Publicité
Publicité
Format du document : text/plain
Prévisualisation
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Nsaewloufi\1.0.7.1\rarnehel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Users\Sr.Lé\AppData\Roaming\msiql.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VLOME) C:\ProgramData\Windows Update\tmp\msdtc-.exe
() C:\Windows\System32\config\systemprofile\AppData\Local\Setup Wizard\9d59c4d8-6e8b-4aa0-84e0-286d9229dc3e\ytdiegut_gutdc_inst.exe
() C:\Windows\System32\config\systemprofile\AppData\Local\Setup Wizard\9d59c4d8-6e8b-4aa0-84e0-286d9229dc3e\ytdiegut_gutdc_inst.exe
() C:\Program Files\Common Files\ShopperPro3\spbiu.exe
() C:\Program Files\YTDownloader\BrowserHelperSrv.exe
(Goobzo) C:\Program Files\YTDownloader\BrowserHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MediaDownloader ) C:\Windows\System32\config\systemprofile\Downloads\MediaDownloader.exe
() C:\Windows\Temp\is-53CHV.tmp\MediaDownloader.tmp
(PAVVXA) C:\Windows\System32\config\systemprofile\AppData\Local\PriceFountain\pricefountain.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LightGate] => C:\Users\SR9C9E~1.L\AppData\Local\Temp\LightGate.exe <===== ATENÇÃO
HKLM\...\Run: [QualityChecker] => C:\Program Files\QualityChecker\QC.exe
HKLM\...\Run: [SPDriver] => C:\Program Files\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.exe [2720256 2015-12-21] ()
HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader)
HKLM\...\RunOnce: [PriceFountain] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat"
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [Pulse Ambassador Update Setup for All Users] => C:\ProgramData\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe [2768848 2009-05-13] (Pulse Microsystems Ltd. )
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [YeaInstaller] => C:\Users\Sr.Lé\AppData\Local\Temp\UIDT6NRE0.exe <===== ATENÇÃO
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [-] => C:\Users\Sr.Lé\AppData\Roaming\msiql.exe [2413056 2016-01-08] ()
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\E65602AFF61208B55B30B58739BDA171.dll Start /RUNNING
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe [2980352 2016-01-08] (VLOME)
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [SPDriver] => C:\Program Files\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.exe [2720256 2015-12-21] ()
HKU\S-1-5-18\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader)
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_4E202690D92BC4322707FE633063A64A] => C:\Windows\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-18\...\RunOnce: [PriceFountain] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7B537619-E40B-4101-A0D0-F3D66F8AEAB6}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=ST3160815AS_9RX3K6EHXXXX9RX3K6EH&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=ST3160815AS_9RX3K6EHXXXX9RX3K6EH&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_5&ent=hp_5153&src=5153
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11PTBR/MSE_WCP
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130928572824970599&GUID=0949E484-A77A-4659-9939-9B78E3F4C1B2
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130928572824970599&GUID=0949E484-A77A-4659-9939-9B78E3F4C1B2
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh
HKU\S-1-5-21-704598374-2766705861-294957788-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
URLSearchHook: HKLM -> Padrão = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {E7F1B9FB-B0C5-4522-B331-2518AD356FE3} URL =
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyEtD0AyBtCtDzy0FtDyE0AyB0BzztN0D0Tzu0StCyEyCzytN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtDyBtDtAyBtB0EtGtCtBtB0EtGtB0CyEtCtGyDtAtByBtGyEzyyCtByEyE0BtAyB0A0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Fzy0E0C0DyD0FtGtCtA0FtCtGyE0E0E0EtG0BtAtBtDtGtCyCyE0D0BzytDyB0A0D0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1302124209%26a%3Dwbf_nwmeddnld_16_01%26os_ver%3D6.1%26os%3DWindows%2B7%2BStarter&p={searchTerms}
SearchScopes: HKLM -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyEtD0AyBtCtDzy0FtDyE0AyB0BzztN0D0Tzu0StCyEyCzytN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtDyBtDtAyBtB0EtGtCtBtB0EtGtB0CyEtCtGyDtAtByBtGyEzyyCtByEyE0BtAyB0A0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Fzy0E0C0DyD0FtGtCtA0FtCtGyE0E0E0EtG0BtAtBtDtGtCyCyE0D0BzytDyB0A0D0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1302124209%26a%3Dwbf_nwmeddnld_16_01%26os_ver%3D6.1%26os%3DWindows%2B7%2BStarter&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyEtD0AyBtCtDzy0FtDyE0AyB0BzztN0D0Tzu0StCyEyCzytN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtDyBtDtAyBtB0EtGtCtBtB0EtGtB0CyEtCtGyDtAtByBtGyEzyyCtByEyE0BtAyB0A0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Fzy0E0C0DyD0FtGtCtA0FtCtGyE0E0E0EtG0BtAtBtDtGtCyCyE0D0BzytDyB0A0D0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1302124209%26a%3Dwbf_nwmeddnld_16_01%26os_ver%3D6.1%26os%3DWindows%2B7%2BStarter&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_5&ent=ch_5153&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh&ts=1432248881
