Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 01-03-2017
Executado por User (administrador) em USER-PC (02-03-2017 21:07:48)
Executando a partir de C:\Users\User\DOWNLOADS
Perfis Carregados: User (Perfis Disponíveis: User)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\lsass.exe"
HKLM\...\Policies\Explorer\Run: [10050] => C:\ProgramData\Local Settings\Temp\msbwiig.com [329680 2009-07-13] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\...\CurrentVersion\Windows: [Load] C:\Users\User\LOCALS~1\Temp\msocjvz.com <===== ATENÇÃO
HKU\S-1-5-18\...\Run: [helpagent] => "C:\ProgramData\HelpAgent\riaiccape.exe"
IFEO\amigo.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avguard.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avscan.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\fixmypc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mrt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\qkseesvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\qqpcnetflow.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SpyHunter4.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\sunucu.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\usbsrservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellExecuteHooks: Sem Nome - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\x64explibss.dll [422600 2016-05-30] ()
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 05 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 06 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 07 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 08 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 19 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 20 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 05 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 06 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 07 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 08 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 19 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 20 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2D1BD0F9-BDE5-46FA-91DD-2993C6703830}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C2A2977B-2602-4DE2-AA5B-008F1CFC6E56}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=5VP7GMGZ_ST31000528AS&tm=1437163015
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope valor está ausente
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2016-04-09] (Crawler Group, LLC)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - Nenhum Arquivo
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3833082184-3816522200-3702442083-1000: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi.dll [2017-02-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3833082184-3816522200-3702442083-1000: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi-x64.dll [2017-02-03] (Skype Technologies S.A.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Google Apresentações) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-01]
CHR Extension: (Chrome Safe Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpoaihndjklkeidejbgjaadeidhfenm [2016-08-01]
CHR Extension: (Chamada pelo Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-03-02]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-01]
CHR Extension: (Planilhas do Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-23]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-05]
CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] -
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] -
CHR HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] -
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.6G7L2VTQC3VW64P7WMAIBS3FZQ - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2016-06-14] (Kingsoft Corporation)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-06-24] () [Arquivo não assinado]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3269864 2016-04-09] (Crawler Group, LLC)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 gnirygnuiedmonitorservice; "C:\Program Files (x86)\Gnirygnuied\gnirygnuiedmonitorservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S2 WMPNetworkAcSvc; "C:\Users\User\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34720 2015-09-28] ()
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2015-10-23] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2015-10-23] (Dev47Apps)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-01] ()
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-06-14] (Kingsoft Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 ZSMC211; C:\Windows\System32\Drivers\ZS211.sys [1490176 2007-08-03] (ZSMC.Corporation) [Arquivo não assinado]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S1 {47740c60-b390-40a1-a8a7-55e25d47bfc4}Gw64; system32\drivers\{47740c60-b390-40a1-a8a7-55e25d47bfc4}Gw64.sys [X]
S1 {5b7534b8-8ada-410d-839b-4f75203b962c}Gw64; system32\drivers\{5b7534b8-8ada-410d-839b-4f75203b962c}Gw64.sys [X]
S1 {6b288563-250f-4a8c-92a6-1ab901744f0b}Gw64; system32\drivers\{6b288563-250f-4a8c-92a6-1ab901744f0b}Gw64.sys [X]
