Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 01-03-2017 Executado por User (administrador) em USER-PC (02-03-2017 21:07:48) Executando a partir de C:\Users\User\DOWNLOADS Perfis Carregados: User (Perfis Disponíveis: User) Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Kingsoft Corporation) C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe () C:\Windows\SysWOW64\srvany.exe () C:\Windows\KMService.exe (Crawler Group, LLC) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\lsass.exe" HKLM\...\Policies\Explorer\Run: [10050] => C:\ProgramData\Local Settings\Temp\msbwiig.com [329680 2009-07-13] () HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545056 2017-02-14] (Skype Technologies S.A.) HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\...\CurrentVersion\Windows: [Load] C:\Users\User\LOCALS~1\Temp\msocjvz.com <===== ATENÇÃO HKU\S-1-5-18\...\Run: [helpagent] => "C:\ProgramData\HelpAgent\riaiccape.exe" IFEO\amigo.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\AvastSvc.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\AvastUI.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avcenter.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avconfig.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgcsrvx.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgidsagent.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgnt.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgrsx.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avguard.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avgwdsvc.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avp.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\avscan.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\bdagent.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\blindman.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\ccuac.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\ComboFix.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\egui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\fixmypc.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\hijackthis.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\instup.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\keyscrambler.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbam.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbamgui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbampt.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbamscheduler.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mbamservice.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\MpCmdRun.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\mrt.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\MSASCui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\MsMpEng.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\msseces.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\qkseesvc.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\qqpcnetflow.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\rstrui.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\SDFiles.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\SDMain.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\SDWinSec.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\spybotsd.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\SpyHunter4.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\sunucu.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\usbsrservice.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\wireshark.exe: [Debugger] C:\Windows\System32\svchost.exe IFEO\zlclient.exe: [Debugger] C:\Windows\System32\svchost.exe ShellExecuteHooks: Sem Nome - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\x64explibss.dll [422600 2016-05-30] () GroupPolicy: Restrição <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog9 01 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] () Winsock: Catalog9 02 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] () Winsock: Catalog9 03 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] () Winsock: Catalog9 04 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] () Winsock: Catalog9 05 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] () Winsock: Catalog9 06 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] () Winsock: Catalog9 07 