SearchScopes: HKU\.DEFAULT -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh&ts=1432248881
SearchScopes: HKU\S-1-5-19 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh&ts=1432248881
SearchScopes: HKU\S-1-5-20 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> DefaultScope {E7F1B9FB-B0C5-4522-B331-2518AD356FE3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {29736ECB-0BC2-4CFA-BC56-93D686B8DCAE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {2B72FB00-532A-401D-A63C-960F4535C284} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {E7F1B9FB-B0C5-4522-B331-2518AD356FE3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL =
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro3\ShopperPro3.dll [2015-12-21] ()
BHO: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Windows\system32\config\systemprofile\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-06-18] ()
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKU\.DEFAULT\...\Firefox\Extensions: [{58931F90-7418-F91C-7D0E-6744BB523292}] - C:\Program Files\version09CheckMeUp\194.xpi => não encontrado (a)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> mpc safe search
CHR Profile: C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Planilhas do Google) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (Documentos Google off-line) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-10-22] ()
S2 GoogleChromeUpService; C:\ProgramData\Windows Update\upgsvr.exe [2786816 2016-01-08] (TODO: ) [Arquivo não assinado]
S2 GoogleChromeUpServlce; C:\ProgramData\Windows Update\upgsvr.exe [2786816 2016-01-08] (TODO: ) [Arquivo não assinado]
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [349152 2016-01-09] (DotC United Inc)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro3\spbiu.exe [942592 2015-12-21] () [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-01-09] (DotC United Inc)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-01-09] (DotC United Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl347a437c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{600CE085-0EC4-4DCB-A508-B90043AC8CBF}\MpKsl347a437c.sys [39168 2016-01-09] (Microsoft Corporation)
S1 MpKslafeb462e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{600CE085-0EC4-4DCB-A508-B90043AC8CBF}\MpKslafeb462e.sys [39168 2016-01-09] (Microsoft Corporation)
R2 sbmntr; C:\Program Files\YTDownloader\sbmntr.sys [49824 2015-10-22] (YTDownloader)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro3\spbiw.sys [25600 2015-12-21] () [Arquivo não assinado]
R2 SPDRIVER_1.42.1.10630; C:\Program Files\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.sys [32256 2015-12-21] () [Arquivo não assinado]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 {821dfe16-630c-4e2a-bf74-7beaf24cb039}Gw; C:\Windows\System32\drivers\{821dfe16-630c-4e2a-bf74-7beaf24cb039}Gw.sys [43152 2016-01-09] (StdLib)
S1 gosaferdrv; system32\drivers\gosaferdrv.sys [X]
S1 itdrvr_vt_1_10_0_25; system32\drivers\itdrvr_vt_1_10_0_25.sys [X]
S1 mosfilterdrv; system32\drivers\mosfilterdrv.sys [X]
S2 NPF; \??\C:\Program Files\UPCleaner\1.3.52.14692\npf.sys [X]
S3 protect; \??\C:\Program Files\QualityChecker\qc.sys [X]
S1 ssfilterdrv; system32\drivers\ssfilterdrv.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
S1 UGBroMon; \??\C:\Program Files\UPCleaner\1.3.52.14692\UGBroMon.sys [X]
S1 UGKrnlDrv; \??\C:\Program Files\UPCleaner\1.3.52.14692\UGKrnlDrv.sys [X]
S1 UGProtect; \??\C:\Program Files\UPCleaner\1.3.52.14692\UGProtect.sys [X]
S2 UPKernel; \??\C:\Program Files\UPCleaner\1.3.52.14692\UPKernel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-09 22:33 - 2016-01-09 22:33 - 00019564 _____ C:\Users\Sr.Lé\Downloads\FRST.txt
2016-01-09 22:33 - 2016-01-09 22:33 - 00000000 ____D C:\FRST
2016-01-09 22:32 - 2016-01-09 22:32 - 01721856 _____ (Farbar) C:\Users\Sr.Lé\Downloads\FRST.exe
2016-01-09 22:05 - 2016-01-09 22:22 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-01-09 21:55 - 2016-01-09 21:55 - 00440392 _____ (Plumbytes Software) C:\Users\Sr.Lé\Downloads\antimalware-setup (1).exe
2016-01-09 21:55 - 2016-01-09 21:55 - 00057560 _____ C:\Users\Sr.Lé\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-09 21:55 - 2016-01-09 21:55 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-01-09 21:33 - 2016-01-09 21:33 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Sr.Lé\Downloads\SpyHunter-Installer.exe
