Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 18-06-2017 01
Executado por STK (administrador) em STK-SKAYLAYNE (20-06-2017 17:06:47)
Executando a partir de C:\Users\STK\Downloads
Perfis Carregados: STK (Perfis Disponíveis: STK)
Platform: Microsoft Windows 7 Home Basic (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe
(Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
() C:\Program Files\PSafe\Total\safemon\QHSafeTray.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Filseclab Corporation Limited) C:\Program Files\ScreenShot\SSSvc.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
() C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\vSnapshot\1.0.0.0\vSnapshotServ.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files\WeatherTool\2.0.1.5000028\weather_free.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Mega Limited) C:\Users\STK\AppData\Local\MEGAsync\MEGAsync.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(UCWeb Inc.) C:\Program Files\UCBrowser\Application\UCBrowser.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [QHSafeTray] => C:\Program Files\PSafe\Total\safemon\QHSafeTray.exe [2406208 2015-08-04] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-06] (AVAST Software)
HKU\S-1-5-21-3218279059-3523999800-280312587-1000\...\Run: [Advanced SystemCare 10] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [3078432 2016-10-18] (IObit)
HKU\S-1-5-21-3218279059-3523999800-280312587-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3777728 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3218279059-3523999800-280312587-1000\...\Run: [Flvto YouTube Downloader] => "C:\Users\STK\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
HKU\S-1-5-21-3218279059-3523999800-280312587-1000\...\MountPoints2: {b4e06a37-fe63-11d5-8a81-7071bc9f55e7} - F:\Autorun.exe
ShellIconOverlayIdentifiers: [
MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\STK\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [
MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\STK\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
ShellIconOverlayIdentifiers: [
MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\STK\AppData\Local\MEGAsync\ShellExtX32.dll [2016-10-31] ()
Startup: C:\Users\STK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ajudando.lnk [2016-11-30]
ShortcutTarget: Ajudando.lnk -> C:\ProgramData\servico.vbs ()
Startup: C:\Users\STK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-03-28]
ShortcutTarget: MEGAsync.lnk -> C:\Users\STK\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Restrição ? <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [HKLM] => Proxy está habilitado.
ProxyServer: [HKLM] => 127.0.0.1:12092
ProxyEnable: [S-1-5-21-3218279059-3523999800-280312587-1000] => Proxy está habilitado.
ProxyServer: [S-1-5-21-3218279059-3523999800-280312587-1000] => 127.0.0.1:12092
AutoConfigURL: [S-1-5-21-3218279059-3523999800-280312587-1000] => 127.0.0.1:12092
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 10.0.0.1
Tcpip\..\Interfaces\{9F61542F-A00E-4A18-B08F-2CCBE93724A6}: [DhcpNameServer] 192.168.1.1 10.0.0.1
Tcpip\..\Interfaces\{A6F67D90-3B53-43FA-B14D-FCDA5E804572}: [DhcpNameServer] 192.168.42.129
ManualProxies: 1127.0.0.1:51860

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKU\S-1-5-21-3218279059-3523999800-280312587-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_45¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDyBtC0B0Czy0FyDyD0EyB0E0CtAzztN0D0Tzu0StCyByBtDtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyEyCtCyD0ByBtAtGtAzyyE0DtGyCyC0BzytGyE0EtDyDtGtDyDtAyCtDtBzzyD0BzztCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0AyD0CtDzy0AyBtGzz0A0BtBtGyE0Dzz0DtG0BtB0F0BtGyByDyDzytAzzzytDzyzy0A0B2QtN0A0LzuyE%26cr%3D5401194%26a%3Dwbf_dwndlm_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_45¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDyBtC0B0Czy0FyDyD0EyB0E0CtAzztN0D0Tzu0StCyByBtDtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyEyCtCyD0ByBtAtGtAzyyE0DtGyCyC0BzytGyE0EtDyDtGtDyDtAyCtDtBzzyD0BzztCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0AyD0CtDzy0AyBtGzz0A0BtBtGyE0Dzz0DtG0BtB0F0BtGyByDyDzytAzzzytDzyzy0A0B2QtN0A0LzuyE%26cr%3D5401194%26a%3Dwbf_dwndlm_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3218279059-3523999800-280312587-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_45¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDyBtC0B0Czy0FyDyD0EyB0E0CtAzztN0D0Tzu0StCyByBtDtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyEyCtCyD0ByBtAtGtAzyyE0DtGyCyC0BzytGyE0EtDyDtGtDyDtAyCtDtBzzyD0BzztCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0AyD0CtDzy0AyBtGzz0A0BtBtGyE0Dzz0DtG0BtB0F0BtGyByDyDzytAzzzytDzyzy0A0B2QtN0A0LzuyE%26cr%3D5401194%26a%3Dwbf_dwndlm_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3218279059-3523999800-280312587-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dwndlm_16_45¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyBtDyBtC0B0Czy0FyDyD0EyB0E0CtAzztN0D0Tzu0StCyByBtDtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAyEyCtCyD0ByBtAtGtAzyyE0DtGyCyC0BzytGyE0EtDyDtGtDyDtAyCtDtBzzyD0BzztCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0AyD0CtDzy0AyBtGzz0A0BtBtGyE0Dzz0DtG0BtB0F0BtGyByDyDzytAzzzytDzyzy0A0B2QtN0A0LzuyE%26cr%3D5401194%26a%3Dwbf_dwndlm_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\STK\AppData\Roaming\Mozilla\Firefox\Profiles\p5pnpnrr.default [2017-06-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p5pnpnrr.default -> YHS
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p5pnpnrr.default -> YHS
FF Homepage: Mozilla\Firefox\Profiles\p5pnpnrr.default -> hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_05_wbf_dwndlm_16_45¶m1=1¶m2=f%3D1%26b%3DFirefox%26cc%3Dbr%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1Qzu0A0A0B0B0C0C0D0D0E0E0F0F0E0CtAzztN0D0Tzu0StCzzyCtBtN1L2XzutAtFtByCtFyEtFyDtDtN1L1Czu1M1Q1CtAtCtFtCyEtFtDtN1L1G1B1V1N2Y1L1Qzu2StC0Azz0EyByC0D0EtGtCtAyC0BtGtB0B0B0FtGtAtAyBtBtGyE0C0FtByBtDzztD0C0C0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0A0AyD0CtDzy0AyBtGzz0A0BtBtGyE0Dzz0DtG0BtB0F0BtGyByDyDzytAzzzytDzyzy0A0B2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCzytBzy%26cr%3D945814935%26a%3Dhdr_s_17_05_wbf_dwndlm_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic
FF Keyword.URL: Mozilla\Firefox\Profiles\p5pnpnrr.default -> user_pref("keyword.URL", true);
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> http", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> http_port", 53384
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> ssl", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> ssl_port", 53384
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> type", 1
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> type", 1
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> http_port", 46959
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> ssl_port", 46959
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> http_port", 29526
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> ssl_port", 29526
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> http_port", 14159
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> ssl_port", 14159
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> http_port", 51860
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> ssl_port", 51860
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> http_port", 12092
FF NetworkProxy: Mozilla\Firefox\Profiles\p5pnpnrr.default -> ssl_port", 12092
FF SearchPlugin: C:\Users\STK\AppData\Roaming\Mozilla\Firefox\Profiles\p5pnpnrr.default\searchplugins\yhs.xml [2017-02-05]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=2def554c458a9bca4c1a5c69e9cad5a5
CHR StartupUrls: Default -> "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=2def554c458a9bca4c1a5c69e9cad5a5"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default [2017-06-20]
CHR Extension: (Google Docs) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (YouTube) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (Hermes Tab) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg [2017-02-05]
CHR Extension: (Documentos Google off-line) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05]
CHR Extension: (Lidomaf) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcikeccmpogffgblkjninjaolbkbben [2016-11-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16]
CHR Extension: (Search Manager) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-01-22]
CHR Extension: (Gmail) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\STK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-05]
CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3218279059-3523999800-280312587-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3218279059-3523999800-280312587-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AdvancedSystemCareService10; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [462624 2016-10-14] (IObit)
R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-04-19] (Byte Technologies LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1142464 2017-02-07] (Disc Soft Ltd)
S2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
R2 QHActiveDefense; C:\Program Files\PSafe\Total\safemon\QHActiveDefense.exe [704664 2015-08-04] () [Arquivo não assinado]
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-02-05] ()
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [229568 2016-10-25] (SlimWare Utilities, Inc.)