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] () Winsock: Catalog9 08 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] () Winsock: Catalog9 19 C:\Windows\SysWOW64\Conjimaani.dll [283520 2015-08-25] () Winsock: Catalog9 20 C:\Windows\SysWOW64\Fujuni.dll [283472 2015-09-24] () Winsock: Catalog9-x64 01 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] () Winsock: Catalog9-x64 02 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] () Winsock: Catalog9-x64 03 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] () Winsock: Catalog9-x64 04 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] () Winsock: Catalog9-x64 05 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] () Winsock: Catalog9-x64 06 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] () Winsock: Catalog9-x64 07 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] () Winsock: Catalog9-x64 08 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] () Winsock: Catalog9-x64 19 C:\Windows\system32\Conjimaani64.dll [353664 2015-08-25] () Winsock: Catalog9-x64 20 C:\Windows\system32\Fujuni64.dll [353616 2015-09-24] () Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2D1BD0F9-BDE5-46FA-91DD-2993C6703830}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C2A2977B-2602-4DE2-AA5B-008F1CFC6E56}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv5&uid=5VP7GMGZ_ST31000528AS&tm=1437163015 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope valor está ausente SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DzzyD0DyE0CzzyC0DyCzzyDtByByEtBtN0D0Tzu0StCyCzytAtN1L2XzutAtFtByEtFyCtFyBtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2SyCyBtBtD0BtCtA0CtGtA0CzyyDtGtA0F0CtCtGtAyC0A0AtGtD0CtBtCtAtD0AtA0CyE0A0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CyCyC0F0D0B0EtG0DtCyB0CtGyEtDtCyEtGzztBtB0CtGzztCtA0B0A0AyCyB0C0ByCzy2QtN0A0LzuyE%26cr%3D414747096%26a%3Dwbf_bxinw_16_34%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3833082184-3816522200-3702442083-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.google.com/search?q={searchTerms} BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll [2016-04-09] (Crawler Group, LLC) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - Nenhum Arquivo Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin HKU\S-1-5-21-3833082184-3816522200-3702442083-1000: SkypePlugin -> C:\Users\User\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi.dll [2017-02-03] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-3833082184-3816522200-3702442083-1000: SkypePlugin64 -> C:\Users\User\AppData\Local\SkypePlugin\7.31.0.56\npGatewayNpapi-x64.dll [2017-02-03] (Skype Technologies S.A.) Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-03-02] CHR Extension: (Google Apresentações) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-23] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-23] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-01] CHR Extension: (Chrome Safe Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfpoaihndjklkeidejbgjaadeidhfenm [2016-08-01] CHR Extension: (Chamada pelo Skype) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2017-03-02] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-01] CHR Extension: (Planilhas do Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-23] CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-26] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-01] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-10] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-05] CHR HKLM\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - CHR HKU\S-1-5-21-3833082184-3816522200-3702442083-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bmlggjgglgmlgbendppbpmkpakefkmkd] - CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.6G7L2VTQC3VW64P7WMAIBS3FZQ - C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315208 2016-06-14] (Kingsoft Corporation) S3 EFS; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado] R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado] R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-06-24] () [Arquivo não assinado] S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado] S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado] R2 SamSs; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado] R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [3269864 2016-04-09] (Crawler