2016-01-09 21:29 - 2016-01-09 21:29 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\Chromium
2016-01-09 21:27 - 2016-01-09 21:27 - 00002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-01-09 21:25 - 2016-01-09 21:30 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\BrowserHelper
2016-01-09 21:24 - 2016-01-09 21:25 - 00000000 ____D C:\Program Files\YTDownloader
2016-01-09 21:24 - 2016-01-09 21:24 - 00000000 ____D C:\Program Files\Common Files\ShopperPro3
2016-01-09 21:23 - 2016-01-09 21:24 - 00000000 ____D C:\Program Files\ShopperPro3
2016-01-09 21:21 - 2016-01-09 21:21 - 00001687 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\Program Files\osTip
2016-01-09 20:55 - 2016-01-09 21:05 - 00000000 ____D C:\Program Files\MPC AdCleaner
2016-01-09 20:55 - 2016-01-09 20:55 - 00000354 _____ C:\Windows\Tasks\MPC AdCleaner.job
2016-01-09 20:42 - 2016-01-09 21:24 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro3
2016-01-09 20:42 - 2016-01-09 21:24 - 00000000 ____D C:\ProgramData\ShopperPro3
2016-01-09 20:40 - 2015-11-14 21:07 - 02496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_12345.exe
2016-01-09 20:08 - 2016-01-09 20:08 - 00000000 ____D C:\Users\Todos os Usuários\Nsaewloufi
2016-01-09 20:08 - 2016-01-09 20:08 - 00000000 ____D C:\ProgramData\Nsaewloufi
2016-01-09 20:07 - 2016-01-09 20:06 - 00052968 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-01-09 20:07 - 2016-01-09 20:06 - 00029032 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys
2016-01-09 20:06 - 2016-01-09 21:27 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-01-09 20:06 - 2016-01-09 21:27 - 00000286 __RSH C:\ProgramData\ntuser.pol
2016-01-09 20:06 - 2016-01-09 20:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2016-01-09 20:04 - 2016-01-09 13:27 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{821dfe16-630c-4e2a-bf74-7beaf24cb039}Gw.sys
2016-01-09 19:58 - 2016-01-09 21:29 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-01-09 19:57 - 2016-01-09 19:57 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\macpromosoft
2016-01-09 19:56 - 2016-01-09 19:56 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3
2016-01-09 19:54 - 2016-01-09 20:38 - 00000000 ____D C:\Program Files\Web Amplified
2016-01-09 19:54 - 2016-01-09 20:00 - 00000000 ____D C:\Users\Sr.Lé\AppData\Roaming\LightGate
2016-01-09 19:53 - 2016-01-09 19:53 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\libeay32.dll
2016-01-09 19:53 - 2016-01-09 19:53 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\ssleay32.dll
2016-01-09 19:52 - 2016-01-09 19:52 - 00000000 ____D C:\Users\Sr.Lé\AppData\Roaming\UG
2016-01-09 19:52 - 2016-01-09 19:52 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\Yeaplayer
2016-01-09 19:52 - 2016-01-09 19:52 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-01-09 19:52 - 2016-01-09 19:51 - 01746288 _____ C:\Users\Sr.Lé\AppData\Roaming\0bc8d4b271ce.exe
2016-01-09 19:52 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\Sr.Lé\AppData\Roaming\download.exe
2016-01-09 19:51 - 2016-01-09 21:21 - 00004782 _____ C:\Users\Sr.Lé\AppData\Roaming\webad.xml
2016-01-09 19:51 - 2016-01-09 20:24 - 00000000 ____D C:\Program Files\UPCleaner
2016-01-09 19:51 - 2016-01-09 20:03 - 00000000 _____ C:\Users\Sr.Lé\AppData\Roaming\svrupg.exe
2016-01-09 19:51 - 2016-01-08 11:10 - 02413056 _____ C:\Users\Sr.Lé\AppData\Roaming\msiql.exe
2016-01-09 19:51 - 2015-11-30 15:45 - 02496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_51479.exe
2016-01-09 19:50 - 2016-01-09 19:51 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-01-09 19:50 - 2016-01-09 19:51 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-09 19:50 - 2016-01-09 19:50 - 00000015 _____ C:\Users\Sr.Lé\Downloads\config.conf
2016-01-09 19:50 - 2016-01-09 19:50 - 00000014 _____ C:\Windows\system32\config.cfg
2016-01-09 19:50 - 2016-01-08 23:13 - 02786816 _____ (TODO: ) C:\Users\Sr.Lé\AppData\Roaming\upgsvr.exe
2016-01-09 19:47 - 2016-01-09 21:45 - 03416928 _____ (Enstella PST Recovery DEMO ) C:\Users\Sr.Lé\Downloads\wilcom embroidery studio_10924_i118821255_il345.exe
2016-01-09 19:46 - 2016-01-09 19:46 - 03417128 _____ C:\Users\Sr.Lé\Downloads\wilcom+embroidery+studio.zip-.zip
2016-01-09 19:24 - 2016-01-09 19:24 - 00963968 _____ (Internet ) C:\Users\Sr.Lé\Downloads\setup.exe
2016-01-09 17:36 - 2016-01-09 17:40 - 00000000 ____D C:\Users\Sr.Lé\AppData\LocalLow\uTorrent
2016-01-09 17:34 - 2016-01-09 17:34 - 02026520 _____ (BitTorrent Inc.) C:\Users\Sr.Lé\Downloads\uTorrent_3-4-5-build-41372.exe
