12:59 - 00000000 ____D C:\Program Files\Opera
2016-06-27 21:44 - 2015-12-31 11:58 - 00000000 ____D C:\Users\Bruno\AppData\Local\ElevatedDiagnostics
2016-06-27 21:25 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-27 21:16 - 2016-04-09 19:21 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-06-27 21:16 - 2016-04-09 19:21 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-27 21:06 - 2016-02-07 18:59 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Baidu
2016-06-27 21:06 - 2016-02-07 18:59 - 00000000 ____D C:\Program Files\baidu
2016-06-27 21:03 - 2015-12-31 13:06 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Skype
2016-06-27 19:22 - 2009-07-14 01:34 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-27 19:22 - 2009-07-14 01:34 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-26 15:37 - 2015-12-31 11:19 - 00000000 ____D C:\Users\Bruno
2016-06-25 22:16 - 2016-03-09 20:12 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-24 21:54 - 2016-03-22 21:54 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Bruno).job
2016-06-21 20:59 - 2016-04-07 20:31 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-06-21 20:59 - 2016-04-07 20:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-21 20:57 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-21 20:50 - 2016-04-07 20:24 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-21 19:59 - 2016-01-12 22:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-17 00:06 - 2016-04-07 20:22 - 00000000 ____D C:\viva
2016-06-16 22:46 - 2016-01-14 20:34 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 22:46 - 2016-01-14 20:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-03 23:07 - 2015-12-31 13:06 - 00000000 ___RD C:\Program Files\Skype
2016-06-03 23:07 - 2015-12-31 13:06 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-06-03 23:07 - 2015-12-31 13:06 - 00000000 ____D C:\ProgramData\Skype
==================== Arquivos na raiz de alguns diretórios =======
2016-06-27 19:59 - 2016-06-27 20:00 - 0001231 _____ () C:\Users\Bruno\AppData\Roaming\Bubble Dock.boostrap.log
2016-06-27 20:02 - 2016-06-27 22:54 - 0011568 _____ () C:\Users\Bruno\AppData\Roaming\InstallationConfiguration.xml
2016-06-27 20:02 - 2016-06-27 22:54 - 0128512 _____ () C:\Users\Bruno\AppData\Roaming\Installer.dat
2016-06-27 20:00 - 2016-06-27 20:00 - 0000097 _____ () C:\Users\Bruno\AppData\Roaming\WindApp.boostrap.log
2016-02-06 22:37 - 2016-02-27 20:44 - 0004608 _____ () C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-31 11:41 - 2015-12-31 11:41 - 0000017 _____ () C:\Users\Bruno\AppData\Local\resmon.resmoncfg
2016-06-27 19:55 - 2016-06-27 19:55 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Bruno\AppData\Local\Temp\0616V4FOW4.exe
C:\Users\Bruno\AppData\Local\Temp\0EWNI3GYEG.exe
C:\Users\Bruno\AppData\Local\Temp\1EG9D7TKTJ.exe
C:\Users\Bruno\AppData\Local\Temp\1KAHGIW974.exe
C:\Users\Bruno\AppData\Local\Temp\24CRBG635E.exe
C:\Users\Bruno\AppData\Local\Temp\2HTSTHOOXF.exe
C:\Users\Bruno\AppData\Local\Temp\4GA7QRUNTW.exe
C:\Users\Bruno\AppData\Local\Temp\AIPF30CLDB.exe
C:\Users\Bruno\AppData\Local\Temp\B4R6JOF2DA.exe
C:\Users\Bruno\AppData\Local\Temp\B9NLJCCCQX.exe
C:\Users\Bruno\AppData\Local\Temp\C5PHQD8J8S.exe
C:\Users\Bruno\AppData\Local\Temp\CashboxStamen.dll
C:\Users\Bruno\AppData\Local\Temp\D7XWD8M4IT.exe
C:\Users\Bruno\AppData\Local\Temp\F8RO6PPT9D.exe
C:\Users\Bruno\AppData\Local\Temp\FFSetup3.8.0.0.exe
C:\Users\Bruno\AppData\Local\Temp\GE8XVQWQAR.exe
C:\Users\Bruno\AppData\Local\Temp\GOX6HG4PXX.exe
C:\Users\Bruno\AppData\Local\Temp\MQPZHAG33W.exe
C:\Users\Bruno\AppData\Local\Temp\MYQU0BC6PF.exe
C:\Users\Bruno\AppData\Local\Temp\NNCMQZL2QV.exe
C:\Users\Bruno\AppData\Local\Temp\nsaBF1C.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nsj4CE9.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nsp2CBD.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nsrDC6B.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nss2914.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\offer-59065A14-B7EB-4F70-80B9-7FBDF587930E.exe
C:\Users\Bruno\AppData\Local\Temp\offer-E5E6B857-5705-4D00-97CE-BB9B8A96BA74.exe
C:\Users\Bruno\AppData\Local\Temp\PHIAF0DR72.exe
C:\Users\Bruno\AppData\Local\Temp\SCL6RPQPGT.exe