S1 {a05c4ed0-c070-4fb6-9bca-daac2a1c031f}Gw64; system32\drivers\{a05c4ed0-c070-4fb6-9bca-daac2a1c031f}Gw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-02 21:05 - 2017-03-02 21:07 - 00022207 _____ C:\Users\User\Downloads\FRST.txt
2017-03-02 21:05 - 2017-03-02 21:07 - 00000000 ____D C:\FRST
2017-03-02 21:05 - 2017-03-02 21:06 - 00025101 _____ C:\Users\User\Downloads\Addition.txt
2017-03-02 21:03 - 2017-03-02 21:04 - 02423808 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-03-02 21:01 - 2017-03-02 21:02 - 01765888 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2017-03-02 20:55 - 2017-03-02 20:55 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-02 20:55 - 2017-03-02 20:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-02 20:55 - 2017-03-02 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-02 00:44 - 2011-10-20 08:29 - 00000000 ____D C:\Users\User\Desktop\WinLov2.0.9
2017-03-02 00:43 - 2017-03-02 00:44 - 01466671 _____ C:\Users\User\Downloads\WinLov2.0.9.rar
2017-03-02 00:38 - 2017-03-02 00:40 - 15068056 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe
2017-03-02 00:21 - 2017-03-02 00:24 - 14176256 _____ C:\Users\User\Downloads\SkypeWebPlugin (1).msi
2017-03-02 00:17 - 2017-03-02 00:28 - 56756184 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetupFull.exe
2017-03-02 00:17 - 2017-03-02 00:17 - 00003158 _____ C:\Windows\System32\Tasks\{7D955EEE-E4A2-4A8E-9FD3-204DC2931769}
2017-03-02 00:16 - 2017-03-02 00:16 - 00003158 _____ C:\Windows\System32\Tasks\{AAAC0373-A498-419E-9947-4251D2251556}
2017-03-02 00:12 - 2017-03-02 00:52 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-02 00:12 - 2017-03-02 00:52 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 18:21 - 2017-02-27 18:21 - 00306488 _____ C:\Windows\Minidump\022717-19296-01.dmp
2017-02-26 15:31 - 2017-02-27 18:21 - 323517749 _____ C:\Windows\MEMORY.DMP
2017-02-26 15:31 - 2017-02-26 15:31 - 00303888 _____ C:\Windows\Minidump\022617-19625-01.dmp
2017-02-12 11:35 - 2017-02-12 11:36 - 00000000 ____D C:\Users\User\Desktop\EcoSport
2017-01-19 19:55 - 2017-01-19 20:13 - 00000000 ____D C:\Users\User\Desktop\musicas
2017-01-11 18:26 - 2015-03-19 00:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 18:26 - 2015-03-18 23:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-01-11 18:26 - 2015-03-18 23:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-01-11 18:26 - 2014-09-14 21:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 18:26 - 2013-03-19 02:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-01-11 18:26 - 2013-03-19 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-01-11 18:26 - 2013-03-19 00:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-01-07 00:31 - 2017-01-07 00:31 - 00000000 ____D C:\Windows\PCHEALTH
2017-01-06 23:04 - 2016-06-25 13:03 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Usuário Padrão\Desktop\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2017-01-06 22:19 - 2017-01-06 22:19 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2017-01-06 22:10 - 2012-06-02 19:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-06 22:10 - 2012-06-02 19:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-06 22:10 - 2012-06-02 19:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-06 22:10 - 2012-06-02 19:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-06 22:10 - 2012-06-02 19:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-06 22:10 - 2012-06-02 19:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-06 22:10 - 2012-06-02 19:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-06 22:09 - 2012-06-02 14:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-06 22:09 - 2012-06-02 14:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-06 17:57 - 2017-01-07 11:51 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2017-01-06 17:56 - 2017-01-06 17:56 - 30026808 _____ (AVI ReComp Team) C:\Users\User\Downloads\Baixaki_avi-recomp [1].exe
2017-01-06 17:50 - 2017-01-06 17:50 - 01877224 _____ (Fast ) C:\Users\User\Downloads\Baixaki_avi-recomp.exe
2017-01-06 17:45 - 2010-08-11 02:19 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2017-01-06 17:45 - 2010-08-11 02:13 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2017-01-06 17:45 - 2010-08-11 01:44 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2017-01-06 17:45 - 2010-08-11 01:35 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-01-06 17:45 - 2010-05-23 07:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-01-06 17:45 - 2010-05-23 07:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-01-06 17:45 - 2010-05-23 07:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2017-01-06 17:45 - 2010-05-23 05:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-01-06 17:45 - 2010-05-23 05:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-01-06 17:45 - 2010-05-23 05:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2017-01-06 17:45 - 2010-05-23 05:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-01-06 17:41 - 2017-01-06 17:41 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-01-06 17:41 - 2017-01-06 17:41 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-06 17:40 - 2017-01-06 17:40 - 01242312 _____ (Microsoft Corporation) C:\Users\User\Downloads\Baixaki_windows-movie-maker [1].exe
