Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01 Executado por pontofrio (administrador) em PONTOFRIO-PC (13-03-2016 07:23:08) Executando a partir de C:\Users\pontofrio\Downloads Perfis Carregados: pontofrio (Perfis Disponíveis: pontofrio) Platform: Windows 7 Home Basic (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Users\pontofrio\AppData\Roaming\Vovlul\Vovlul.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Orolix Desenvolvimento de Software LTDA.) C:\Program Files (x86)\TIM Communicator\module\devicemon.exe (Banco Bradesco S.A.) C:\Program Files (x86)\Scpad\scpVista.exe (TU-Funs LIMITED) C:\ProgramData\pWdMp\WdMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\bavhm.exe () C:\Users\pontofrio\AppData\Roaming\Vovlul\Votecy.exe () C:\Users\pontofrio\AppData\Roaming\Vovlul\Gepwymg.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe (DotC United Inc) C:\Program Files (x86)\MPC AdCleaner\AdCleaner.exe (DotC United Inc) C:\Program Files (x86)\MPC AdCleaner\AdxEngine.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe () C:\Users\pontofrio\AppData\Roaming\alFSVWJB\twunk_16.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe () C:\Users\pontofrio\AppData\Roaming\alFSVWJB\twunk_16.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (BitTorrent Inc.) C:\Users\pontofrio\AppData\Roaming\uTorrent\uTorrent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (DotC United Inc) C:\Program Files (x86)\MPC AdCleaner\AdPopWnd.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM-x32\...\Run: [mbot_br_014010256] => [X] HKLM-x32\...\Run: [rec_en_215] => [X] HKLM-x32\...\Run: [mbot_en_037050256] => [X] HKLM-x32\...\Run: [win_en_77] => [X] HKLM-x32\...\Run: [rec_en_216] => [X] HKLM-x32\...\Run: [rec_en_221] => [X] HKLM-x32\...\Run: [rec_en_218] => [X] HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavTray.exe [1997296 2016-03-08] (Baidu, Inc.) HKLM-x32\...\Run: [twunk_16.exe] => C:\Users\pontofrio\AppData\Roaming\alFSVWJB\twunk_16.exe [381440 2011-02-26] () HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-05-21] (Dell) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [574302779] => C:\ProgramData\mscvmtct.exe [195072 2009-07-13] () HKLM\...\Policies\Explorer\Run: [1618565007] => C:\ProgramData\msrvsjs.exe [264704 2009-07-13] (Vortex Team) HKLM\...\Policies\Explorer\Run: [1325165494] => C:\ProgramData\msvdrg.exe [162816 2009-07-13] () HKLM\...\Policies\Explorer\Run: [1696102392] => C:\ProgramData\msojru.exe [252416 2009-07-13] (Borland Software Corporation ) HKLM\...\Policies\Explorer\Run: [552987553] => C:\ProgramData\msuoreee.exe [185856 2009-07-13] () HKLM\...\Policies\Explorer\Run: [653108022] => C:\ProgramData\mskrwl.exe [278016 2009-07-13] (www.bodro.org.ua) HKLM\...\Policies\Explorer\Run: [717883167] => C:\ProgramData\msiyu.exe [274944 2009-07-13] (Microsoft Corporation) HKLM\...\Policies\Explorer\Run: [1182460303] => C:\ProgramData\msczhcrbe.exe [298496 2009-07-13] () HKLM\...\Policies\Explorer\Run: [1443031969] => C:\ProgramData\msvdncwpg.exe [294400 2009-07-13] (ESET) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [syeik3122s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123263113541\seifs12ik32.exe [282624 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [sysanf132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-12326151\sysanifsy2132s.exe [281600 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [sysanitesays2132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123268151\sysaniteasy2132s.exe [281600 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [sysanitesys2132] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1232612551\sysanitesy2132.exe [284160 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [sysanitesys132] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1332612551\sysanitesys132.exe [283136 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [sysazwb6says32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-136633451\sysae6w6azbys32.exe [281600 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [sysazwbsays32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633451\sysaewazbys32.exe [283648 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [syszwbsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633145871\sysewzbys32.exe [282112 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Run: [uTorrent] => C:\Users\pontofrio\AppData\Roaming\uTorrent\uTorrent.exe [1994592 2015-05-13] (BitTorrent Inc.) HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sy192i3aaarrs] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-134019216261\se1923ar32.exe [282624 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [syeik3122s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123263113541\seifs12ik32.exe [282624 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sysanf132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-12326151\sysanifsy2132s.exe [281600 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [syeiaz822s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1220326261\seiafs1z432.exe [283648 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [syee132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123261541\seifsy2132s.exe [282112 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [syeiarrs] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-12240326261\seiar32.exe [282624 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [syee1r32s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1232631541\seifsy2r132s.exe [281600 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sysanitesays2132s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-123268151\sysaniteasy2132s.exe [281600 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sysanitesys132] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1332612551\sysanitesys132.exe [283136 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sysanitesys2132] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-1232612551\sysanitesy2132.exe [284160 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [senewsys32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-186345671\senewsys32.exe [283136 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sysazwb6says32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-136633451\sysae6w6azbys32.exe [281600 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sye1vi3aaarrs] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13403216261\seiva1a3ar32.exe [283136 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sysazwbsays32] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-13633451\sysaewazbys32.exe [283648 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\RunOnce: [sy192i33s] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-134019361\se1933332.exe [281088 2016-03-12] () HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {163e1e65-d7de-11e0-abc3-00235a62e73b} - E:\ICM_ML.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {17ed607b-caee-11e2-abfc-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {2d411b98-c97e-11e2-a29b-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {31192ec4-0d54-11e2-9a31-00235a62e73b} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {31192ef2-0d54-11e2-9a31-00235a62e73b} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {64a1ca19-5e71-11e5-bc99-00235a62e73b} - E:\Autorun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {692ae514-4359-11e0-9ab1-806e6f6e6963} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {8e2e8ee9-2fed-11e1-ab34-f07bcb68889c} - F:\KODAK_Camera_Setup_App.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {9513516d-5508-11e1-96da-f07bcb68889c} - E:\LaunchU3.exe -a HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {b124476d-c933-11e2-9601-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {b124477e-c933-11e2-9601-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {bc86220f-58b9-11e0-80cb-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {bf9823a7-4359-11e0-9ac8-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {c1aaa5a8-42b9-11e0-9ac1-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {c1aaa5b9-42b9-11e0-9ac1-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {cc96906c-93b2-11e0-ac4d-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {cca9c3c6-1f85-11e0-ae8f-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {cca9c3d4-1f85-11e0-ae8f-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {cca9c3df-1f85-11e0-ae8f-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {ccfc0d77-c974-11e2-ac6f-00235a62e73b} - E:\AutoRun.exe HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\MountPoints2: {fad9bcf5-c8df-11e2-8eb8-f07bcb68889c} - E:\AutoRun.exe HKU\S-1-5-18\...\Run: [msiql] => c:\programdata\msiql.exe [1888256 2016-03-02] () HKU\S-1-5-18\...