C:\Users\Bruno\AppData\Local\Temp\scp6E9C.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\Setup__19958_i1927995350_il2.exe
C:\Users\Bruno\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bruno\AppData\Local\Temp\SP5PQXWBMS.exe
C:\Users\Bruno\AppData\Local\Temp\spark_install.exe
C:\Users\Bruno\AppData\Local\Temp\TISB9BQ78L.exe
C:\Users\Bruno\AppData\Local\Temp\VirusRemover.exe
C:\Users\Bruno\AppData\Local\Temp\VPW7NSJQX4.exe
C:\Users\Bruno\AppData\Local\Temp\W164UPREGO.exe
C:\Users\Bruno\AppData\Local\Temp\W590P8W83P.exe
C:\Users\Bruno\AppData\Local\Temp\WFEMHVRLCT.exe
C:\Users\Bruno\AppData\Local\Temp\ZK3S99U679.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => MD5 é legítimo
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-05-21 19:58
==================== Fim de FRST.txt ============================
Executado por Bruno (administrador) em BRUNO-PC (29-06-2016 20:27:33)
Executando a partir de C:\Users\Bruno\Downloads
Perfis Carregados: Bruno (Perfis Disponíveis: Bruno)
Platform: Microsoft Windows 7 Ultimate (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Safe Mode (with Networking)
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe [1997296 2015-12-31] (Baidu, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
HKLM\...\Run: [gmsd_br_005010261] => C:\Program Files\gmsd_br_005010261\gmsd_br_005010261.exe [4050608 2016-03-08] ()
HKLM\...\Run: [comoBoss] => C:\Program Files\comoBoss\comowin.exe [3714048 2016-06-27] ()
HKLM\...\Run: [sun21] => C:\Program Files\zebi\SunnyDay.exe [3724456 2016-06-27] ()
HKLM\...\RunOnce: [systwin] => C:\Windows\systwin.exe [305881 2016-06-27] ( )
HKLM\...\RunOnce: [usun.exe] => C:\Users\Bruno\AppData\Local\SunnyDay21\usun.exe [3270656 2016-06-27] ()
HKLM\...\RunOnce: [upgmsd_br_005010261.exe] => C:\Users\Bruno\AppData\Local\gmsd_br_005010261\upgmsd_br_005010261.exe [3153584 2016-03-08] ()
HKLM\...\RunOnce: [OTUTPRODUCT_LBTR8] => "C:\Program Files\sunnyday\otutnetwork.exe"
HKLM\...\RunOnce: [AdBlock2] => [X]
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53130368 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [uTorrent] => C:\Users\Bruno\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-16] (BitTorrent Inc.)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26196672 2016-03-17] (Slimware Utilities Holdings, Inc.)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [msiql] => C:\Users\Bruno\AppData\Roaming\UPUpdata\msiql.exe [1912832 2016-06-27] ()
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\Run: [Chromium] => c:\users\bruno\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {15cf8693-e2e8-11e5-a5be-00269eaf8327} - F:\AutoRun.exe
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {9cecdc9b-afc9-11e5-9a03-00269eaf8327} - F:\AutoRun.exe
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {d24eac5b-c853-11e5-a677-00269eaf8327} - F:\AutoRun.exe
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\...\MountPoints2: {e291072f-b7e1-11e5-b147-00269eaf8327} - G:\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
IFEO\OSPPSVC.EXE: [Debugger] KMS-R@1nHook.exe
IFEO\SppSvc.exe: [Debugger] KMS-R@1nHook.exe
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavShx.dll [2015-12-31] (Baidu, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{81E4EFA2-E39F-4C38-B5BC-635661B2882B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{81EE8EB3-F3D3-475D-8F82-733AD579B80B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{CBEFC252-A772-4559-B28C-95A25E7C392D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{CBEFC252-A772-4559-B28C-95A25E7C392D}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f564aed59d05795cc718941698c02d61
HKU\S-1-5-21-4209435366-4163187811-3843655850-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=f564aed59d05795cc718941698c02d61