Group, LLC) S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [685960 2016-06-09] (Microsoft Corporation) [Arquivo não assinado] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) S2 gnirygnuiedmonitorservice; "C:\Program Files (x86)\Gnirygnuied\gnirygnuiedmonitorservice.exe32" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X] S2 WMPNetworkAcSvc; "C:\Users\User\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe" [X] ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [34720 2015-09-28] () R3 DroidCam; C:\Windows\System32\DRIVERS\droidcam.sys [33592 2015-10-23] (Dev47Apps) R3 DroidCamVideo; C:\Windows\System32\DRIVERS\droidcamvideo.sys [229432 2015-10-23] (Dev47Apps) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-01] () R3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2016-06-14] (Kingsoft Corporation) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-29] (Visicom Media Inc.) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows (R) Win 7 DDK provider) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () S3 ZSMC211; C:\Windows\System32\Drivers\ZS211.sys [1490176 2007-08-03] (ZSMC.Corporation) [Arquivo não assinado] S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X] S1 {47740c60-b390-40a1-a8a7-55e25d47bfc4}Gw64; system32\drivers\{47740c60-b390-40a1-a8a7-55e25d47bfc4}Gw64.sys [X] S1 {5b7534b8-8ada-410d-839b-4f75203b962c}Gw64; system32\drivers\{5b7534b8-8ada-410d-839b-4f75203b962c}Gw64.sys [X] S1 {6b288563-250f-4a8c-92a6-1ab901744f0b}Gw64; system32\drivers\{6b288563-250f-4a8c-92a6-1ab901744f0b}Gw64.sys [X] S1 {a05c4ed0-c070-4fb6-9bca-daac2a1c031f}Gw64; system32\drivers\{a05c4ed0-c070-4fb6-9bca-daac2a1c031f}Gw64.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três Meses Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-02 21:05 - 2017-03-02 21:07 - 00022207 _____ C:\Users\User\Downloads\FRST.txt 2017-03-02 21:05 - 2017-03-02 21:07 - 00000000 ____D C:\FRST 2017-03-02 21:05 - 2017-03-02 21:06 - 00025101 _____ C:\Users\User\Downloads\Addition.txt 2017-03-02 21:03 - 2017-03-02 21:04 - 02423808 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2017-03-02 21:01 - 2017-03-02 21:02 - 01765888 _____ (Farbar) C:\Users\User\Downloads\FRST.exe 2017-03-02 20:55 - 2017-03-02 20:55 - 00002699 _____ C:\Users\Public\Desktop\Skype.lnk 2017-03-02 20:55 - 2017-03-02 20:55 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-03-02 20:55 - 2017-03-02 20:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2017-03-02 00:44 - 2011-10-20 08:29 - 00000000 ____D C:\Users\User\Desktop\WinLov2.0.9 2017-03-02 00:43 - 2017-03-02 00:44 - 01466671 _____ C:\Users\User\Downloads\WinLov2.0.9.rar 2017-03-02 00:38 - 2017-03-02 00:40 - 15068056 _____ (Microsoft Corporation) C:\Users\User\Downloads\vc_redist.x64.exe 2017-03-02 00:21 - 2017-03-02 00:24 - 14176256 _____ C:\Users\User\Downloads\SkypeWebPlugin (1).msi 2017-03-02 00:17 - 2017-03-02 00:28 - 56756184 _____ (Skype Technologies S.A.) C:\Users\User\Downloads\SkypeSetupFull.exe 2017-03-02 00:17 - 2017-03-02 00:17 - 00003158 _____ C:\Windows\System32\Tasks\{7D955EEE-E4A2-4A8E-9FD3-204DC2931769} 2017-03-02 00:16 - 2017-03-02 00:16 - 00003158 _____ C:\Windows\System32\Tasks\{AAAC0373-A498-419E-9947-4251D2251556} 2017-03-02 00:12 - 2017-03-02 00:52 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2017-03-02 00:12 - 2017-03-02 00:52 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-27 18:21 - 2017-02-27 18:21 - 00306488 _____ C:\Windows\Minidump\022717-19296-01.dmp 2017-02-26 15:31 - 2017-02-27 18:21 - 323517749 _____ C:\Windows\MEMORY.DMP 2017-02-26 15:31 - 2017-02-26 15:31 - 00303888 _____ C:\Windows\Minidump\022617-19625-01.dmp 2017-02-12 11:35 - 2017-02-12 11:36 - 00000000 ____D C:\Users\User\Desktop\EcoSport 2017-01-19 19:55 - 2017-01-19 20:13 - 00000000 ____D C:\Users\User\Desktop\musicas 2017-01-11 18:26 - 2015-03-19 00:07 - 05503416 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-01-11 18:26 - 2015-03-18 23:57 - 03963320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2017-01-11 18:26 - 2015-03-18 23:57 - 03908024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2017-01-11 18:26 - 2014-09-14 21:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-01-11 18:26 - 2013-03-19 02:54 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-01-11 18:26 - 2013-03-19 