\Run: [MSConfig] => "C:\Windows\system32\config\systemprofile\ccllzkxx.exe" HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1 SSODL-x32: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll (Banco Bradesco S.A.) ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavShx64.dll [2016-03-08] (Baidu, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-26] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-26] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-26] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) ProxyServer: [.DEFAULT] => 192.168.0.252:8080 Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.100.1 8.8.8.8 Tcpip\..\Interfaces\{11F261A3-3875-4DE8-B04A-CD055626CEB1}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{11F261A3-3875-4DE8-B04A-CD055626CEB1}: [DhcpNameServer] 192.168.100.1 8.8.8.8 Tcpip\..\Interfaces\{65ABBFF7-94E3-4A03-B78B-5A4818D00128}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{AEED6293-EAB0-43F9-AF32-1515AE13DC45}: [NameServer] 104.197.191.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=bav_pro_hp_01_hao123_br HKU\S-1-5-21-2973937001-495373740-789024467-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://dell.br.msn.com/ HKU\S-1-5-21-2973937001-495373740-789024467-1000\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByCzzzzzzzy0CtD0FtC0CtN0D0Tzu0StCyDtByEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyEyCtDyBtDzy0AtGtD0F0B0DtGyCzzyCyCtGtDzzzyyDtGyEtAtCtDyEtBtDyBtCtAyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0F0CtBtD0EzyyEtGyE0DtC0BtGyEyEyBtAtGzytDtDtDtG0B0A0B0F0E0E0FyDtCyD0FtA2QtN0A0LzutB%26cr%3D1932785445%26a%3Dwncy_ir_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByCzzzzzzzy0CtD0FtC0CtN0D0Tzu0StCyDtByEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyEyCtDyBtDzy0AtGtD0F0B0DtGyCzzyCyCtGtDzzzyyDtGyEtAtCtDyEtBtDyBtCtAyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0F0CtBtD0EzyyEtGyE0DtC0BtGyEyEyBtAtGzytDtDtDtG0B0A0B0F0E0E0FyDtCyD0FtA2QtN0A0LzutB%26cr%3D1932785445%26a%3Dwncy_ir_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BBasic&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = SearchScopes: HKLM-x32 -> {DE125FF9-0661-473A-8E15-E7AD0074B564} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {DE125FF9-0661-473A-8E15-E7AD0074B564} URL = SearchScopes: HKU\S-1-5-21-2973937001-495373740-789024467-1000 -> DefaultScope {0633ee93-d776-472f-a0ff-e1416b8b2e3a} URL = SearchScopes: HKU\S-1-5-21-2973937001-495373740-789024467-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-2973937001-495373740-789024467-1000 -> {DE125FF9-0661-473A-8E15-E7AD0074B564} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-23] (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: ssh2 Class -> {2E3C3651-B19C-4DD9-A979-901EC3E930AF} -> C:\Program Files (x86)\Scpad\scpsssh2.dll [2011-08-05] (Banco Bradesco S.A.) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-10] (RealPlayer) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12] (Microsoft Corporation) BHO-x32: Auxiliar de Conexão do Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-23] (Sun Microsystems, Inc.) Toolbar: HKU\S-1-5-21-2973937001-495373740-789024467-1000 -> Sem Nome - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Nenhum Arquivo DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-06-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-06-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-06-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-06-21] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mysites123.com/?type=sc&ts=1457070988&z=7ebf1ab0d9089504a5c173egfzbwdm8e4m5e9tbt1o&from=tt4u&uid=ST9250315AS_5VCC4ER0XXXX5VCC4ER0 FireFox: ======== FF ProfilePath: C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll [2011-05-30] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2011-05-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2011-05-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-05-10] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.633 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-05-10] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin HKU\S-1-5-21-2973937001-495373740-789024467-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\pontofrio\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-2973937001-495373740-789024467-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\pontofrio\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2973937001-495373740-789024467-1000: @talk.google.com/O1DPlugin -> C:\Users\pontofrio\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2973937001-495373740-789024467-1000: @tools.google.com/Google Update;version=3 -> C:\Users\pontofrio\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin HKU\S-1-5-21-2973937001-495373740-789024467-1000: @tools.google.com/Google Update;version=9 -> C:\Users\pontofrio\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\pontofrio\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\pontofrio\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF SearchPlugin: C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-10] FF SearchPlugin: C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-10] FF Extension: iMacros for Firefox - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\rhg7swpf.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-02-26] FF Extension: Video AdBlock - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\rhg7swpf.default\Extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1} [2016-02-25] FF Extension: Simple for You 1.0.1 - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\rhg7swpf.default\Extensions\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}.xpi [2016-03-05] [não assinado] FF Extension: GsearchFinder - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-01] FF Extension: Video AdBlock - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1} [2016-03-10] FF Extension: iMacros for Firefox - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2016-03-10] FF Extension: Simple for You 1.0.1 - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}.xpi [2016-03-05] [não assinado] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-05-10] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\pontofrio\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com FF Extension: SpecialSavings - C:\Users\pontofrio\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-05-31] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\pontofrio\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com FF Extension: Speed Analysis 2 - C:\Users\pontofrio\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-05-31] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\pontofrio\AppData\Roaming\Mozilla\Firefox\Profiles\rhg7swpf.default\extensions\deskCutv2@gmail.com => não encontrado (a) FF HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\pontofrio\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com FF HKU\S-1-5-21-2973937001-495373740-789024467-1000\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\pontofrio\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mysites123.com/?type=sc&ts=1457070988&z=7ebf1ab0d9089504a5c173egfzbwdm8e4m5e9tbt1o&from=tt4u&uid=ST9250315AS_5VCC4ER0XXXX5VCC4ER0 Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08] CHR Extension: (Google Drive) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24] CHR Extension: (YouTube) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05] CHR Extension: (Google Search) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-05] CHR Extension: (Documentos do Google offline) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-05] CHR Extension: (Skype) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-09] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-10] CHR Extension: (Gmail) - C:\Users\pontofrio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-15] CHR HKU\S-1-5-21-2973937001-495373740-789024467-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\pontofrio\AppData\Roaming\SpecialSavings\SpecialSavings.crx [2013-02-13] CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cieaemiebmgoijjnjhalllbcfnbmafgd] - C:\Users\pontofrio\AppData\Roaming\temp.crx [2013-08-25] CHR HKLM-x32\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\pontofrio\AppData\Roaming\SpeedAnalysis2\SpeedAnalysis.crx [2013-04-17] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-10] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavSvc.exe [2572928 2016-03-08] (Baidu, Inc.) S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdSandboxSrv64.exe [490528 2015-03-05] (Baidu, Inc.) R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BHipsSvc.exe [531232 2016-03-08] (Baidu, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation) R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [Arquivo