2016-01-09 11:18 - 2016-01-09 11:18 - 00074862 _____ C:\Users\Sr.Lé\Downloads\APLIQUE INF 10 2014 10CMpes.PES
2016-01-09 11:17 - 2016-01-09 11:17 - 00153774 _____ C:\Users\Sr.Lé\Downloads\coraçãoCRIVO.pes
2016-01-08 20:05 - 2016-01-08 20:21 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Matrizes Clientes
2016-01-08 18:57 - 2016-01-08 18:58 - 00455205 _____ C:\Users\Sr.Lé\Downloads\cao2.pes
2016-01-07 00:24 - 2016-01-08 18:46 - 00531786 _____ C:\Users\Sr.Lé\Downloads\cao.pes
2016-01-06 18:38 - 2016-01-07 00:50 - 00013849 _____ C:\Users\Sr.Lé\Downloads\JEFERSON.pes
2016-01-06 16:54 - 2016-01-08 20:53 - 00110088 _____ C:\Users\Sr.Lé\Downloads\ESC.pes
2015-12-30 00:14 - 2015-12-30 00:14 - 00000081 _____ C:\Users\Sr.Lé\Desktop\canal youtube.txt
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-09 22:33 - 2009-07-14 00:37 - 00000000 ____D C:\Windows
2016-01-09 22:04 - 2011-02-04 15:30 - 01521924 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-09 22:04 - 2009-07-14 06:31 - 00663606 _____ C:\Windows\system32\prfh0416.dat
2016-01-09 22:04 - 2009-07-14 06:31 - 00127896 _____ C:\Windows\system32\prfc0416.dat
2016-01-09 22:04 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf
2016-01-09 21:40 - 2015-06-02 22:04 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 21:29 - 2009-07-14 02:34 - 00010272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 21:29 - 2009-07-14 02:34 - 00010272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 21:22 - 2009-07-14 02:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-09 21:21 - 2015-06-02 22:04 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 21:20 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-09 20:55 - 2011-02-04 15:58 - 00000000 ____D C:\Windows\Panther
2016-01-09 20:28 - 2015-05-20 20:52 - 00000000 ____D C:\Program Files\CCleaner
2016-01-09 20:05 - 2009-07-14 00:04 - 00000505 _____ C:\Windows\win.ini
2016-01-09 19:52 - 2009-07-14 00:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-08 14:23 - 2015-12-03 17:28 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Bordados Lu
2016-01-04 20:04 - 2015-11-02 17:37 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Trabalhos Lu
2015-12-30 00:39 - 2015-11-02 17:41 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Ideias Lu
2015-12-23 14:27 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-16 20:44 - 2015-10-31 19:24 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-11 10:19 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\rescache
==================== Arquivos na raiz de alguns diretórios =======
2016-01-09 19:52 - 2016-01-09 19:51 - 1746288 _____ () C:\Users\Sr.Lé\AppData\Roaming\0bc8d4b271ce.exe
2016-01-09 19:52 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\Sr.Lé\AppData\Roaming\download.exe
2016-01-09 19:53 - 2016-01-09 19:53 - 0621568 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\libeay32.dll
2016-01-09 19:51 - 2016-01-08 11:10 - 2413056 _____ () C:\Users\Sr.Lé\AppData\Roaming\msiql.exe
2016-01-09 19:53 - 2016-01-09 19:53 - 0162304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\ssleay32.dll
2016-01-09 19:51 - 2016-01-09 20:03 - 0000000 _____ () C:\Users\Sr.Lé\AppData\Roaming\svrupg.exe
2016-01-09 19:50 - 2016-01-08 23:13 - 2786816 _____ (TODO: ) C:\Users\Sr.Lé\AppData\Roaming\upgsvr.exe
2016-01-09 19:51 - 2016-01-09 21:21 - 0004782 _____ () C:\Users\Sr.Lé\AppData\Roaming\webad.xml
2016-01-09 20:40 - 2015-11-14 21:07 - 2496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_12345.exe
2016-01-09 19:51 - 2015-11-30 15:45 - 2496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_51479.exe
2015-06-13 01:22 - 2015-06-13 01:22 - 0007600 _____ () C:\Users\Sr.Lé\AppData\Local\Resmon.ResmonCfg
2015-10-31 19:16 - 2015-10-31 19:16 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\C__Users_Sr.Lé_AppData_Local_Temp_wzee94_RealHideIP.exe
C:\ProgramData\C__Users_Sr.Lé_Documents_RealHideIP.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\C__Users_Sr.Lé_AppData_Local_Temp_wzee94_RealHideIP.exe
C:\Users\Todos os Usuários\C__Users_Sr.Lé_Documents_RealHideIP.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-01-09 11:37
==================== Fim de FRST.txt ============================
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\ProgramData\Nsaewloufi\1.0.7.1\rarnehel.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Users\Sr.Lé\AppData\Roaming\msiql.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(VLOME) C:\ProgramData\Windows Update\tmp\msdtc-.exe
() C:\Windows\System32\config\systemprofile\AppData\Local\Setup Wizard\9d59c4d8-6e8b-4aa0-84e0-286d9229dc3e\ytdiegut_gutdc_inst.exe
() C:\Windows\System32\config\systemprofile\AppData\Local\Setup Wizard\9d59c4d8-6e8b-4aa0-84e0-286d9229dc3e\ytdiegut_gutdc_inst.exe
