cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01
Executado por Airton (administrador) em AIRTON-PC (28-03-2016 21:32:30)
Executando a partir de C:\Users\Airton\Desktop
Perfis Carregados: Airton (Perfis Disponíveis: Airton)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Program Files (x86)\44313030-1459122818-4346-3844-3046FFFFFFFF\jnsb904D.tmp
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Users\Airton\AppData\Roaming\Ruifg\Ruifg.exe
() C:\Windows\mwia.exe
() C:\Users\Airton\AppData\Roaming\Ruifg\Deutjob.exe
() C:\Users\Airton\AppData\Roaming\Ruifg\Gotqefxuu.exe
() C:\Program Files (x86)\44313030-1459122818-4346-3844-3046FFFFFFFF\knsw6EA4.tmpfs
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\oracle.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BitTorrent Inc.) C:\Users\Airton\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\Airton\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Airton\AppData\Roaming\Spotify\Spotify.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Oracle Corporation) C:\oraclexe\app\oracle\product\11.2.0\server\bin\TNSLSNR.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\ProgramData\Ronzap\Ronzap.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(skype.cog.cc) C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Spotify Ltd) C:\Users\Airton\AppData\Roaming\Spotify\SpotifyCrashService.exe
() C:\Program Files (x86)\SFK\SSFK.exe
() C:\Program Files (x86)\SFK\SSFK.exe
(BitTorrent Inc.) C:\Users\Airton\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Airton\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
(TFuns LIMITED) C:\ProgramData\iWdMi\WdMan.exe
() C:\Windows\wia.exe
() C:\Program Files (x86)\44313030-1459122818-4346-3844-3046FFFFFFFF\hnsmDEDC.tmp
(Microsoft Corporation) C:\Users\Airton\AppData\Roaming\XBox\XBLive.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
() C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
(Spotify Ltd) C:\Users\Airton\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Airton\AppData\Roaming\Spotify\Spotify.exe
() C:\Windows\Temp\7C86.tmp
() C:\Windows\Temp\7C84.tmp
() C:\Users\Airton\AppData\Local\44313030-1459199088-4346-3844-3046FFFFFFFF\qnsh8E7B.tmp
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [HomePageHelper] => C:\Users\Airton\AppData\Roaming\HomePage.exe [1100288 2015-11-25] ()
HKLM-x32\...\Run: [mbot_en_037050280] => [X]
HKLM-x32\...\Run: [mpck_en_005030280] => [X]
HKLM-x32\...\Run: [rec_en_236] => [X]
HKLM-x32\...\Run: [SystemClose] => D:\Documents\systemfile.exe
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
HKU\S-1-5-20\...\Run: [PCCRASHFIX] => C:\ProgramData\PCCRASHFIX\skskjbpjx.exe [182272 2016-03-27] ()
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\...\Run: [uTorrent] => C:\Users\Airton\AppData\Roaming\uTorrent\uTorrent.exe [2094080 2016-03-07] (BitTorrent Inc.)
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\...\Run: [Spotify Web Helper] => C:\Users\Airton\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-03-25] (Spotify Ltd)
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\...\Run: [Spotify] => C:\Users\Airton\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-03-25] (Spotify Ltd)
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2007040 2016-03-26] ()
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\...\MountPoints2: {24131e77-aa92-11e5-bcf8-001d7dfc8d0f} - F:\Autorun.exe
HKU\S-1-5-18\...\Run: [PCCRASHFIX] => C:\ProgramData\PCCRASHFIX\skskjbpjx.exe [182272 2016-03-27] ()
AppInit_DLLs: C:\ProgramData\Ronzap\Faxfind.dll => C:\ProgramData\Ronzap\Faxfind.dll [363520 2016-03-28] ()
AppInit_DLLs-x32: C:\ProgramData\Ronzap\Fixphase.dll => C:\ProgramData\Ronzap\Fixphase.dll [257536 2016-03-28] ()
IFEO\rstrui.exe: [Debugger] qpqpdndnnw.exe
Startup: C:\Users\Airton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\123123.exe [2016-03-28] ()
Startup: C:\Users\Airton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk [2015-12-05]