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4209435366-4163187811-3843655850-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4209435366-4163187811-3843655850-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_27_ssg03¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCzy0E0A0FzztAtByB0EzzzzyEtN0D0Tzu0StCyCtAzytN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0DyBtByD0B0AzytGtDyD0A0DtG0D0CtDyCtGyCyD0ByBtGzytD0D0FtB0EyE0DzyyCyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0EzytC0D0AtCyBtGyC0DyCzztGyE0F0E0FtGzyyDtByDtGtByDtC0CyEyCzz0DyC0ByDtC2QtN0A0LzuyE%26cr%3D1766286589%26a%3Dwbf_mdaffmarmarie_16_27_ssg03%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4209435366-4163187811-3843655850-1000 -> {FC7A0D20-9221-413F-9EA6-3CE0E378D17D} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Dhgaqkunnak -> {326495EB-0850-4CF4-b639-D911604055CC} -> C:\Program Files\Dhgaqkunnak\Ovubir.dll [2016-06-27] ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO: Lixjamalovjivti -> {DE5F47EA-706D-4296-8F85-12156C29924F} -> C:\Program Files\Lixjamalovjivti\Ouelem.dll [2016-06-27] ()
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default
FF NewTab: hxxp://www.trotux.com/?z=e8f6c116dd9c653d622688dg3z9qbm2eaq3bfc0t5e&from=t4c&uid=SAMSUNGXHM500JI_S1YUJ9BSC00270&type=hp
FF DefaultSearchEngine: trotux
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=trotux
FF Homepage: hxxp://www.yoursearching.com/?type=hp&ts=1467068079&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=face&uid=SAMSUNGXHM500JI_S1YUJ9BSC00270
FF Keyword.URL: hxxp://www.trotux.com/search/?z=e8f6c116dd9c653d622688dg3z9qbm2eaq3bfc0t5e&from=t4c&uid=SAMSUNGXHM500JI_S1YUJ9BSC00270&type=sp&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF user.js: detected! => C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\user.js [2016-06-27]
FF user.js: detected! => C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\user.js [2016-06-27]
FF SearchPlugin: C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\searchplugins\yahoo! powered.xml [2016-06-27]
FF SearchPlugin: C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\searchplugins\08sjz8ld.xml [2016-06-27]
FF Extension: FirefixTab - C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\extensions\deskCutv2@gmail.com [2016-06-27] [não assinado]
FF Extension: FirefixTab - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\Extensions\deskCutv2@gmail.com [2016-06-27] [não assinado]
FF Extension: GsearchFinder - C:\Users\Bruno\AppData\Roaming\Profiles\w8izkaqq.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-06-24]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\yhx6zioy.default\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-11-16]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S2 01F5AE87-9180-4BEF-89F5-D1D27A5EFA7F; C:\Program Files\Lixjamalovjivti\Fomek.exe [270848 2016-06-27] () [Arquivo não assinado]
S2 B53F9D65-CBBF-4831-89C3-08823BDD9065; C:\Program Files\Dhgaqkunnak\Ynylz.exe [271872 2016-06-27] () [Arquivo não assinado]
R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe [2572928 2015-12-31] (Baidu, Inc.)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdSandboxSrv.exe [391200 2015-03-05] (Baidu, Inc.)
S2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe [531232 2015-12-31] (Baidu, Inc.)
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2114816 2016-06-10] (Microsoft Corporation)
S2 COMLiveService; C:\Program Files\Viva\viva.exe [346624 2015-10-05] () [Arquivo não assinado]
S2 Cupar; C:\Users\Bruno\AppData\Roaming\Iluuxwol\Iluuxwol.exe [170496 2016-06-27] () [Arquivo não assinado]
S2 Dhgaqkunnak Updater; C:\Program Files\Dhgaqkunnak\Ifeeb.exe [263680 2016-06-27] () [Arquivo não assinado]
S2 dowidoly; C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327\jnsuE234.tmp [244224 2016-06-27] () [Arquivo não assinado]
S2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2295992 2016-03-16] (Comodo)
S2 fisusyscheduleCherbsy.exe; C:\Program Files\Shociph\fisusyscheduleCherbsy.exe [705760 2016-06-24] ()
S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [23040 2016-05-17] () [Arquivo não assinado]
S2 Lixjamalovjivti Updater; C:\Program Files\Lixjamalovjivti\Agerbh.exe [269312 2016-06-27] () [Arquivo não assinado]
S2 moxohobi; C:\Program Files\39464E43-1452807196-3834-5A39-00269EAF8327\znsgAE3F.tmp [220160 2016-01-14] () [Arquivo não assinado]
S2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [Arquivo não assinado]
S2 rijufoze; C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327\hnsz2869.tmp [138240 2016-06-27] () [Arquivo não assinado]
S2 RocOrix; C:\Program Files\Dhgaqkunnak\RocOrix.exe [1683456 2016-06-27] () [Arquivo não assinado]
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [229568 2016-03-17] (SlimWare Utilities, Inc.)