() C:\Program Files\Common Files\ShopperPro3\spbiu.exe
() C:\Program Files\YTDownloader\BrowserHelperSrv.exe
(Goobzo) C:\Program Files\YTDownloader\BrowserHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(MediaDownloader ) C:\Windows\System32\config\systemprofile\Downloads\MediaDownloader.exe
() C:\Windows\Temp\is-53CHV.tmp\MediaDownloader.tmp
(PAVVXA) C:\Windows\System32\config\systemprofile\AppData\Local\PriceFountain\pricefountain.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LightGate] => C:\Users\SR9C9E~1.L\AppData\Local\Temp\LightGate.exe <===== ATENÇÃO
HKLM\...\Run: [QualityChecker] => C:\Program Files\QualityChecker\QC.exe
HKLM\...\Run: [SPDriver] => C:\Program Files\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.exe [2720256 2015-12-21] ()
HKLM\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader)
HKLM\...\RunOnce: [PriceFountain] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat"
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [Pulse Ambassador Update Setup for All Users] => C:\ProgramData\{A91C477B-655B-4FEA-8B8E-CC6820970F3A}\setup.exe [2768848 2009-05-13] (Pulse Microsystems Ltd. )
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [YeaInstaller] => C:\Users\Sr.Lé\AppData\Local\Temp\UIDT6NRE0.exe <===== ATENÇÃO
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [-] => C:\Users\Sr.Lé\AppData\Roaming\msiql.exe [2413056 2016-01-08] ()
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\E65602AFF61208B55B30B58739BDA171.dll Start /RUNNING
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Run: [Pritc] => c:\programdata\windows update\tmp\msdtc-.exe [2980352 2016-01-08] (VLOME)
HKU\S-1-5-21-704598374-2766705861-294957788-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [SPDriver] => C:\Program Files\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.exe [2720256 2015-12-21] ()
HKU\S-1-5-18\...\Run: [YTDownloader] => C:\Program Files\YTDownloader\YTDownloader.exe [1991600 2015-10-22] (YTDownloader)
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_4E202690D92BC4322707FE633063A64A] => C:\Windows\system32\config\systemprofile\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-18\...\RunOnce: [PriceFountain] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Windows\system32\config\SYSTEM~1\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Nenhum Arquivo
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7B537619-E40B-4101-A0D0-F3D66F8AEAB6}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=ST3160815AS_9RX3K6EHXXXX9RX3K6EH&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=ST3160815AS_9RX3K6EHXXXX9RX3K6EH&version=2.3.0.8724&pid=414031160&tid=428&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_5&ent=hp_5153&src=5153
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11PTBR/MSE_WCP
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130928572824970599&GUID=0949E484-A77A-4659-9939-9B78E3F4C1B2
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130928572824970599&GUID=0949E484-A77A-4659-9939-9B78E3F4C1B2
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_medium=iSafe&from=iSafe&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh
HKU\S-1-5-21-704598374-2766705861-294957788-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
URLSearchHook: HKLM -> Padrão = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScope {E7F1B9FB-B0C5-4522-B331-2518AD356FE3} URL =
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyEtD0AyBtCtDzy0FtDyE0AyB0BzztN0D0Tzu0StCyEyCzytN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtDyBtDtAyBtB0EtGtCtBtB0EtGtB0CyEtCtGyDtAtByBtGyEzyyCtByEyE0BtAyB0A0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Fzy0E0C0DyD0FtGtCtA0FtCtGyE0E0E0EtG0BtAtBtDtGtCyCyE0D0BzytDyB0A0D0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1302124209%26a%3Dwbf_nwmeddnld_16_01%26os_ver%3D6.1%26os%3DWindows%2B7%2BStarter&p={searchTerms}
SearchScopes: HKLM -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyEtD0AyBtCtDzy0FtDyE0AyB0BzztN0D0Tzu0StCyEyCzytN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtDyBtDtAyBtB0EtGtCtBtB0EtGtB0CyEtCtGyDtAtByBtGyEzyyCtByEyE0BtAyB0A0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Fzy0E0C0DyD0FtGtCtA0FtCtGyE0E0E0EtG0BtAtBtDtGtCyCyE0D0BzytDyB0A0D0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1302124209%26a%3Dwbf_nwmeddnld_16_01%26os_ver%3D6.1%26os%3DWindows%2B7%2BStarter&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_nwmeddnld_16_01¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDyEtD0AyBtCtDzy0FtDyE0AyB0BzztN0D0Tzu0StCyEyCzytN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEtDyBtDtAyBtB0EtGtCtBtB0EtGtB0CyEtCtGyDtAtByBtGyEzyyCtByEyE0BtAyB0A0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0Fzy0E0C0DyD0FtGtCtA0FtCtGyE0E0E0EtG0BtAtBtDtGtCyCyE0D0BzytDyB0A0D0E0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1302124209%26a%3Dwbf_nwmeddnld_16_01%26os_ver%3D6.1%26os%3DWindows%2B7%2BStarter&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_5&ent=ch_5153&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh&ts=1432248881