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-12-05]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-03-27] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{6BEDA48A-AF77-43C5-8191-7C4D74AC3A8C}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8C10AF28-FB45-46D2-91B1-013BFDBC23A9}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8C10AF28-FB45-46D2-91B1-013BFDBC23A9}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{8D01E1FF-D03E-4A6E-A582-43E91833A5F1}: [NameServer] 104.197.191.4
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuyCyEyBtDtDtBtC0B0E0AtC0CtAyCtAtDtN0D0Tzu0StCyDyEyBtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtAyE0EtD0EyByBtGyCtDyD0BtG0C0C0DyBtGtCyByEzztG0D0Bzy0FyD0E0AyCzzzztC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0D0CyDzytC0BtG0Bzz0A0AtGyEyE0DyBtGzyyDyE0AtGtBtCtD0BtCyEzz0E0AtD0C0A2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D776158637%26a%3Djmb_nwmeddnld_16_12%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9sw7z0ECNT6sdchObNxVj-SyrYbd59uCecTOMp9htr87uCfEBegwSjQAH8te5l0nxC2_tr-20TRDpFae_6Fi0haUc4ak&q={searchTerms}
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9sw7z0ECNT6sdchObNxVj-SyrYbd59uCecTOMp9htr87uCfEBegwSjQAH8te5l0nxC2_tr-20TRDpFae_6Fi0haUc4ak&q={searchTerms}
HKU\S-1-5-21-1369054945-3090627566-505877935-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9sw7z0ECNT6sdchObNxVj-SyrYbd59uCecTOMp9htr87uCfEBegwSjQAH8te5l0nxC2_tr-20TRDpFae_6Fi0haUc4ak&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuyCyEyBtDtDtBtC0B0E0AtC0CtAyCtAtDtN0D0Tzu0StCyDyEyBtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtAyE0EtD0EyByBtGyCtDyD0BtG0C0C0DyBtGtCyByEzztG0D0Bzy0FyD0E0AyCzzzztC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0D0CyDzytC0BtG0Bzz0A0AtGyEyE0DyBtGzyyDyE0AtGtBtCtD0BtCyEzz0E0AtD0C0A2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D776158637%26a%3Djmb_nwmeddnld_16_12%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuyCyEyBtDtDtBtC0B0E0AtC0CtAyCtAtDtN0D0Tzu0StCyDyEyBtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtAyE0EtD0EyByBtGyCtDyD0BtG0C0C0DyBtGtCyByEzztG0D0Bzy0FyD0E0AyCzzzztC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0D0CyDzytC0BtG0Bzz0A0AtGyEyE0DyBtGzyyDyE0AtGtBtCtD0BtCyEzz0E0AtD0C0A2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D776158637%26a%3Djmb_nwmeddnld_16_12%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9sw7z0ECNT6sdchObNxVj-SyrYbd59uCecTOMp9htr87uCfEBegwSjQAH8te5l0nxC2_tr-20TRDpFae_6Fi0haUc4ak&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1369054945-3090627566-505877935-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9sw7z0ECNT6sdchObNxVj-SyrYbd59uCecTOMp9htr87uCfEBegwSjQAH8te5l0nxC2_tr-20TRDpFae_6Fi0haUc4ak&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1369054945-3090627566-505877935-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_nwmeddnld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuyCyEyBtDtDtBtC0B0E0AtC0CtAyCtAtDtN0D0Tzu0StCyDyEyBtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtAyE0EtD0EyByBtGyCtDyD0BtG0C0C0DyBtGtCyByEzztG0D0Bzy0FyD0E0AyCzzzztC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytA0D0CyDzytC0BtG0Bzz0A0AtGyEyE0DyBtGzyyDyE0AtGtBtCtD0BtCyEzz0E0AtD0C0A2QtN0A0LzutBtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D776158637%26a%3Djmb_nwmeddnld_16_12%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1369054945-3090627566-505877935-1000 -> {410295C5-0F3E-4EB9-91A3-248F7A6769CA} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1369054945-3090627566-505877935-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9sw7z0ECNT6sdchObNxVj-SyrYbd59uCecTOMp9htr87uCfEBegwSjQAH8te5l0nxC2_tr-20TRDpFae_6Fi0haUc4ak&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-12-05] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-12-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-05] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mysites123.com/?type=sc&ts=1459135645&z=6abcb8689b4b6effb26e5e1g8zfwctfg2c0w0c9cbt&from=tt4u&uid=395049983_266035_4C633630

FireFox:
========
FF ProfilePath: C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: C:\ProgramData\Ronzaps\ff.NT
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: search.mpc.am