2017-01-06 17:37 - 2017-01-06 17:37 - 01877224 _____ (Fast ) C:\Users\User\Downloads\Baixaki_windows-movie-maker.exe
2017-01-06 17:35 - 2017-01-06 17:35 - 01242312 _____ (Microsoft Corporation) C:\Users\User\Downloads\wlsetup-web.exe
2016-12-16 18:24 - 2016-12-18 21:49 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-02 20:55 - 2015-06-28 23:11 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-02 20:55 - 2015-06-28 23:11 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 20:55 - 2009-07-14 01:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 20:55 - 2009-07-14 01:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 20:52 - 2009-07-29 13:08 - 00004086 _____ C:\Windows\system32\prfh0416.dat
2017-03-02 20:52 - 2009-07-29 13:08 - 00003894 _____ C:\Windows\system32\prfc0416.dat
2017-03-02 20:52 - 2009-07-14 02:13 - 00673076 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-02 20:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-03-02 20:48 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 20:47 - 2015-06-24 23:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-03-02 00:45 - 2016-08-20 15:28 - 00002431 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-03-02 00:45 - 2016-07-04 18:08 - 00001125 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 00:45 - 2016-07-04 18:08 - 00001095 _____ C:\Users\User\Desktop\Google Chrome.lnk
2017-03-02 00:12 - 2015-06-28 23:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-03-01 23:52 - 2015-11-21 18:52 - 00000035 _____ C:\Users\Todos os Usuários\droidcam-settings
2017-03-01 23:52 - 2015-11-21 18:52 - 00000035 _____ C:\ProgramData\droidcam-settings
2017-02-27 18:21 - 2015-07-09 17:26 - 00000000 ____D C:\Windows\Minidump
2017-02-25 21:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-23 18:16 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-13 21:11 - 2016-04-05 20:11 - 00000000 ____D C:\Users\User\Desktop\MILENA
2017-02-12 11:36 - 2015-09-03 18:01 - 00000000 ____D C:\Users\User\Desktop\Camera
==================== Arquivos na raiz de alguns diretórios =======
2016-05-30 18:08 - 2016-05-30 18:08 - 6859776 _____ () C:\Users\User\AppData\Roaming\agent.dat
2016-05-30 18:07 - 2016-05-30 18:07 - 0054272 _____ () C:\Users\User\AppData\Roaming\ApplicationHosting.dat
2011-02-16 03:00 - 2011-02-16 03:00 - 0587363 _____ () C:\Users\User\AppData\Roaming\Bosun.3Wu
2016-05-30 18:08 - 2016-05-30 18:08 - 0067776 _____ () C:\Users\User\AppData\Roaming\Config.xml
2016-06-05 23:35 - 2016-06-05 17:23 - 0463376 ___SH () C:\Users\User\AppData\Roaming\CVBKANYZAJcE
2016-05-30 18:04 - 2016-05-30 18:05 - 0019296 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-05-30 18:04 - 2016-05-30 18:04 - 0128512 _____ () C:\Users\User\AppData\Roaming\Installer.dat
2016-06-09 00:36 - 2016-06-08 23:31 - 0860176 ___SH () C:\Users\User\AppData\Roaming\JDDTIZhfJWJD
2016-05-30 18:07 - 2016-05-30 18:07 - 0126464 _____ () C:\Users\User\AppData\Roaming\lobby.dat
2016-05-30 18:08 - 2016-05-30 18:08 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat
2016-05-30 18:07 - 2016-05-30 18:08 - 0005568 _____ () C:\Users\User\AppData\Roaming\md.xml
2016-06-04 21:12 - 2016-06-04 21:12 - 0414720 _____ (Basic) C:\Users\User\AppData\Roaming\MySQL.exe
2016-06-05 22:37 - 2016-06-09 20:01 - 0000000 _____ () C:\Users\User\AppData\Roaming\mysqld.exe
2016-05-30 18:08 - 2016-05-30 18:08 - 0126464 _____ () C:\Users\User\AppData\Roaming\noah.dat
2016-06-09 18:57 - 2016-06-09 18:57 - 0041472 _____ (Google Inc.) C:\Users\User\AppData\Roaming\ProxySettings.dll
2016-05-30 18:06 - 2016-05-30 18:06 - 0076565 _____ () C:\Users\User\AppData\Roaming\RedIty.bin
2016-05-30 18:07 - 2016-05-30 18:04 - 0782848 _____ () C:\Users\User\AppData\Roaming\Roundhold.exe
2016-05-30 18:08 - 2016-05-30 18:08 - 1756999 _____ () C:\Users\User\AppData\Roaming\Roundhold.tst
2005-07-17 02:00 - 2005-07-17 02:00 - 0001673 _____ () C:\Users\User\AppData\Roaming\Schlumbergera.vEu
2016-06-09 00:36 - 2016-06-07 20:44 - 1492992 ___SH () C:\Users\User\AppData\Roaming\Spread1.exe
2016-05-30 18:07 - 2016-05-30 18:04 - 0782848 _____ () C:\Users\User\AppData\Roaming\Stronglux.exe
2016-05-30 18:07 - 2016-05-30 18:07 - 0072820 _____ () C:\Users\User\AppData\Roaming\Stronglux.tst
2016-05-30 18:10 - 2016-05-30 18:10 - 2279413 _____ () C:\Users\User\AppData\Roaming\Tindox.bin
2016-05-30 18:06 - 2016-05-30 18:06 - 0848437 _____ () C:\Users\User\AppData\Roaming\True-Tough.bin
2016-06-04 21:12 - 2016-06-04 21:12 - 0000001 _____ () C:\Users\User\AppData\Roaming\uZOkAB
2009-07-13 17:46 - 2009-06-10 18:23 - 1169224 _____ (Microsoft Corporation) C:\Users\User\AppData\Roaming\verclsid.exe
2016-06-09 00:36 - 2016-06-08 23:31 - 0048666 ___SH () C:\Users\User\AppData\Roaming\XDYXaCGfXTDMIdceBOI
2016-06-05 23:35 - 2016-06-05 17:24 - 0029619 ___SH () C:\Users\User\AppData\Roaming\ZXAENWNOFiQeKTFfgQK
2016-06-05 23:35 - 2016-06-05 17:24 - 0750320 ___SH (AutoIt Team) C:\Users\User\AppData\Roaming\ZXAENWNOFiQeKTFfgQKUH.exe