S2 SSFK; C:\Program Files\SFK\SSFK.exe [196288 2016-06-27] ()
S2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
S2 Tioalbo; C:\Users\Bruno\AppData\Roaming\AhilgeIlak\Mechh.exe [121344 2016-06-27] () [Arquivo não assinado]
S2 WaxceIpuehbe; C:\Program Files\Lixjamalovjivti\WaxceIpuehbe.exe [1682432 2016-06-27] () [Arquivo não assinado]
S2 WdMan; C:\ProgramData\8WdM8\WdMan.exe [304808 2016-06-27] (TFuns LIMITED)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X]
S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S2 kihocuvezbt; C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327\knso94F8.tmpfs [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 AtiDCM; C:\Users\Bruno\AppData\Local\Temp\atidcmxx.sys [28872 2015-12-03] (Advanced Micro Devices, Inc.)
S3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdApiUtil.sys [101448 2015-12-31] (Baidu, Inc.)
S3 bdark; C:\Windows\system32\drivers\bdark.sys [82376 2015-05-15] ()
S3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdCameraProtect.sys [21384 2015-12-31] (Baidu, Inc.)
S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [197624 2015-03-05] (Baidu, Inc.)
S1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [51144 2015-12-31] (Baidu, Inc.)
S1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [31176 2015-12-31] (Baidu, Inc.)
S0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [74888 2015-12-31] (Baidu, Inc.)
S3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [138184 2015-12-31] (Baidu, Inc.)
S1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [75400 2015-12-31] (Baidu, Inc.)
S1 Bndef; C:\Windows\System32\drivers\bndef.sys [461192 2015-12-31] (Baidu, Inc.)
S3 BNmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.133394.0\Bnmon.sys [84936 2015-12-31] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [195528 2015-12-31] (Baidu, Inc.)
R1 bsdp32; C:\Windows\system32\Drivers\bsdp32.sys [32576 2016-06-27] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-06-27] (Cherimoya Ltd)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-03-21] (REALiX(tm))
S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [225896 2015-05-14] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [48784 2015-04-16] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2015-08-20] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [52712 2015-08-20] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2015-11-27] (Elex do Brasil Participações Ltda)
S1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [58640 2015-09-09] (Elex do Brasil Participações Ltda)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [23136 2016-03-21] (JMicron Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10384656 2016-03-21] (Intel Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2016-06-29] (SlimWare Utilities, Inc.)
R1 vivadrv; C:\Windows\System32\drivers\vivadrv.sys [48384 2015-09-17] (Windows (R) Win 7 DDK provider)
S3 STHDA; system32\DRIVERS\stwrt.sys [X]
S3 XDva534; \??\C:\Windows\system32\XDva534.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-29 20:25 - 2016-06-29 20:25 - 00001864 _____ C:\Users\Public\Desktop\YAC.lnk
2016-06-29 20:24 - 2016-06-29 20:25 - 00032157 _____ C:\Users\Bruno\Downloads\Addition.txt
2016-06-29 20:24 - 2016-06-29 20:24 - 00000000 ____D C:\Program Files\Elex-tech
2016-06-29 20:23 - 2016-06-29 20:27 - 00013682 _____ C:\Users\Bruno\Downloads\FRST.txt
2016-06-29 20:22 - 2016-06-29 20:27 - 00000000 ____D C:\FRST
2016-06-29 20:21 - 2016-06-29 20:21 - 01740288 _____ (Farbar) C:\Users\Bruno\Downloads\FRST.exe
2016-06-29 20:11 - 2016-06-29 20:11 - 00001323 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk
2016-06-29 20:07 - 2016-06-29 20:07 - 00003554 _____ C:\Users\Bruno\Downloads\Activate Sound in SafeMode.reg
2016-06-29 20:02 - 2016-06-29 20:05 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\Bruno\Downloads\yet_another_cleaner_sk_0.exe