R2 SSSvc; C:\Program Files\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
R2 TheFreeWeatherService; C:\Program Files\WeatherTool\2.0.1.5000028\WeatherService.exe [156784 2016-08-11] ()
R2 ThevSnapshotService; C:\Program Files\vSnapshot\1.0.0.0\vSnapshotServ.exe [152264 2016-12-24] ()
S3 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [629648 2017-02-21] () <==== ATENÇÃO
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 MEmuUpdateSvc; C:\ProgramData\MEmu\bin\MEmuUpdateSvc.exe [X]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [88136 2015-08-04] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [65608 2015-08-04] (360.cn)
R1 360Box; C:\Windows\System32\DRIVERS\360Box.sys [202312 2015-08-04] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera.sys [34888 2015-08-04] (360.cn)
R1 360SelfProtection; C:\Windows\System32\drivers\360SelfProtection.sys [174536 2015-08-04] (360安全中心)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2015-11-10] () [Arquivo não assinado]
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV.sys [165968 2015-08-04] (Qihu 360 Software Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2017-03-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2017-03-15] (Disc Soft Ltd)
R1 EfiMon; C:\Windows\System32\Drivers\Efimon.sys [23752 2015-08-04] (360安全中心)
R0 HookPort; C:\Windows\System32\Drivers\Hookport.sys [54856 2015-08-04] (360安全中心)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-11-05] (REALiX(tm))
R1 qutmdserv; C:\Windows\system32\drivers\qutmdrv.sys [257352 2015-08-04] (360.cn)
R1 qutmipc; C:\Windows\system32\drivers\qutmipc.sys [45896 2015-08-04] (360.cn)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2017-03-16] (SlimWare Utilities, Inc.)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três Meses Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-06-20 17:06 - 2017-06-20 17:08 - 00017713 _____ C:\Users\STK\Downloads\FRST.txt
2017-06-20 17:02 - 2017-06-20 17:06 - 00000000 ____D C:\FRST
2017-06-20 17:01 - 2017-06-20 17:03 - 01778176 _____ (Farbar) C:\Users\STK\Downloads\FRST.exe
2017-06-20 16:48 - 2017-06-20 16:48 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2017-06-20 16:48 - 2017-06-20 16:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-20 16:46 - 2017-06-20 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2017-06-20 16:45 - 2017-06-20 16:46 - 00000000 ____D C:\Program Files\Unified Remote 3
2017-06-20 16:45 - 2017-06-20 16:45 - 00000000 ____D C:\Users\Todos os Usuários\Unified Remote
2017-06-20 16:45 - 2017-06-20 16:45 - 00000000 ____D C:\Users\STK\Documents\Unified Remote
2017-06-20 16:45 - 2017-06-20 16:45 - 00000000 ____D C:\Users\STK\AppData\Roaming\Unified Remote
2017-06-20 16:45 - 2017-06-20 16:45 - 00000000 ____D C:\ProgramData\Unified Remote
2017-06-20 16:40 - 2017-06-20 16:43 - 37193512 _____ (Unified Intents AB ) C:\Users\STK\Downloads\ServerSetup-3-6-0-950.exe
2017-06-20 16:18 - 2017-06-20 16:25 - 00001226 _____ C:\Users\STK\Desktop\Continuar a Instalação de Unified Remote.lnk
2017-06-20 16:14 - 2017-06-20 16:15 - 02103511 _____ (Installer Stub ) C:\Users\STK\Downloads\Baixaki_unified-remote_1564431381.exe
2017-06-20 16:00 - 2017-06-20 16:00 - 00000000 ____D C:\Users\STK\AppData\LocalLow\Adobe
2017-06-20 15:58 - 2017-06-20 15:58 - 00001001 _____ C:\Users\STK\Desktop\PSCS6 - Atalho.lnk