não assinado] R2 Gendie; C:\Users\pontofrio\AppData\Roaming\Vovlul\Vovlul.exe [174448 2016-03-07] () S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-01-11] () [Arquivo não assinado] S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-04] (TODO: ) [Arquivo não assinado] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Arquivo não assinado] S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625632 2015-07-22] (Lenovo) R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [348640 2016-03-04] (DotC United Inc) R2 OrolixDeviceMonitor; C:\Program Files (x86)\TIM Communicator\module\devicemon.exe [26528 2011-11-09] (Orolix Desenvolvimento de Software LTDA.) R2 scpVista; C:\Program Files (x86)\Scpad\scpVista.exe [368544 2011-08-05] (Banco Bradesco S.A.) R2 WdMan; C:\ProgramData\pWdMp\WdMan.exe [330504 2016-03-04] (TU-Funs LIMITED) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [306192 2016-02-26] () S3 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2010-06-03] (Dell Inc.) [Arquivo não assinado] S3 XBox; C:\Users\pontofrio\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation) S2 dojygici; C:\Program Files (x86)\4C4C4544-1457123326-5210-8056-CAC04F424D31\jnslA209.tmp [X] S2 ggbugreport; "C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X] S3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [X] S2 Gykvi; "C:\Users\pontofrio\AppData\Roaming\ColcoCapso\Gohiteaw.exe" -cms [X] S3 ihpmServer; "C:\Program Files (x86)\RayDld\ihpmServer.exe" [X] S2 jywohogezbt; C:\Program Files (x86)\4C4C4544-1457123326-5210-8056-CAC04F424D31\knsv6C94.tmp [X] S4 MpfService; %ProgramFiles(x86)%\McAfee\MPF\MPFSrv.exe [X] S2 rewusidizbt; C:\Program Files (x86)\4C4C4544-1457123326-5210-8056-CAC04F424D31\knsh2E52.tmp [X] S2 wucotusy; C:\Program Files (x86)\4C4C4544-1457123326-5210-8056-CAC04F424D31\hnsgCA24.tmp [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdApiUtil64.sys [116936 2016-03-08] (Baidu, Inc.) R3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-05-15] () R3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BdCameraProtect64.sys [25032 2016-03-08] (Baidu, Inc.) S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu, Inc.) R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [62920 2016-03-08] (Baidu, Inc.) R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-03-08] (Baidu, Inc.) R1 Bnbase; C:\Windows\System32\drivers\bnbasex64.sys [62792 2016-03-08] (Baidu, Inc.) R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-03-08] (Baidu, Inc.) R3 BNmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\Bnmon64.sys [82376 2016-03-08] (Baidu, Inc.) R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [169416 2016-03-08] (Baidu, Inc.) R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34712 2016-03-04] () R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2016-03-04] (Cherimoya Ltd) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-09-18] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [92032 2007-02-28] (Huawei Technologies Co., Ltd.) [Arquivo não assinado] R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [59112 2016-03-04] (DotC United Inc) R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.) S3 nokia_cs1x_cdc_acm; C:\Windows\System32\DRIVERS\nokia_cs1x_cdc_acm.sys [98304 2010-04-22] (Nokia) S3 nokia_cs1x_cpo; C:\Windows\System32\DRIVERS\nokia_cs1x_cpo.sys [13824 2010-04-22] (Nokia) R3 nokia_cs1x_dc_enum; C:\Windows\System32\DRIVERS\nokia_cs1x_dc_enum.sys [97280 2010-04-22] (Nokia) R3 O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [63264 2009-05-06] (O2Micro ) S3 ONDAusbmdm6k; C:\Windows\System32\DRIVERS\ONDAusbmdm6k.sys [119680 2010-06-02] (Onda Communication) S3 ONDAusbnmea; C:\Windows\System32\DRIVERS\ONDAusbnmea.sys [119680 2010-06-02] (Onda Communication) S3 ONDAusbser6k; C:\Windows\System32\DRIVERS\ONDAusbser6k.sys [119680 2010-06-02] (Onda Communication) S3 ONDAusbvoice; C:\Windows\System32\DRIVERS\ONDAusbvoice.sys [119680 2010-06-02] (Onda Communication) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2016-03-04] () S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-13 07:21 - 2016-03-13 07:23 - 00000000 ____D C:\FRST 2016-03-13 06:53 - 2016-03-13 06:53 - 00000000 _____ C:\Windows\SysWOW64\ws.db 2016-03-13 06:42 - 2016-03-13 06:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-03-13 06:42 - 2016-03-13 06:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-03-13 06:42 - 2016-03-13 06:42 - 00000000 ____D C:\Windows\system32\Macromed 2016-03-13 06:27 - 2016-03-13 06:27 - 00000000 ____D C:\Program Files (x86)\osTip 2016-03-12 08:22 - 2016-03-12 08:22 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd 2016-03-10 06:57 - 2016-03-10 06:58 - 00015160 _____ C:\Windows\System32\Tasks\WinTaske 2016-03-10 06:57 - 2016-03-10 06:57 - 00000000 ____D C:\Program Files (x86)\Winsere 2016-03-09 15:15 - 2016-03-09 15:15 - 00000000 ____D C:\Windows\Sun 2016-03-08 05:13 - 2015-03-05 02:12 - 00421784 _____ (Baidu, Inc.) C:\Windows\system32\BdSandboxDll64.dll 2016-03-08 05:13 - 2015-03-05 02:12 - 00332320 _____ (Baidu, Inc.) C:\Windows\SysWOW64\BdSandboxDll32.dll 2016-03-08 05:11 - 2015-05-15 00:09 - 00078792 _____ C:\Windows\system32\Drivers\bdark64.sys 2016-03-08 04:55 - 2016-03-08 04:55 - 00003544 _____ C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 2016-03-08 04:54 - 2016-03-08 04:54 - 00003462 _____ C:\Windows\System32\Tasks\Baidu Antivirus Update 2016-03-08 04:44 - 2016-03-08 04:54 - 00485672 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef64.sys 2016-03-08 04:44 - 2016-03-08 04:54 - 00169416 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys 2016-03-08 04:44 - 2016-03-08 04:54 - 00062920 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys 2016-03-08 04:44 - 2016-03-08 04:54 - 00062792 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex64.sys 2016-03-08 04:44 - 2016-03-08 04:54 - 00038344 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys 2016-03-08 04:44 - 2015-03-05 02:12 - 00236920 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BdSandbox.sys 2016-03-08 04:36 - 2016-03-08 07:05 - 00000000 ____D C:\FFOutput 2016-03-08 04:36 - 2016-03-08 04:36 - 00000000 ____D C:\Program Files (x86)\Baidu Security 2016-03-08 04:35 - 2016-03-08 04:35 - 00000000 ____D C:\Program Files (x86)\FreeTime 2016-03-07 22:42 - 2016-03-07 22:42 - 00000000 ____D C:\Windows\system32\cuk 2016-03-07 22:34 - 2016-03-07 22:34 - 00003344 _____ C:\Windows\System32\Tasks\Ipivew 2016-03-07 22:28 - 2016-03-07 22:28 - 00000920 _____ C:\Windows\SysWOW64\${LOGFILE} 2016-03-07 22:01 - 2016-03-07 22:01 - 00000000 ____D C:\Program Files\CCleaner 2016-03-06 15:51 - 2016-03-13 06:27 - 00000528 _____ C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job 2016-03-06 15:51 - 2016-03-06 15:51 - 00003630 _____ C:\Windows\System32\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B} 2016-03-05 21:27 - 2016-03-13 06:28 - 00002974 _____ C:\Windows\System32\Tasks\alFSVWJB 2016-03-05 21:27 - 2016-03-13 06:28 - 00000364 ____H C:\Windows\Tasks\alFSVWJB.job 2016-03-05 21:27 - 2016-03-05 21:27 - 00000000 _____ C:\Windows\kernel32.dll 2016-03-05 21:19 - 2016-03-05 21:19 - 00003776 _____ C:\Windows\System32\Tasks\Selection Tools Update 2016-03-05 21:17 - 2016-03-05 21:17 - 00003742 _____ C:\Windows\System32\Tasks\WindApp Update 2016-03-05 21:13 - 2016-03-05 21:13 - 00003344 _____ C:\Windows\System32\Tasks\Aikaljeg 2016-03-05 21:13 - 2016-03-05 21:13 - 00000000 ____D C:\Windows\system32\fin 2016-03-04 18:30 - 2016-03-06 15:11 - 00003090 _____ C:\Windows\System32\Tasks\RegClean Pro 2016-03-04 18:30 - 2016-03-04 18:30 - 00003032 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2016-03-04 18:30 - 2016-03-04 18:30 - 00002876 _____ C:\Windows\System32\Tasks\RegClean Pro_DEFAULT 2016-03-04 17:47 - 2016-03-04 17:47 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys 2016-03-04 16:55 - 2016-03-04 16:55 - 00000336 _____ C:\Windows\Tasks\ByteFence Scan.job 2016-03-04 16:51 - 2016-03-07 22:24 - 00000258 _____ C:\Windows\Tasks\LaunchPreSignup.job 2016-03-04 16:10 - 2016-03-04 16:10 - 00003370 _____ C:\Windows\System32\Tasks\MPC AdCleaner 2016-03-04 16:00 - 2016-03-12 23:00 - 00003356 _____ C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2973937001-495373740-789024467-1000 2016-03-04 16:00 - 2016-03-12 23:00 - 00003230 _____ C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2973937001-495373740-789024467-1000 2016-03-04 15:51 - 2016-03-13 06:53 - 00000000 ____D C:\Program Files (x86)\MPC AdCleaner 2016-03-04 04:29 - 2016-03-04 17:47 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-03-04 03:33 - 2016-03-04 04:37 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-03-04 03:33 - 2016-03-04 03:33 - 00059112 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys 2016-03-04 03:33 - 2016-03-04 03:33 - 00000000 ____D C:\Windows\system32\coa 2016-03-04 03:33 - 2016-03-04 03:33 - 00000000 ____D C:\uninst 2016-03-04 03:32 - 2016-03-04 03:33 - 00000000 ____D C:\Windows\TEMPfolder 2016-03-04 03:09 - 2016-03-04 03:04 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-03-04 02:59 - 2016-03-04 15:33 - 00003178 _____ C:\Windows\System32\Tasks\Run_Bobby_Browser 2016-03-04 02:59 - 2016-03-04 02:59 - 00003208 _____ C:\Windows\System32\Tasks\crash_service 2016-02-25 20:11 - 2016-03-04 15:33 - 00003820 _____ C:\Windows\System32\Tasks\klcp_update 2016-02-25 20:10 - 2016-02-25 20:10 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-02-25 20:10 - 2015-12-18 07:00 - 00755200 _____ C:\Windows\system32\xvidcore.dll 2016-02-25 20:10 - 2015-12-18 07:00 - 00674816 _____ C:\Windows\SysWOW64\xvidcore.dll 2016-02-25 20:10 - 2015-12-18 07:00 - 00309248 _____ C:\Windows\system32\xvidvfw.dll 2016-02-25 20:10 - 2015-12-18 07:00 - 00282112 _____ C:\Windows\SysWOW64\xvidvfw.dll 2016-02-25 20:10 - 2015-10-24 14:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll 2016-02-25 20:10 - 2015-10-24 14:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll 2016-02-25 20:10 - 2015-02-28 13:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2016-02-25 20:10 - 2015-02-28 13:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2016-02-25 20:10 - 2012-07-21 08:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2016-02-25 20:10 - 2012-07-21 08:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm 2016-02-25 20:10 - 2011-12-07 15:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll 2016-02-25 20:10 - 2011-12-07 15:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2016-02-25 17:25 - 2016-03-04 04:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-13 07:06 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2016-03-13 06:46 - 2010-08-27 19:15 - 00000000 ____D C:\Users\pontofrio 2016-03-13 06:34 - 2009-07-14 01:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-13 06:34 - 2009-07-14 01:45 - 00013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-13 06:33 - 2009-08-11 21:20 - 00663804 _____ C:\Windows\system32\prfh0416.dat 2016-03-13 06:33 - 2009-08-11 21:20 - 00128094 _____ C:\Windows\system32\prfc0416.dat 2016-03-13 06:33 - 2009-07-14 02:13 - 01517030 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-13 06:26 - 2011-03-27 18:34 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-03-13 06:26 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-13 06:18 - 2013-05-30 15:13 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2973937001-495373740-789024467-1000UA.job 2016-03-13 05:31 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\tracing 2016-03-12 21:17 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF 2016-03-12 15:18 - 2013-05-30 15:13 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2973937001-495373740-789024467-1000Core.job 2016-03-12 04:52 - 2010-04-26 11:49 - 00000408 _____ C:\Windows\WININIT.INI 2016-03-08 06:50 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-03-08 06:50 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-03-08 02:19 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-03-07 22:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\ModemLogs 2016-03-04 17:52 - 2014-05-16 21:28 - 00000418 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2016-03-04 17:52 - 2012-11-21 20:37 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-04 17:52 - 2012-11-21 20:37 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-04 17:52 - 2010-11-19 13:17 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973937001-495373740-789024467-1000UA.job 2016-03-04 17:52 - 2010-11-19 13:17 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2973937001-495373740-789024467-1000Core.job 2016-03-04 17:15 - 2011-05-16 20:24 - 00000000 ____D C:\Windows\Minidump 2016-03-04 17:15 - 2009-08-18 03:05 - 00000000 ____D C:\Windows\Panther 2016-03-04 17:15 - 2009-07-14 02:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-03-04 16:44 - 2009-08-18 03:36 - 00000000 ____D C:\Dell 2016-03-04 15:34 - 2012-11-21 20:37 - 00004078 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-03-04 15:34 - 2010-11-19 13:17 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2973937001-495373740-789024467-1000UA 2016-03-04 15:34 - 2010-11-19 13:17 