2016-06-29 19:46 - 2016-06-29 19:46 - 06621658 _____ C:\Users\Bruno\Downloads\DLL.Files Fixer - Ms Tutors.rar
2016-06-29 19:46 - 2015-01-01 09:41 - 00000000 ____D C:\Users\Bruno\Downloads\DLL.Files Fixer - Ms Tutors
2016-06-29 12:02 - 2016-06-29 19:58 - 00000270 _____ C:\Windows\Tasks\RDReminder.job
2016-06-29 12:02 - 2016-06-29 19:46 - 00000000 ____D C:\Program Files\Dll-Files.com Fixer
2016-06-29 12:02 - 2016-06-29 12:02 - 00001050 _____ C:\Users\Public\Desktop\Dll-Files Fixer.lnk
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\dll-files.com
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\ProgramData\TEMP
2016-06-29 12:02 - 2016-06-29 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
2016-06-29 12:01 - 2016-06-29 12:01 - 05443584 _____ (Dll-Files.com ) C:\Users\Bruno\Downloads\dffsetup.exe
2016-06-29 11:58 - 2016-06-29 12:35 - 00001116 _____ C:\Users\Public\Desktop\SoftPlanet Software Assistant.lnk
2016-06-29 11:58 - 2016-06-29 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftPlanet Software Assistant
2016-06-29 11:38 - 2016-06-29 12:35 - 00000000 ____D C:\Program Files\SoftPlanet Software Assistant
2016-06-29 11:38 - 2016-06-29 11:38 - 00000000 ____D C:\Users\Bruno\AppData\Local\SoftPlanet
2016-06-29 11:37 - 2016-06-29 11:37 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Bruno\Downloads\setup [1].exe
2016-06-27 23:44 - 2016-06-27 23:44 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-06-27 23:44 - 2016-06-27 23:44 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-06-27 23:40 - 2016-06-27 23:40 - 00000000 ____D C:\Users\Todos os Usuários\Synaptics
2016-06-27 23:40 - 2016-06-27 23:40 - 00000000 ____D C:\ProgramData\Synaptics
2016-06-27 22:54 - 2016-06-27 22:54 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\x5VbR
2016-06-27 22:52 - 2016-06-29 20:01 - 00000000 ____D C:\Program Files\sunnyday
2016-06-27 22:51 - 2016-06-29 20:08 - 00002371 _____ C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2016-06-27 22:50 - 2016-06-27 22:51 - 00000000 ____D C:\Users\Bruno\AppData\Local\Chromium
2016-06-27 22:49 - 2016-06-27 22:49 - 00002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-06-27 22:49 - 2016-06-27 22:49 - 00000978 _____ C:\Windows\Tasks\Yahoo! Powered ralit.job
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Todos os Usuários\{DF6C1A0F-552E-90C9-D3E8-0E8B49AA8545}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\PriceFountainUpdateVer
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Local\EmbolismsCouthier
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Local\{B67380C8-9321-EDBE-F817-CA6C24C53752}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Users\Bruno\AppData\Local\{B62E8072-9286-ECCA-FF1E-C922DB7635BA}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\ProgramData\{DF6C1A0F-552E-90C9-D3E8-0E8B49AA8545}
2016-06-27 22:49 - 2016-06-27 22:49 - 00000000 ____D C:\Program Files\ByteFence
2016-06-27 22:48 - 2016-06-27 22:55 - 00000000 ____D C:\Program Files\SunnyDay21
2016-06-27 22:44 - 2016-06-27 22:47 - 00000000 ____D C:\Program Files\Caster
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Iluuxwol
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\AhilgeIlak
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Users\Bruno\AppData\Local\Tempfolder
2016-06-27 22:44 - 2016-06-27 22:44 - 00000000 ____D C:\Program Files\DhgaqkunnakUn
2016-06-27 22:43 - 2016-06-27 22:44 - 00000000 ____D C:\Program Files\Dhgaqkunnak
2016-06-27 22:43 - 2016-06-27 22:43 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\LInJp
2016-06-27 22:43 - 2016-06-27 22:43 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\hIkks
2016-06-27 22:42 - 2016-06-27 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2016-06-27 22:42 - 2015-09-09 22:56 - 00058640 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2016-06-27 22:42 - 2015-04-16 05:55 - 00048784 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2016-06-27 22:41 - 2016-06-27 22:44 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-06-27 22:39 - 2016-06-27 22:39 - 00001234 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Elex-tech