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2017-01-11 18:26 - 2013-03-19 00:19 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-01-07 00:31 - 2017-01-07 00:31 - 00000000 ____D C:\Windows\PCHEALTH 2017-01-06 23:04 - 2016-06-25 13:03 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\EOSNotify.exe 2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Usuário Padrão\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-06 22:20 - 2017-01-06 22:20 - 00002130 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Usuário Padrão\Desktop\Google Chrome.lnk 2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Default\Desktop\Google Chrome.lnk 2017-01-06 22:20 - 2017-01-06 22:20 - 00002100 _____ C:\Users\Default User\Desktop\Google Chrome.lnk 2017-01-06 22:19 - 2017-01-06 22:19 - 00000000 ____D C:\Windows\system32\%LOCALAPPDATA% 2017-01-06 22:10 - 2012-06-02 19:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2017-01-06 22:10 - 2012-06-02 19:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2017-01-06 22:10 - 2012-06-02 19:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2017-01-06 22:10 - 2012-06-02 19:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2017-01-06 22:10 - 2012-06-02 19:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2017-01-06 22:10 - 2012-06-02 19:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2017-01-06 22:10 - 2012-06-02 19:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2017-01-06 22:09 - 2012-06-02 14:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2017-01-06 22:09 - 2012-06-02 14:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2017-01-06 17:57 - 2017-01-07 11:51 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5 2017-01-06 17:56 - 2017-01-06 17:56 - 30026808 _____ (AVI ReComp Team) C:\Users\User\Downloads\Baixaki_avi-recomp [1].exe 2017-01-06 17:50 - 2017-01-06 17:50 - 01877224 _____ (Fast ) C:\Users\User\Downloads\Baixaki_avi-recomp.exe 2017-01-06 17:45 - 2010-08-11 02:19 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll 2017-01-06 17:45 - 2010-08-11 02:13 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll 2017-01-06 17:45 - 2010-08-11 01:44 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll 2017-01-06 17:45 - 2010-08-11 01:35 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2017-01-06 17:45 - 2010-05-23 07:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2017-01-06 17:45 - 2010-05-23 07:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2017-01-06 17:45 - 2010-05-23 07:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll 2017-01-06 17:45 - 2010-05-23 05:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2017-01-06 17:45 - 2010-05-23 05:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2017-01-06 17:45 - 2010-05-23 05:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll 2017-01-06 17:45 - 2010-05-23 05:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2017-01-06 17:41 - 2017-01-06 17:41 - 00000000 ____D C:\Users\Todos os Usuários\AVAST Software 2017-01-06 17:41 - 2017-01-06 17:41 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-06 17:40 - 2017-01-06 17:40 - 01242312 _____ (Microsoft Corporation) C:\Users\User\Downloads\Baixaki_windows-movie-maker [1].exe 2017-01-06 17:37 - 2017-01-06 17:37 - 01877224 _____ (Fast ) C:\Users\User\Downloads\Baixaki_windows-movie-maker.exe 2017-01-06 17:35 - 2017-01-06 17:35 - 01242312 _____ (Microsoft Corporation) C:\Users\User\Downloads\wlsetup-web.exe 2016-12-16 18:24 - 2016-12-18 21:49 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA ==================== Três Meses Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2017-03-02 20:55 - 2015-06-28 23:11 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2017-03-02 20:55 - 2015-06-28 23:11 - 00000000 ____D C:\ProgramData\Skype 2017-03-02 20:55 - 2009-07-14 01:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-02 20:55 - 2009-07-14 01:45 - 00016032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-02 20:52 - 2009-07-29 13:08 - 00004086 _____ C:\Windows\system32\prfh0416.dat 2017-03-02 20:52 - 2009-07-29 13:08 - 00003894 _____ C:\Windows\system32\prfc0416.dat 2017-03-02 20:52 - 2009-07-14 02:13 - 00673076 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-02 20:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2017-03-02 20:48 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-02 20:47 - 2015-06-24 