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=7A73CAEA479C12EA9488BE44939615F0&ptid=wak&ts=AHEpCH4mAH0mAE..&v=20160323&mode=ffexttoolbar&q=
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF SearchPlugin: C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\c0tqj6fv.default\searchplugins\istartpageing.xml [2016-03-27]
FF SearchPlugin: C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\c0tqj6fv.default\searchplugins\mysites123.xml [2016-03-28]
FF SearchPlugin: C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\c0tqj6fv.default\searchplugins\Search Provided by Yahoo.xml [2016-03-27]
FF SearchPlugin: C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\c0tqj6fv.default\searchplugins\yoursearching.xml [2016-03-27]
FF SearchPlugin: C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-27]
FF SearchPlugin: C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\Search Provided by Yahoo.xml [2016-03-27]
FF Extension: QuickJava - C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-03-27]
FF Extension: FirefixTab - C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com [2016-03-28] [não assinado]
FF Extension: QuickJava - C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\c0tqj6fv.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-03-27]
FF Extension: JavaScript Debugger - C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\c0tqj6fv.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2015-12-05]
FF Extension: GsearchFinder - C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-24]
FF Extension: JavaScript Debugger - C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2015-12-05]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Airton\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9swg16yLWxfl3FIYh96wbcMmABIlHycAncosUTg09-yXT_F2oacfzGRb8AZG_-cCPpzvLjQZZc-OCzOaozbfUsfrlTkf
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqfDHrz5d6u8a_Oa7hut-tWVlFK6OHbxRbw9MEjyFv27OPiXVyKCmrB1A0l10IvWR6S7vVi4lRTIG9sws0QG4bUY5hxvl7uJ6lwq61C_00vzaH88i9S88gqJ-yaCTVSxCfEKiHFwGxblyGqXhUSwHAoBQc83GIJ-QeF7Gz4it&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-28]
CHR Extension: (Google Docs) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-28]
CHR Extension: (Google Drive) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-28]
CHR Extension: (Search Manager) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-03-28]
CHR Extension: (YouTube) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-28]
CHR Extension: (Planilhas do Google) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-28]
CHR Extension: (Documentos Google off-line) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-28]
CHR Extension: (Gmail) - C:\Users\Airton\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-28]
CHR HKU\S-1-5-21-1369054945-3090627566-505877935-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.mysites123.com/?type=sc&ts=1459135645&z=6abcb8689b4b6effb26e5e1g8zfwctfg2c0w0c9cbt&from=tt4u&uid=395049983_266035_4C633630

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1073152 2016-03-28] () [Arquivo não assinado]
R2 gerocyni; C:\Program Files (x86)\44313030-1459122818-4346-3844-3046FFFFFFFF\jnsb904D.tmp [302080 2016-03-27] () [Arquivo não assinado]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
S2 ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [1610816 2016-03-24] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-03-27] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-27] (TODO: ) [Arquivo não assinado]
R2 Macfua; C:\Users\Airton\AppData\Roaming\Ruifg\Ruifg.exe [174416 2016-03-27] ()
R2 mwia; c:\windows\mwia.exe [408576 2016-03-27] () [Arquivo não assinado]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S4 OracleJobSchedulerXE; c:\oraclexe\app\oracle\product\11.2.0\server\Bin\extjob.exe [45568 2014-05-29] () [Arquivo não assinado]
S3 OracleMTSRecoveryService; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\omtsreco.exe [81408 2014-05-29] (Oracle Corporation) [Arquivo não assinado]
R2 OracleServiceXE; c:\oraclexe\app\oracle\product\11.2.0\server\bin\ORACLE.EXE [147110912 2014-05-30] (Oracle Corporation) [Arquivo não assinado]