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Users\Bruno\AppData\Local\VS Revo Group
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-06-27 22:39 - 2016-06-27 22:39 - 00000000 ____D C:\Program Files\VS Revo Group
2016-06-27 22:39 - 2009-12-30 11:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-06-27 22:34 - 2016-06-27 22:30 - 00001560 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-06-27 22:33 - 2016-06-27 22:34 - 00000000 ____D C:\Program Files\39464E43-1467077615-3834-5A39-00269EAF8327
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\CalendarTool
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\ASPackage
2016-06-27 22:33 - 2016-06-27 22:33 - 00000000 ____D C:\Program Files\CalendarTool
2016-06-27 22:30 - 2016-06-27 22:30 - 00000000 ____D C:\Program Files\Ajiodfojc
2016-06-27 21:42 - 2016-06-27 22:29 - 00000000 ____D C:\Users\Todos os Usuários\BavSvc_exe
2016-06-27 21:42 - 2016-06-27 22:29 - 00000000 ____D C:\ProgramData\BavSvc_exe
2016-06-27 21:38 - 2016-06-29 20:13 - 01422762 _____ C:\Windows\ntbtlog.txt
2016-06-27 20:09 - 2016-06-27 23:46 - 00000000 ____D C:\Users\Bruno\AppData\Local\SunnyDay21
2016-06-27 20:09 - 2016-06-27 20:09 - 00000000 ____D C:\Program Files\zebi
2016-06-27 20:05 - 2016-06-27 20:05 - 00000000 ____D C:\Users\Bruno\AppData\Local\csdi_monetize_220160627
2016-06-27 20:05 - 2016-06-27 20:05 - 00000000 ____D C:\Program Files\comoBoss
2016-06-27 20:04 - 2016-06-27 20:04 - 00000000 ____D C:\Users\Bruno\AppData\Local\tuto_monetize_120160627
2016-06-27 20:03 - 2016-06-27 22:55 - 00000000 ____D C:\Program Files\AdsToolBar
2016-06-27 20:03 - 2016-06-27 21:08 - 00305881 _____ ( ) C:\Windows\systwin.exe
2016-06-27 20:03 - 2016-06-21 00:50 - 00304223 _____ ( ) C:\Windows\AdBlock.exe
2016-06-27 20:02 - 2016-06-27 22:54 - 00128512 _____ C:\Users\Bruno\AppData\Roaming\Installer.dat
2016-06-27 20:02 - 2016-06-27 22:54 - 00011568 _____ C:\Users\Bruno\AppData\Roaming\InstallationConfiguration.xml
2016-06-27 20:02 - 2016-06-27 20:02 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\WUlrr
2016-06-27 20:00 - 2016-06-27 20:00 - 00000000 ____D C:\Users\Bruno\AppData\LocalLow\Company
2016-06-27 20:00 - 2016-06-27 20:00 - 00000000 ____D C:\Users\Bruno\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-06-27 20:00 - 2016-06-27 20:00 - 00000000 ____D C:\uninst
2016-06-27 19:59 - 2016-06-29 20:02 - 00000000 ____D C:\Program Files\Hostify
2016-06-27 19:59 - 2016-06-27 22:30 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\UPUpdata
2016-06-27 19:59 - 2016-06-27 20:12 - 00000000 ____D C:\Program Files\Shociph
2016-06-27 19:59 - 2016-06-27 20:00 - 00000000 ____D C:\Program Files\Lixjamalovjivti
2016-06-27 19:59 - 2016-06-27 19:59 - 00032576 _____ C:\Windows\system32\Drivers\bsdp32.sys
2016-06-27 19:59 - 2016-06-27 19:59 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-06-27 19:59 - 2016-06-27 19:59 - 00000000 ____D C:\Program Files\LixjamalovjivtiUn
2016-06-27 19:55 - 2016-06-27 23:45 - 00000000 ____D C:\Users\Bruno\AppData\Local\gmsd_br_005010261
2016-06-27 19:55 - 2016-06-27 21:01 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\yoursearching
2016-06-27 19:55 - 2016-06-27 19:56 - 00000000 ____D C:\Users\Todos os Usuários\8WdM8
2016-06-27 19:55 - 2016-06-27 19:56 - 00000000 ____D C:\ProgramData\8WdM8
2016-06-27 19:55 - 2016-06-27 19:55 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-06-27 19:55 - 2016-06-27 19:55 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-06-27 19:55 - 2016-06-27 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2016-06-27 19:55 - 2016-06-27 19:55 - 00000000 ____D C:\Program Files\SFK
2016-06-27 19:55 - 2016-06-27 19:55 - 00000000 ____D C:\Program Files\gmsd_br_005010261