2017-06-20 15:35 - 2017-06-20 16:34 - 00000276 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
2017-06-19 03:41 - 2017-06-19 03:42 - 00000000 ____D C:\Users\STK\AppData\Roaming\booking-nativefier-b23a56
2017-06-18 21:52 - 2017-06-18 21:52 - 00002969 _____ C:\Users\STK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kwerty Gmail Notifier.lnk
2017-06-18 21:52 - 2017-06-18 21:52 - 00000000 ____D C:\Users\STK\AppData\Local\Downloaded Installations
2017-06-18 21:52 - 2017-06-18 21:52 - 00000000 ____D C:\Program Files\Kwerty Gmail Notifier
2017-06-18 21:51 - 2017-06-19 02:43 - 00000000 ____D C:\Users\STK\AppData\Roaming\facebook-nativefier-f52d2f
2017-06-18 21:50 - 2017-06-18 21:50 - 00003105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Facebook.lnk
2017-06-18 21:50 - 2017-06-18 21:50 - 00003093 _____ C:\Users\Public\Desktop\Facebook.lnk
2017-06-18 21:49 - 2017-06-18 21:50 - 00000000 ____D C:\Program Files\Facebook
2017-06-18 21:49 - 2017-06-18 21:49 - 00001913 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.lnk
2017-06-18 21:49 - 2017-06-18 21:49 - 00001901 _____ C:\Users\Public\Desktop\Booking.lnk
2017-06-18 21:47 - 2017-06-18 21:49 - 00000000 ____D C:\Program Files\Booking
2017-06-18 21:42 - 2017-06-18 21:42 - 02246665 _____ (Kwerty) C:\Users\STK\Downloads\Baixaki_kwerty-gmail-notifier.exe
2017-06-18 21:40 - 2017-06-18 21:40 - 00002374 _____ C:\Users\STK\Desktop\WarThunder.lnk
2017-06-18 21:40 - 2017-06-18 21:40 - 00000000 ____D C:\Users\STK\AppData\Roaming\WarThunder
2017-06-18 21:40 - 2017-06-18 21:40 - 00000000 ____D C:\Users\STK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2017-06-18 21:36 - 2017-06-18 21:38 - 02165900 _____ ( ) C:\Users\STK\Downloads\Baixaki_kwerty-gmail-notifier_0457955777.exe
2017-06-18 01:46 - 2017-06-18 01:46 - 00000000 ____D C:\Users\STK\AppData\Roaming\boomzap
2017-05-26 02:46 - 2017-05-26 02:47 - 00000000 ____D C:\Users\STK\AppData\Local\Flvto YouTube Downloader
2017-04-18 00:06 - 2017-04-18 00:06 - 00000000 ____D C:\Users\STK\AppData\Roaming\SSMgre
2017-04-05 00:59 - 2017-04-05 00:59 - 00000000 ____D C:\Users\Todos os Usuários\Electronic Arts
2017-04-05 00:59 - 2017-04-05 00:59 - 00000000 ____D C:\ProgramData\Electronic Arts
2017-04-02 01:32 - 2002-01-01 01:00 - 1749594592 ____R (Acresso Software Inc.) C:\Users\STK\Downloads\TS3_1.67.2.0240xx_update.exe
2017-04-02 01:31 - 2017-04-05 00:48 - 00000000 ____D C:\Users\STK\Downloads\Atualizaçao The Sims 3 - 1.67
2017-04-02 01:27 - 2017-04-02 01:29 - 07117647 _____ C:\Users\STK\Downloads\Atualizaçao The Sims 3 - 1.67.rar
2017-03-28 16:52 - 2017-04-06 14:44 - 00000000 ____D C:\Users\STK\Documents\MEGAsync Downloads
2017-03-28 16:52 - 2017-03-28 16:52 - 00000000 ___RD C:\Users\STK\Documents\MEGAsync
2017-03-28 16:49 - 2017-03-28 16:49 - 00001008 _____ C:\Users\STK\Desktop\MEGAsync.lnk
2017-03-28 16:49 - 2017-03-28 16:49 - 00000000 ____D C:\Users\STK\AppData\Local\Mega Limited
2017-03-28 16:48 - 2017-03-28 16:49 - 00000000 ____D C:\Users\STK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2017-03-28 16:48 - 2017-03-28 16:49 - 00000000 ____D C:\Users\STK\AppData\Local\MEGAsync
2017-03-28 16:46 - 2017-03-28 16:47 - 13286592 _____ (MEGA Limited) C:\Users\STK\Downloads\MEGAsyncSetup.exe