2016-06-05 23:04 - 2016-06-14 23:10 - 0007600 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-11-21 18:52 - 2017-03-01 23:52 - 0000035 _____ () C:\ProgramData\droidcam-settings
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
ATENÇÃO: ==> Não foi possível acessar BCD.
LastRegBack: 2017-02-22 21:41
==================== Fim de FRST.txt ============================
Executado por User (administrador) em USER-PC (02-03-2017 21:07:48)
Executando a partir de C:\Users\User\DOWNLOADS
Perfis Carregados: User (Perfis Disponíveis: User)
Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\lsass.exe"
HKLM\...\Policies\Explorer\Run: [10050] => C:\ProgramData\Local Settings\Temp\msbwiig.com [329680 2009-07-13] ()
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\...\CurrentVersion\Windows: [Load] C:\Users\User\LOCALS~1\Temp\msocjvz.com <===== ATENÇÃO
HKU\S-1-5-18\...\Run: [helpagent] => "C:\ProgramData\HelpAgent\riaiccape.exe"
IFEO\amigo.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avguard.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\avscan.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\fixmypc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\mrt.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\qkseesvc.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\qqpcnetflow.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\SpyHunter4.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\sunucu.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\usbsrservice.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe
IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe
ShellExecuteHooks: Sem Nome - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\x64explibss.dll [422600 2016-05-30] ()
GroupPolicy: Restrição <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9 05 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 06 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 07 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 08 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 19 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] ()
Winsock: Catalog9 20 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Winsock: Catalog9-x64 05 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 06 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 07 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 08 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 19 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] ()
Winsock: Catalog9-x64 20 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2D1BD0F9-BDE5-46FA-91DD-2993C6703830}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C2A2977B-2602-4DE2-AA5B-008F1CFC6E56}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=5VP7GMGZ_ST31000528AS&tm=1437163015
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope valor está ausente
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2016-04-09] (Crawler Group, LLC)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - Nenhum Arquivo
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3833082184-3816522200-3702442083-1000: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi.dll [2017-02-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3833082184-3816522200-3702442083-1000: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi-x64.dll [2017-02-03] (Skype Technologies S.A.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Google Apresentações) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-01]
CHR Extension: (Chrome Safe Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpoaihndjklkeidejbgjaadeidhfenm [2016-08-01]
CHR Extension: (Chamada pelo Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-03-02]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-01]
CHR Extension: (Planilhas do Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-23]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-01]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-05]
CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] -
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] -
CHR HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] -
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.6G7L2VTQC3VW64P7WMAIBS3FZQ - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Serviços (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2016-06-14] (Kingsoft Corporation)
S3 EFS; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-06-24] () [Arquivo não assinado]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3269864 2016-04-09] (Crawler Group, LLC)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 gnirygnuiedmonitorservice; "C:\Program Files (x86)\Gnirygnuied\gnirygnuiedmonitorservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
S2 WMPNetworkAcSvc; "C:\Users\User\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34720 2015-09-28] ()
R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2015-10-23] (Dev47Apps)
R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2015-10-23] (Dev47Apps)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-01] ()
R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-06-14] (Kingsoft Corporation)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.)