2016-06-27 19:54 - 2016-06-27 19:54 - 00000632 _____ C:\yoursearching.xml
2016-06-26 13:00 - 2016-06-28 10:11 - 00000000 ____D C:\Users\Bruno\AppData\LocalLow\uTorrent
2016-06-24 21:36 - 2016-06-24 21:46 - 00000000 ____D C:\FirmwareInstall
2016-06-21 20:57 - 2016-06-21 20:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-06-20 18:55 - 2016-06-20 18:55 - 00000000 ____D C:\Windows\IObit
2016-06-17 00:25 - 2016-06-17 01:08 - 00000000 ____D C:\Users\Bruno\Documents\ARQUIVOS MOTO G3
2016-06-16 23:44 - 2016-06-16 23:44 - 00000000 ____D C:\Users\Todos os Usuários\Motorola
2016-06-16 23:44 - 2016-06-16 23:44 - 00000000 ____D C:\ProgramData\Motorola
2016-06-16 22:25 - 2016-06-21 19:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-13 21:08 - 2016-06-13 21:08 - 00000000 ___HD C:\Users\Bruno\Downloads\.picasaoriginals
2016-06-13 21:07 - 2016-06-13 21:08 - 00000050 ____H C:\Users\Bruno\Downloads\.picasa.ini
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-06-29 20:12 - 2016-03-22 21:08 - 00013368 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2016-06-29 20:11 - 2016-03-22 21:08 - 00000386 _____ C:\Windows\Tasks\SlimDrivers Startup.job
2016-06-29 20:10 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-29 20:08 - 2016-01-12 22:03 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-29 20:08 - 2016-01-12 22:03 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-29 20:08 - 2015-12-31 11:21 - 00001431 _____ C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-28 10:34 - 2016-01-01 19:34 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\uTorrent
2016-06-27 23:46 - 2016-01-14 20:34 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-27 23:41 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-06-27 23:40 - 2014-05-25 15:42 - 00000000 ____D C:\Swsetup
2016-06-27 23:31 - 2016-03-22 21:41 - 00000000 ____D C:\Program Files\AMD
2016-06-27 23:12 - 2015-12-31 11:26 - 02495432 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-27 23:12 - 2010-05-09 02:43 - 00682280 _____ C:\Windows\system32\prfh0416.dat
2016-06-27 23:12 - 2010-05-09 02:43 - 00138094 _____ C:\Windows\system32\prfc0416.dat
2016-06-27 23:12 - 2009-07-14 05:48 - 00736646 _____ C:\Windows\system32\perfh00A.dat
2016-06-27 23:12 - 2009-07-14 05:48 - 00157728 _____ C:\Windows\system32\perfc00A.dat
2016-06-27 22:47 - 2016-01-24 14:43 - 00000000 ____D C:\Program Files\Bonjour
2016-06-27 22:22 - 2016-03-03 00:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-06-27 22:21 - 2016-03-21 23:00 - 00000000 ____D C:\Users\Todos os Usuários\ProductData
2016-06-27 22:21 - 2016-03-21 23:00 - 00000000 ____D C:\ProgramData\ProductData
2016-06-27 22:20 - 2015-12-31 12:59 - 00000000 ____D C:\Program Files\Opera
2016-06-27 21:44 - 2015-12-31 11:58 - 00000000 ____D C:\Users\Bruno\AppData\Local\ElevatedDiagnostics
2016-06-27 21:25 - 2009-07-14 01:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-27 21:16 - 2016-04-09 19:21 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-06-27 21:16 - 2016-04-09 19:21 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-27 21:06 - 2016-02-07 18:59 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Baidu
2016-06-27 21:06 - 2016-02-07 18:59 - 00000000 ____D C:\Program Files\baidu
2016-06-27 21:03 - 2015-12-31 13:06 - 00000000 ____D C:\Users\Bruno\AppData\Roaming\Skype
2016-06-27 19:22 - 2009-07-14 01:34 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-27 19:22 - 2009-07-14 01:34 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-26 15:37 - 2015-12-31 11:19 - 00000000 ____D C:\Users\Bruno
2016-06-25 22:16 - 2016-03-09 20:12 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-24 21:54 - 2016-03-22 21:54 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Bruno).job