2017-03-23 01:22 - 2017-03-23 01:22 - 00057960 _____ C:\Users\STK\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 00:29 - 2017-03-23 00:30 - 00037004 _____ C:\Users\STK\Downloads\TAGAP 2 Setup.exe
2017-03-23 00:23 - 2017-03-23 00:23 - 00000088 _____ C:\Windows\system32\STK-SKAYLAYNEx.ocx
2017-03-23 00:23 - 2017-03-23 00:23 - 00000000 ____D C:\Windows\system32\Java
2017-03-23 00:23 - 2002-01-01 00:01 - 00006042 _____ C:\debug.txt
2017-03-23 00:15 - 2017-03-23 00:15 - 00000279 _____ C:\Users\STK\Downloads\Setup9919.vbe

==================== Três Meses Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-06-20 17:04 - 2016-11-26 18:36 - 00000000 ____D C:\Users\STK\AppData\Roaming\WeatherTool
2017-06-20 17:02 - 2009-07-14 01:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-20 17:02 - 2009-07-14 01:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-20 16:00 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2017-06-20 15:37 - 2009-07-29 15:24 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2017-06-20 15:37 - 2009-07-29 15:24 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2017-06-20 15:37 - 2002-01-01 00:27 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-19 03:58 - 2017-03-15 23:51 - 00000000 ____D C:\Windows\Tasks\360Disabled
2017-06-19 02:58 - 2002-01-01 00:52 - 00000000 ____D C:\Program Files\ByteFence
2017-06-19 02:47 - 2002-01-01 00:08 - 00000000 ____D C:\Users\STK\AppData\Roaming\vSnapshot
2017-06-08 04:25 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2017-05-30 03:16 - 2017-03-15 23:58 - 00000000 __SHD C:\Users\Todos os Usuários\360Quarant
2017-05-30 03:16 - 2017-03-15 23:58 - 00000000 __SHD C:\ProgramData\360Quarant
2017-05-30 03:16 - 2017-03-15 23:58 - 00000000 __SHD C:\$360Section
2017-05-30 02:50 - 2017-03-16 00:46 - 00000000 ____D C:\Users\STK\AppData\Local\Microsoft Games

==================== Arquivos na raiz de alguns diretórios =======

2017-02-05 19:04 - 2017-02-05 19:04 - 0017871 _____ () C:\Users\STK\AppData\Roaming\Bisopidi
2016-12-06 22:56 - 2016-12-06 23:14 - 0002622 _____ () C:\Users\STK\AppData\Roaming\droid4xinstaller.log
2017-01-22 19:57 - 2017-03-15 18:57 - 0000277 _____ () C:\Users\STK\AppData\Roaming\WB.CFG
2016-11-05 15:08 - 2016-11-05 15:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2001-12-31 23:04 - 2016-12-19 21:12 - 0000000 _____ () C:\ProgramData\dwmn.exe
2016-11-30 17:06 - 2016-11-30 17:06 - 0055632 _____ (Microsoft Corporation) C:\ProgramData\mk.exe
2016-11-30 17:05 - 2016-11-30 17:05 - 0007077 _____ () C:\ProgramData\servico.vbs
2016-11-30 17:09 - 2016-11-30 17:09 - 0000000 _____ () C:\ProgramData\wpi.txt

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\dwmn.exe
C:\ProgramData\mk.exe
C:\ProgramData\servico.vbs
C:\Users\Todos os Usuários\dwmn.exe
C:\Users\Todos os Usuários\mk.exe
C:\Users\Todos os Usuários\servico.vbs


Alguns arquivos em TEMP:
====================
2017-06-20 16:18 - 2017-06-20 16:25 - 2103511 _____ (Installer Stub ) C:\Users\STK\AppData\Local\Temp\ICReinstall_Baixaki_unified-remote_1564431381.exe
2017-04-29 01:32 - 2001-12-31 23:14 - 47971268 _____ () C:\Users\STK\AppData\Local\Temp\Second_Life_5_0_4_325124_i686_Setup.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-03-17 00:38

==================== Fim de FRST.txt ============================