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2973937001-495373740-789024467-1000Core 2016-03-04 15:33 - 2014-05-16 21:28 - 00002854 _____ C:\Windows\System32\Tasks\SlimDrivers Startup 2016-03-04 15:33 - 2012-11-21 20:37 - 00003826 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-03-04 15:33 - 2010-11-04 13:47 - 00003976 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{69A9E275-D4F5-478C-91A5-6C86BBF5C70C} 2016-03-04 15:24 - 2014-05-16 21:28 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys 2016-03-04 04:26 - 2014-05-16 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-25 03:48 - 2015-09-09 00:18 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Arquivos na raiz de alguns diretórios ======= 2016-03-05 21:13 - 2016-03-05 21:19 - 0001286 _____ () C:\Users\pontofrio\AppData\Roaming\Bubble Dock.boostrap.log 2016-03-05 21:15 - 2016-03-05 21:17 - 0005736 _____ () C:\Users\pontofrio\AppData\Roaming\Bubble Dock.installation.log 2016-03-04 03:01 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\pontofrio\AppData\Roaming\delCalendarReg.exe 2016-03-04 02:59 - 2016-03-02 10:49 - 1888256 _____ () C:\Users\pontofrio\AppData\Roaming\msiql.exe 2016-03-05 21:18 - 2016-03-05 21:18 - 0000078 _____ () C:\Users\pontofrio\AppData\Roaming\Selection Tools.installation.log 2016-03-04 02:58 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\pontofrio\AppData\Roaming\service.exe 2016-03-04 03:00 - 2016-03-04 03:01 - 2786816 _____ (TODO: ) C:\Users\pontofrio\AppData\Roaming\svrupg.exe 2013-08-25 14:28 - 2013-08-25 14:28 - 0032792 _____ () C:\Users\pontofrio\AppData\Roaming\temp.crx 2012-10-10 22:58 - 2012-10-10 22:58 - 0023239 _____ () C:\Users\pontofrio\AppData\Roaming\UserTile.png 2016-03-06 15:18 - 2016-03-06 15:18 - 0011641 _____ () C:\Users\pontofrio\AppData\Roaming\webad.xml 2016-03-05 21:13 - 2016-03-05 21:13 - 0000097 _____ () C:\Users\pontofrio\AppData\Roaming\WindApp.boostrap.log 2016-03-05 21:17 - 2016-03-05 21:17 - 0000078 _____ () C:\Users\pontofrio\AppData\Roaming\WindApp.installation.log 2016-03-04 18:35 - 2016-03-06 15:44 - 0000082 _____ () C:\Users\pontofrio\AppData\Roaming\xcgui_debug.txt 2011-02-01 00:42 - 2011-02-01 00:42 - 0000600 _____ () C:\Users\pontofrio\AppData\Local\PUTTY.RND 2016-03-04 03:01 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe 2016-03-04 03:02 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe 2016-03-04 03:00 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0195072 ___SH () C:\ProgramData\mscvmtct.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0298496 ___SH () C:\ProgramData\msczhcrbe.exe 2016-03-04 02:59 - 2016-03-02 10:49 - 1888256 _____ () C:\ProgramData\msiql.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0274944 ___SH (Microsoft Corporation) C:\ProgramData\msiyu.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0278016 ___SH (www.bodro.org.ua) C:\ProgramData\mskrwl.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0252416 ___SH (Borland Software Corporation ) C:\ProgramData\msojru.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0264704 ___SH (Vortex Team) C:\ProgramData\msrvsjs.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0185856 ___SH () C:\ProgramData\msuoreee.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0294400 ___SH (ESET) C:\ProgramData\msvdncwpg.exe 2009-07-13 20:31 - 2009-07-13 22:14 - 0162816 ___SH () C:\ProgramData\msvdrg.exe 2016-03-04 02:58 - 2016-01-11 15:49 - 1734656 _____ () C:\ProgramData\service.exe 2016-03-04 03:00 - 2016-03-11 04:20 - 0011633 _____ () C:\ProgramData\webad.xml 2016-03-04 18:15 - 2016-03-04 18:15 - 0000041 _____ () C:\ProgramData\xcgui_debug.txt 2016-03-04 03:01 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2016-03-04 03:03 - 2016-03-04 02:47 - 0908537 _____ () C:\ProgramData\YSIns.exe 2016-03-04 02:57 - 2016-03-04 02:57 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns com tamanho de zero byte arquivos/pastas: ========================== C:\Windows\kernel32.dll ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll [2011-04-14 21:56] - [2011-04-14 21:56] - 0356352 ____A (Microsoft Corporation) FC4B6ED6E107AA06EB2E58DBCF93FCFE C:\Windows\SysWOW64\dnsapi.dll [2011-04-14 21:56] - [2011-04-14 21:56] - 0269824 ____A (Microsoft Corporation) 3E475D7E6DFE74B7E9491B1D47CF2C14 C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-03-12 15:24 ==================== Fim de FRST.txt ============================