2016-06-21 20:59 - 2016-04-07 20:31 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-06-21 20:59 - 2016-04-07 20:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-21 20:57 - 2009-07-13 23:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-21 20:50 - 2016-04-07 20:24 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-21 19:59 - 2016-01-12 22:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-17 00:06 - 2016-04-07 20:22 - 00000000 ____D C:\viva
2016-06-16 22:46 - 2016-01-14 20:34 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 22:46 - 2016-01-14 20:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-03 23:07 - 2015-12-31 13:06 - 00000000 ___RD C:\Program Files\Skype
2016-06-03 23:07 - 2015-12-31 13:06 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-06-03 23:07 - 2015-12-31 13:06 - 00000000 ____D C:\ProgramData\Skype
==================== Arquivos na raiz de alguns diretórios =======
2016-06-27 19:59 - 2016-06-27 20:00 - 0001231 _____ () C:\Users\Bruno\AppData\Roaming\Bubble Dock.boostrap.log
2016-06-27 20:02 - 2016-06-27 22:54 - 0011568 _____ () C:\Users\Bruno\AppData\Roaming\InstallationConfiguration.xml
2016-06-27 20:02 - 2016-06-27 22:54 - 0128512 _____ () C:\Users\Bruno\AppData\Roaming\Installer.dat
2016-06-27 20:00 - 2016-06-27 20:00 - 0000097 _____ () C:\Users\Bruno\AppData\Roaming\WindApp.boostrap.log
2016-02-06 22:37 - 2016-02-27 20:44 - 0004608 _____ () C:\Users\Bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-31 11:41 - 2015-12-31 11:41 - 0000017 _____ () C:\Users\Bruno\AppData\Local\resmon.resmoncfg
2016-06-27 19:55 - 2016-06-27 19:55 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Bruno\AppData\Local\Temp\0616V4FOW4.exe
C:\Users\Bruno\AppData\Local\Temp\0EWNI3GYEG.exe
C:\Users\Bruno\AppData\Local\Temp\1EG9D7TKTJ.exe
C:\Users\Bruno\AppData\Local\Temp\1KAHGIW974.exe
C:\Users\Bruno\AppData\Local\Temp\24CRBG635E.exe
C:\Users\Bruno\AppData\Local\Temp\2HTSTHOOXF.exe
C:\Users\Bruno\AppData\Local\Temp\4GA7QRUNTW.exe
C:\Users\Bruno\AppData\Local\Temp\AIPF30CLDB.exe
C:\Users\Bruno\AppData\Local\Temp\B4R6JOF2DA.exe
C:\Users\Bruno\AppData\Local\Temp\B9NLJCCCQX.exe
C:\Users\Bruno\AppData\Local\Temp\C5PHQD8J8S.exe
C:\Users\Bruno\AppData\Local\Temp\CashboxStamen.dll
C:\Users\Bruno\AppData\Local\Temp\D7XWD8M4IT.exe
C:\Users\Bruno\AppData\Local\Temp\F8RO6PPT9D.exe
C:\Users\Bruno\AppData\Local\Temp\FFSetup3.8.0.0.exe
C:\Users\Bruno\AppData\Local\Temp\GE8XVQWQAR.exe
C:\Users\Bruno\AppData\Local\Temp\GOX6HG4PXX.exe
C:\Users\Bruno\AppData\Local\Temp\MQPZHAG33W.exe
C:\Users\Bruno\AppData\Local\Temp\MYQU0BC6PF.exe
C:\Users\Bruno\AppData\Local\Temp\NNCMQZL2QV.exe
C:\Users\Bruno\AppData\Local\Temp\nsaBF1C.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nsj4CE9.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nsp2CBD.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nsrDC6B.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\nss2914.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\offer-59065A14-B7EB-4F70-80B9-7FBDF587930E.exe
C:\Users\Bruno\AppData\Local\Temp\offer-E5E6B857-5705-4D00-97CE-BB9B8A96BA74.exe
C:\Users\Bruno\AppData\Local\Temp\PHIAF0DR72.exe
C:\Users\Bruno\AppData\Local\Temp\SCL6RPQPGT.exe
C:\Users\Bruno\AppData\Local\Temp\scp6E9C.tmp.exe
C:\Users\Bruno\AppData\Local\Temp\Setup__19958_i1927995350_il2.exe
C:\Users\Bruno\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bruno\AppData\Local\Temp\SP5PQXWBMS.exe
C:\Users\Bruno\AppData\Local\Temp\spark_install.exe
C:\Users\Bruno\AppData\Local\Temp\TISB9BQ78L.exe
C:\Users\Bruno\AppData\Local\Temp\VirusRemover.exe
C:\Users\Bruno\AppData\Local\Temp\VPW7NSJQX4.exe
C:\Users\Bruno\AppData\Local\Temp\W164UPREGO.exe
C:\Users\Bruno\AppData\Local\Temp\W590P8W83P.exe
C:\Users\Bruno\AppData\Local\Temp\WFEMHVRLCT.exe
C:\Users\Bruno\AppData\Local\Temp\ZK3S99U679.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => MD5 é legítimo
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-05-21 19:58
==================== Fim de FRST.txt ============================