R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 ZSMC211; C:\Windows\System32\Drivers\ZS211.sys [1490176 2007-08-03] (ZSMC.Corporation) [Arquivo não assinado]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S1 {47740c60-b390-40a1-a8a7-55e25d47bfc4}Gw64; system32\drivers\{47740c60-b390-40a1-a8a7-55e25d47bfc4}Gw64.sys [X]
S1 {5b7534b8-8ada-410d-839b-4f75203b962c}Gw64; system32\drivers\{5b7534b8-8ada-410d-839b-4f75203b962c}Gw64.sys [X]
S1 {6b288563-250f-4a8c-92a6-1ab901744f0b}Gw64; system32\drivers\{6b288563-250f-4a8c-92a6-1ab901744f0b}Gw64.sys [X]
S1 {a05c4ed0-c070-4fb6-9bca-daac2a1c031f}Gw64; system32\drivers\{a05c4ed0-c070-4fb6-9bca-daac2a1c031f}Gw64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Três Meses Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-02 21:05 - 2017-03-02 21:07 - 00022207 _____ C:\Users\User\Downloads\FRST.txt
2017-03-02 21:05 - 2017-03-02 21:07 - 00000000 ____D C:\FRST
2017-03-02 21:05 - 2017-03-02 21:06 - 00025101 _____ C:\Users\User\Downloads\Addition.txt
2017-03-02 21:03 - 2017-03-02 21:04 - 02423808 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-03-02 21:01 - 2017-03-02 21:02 - 01765888 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2017-03-02 20:55 - 2017-03-02 20:55 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-02 20:55 - 2017-03-02 20:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-02 20:55 - 2017-03-02 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-02 00:44 - 2011-10-20 08:29 - 00000000 ____D C:\Users\User\Desktop\WinLov2.0.9
2017-03-02 00:43 - 2017-03-02 00:44 - 01466671 _____ C:\Users\User\Downloads\WinLov2.0.9.rar
2017-03-02 00:38 - 2017-03-02 00:40 - 15068056 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe
2017-03-02 00:21 - 2017-03-02 00:24 - 14176256 _____ C:\Users\User\Downloads\SkypeWebPlugin (1).msi
2017-03-02 00:17 - 2017-03-02 00:28 - 56756184 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetupFull.exe
2017-03-02 00:17 - 2017-03-02 00:17 - 00003158 _____ C:\Windows\System32\Tasks\{7D955EEE-E4A2-4A8E-9FD3-204DC2931769}
2017-03-02 00:16 - 2017-03-02 00:16 - 00003158 _____ C:\Windows\System32\Tasks\{AAAC0373-A498-419E-9947-4251D2251556}
2017-03-02 00:12 - 2017-03-02 00:52 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-03-02 00:12 - 2017-03-02 00:52 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-27 18:21 - 2017-02-27 18:21 - 00306488 _____ C:\Windows\Minidump\022717-19296-01.dmp
2017-02-26 15:31 - 2017-02-27 18:21 - 323517749 _____ C:\Windows\MEMORY.DMP
2017-02-26 15:31 - 2017-02-26 15:31 - 00303888 _____ C:\Windows\Minidump\022617-19625-01.dmp
2017-02-12 11:35 - 2017-02-12 11:36 - 00000000 ____D C:\Users\User\Desktop\EcoSport
2017-01-19 19:55 - 2017-01-19 20:13 - 00000000 ____D C:\Users\User\Desktop\musicas
2017-01-11 18:26 - 2015-03-19 00:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-11 18:26 - 2015-03-18 23:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-01-11 18:26 - 2015-03-18 23:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-01-11 18:26 - 2014-09-14 21:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-11 18:26 - 2013-03-19 02:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-01-11 18:26 - 2013-03-19 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-01-11 18:26 - 2013-03-19 00:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-01-07 00:31 - 2017-01-07 00:31 - 00000000 ____D C:\Windows\PCHEALTH
2017-01-06 23:04 - 2016-06-25 13:03 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe
2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Usuário Padrão\Desktop\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Default\Desktop\Google Chrome.lnk
2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Default User\Desktop\Google Chrome.lnk
2017-01-06 22:19 - 2017-01-06 22:19 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA%