SearchScopes: HKU\.DEFAULT -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh&ts=1432248881
SearchScopes: HKU\S-1-5-19 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=st3160815as_9rx3k6ehxxxx9rx3k6eh&ts=1432248881
SearchScopes: HKU\S-1-5-20 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> DefaultScope {E7F1B9FB-B0C5-4522-B331-2518AD356FE3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {29736ECB-0BC2-4CFA-BC56-93D686B8DCAE} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {2B72FB00-532A-401D-A63C-960F4535C284} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {E7F1B9FB-B0C5-4522-B331-2518AD356FE3} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-704598374-2766705861-294957788-1000 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL =
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro3\ShopperPro3.dll [2015-12-21] ()
BHO: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Windows\system32\config\systemprofile\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-06-18] ()
FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKU\.DEFAULT\...\Firefox\Extensions: [{58931F90-7418-F91C-7D0E-6744BB523292}] - C:\Program Files\version09CheckMeUp\194.xpi => não encontrado (a)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> mpc safe search
CHR Profile: C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Google Docs) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Google Drive) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Google Search) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Planilhas do Google) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (Documentos Google off-line) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-09]
CHR Extension: (Gmail) - C:\Users\Sr.Lé\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 BrsHelper; C:\Program Files\YTDownloader\BrowserHelperSrv.exe [112560 2015-10-22] ()
S2 GoogleChromeUpService; C:\ProgramData\Windows Update\upgsvr.exe [2786816 2016-01-08] (TODO: ) [Arquivo não assinado]
S2 GoogleChromeUpServlce; C:\ProgramData\Windows Update\upgsvr.exe [2786816 2016-01-08] (TODO: ) [Arquivo não assinado]
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [349152 2016-01-09] (DotC United Inc)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro3\spbiu.exe [942592 2015-12-21] () [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-01-09] (DotC United Inc)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-01-09] (DotC United Inc)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl347a437c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{600CE085-0EC4-4DCB-A508-B90043AC8CBF}\MpKsl347a437c.sys [39168 2016-01-09] (Microsoft Corporation)
S1 MpKslafeb462e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{600CE085-0EC4-4DCB-A508-B90043AC8CBF}\MpKslafeb462e.sys [39168 2016-01-09] (Microsoft Corporation)
R2 sbmntr; C:\Program Files\YTDownloader\sbmntr.sys [49824 2015-10-22] (YTDownloader)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro3\spbiw.sys [25600 2015-12-21] () [Arquivo não assinado]
R2 SPDRIVER_1.42.1.10630; C:\Program Files\ShopperPro3\JSDriver\1.42.1.10630\jsdrv.sys [32256 2015-12-21] () [Arquivo não assinado]
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 {821dfe16-630c-4e2a-bf74-7beaf24cb039}Gw; C:\Windows\System32\drivers\{821dfe16-630c-4e2a-bf74-7beaf24cb039}Gw.sys [43152 2016-01-09] (StdLib)
S1 gosaferdrv; system32\drivers\gosaferdrv.sys [X]
S1 itdrvr_vt_1_10_0_25; system32\drivers\itdrvr_vt_1_10_0_25.sys [X]
S1 mosfilterdrv; system32\drivers\mosfilterdrv.sys [X]
S2 NPF; \??\C:\Program Files\UPCleaner\1.3.52.14692\npf.sys [X]
S3 protect; \??\C:\Program Files\QualityChecker\qc.sys [X]
S1 ssfilterdrv; system32\drivers\ssfilterdrv.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
S1 UGBroMon; \??\C:\Program Files\UPCleaner\1.3.52.14692\UGBroMon.sys [X]
S1 UGKrnlDrv; \??\C:\Program Files\UPCleaner\1.3.52.14692\UGKrnlDrv.sys [X]
S1 UGProtect; \??\C:\Program Files\UPCleaner\1.3.52.14692\UGProtect.sys [X]
S2 UPKernel; \??\C:\Program Files\UPCleaner\1.3.52.14692\UPKernel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-09 22:33 - 2016-01-09 22:33 - 00019564 _____ C:\Users\Sr.Lé\Downloads\FRST.txt
2016-01-09 22:33 - 2016-01-09 22:33 - 00000000 ____D C:\FRST