23:07 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2017-03-02 00:45 - 2016-08-20 15:28 - 00002431 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2017-03-02 00:45 - 2016-07-04 18:08 - 00001125 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-03-02 00:45 - 2016-07-04 18:08 - 00001095 _____ C:\Users\User\Desktop\Google Chrome.lnk 2017-03-02 00:12 - 2015-06-28 23:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype 2017-03-01 23:52 - 2015-11-21 18:52 - 00000035 _____ C:\Users\Todos os Usuários\droidcam-settings 2017-03-01 23:52 - 2015-11-21 18:52 - 00000035 _____ C:\ProgramData\droidcam-settings 2017-02-27 18:21 - 2015-07-09 17:26 - 00000000 ____D C:\Windows\Minidump 2017-02-25 21:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\LiveKernelReports 2017-02-23 18:16 - 2009-07-14 02:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-13 21:11 - 2016-04-05 20:11 - 00000000 ____D C:\Users\User\Desktop\MILENA 2017-02-12 11:36 - 2015-09-03 18:01 - 00000000 ____D C:\Users\User\Desktop\Camera ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-30 18:08 - 2016-05-30 18:08 - 6859776 _____ () C:\Users\User\AppData\Roaming\agent.dat 2016-05-30 18:07 - 2016-05-30 18:07 - 0054272 _____ () C:\Users\User\AppData\Roaming\ApplicationHosting.dat 2011-02-16 03:00 - 2011-02-16 03:00 - 0587363 _____ () C:\Users\User\AppData\Roaming\Bosun.3Wu 2016-05-30 18:08 - 2016-05-30 18:08 - 0067776 _____ () C:\Users\User\AppData\Roaming\Config.xml 2016-06-05 23:35 - 2016-06-05 17:23 - 0463376 ___SH () C:\Users\User\AppData\Roaming\CVBKANYZAJcE 2016-05-30 18:04 - 2016-05-30 18:05 - 0019296 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml 2016-05-30 18:04 - 2016-05-30 18:04 - 0128512 _____ () C:\Users\User\AppData\Roaming\Installer.dat 2016-06-09 00:36 - 2016-06-08 23:31 - 0860176 ___SH () C:\Users\User\AppData\Roaming\JDDTIZhfJWJD 2016-05-30 18:07 - 2016-05-30 18:07 - 0126464 _____ () C:\Users\User\AppData\Roaming\lobby.dat 2016-05-30 18:08 - 2016-05-30 18:08 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat 2016-05-30 18:07 - 2016-05-30 18:08 - 0005568 _____ () C:\Users\User\AppData\Roaming\md.xml 2016-06-04 21:12 - 2016-06-04 21:12 - 0414720 _____ (Basic) C:\Users\User\AppData\Roaming\MySQL.exe 2016-06-05 22:37 - 2016-06-09 20:01 - 0000000 _____ () C:\Users\User\AppData\Roaming\mysqld.exe 2016-05-30 18:08 - 2016-05-30 18:08 - 0126464 _____ () C:\Users\User\AppData\Roaming\noah.dat 2016-06-09 18:57 - 2016-06-09 18:57 - 0041472 _____ (Google Inc.) C:\Users\User\AppData\Roaming\ProxySettings.dll 2016-05-30 18:06 - 2016-05-30 18:06 - 0076565 _____ () C:\Users\User\AppData\Roaming\RedIty.bin 2016-05-30 18:07 - 2016-05-30 18:04 - 0782848 _____ () C:\Users\User\AppData\Roaming\Roundhold.exe 2016-05-30 18:08 - 2016-05-30 18:08 - 1756999 _____ () C:\Users\User\AppData\Roaming\Roundhold.tst 2005-07-17 02:00 - 2005-07-17 02:00 - 0001673 _____ () C:\Users\User\AppData\Roaming\Schlumbergera.vEu 2016-06-09 00:36 - 2016-06-07 20:44 - 1492992 ___SH () C:\Users\User\AppData\Roaming\Spread1.exe 2016-05-30 18:07 - 2016-05-30 18:04 - 0782848 _____ () C:\Users\User\AppData\Roaming\Stronglux.exe 2016-05-30 18:07 - 2016-05-30 18:07 - 0072820 _____ () C:\Users\User\AppData\Roaming\Stronglux.tst 2016-05-30 18:10 - 2016-05-30 18:10 - 2279413 _____ () C:\Users\User\AppData\Roaming\Tindox.bin 2016-05-30 18:06 - 2016-05-30 18:06 - 0848437 _____ () C:\Users\User\AppData\Roaming\True-Tough.bin 2016-06-04 21:12 - 2016-06-04 21:12 - 0000001 _____ () C:\Users\User\AppData\Roaming\uZOkAB 2009-07-13 17:46 - 2009-06-10 18:23 - 1169224 _____ (Microsoft Corporation) C:\Users\User\AppData\Roaming\verclsid.exe 2016-06-09 00:36 - 2016-06-08 23:31 - 0048666 ___SH () C:\Users\User\AppData\Roaming\XDYXaCGfXTDMIdceBOI 2016-06-05 23:35 - 2016-06-05 17:24 - 0029619 ___SH () C:\Users\User\AppData\Roaming\ZXAENWNOFiQeKTFfgQK 2016-06-05 23:35 - 2016-06-05 17:24 - 0750320 ___SH (AutoIt Team) C:\Users\User\AppData\Roaming\ZXAENWNOFiQeKTFfgQKUH.exe 2016-06-05 23:04 - 2016-06-14 23:10 - 0007600 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg 2015-11-21 18:52 - 2017-03-01 23:52 - 0000035 _____ () C:\ProgramData\droidcam-settings ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente ATENÇÃO: ==> Não foi possível acessar BCD. LastRegBack: 2017-02-22 21:41 ==================== Fim de FRST.txt ============================