2017-01-06 22:10 - 2012-06-02 19:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-06 22:10 - 2012-06-02 19:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-06 22:10 - 2012-06-02 19:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-01-06 22:10 - 2012-06-02 19:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-01-06 22:10 - 2012-06-02 19:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-01-06 22:10 - 2012-06-02 19:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-01-06 22:10 - 2012-06-02 19:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-01-06 22:09 - 2012-06-02 14:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-01-06 22:09 - 2012-06-02 14:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-01-06 17:57 - 2017-01-07 11:51 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2017-01-06 17:56 - 2017-01-06 17:56 - 30026808 _____ (AVI ReComp Team) C:\Users\User\Downloads\Baixaki_avi-recomp [1].exe
2017-01-06 17:50 - 2017-01-06 17:50 - 01877224 _____ (Fast ) C:\Users\User\Downloads\Baixaki_avi-recomp.exe
2017-01-06 17:45 - 2010-08-11 02:19 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2017-01-06 17:45 - 2010-08-11 02:13 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2017-01-06 17:45 - 2010-08-11 01:44 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2017-01-06 17:45 - 2010-08-11 01:35 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2017-01-06 17:45 - 2010-05-23 07:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-01-06 17:45 - 2010-05-23 07:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-01-06 17:45 - 2010-05-23 07:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2017-01-06 17:45 - 2010-05-23 05:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2017-01-06 17:45 - 2010-05-23 05:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-01-06 17:45 - 2010-05-23 05:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2017-01-06 17:45 - 2010-05-23 05:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-01-06 17:41 - 2017-01-06 17:41 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software
2017-01-06 17:41 - 2017-01-06 17:41 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-06 17:40 - 2017-01-06 17:40 - 01242312 _____ (Microsoft Corporation) C:\Users\User\Downloads\Baixaki_windows-movie-maker [1].exe
2017-01-06 17:37 - 2017-01-06 17:37 - 01877224 _____ (Fast ) C:\Users\User\Downloads\Baixaki_windows-movie-maker.exe
2017-01-06 17:35 - 2017-01-06 17:35 - 01242312 _____ (Microsoft Corporation) C:\Users\User\Downloads\wlsetup-web.exe
2016-12-16 18:24 - 2016-12-18 21:49 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
==================== Três Meses Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2017-03-02 20:55 - 2015-06-28 23:11 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-03-02 20:55 - 2015-06-28 23:11 - 00000000 ____D C:\ProgramData\Skype
2017-03-02 20:55 - 2009-07-14 01:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 20:55 - 2009-07-14 01:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 20:52 - 2009-07-29 13:08 - 00004086 _____ C:\Windows\system32\prfh0416.dat
2017-03-02 20:52 - 2009-07-29 13:08 - 00003894 _____ C:\Windows\system32\prfc0416.dat
2017-03-02 20:52 - 2009-07-14 02:13 - 00673076 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-02 20:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2017-03-02 20:48 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 20:47 - 2015-06-24 23:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2017-03-02 00:45 - 2016-08-20 15:28 - 00002431 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-03-02 00:45 - 2016-07-04 18:08 - 00001125 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-02 00:45 - 2016-07-04 18:08 - 00001095 _____ C:\Users\User\Desktop\Google Chrome.lnk
2017-03-02 00:12 - 2015-06-28 23:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2017-03-01 23:52 - 2015-11-21 18:52 - 00000035 _____ C:\Users\Todos os Usuários\droidcam-settings