2016-01-09 22:32 - 2016-01-09 22:32 - 01721856 _____ (Farbar) C:\Users\Sr.Lé\Downloads\FRST.exe
2016-01-09 22:05 - 2016-01-09 22:22 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-01-09 21:55 - 2016-01-09 21:55 - 00440392 _____ (Plumbytes Software) C:\Users\Sr.Lé\Downloads\antimalware-setup (1).exe
2016-01-09 21:55 - 2016-01-09 21:55 - 00057560 _____ C:\Users\Sr.Lé\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-09 21:55 - 2016-01-09 21:55 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-01-09 21:33 - 2016-01-09 21:33 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Sr.Lé\Downloads\SpyHunter-Installer.exe
2016-01-09 21:29 - 2016-01-09 21:29 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\Chromium
2016-01-09 21:27 - 2016-01-09 21:27 - 00002508 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-01-09 21:25 - 2016-01-09 21:30 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\BrowserHelper
2016-01-09 21:24 - 2016-01-09 21:25 - 00000000 ____D C:\Program Files\YTDownloader
2016-01-09 21:24 - 2016-01-09 21:24 - 00000000 ____D C:\Program Files\Common Files\ShopperPro3
2016-01-09 21:23 - 2016-01-09 21:24 - 00000000 ____D C:\Program Files\ShopperPro3
2016-01-09 21:21 - 2016-01-09 21:21 - 00001687 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-01-09 21:21 - 2016-01-09 21:21 - 00000000 ____D C:\Program Files\osTip
2016-01-09 20:55 - 2016-01-09 21:05 - 00000000 ____D C:\Program Files\MPC AdCleaner
2016-01-09 20:55 - 2016-01-09 20:55 - 00000354 _____ C:\Windows\Tasks\MPC AdCleaner.job
2016-01-09 20:42 - 2016-01-09 21:24 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro3
2016-01-09 20:42 - 2016-01-09 21:24 - 00000000 ____D C:\ProgramData\ShopperPro3
2016-01-09 20:40 - 2015-11-14 21:07 - 02496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_12345.exe
2016-01-09 20:08 - 2016-01-09 20:08 - 00000000 ____D C:\Users\Todos os Usuários\Nsaewloufi
2016-01-09 20:08 - 2016-01-09 20:08 - 00000000 ____D C:\ProgramData\Nsaewloufi
2016-01-09 20:07 - 2016-01-09 20:06 - 00052968 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-01-09 20:07 - 2016-01-09 20:06 - 00029032 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys
2016-01-09 20:06 - 2016-01-09 21:27 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-01-09 20:06 - 2016-01-09 21:27 - 00000286 __RSH C:\ProgramData\ntuser.pol
2016-01-09 20:06 - 2016-01-09 20:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2016-01-09 20:04 - 2016-01-09 13:27 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{821dfe16-630c-4e2a-bf74-7beaf24cb039}Gw.sys
2016-01-09 19:58 - 2016-01-09 21:29 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-01-09 19:57 - 2016-01-09 19:57 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\macpromosoft
2016-01-09 19:56 - 2016-01-09 19:56 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3
2016-01-09 19:54 - 2016-01-09 20:38 - 00000000 ____D C:\Program Files\Web Amplified
2016-01-09 19:54 - 2016-01-09 20:00 - 00000000 ____D C:\Users\Sr.Lé\AppData\Roaming\LightGate
2016-01-09 19:53 - 2016-01-09 19:53 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\libeay32.dll
2016-01-09 19:53 - 2016-01-09 19:53 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\ssleay32.dll
2016-01-09 19:52 - 2016-01-09 19:52 - 00000000 ____D C:\Users\Sr.Lé\AppData\Roaming\UG
2016-01-09 19:52 - 2016-01-09 19:52 - 00000000 ____D C:\Users\Sr.Lé\AppData\Local\Yeaplayer
2016-01-09 19:52 - 2016-01-09 19:52 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-01-09 19:52 - 2016-01-09 19:51 - 01746288 _____ C:\Users\Sr.Lé\AppData\Roaming\0bc8d4b271ce.exe
2016-01-09 19:52 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\Sr.Lé\AppData\Roaming\download.exe
2016-01-09 19:51 - 2016-01-09 21:21 - 00004782 _____ C:\Users\Sr.Lé\AppData\Roaming\webad.xml
2016-01-09 19:51 - 2016-01-09 20:24 - 00000000 ____D C:\Program Files\UPCleaner
2016-01-09 19:51 - 2016-01-09 20:03 - 00000000 _____ C:\Users\Sr.Lé\AppData\Roaming\svrupg.exe
2016-01-09 19:51 - 2016-01-08 11:10 - 02413056 _____ C:\Users\Sr.Lé\AppData\Roaming\msiql.exe
2016-01-09 19:51 - 2015-11-30 15:45 - 02496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_51479.exe
2016-01-09 19:50 - 2016-01-09 19:51 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-01-09 19:50 - 2016-01-09 19:51 - 00000000 ____D C:\ProgramData\Windows Update
2016-01-09 19:50 - 2016-01-09 19:50 - 00000015 _____ C:\Users\Sr.Lé\Downloads\config.conf
2016-01-09 19:50 - 2016-01-09 19:50 - 00000014 _____ C:\Windows\system32\config.cfg
2016-01-09 19:50 - 2016-01-08 23:13 - 02786816 _____ (TODO: ) C:\Users\Sr.Lé\AppData\Roaming\upgsvr.exe
2016-01-09 19:47 - 2016-01-09 21:45 - 03416928 _____ (Enstella PST Recovery DEMO ) C:\Users\Sr.Lé\Downloads\wilcom embroidery studio_10924_i118821255_il345.exe
2016-01-09 19:46 - 2016-01-09 19:46 - 03417128 _____ C:\Users\Sr.Lé\Downloads\wilcom+embroidery+studio.zip-.zip
2016-01-09 19:24 - 2016-01-09 19:24 - 00963968 _____ (Internet ) C:\Users\Sr.Lé\Downloads\setup.exe
2016-01-09 17:36 - 2016-01-09 17:40 - 00000000 ____D C:\Users\Sr.Lé\AppData\LocalLow\uTorrent
2016-01-09 17:34 - 2016-01-09 17:34 - 02026520 _____ (BitTorrent Inc.) C:\Users\Sr.Lé\Downloads\uTorrent_3-4-5-build-41372.exe
2016-01-09 11:18 - 2016-01-09 11:18 - 00074862 _____ C:\Users\Sr.Lé\Downloads\APLIQUE INF 10 2014 10CMpes.PES
2016-01-09 11:17 - 2016-01-09 11:17 - 00153774 _____ C:\Users\Sr.Lé\Downloads\coraçãoCRIVO.pes
2016-01-08 20:05 - 2016-01-08 20:21 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Matrizes Clientes
2016-01-08 18:57 - 2016-01-08 18:58 - 00455205 _____ C:\Users\Sr.Lé\Downloads\cao2.pes
2016-01-07 00:24 - 2016-01-08 18:46 - 00531786 _____ C:\Users\Sr.Lé\Downloads\cao.pes
2016-01-06 18:38 - 2016-01-07 00:50 - 00013849 _____ C:\Users\Sr.Lé\Downloads\JEFERSON.pes
2016-01-06 16:54 - 2016-01-08 20:53 - 00110088 _____ C:\Users\Sr.Lé\Downloads\ESC.pes
2015-12-30 00:14 - 2015-12-30 00:14 - 00000081 _____ C:\Users\Sr.Lé\Desktop\canal youtube.txt
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-01-09 22:33 - 2009-07-14 00:37 - 00000000 ____D C:\Windows
2016-01-09 22:04 - 2011-02-04 15:30 - 01521924 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-09 22:04 - 2009-07-14 06:31 - 00663606 _____ C:\Windows\system32\prfh0416.dat
2016-01-09 22:04 - 2009-07-14 06:31 - 00127896 _____ C:\Windows\system32\prfc0416.dat
2016-01-09 22:04 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf
2016-01-09 21:40 - 2015-06-02 22:04 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 21:29 - 2009-07-14 02:34 - 00010272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 21:29 - 2009-07-14 02:34 - 00010272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 21:22 - 2009-07-14 02:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-09 21:21 - 2015-06-02 22:04 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 21:20 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-09 20:55 - 2011-02-04 15:58 - 00000000 ____D C:\Windows\Panther
2016-01-09 20:28 - 2015-05-20 20:52 - 00000000 ____D C:\Program Files\CCleaner
2016-01-09 20:05 - 2009-07-14 00:04 - 00000505 _____ C:\Windows\win.ini
2016-01-09 19:52 - 2009-07-14 00:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-08 14:23 - 2015-12-03 17:28 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Bordados Lu
2016-01-04 20:04 - 2015-11-02 17:37 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Trabalhos Lu
2015-12-30 00:39 - 2015-11-02 17:41 - 00000000 ____D C:\Users\Sr.Lé\Desktop\Ideias Lu
2015-12-23 14:27 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-16 20:44 - 2015-10-31 19:24 - 00002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-11 10:19 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\rescache
==================== Arquivos na raiz de alguns diretórios =======
2016-01-09 19:52 - 2016-01-09 19:51 - 1746288 _____ () C:\Users\Sr.Lé\AppData\Roaming\0bc8d4b271ce.exe
2016-01-09 19:52 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\Sr.Lé\AppData\Roaming\download.exe
2016-01-09 19:53 - 2016-01-09 19:53 - 0621568 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\libeay32.dll
2016-01-09 19:51 - 2016-01-08 11:10 - 2413056 _____ () C:\Users\Sr.Lé\AppData\Roaming\msiql.exe
2016-01-09 19:53 - 2016-01-09 19:53 - 0162304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Sr.Lé\AppData\Roaming\ssleay32.dll
2016-01-09 19:51 - 2016-01-09 20:03 - 0000000 _____ () C:\Users\Sr.Lé\AppData\Roaming\svrupg.exe
2016-01-09 19:50 - 2016-01-08 23:13 - 2786816 _____ (TODO: ) C:\Users\Sr.Lé\AppData\Roaming\upgsvr.exe
2016-01-09 19:51 - 2016-01-09 21:21 - 0004782 _____ () C:\Users\Sr.Lé\AppData\Roaming\webad.xml
2016-01-09 20:40 - 2015-11-14 21:07 - 2496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_12345.exe
2016-01-09 19:51 - 2015-11-30 15:45 - 2496403 _____ ( ) C:\Users\Sr.Lé\AppData\Roaming\yeaplayer_51479.exe
2015-06-13 01:22 - 2015-06-13 01:22 - 0007600 _____ () C:\Users\Sr.Lé\AppData\Local\Resmon.ResmonCfg
2015-10-31 19:16 - 2015-10-31 19:16 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\C__Users_Sr.Lé_AppData_Local_Temp_wzee94_RealHideIP.exe
C:\ProgramData\C__Users_Sr.Lé_Documents_RealHideIP.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\C__Users_Sr.Lé_AppData_Local_Temp_wzee94_RealHideIP.exe
C:\Users\Todos os Usuários\C__Users_Sr.Lé_Documents_RealHideIP.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-01-09 11:37
==================== Fim de FRST.txt ============================