2017-03-01 23:52 - 2015-11-21 18:52 - 00000035 _____ C:\ProgramData\droidcam-settings
2017-02-27 18:21 - 2015-07-09 17:26 - 00000000 ____D C:\Windows\Minidump
2017-02-25 21:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-23 18:16 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-13 21:11 - 2016-04-05 20:11 - 00000000 ____D C:\Users\User\Desktop\MILENA
2017-02-12 11:36 - 2015-09-03 18:01 - 00000000 ____D C:\Users\User\Desktop\Camera
==================== Arquivos na raiz de alguns diretórios =======
2016-05-30 18:08 - 2016-05-30 18:08 - 6859776 _____ () C:\Users\User\AppData\Roaming\agent.dat
2016-05-30 18:07 - 2016-05-30 18:07 - 0054272 _____ () C:\Users\User\AppData\Roaming\ApplicationHosting.dat
2011-02-16 03:00 - 2011-02-16 03:00 - 0587363 _____ () C:\Users\User\AppData\Roaming\Bosun.3Wu
2016-05-30 18:08 - 2016-05-30 18:08 - 0067776 _____ () C:\Users\User\AppData\Roaming\Config.xml
2016-06-05 23:35 - 2016-06-05 17:23 - 0463376 ___SH () C:\Users\User\AppData\Roaming\CVBKANYZAJcE
2016-05-30 18:04 - 2016-05-30 18:05 - 0019296 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
2016-05-30 18:04 - 2016-05-30 18:04 - 0128512 _____ () C:\Users\User\AppData\Roaming\Installer.dat
2016-06-09 00:36 - 2016-06-08 23:31 - 0860176 ___SH () C:\Users\User\AppData\Roaming\JDDTIZhfJWJD
2016-05-30 18:07 - 2016-05-30 18:07 - 0126464 _____ () C:\Users\User\AppData\Roaming\lobby.dat
2016-05-30 18:08 - 2016-05-30 18:08 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat
2016-05-30 18:07 - 2016-05-30 18:08 - 0005568 _____ () C:\Users\User\AppData\Roaming\md.xml
2016-06-04 21:12 - 2016-06-04 21:12 - 0414720 _____ (Basic) C:\Users\User\AppData\Roaming\MySQL.exe
2016-06-05 22:37 - 2016-06-09 20:01 - 0000000 _____ () C:\Users\User\AppData\Roaming\mysqld.exe
2016-05-30 18:08 - 2016-05-30 18:08 - 0126464 _____ () C:\Users\User\AppData\Roaming\noah.dat
2016-06-09 18:57 - 2016-06-09 18:57 - 0041472 _____ (Google Inc.) C:\Users\User\AppData\Roaming\ProxySettings.dll
2016-05-30 18:06 - 2016-05-30 18:06 - 0076565 _____ () C:\Users\User\AppData\Roaming\RedIty.bin
2016-05-30 18:07 - 2016-05-30 18:04 - 0782848 _____ () C:\Users\User\AppData\Roaming\Roundhold.exe
2016-05-30 18:08 - 2016-05-30 18:08 - 1756999 _____ () C:\Users\User\AppData\Roaming\Roundhold.tst
2005-07-17 02:00 - 2005-07-17 02:00 - 0001673 _____ () C:\Users\User\AppData\Roaming\Schlumbergera.vEu
2016-06-09 00:36 - 2016-06-07 20:44 - 1492992 ___SH () C:\Users\User\AppData\Roaming\Spread1.exe
2016-05-30 18:07 - 2016-05-30 18:04 - 0782848 _____ () C:\Users\User\AppData\Roaming\Stronglux.exe
2016-05-30 18:07 - 2016-05-30 18:07 - 0072820 _____ () C:\Users\User\AppData\Roaming\Stronglux.tst
2016-05-30 18:10 - 2016-05-30 18:10 - 2279413 _____ () C:\Users\User\AppData\Roaming\Tindox.bin
2016-05-30 18:06 - 2016-05-30 18:06 - 0848437 _____ () C:\Users\User\AppData\Roaming\True-Tough.bin
2016-06-04 21:12 - 2016-06-04 21:12 - 0000001 _____ () C:\Users\User\AppData\Roaming\uZOkAB
2009-07-13 17:46 - 2009-06-10 18:23 - 1169224 _____ (Microsoft Corporation) C:\Users\User\AppData\Roaming\verclsid.exe
2016-06-09 00:36 - 2016-06-08 23:31 - 0048666 ___SH () C:\Users\User\AppData\Roaming\XDYXaCGfXTDMIdceBOI
2016-06-05 23:35 - 2016-06-05 17:24 - 0029619 ___SH () C:\Users\User\AppData\Roaming\ZXAENWNOFiQeKTFfgQK
2016-06-05 23:35 - 2016-06-05 17:24 - 0750320 ___SH (AutoIt Team) C:\Users\User\AppData\Roaming\ZXAENWNOFiQeKTFfgQKUH.exe
2016-06-05 23:04 - 2016-06-14 23:10 - 0007600 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2015-11-21 18:52 - 2017-03-01 23:52 - 0000035 _____ () C:\ProgramData\droidcam-settings
==================== Bamital & volsnap ======================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
ATENÇÃO: ==> Não foi possível acessar BCD.
LastRegBack: 2017-02-22 21:41
==================== Fim de FRST.txt ============================