S3 OracleXEClrAgent; C:\oraclexe\app\oracle\product\11.2.0\server\bin\OraClrAgnt.exe [83968 2014-05-29] (Oracle Corporation) [Arquivo não assinado]
R2 OracleXETNSListener; C:\oraclexe\app\oracle\product\11.2.0\server\BIN\tnslsnr.exe [522240 2014-05-29] (Oracle Corporation) [Arquivo não assinado]
R2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [1073152 2016-03-28] () [Arquivo não assinado]
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [327680 2015-03-21] () [Arquivo não assinado]
R2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [167352 2016-03-21] (skype.cog.cc)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [155840 2016-03-27] ()
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2015-12-05] () [Arquivo não assinado]
R2 WdMan; C:\ProgramData\iWdMi\WdMan.exe [274600 2016-03-28] (TFuns LIMITED)
R2 wia; c:\windows\wia.exe [417792 2016-03-27] () [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [316984 2016-03-23] ()
R2 wucotusy; C:\Program Files (x86)\44313030-1459122818-4346-3844-3046FFFFFFFF\hnsmDEDC.tmp [416256 2016-03-27] () [Arquivo não assinado]
R2 XBox; C:\Users\Airton\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
R2 zigipyro; C:\Users\Airton\AppData\Local\44313030-1459199088-4346-3844-3046FFFFFFFF\qnsh8E7B.tmp [158720 2015-12-26] () [Arquivo não assinado]
S2 Evazry; "C:\Users\Airton\AppData\Roaming\KeprUioler\Afeomem.exe" -cms [X]
R2 nebynugyzbt; C:\Program Files (x86)\44313030-1459122818-4346-3844-3046FFFFFFFF\knsw6EA4.tmpfs [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82752 2016-03-28] (Cherimoya Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-12-24] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 egg_protect; C:\Windows\EProtect_amd64.sys [20352 2016-03-27] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S2 NPF; \??\C:\Program Files (x86)\UPCleaner\1.6.3.17195\npf64.sys [X]
S1 UGBroMon; \??\C:\Program Files (x86)\UPCleaner\1.6.3.17195\UGBroMon64.sys [X]
S1 UGKrnlDrv; \??\C:\Program Files (x86)\UPCleaner\1.6.3.17195\UGKrnlDrv64.sys [X]
S1 UGProtect; \??\C:\Program Files (x86)\UPCleaner\1.6.3.17195\UGProtect64.sys [X]
S2 UPKernel; \??\C:\Program Files (x86)\UPCleaner\1.6.3.17195\UPKernel64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-28 21:04 - 2016-03-28 21:04 - 00000832 _____ C:\Users\Airton\Desktop\AutoTime.LNK
2016-03-28 21:04 - 2016-03-28 21:04 - 00000000 ____D C:\Users\Airton\AppData\Local\44313030-1459199088-4346-3844-3046FFFFFFFF
2016-03-28 20:31 - 2016-03-28 20:33 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-03-28 20:29 - 2016-03-28 20:29 - 00000000 ____D C:\Windows\system32\pip
2016-03-28 20:29 - 2016-03-28 20:29 - 00000000 ____D C:\Users\Airton\AppData\Local\44313030-1459196950-4346-3844-3046FFFFFFFF
2016-03-28 20:24 - 2016-03-28 20:26 - 00029985 _____ C:\Users\Airton\Desktop\Addition.txt
2016-03-28 20:23 - 2016-03-28 21:32 - 00027525 _____ C:\Users\Airton\Desktop\FRST.txt
2016-03-28 20:23 - 2016-03-28 20:23 - 00009401 _____ C:\Users\Airton\Downloads\Addition.txt
2016-03-28 20:21 - 2016-03-28 21:32 - 00000000 ____D C:\FRST
2016-03-28 20:21 - 2016-03-28 20:23 - 00053025 _____ C:\Users\Airton\Downloads\FRST.txt
2016-03-28 20:21 - 2016-03-28 20:21 - 02374144 _____ (Farbar) C:\Users\Airton\Desktop\FRST64.exe
2016-03-28 20:20 - 2016-03-28 20:20 - 01725440 _____ (Farbar) C:\Users\Airton\Downloads\FRST.exe
2016-03-28 19:57 - 2016-03-28 20:32 - 00000000 ____D C:\Users\Airton\AppData\LocalLow\uTorrent
2016-03-28 19:25 - 2016-03-28 19:25 - 00000000 ____D C:\Users\Airton\AppData\Roaming\LolClient
2016-03-28 19:18 - 2016-03-28 19:18 - 00000372 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-03-28 19:18 - 2016-03-28 19:18 - 00000372 __RSH C:\ProgramData\ntuser.pol
2016-03-28 19:16 - 2016-03-28 19:16 - 00000000 ____D C:\Users\Airton\AppData\Roaming\LightGate
2016-03-28 00:43 - 2016-03-28 00:43 - 00000000 ____D C:\Users\Airton\AppData\Local\macpromosoft
2016-03-28 00:41 - 2016-03-28 00:41 - 00000000 ____D C:\Users\Todos os Usuários\c31d3c64-54b7-1
2016-03-28 00:41 - 2016-03-28 00:41 - 00000000 ____D C:\Users\Todos os Usuários\588cfdf1-06d5-1
2016-03-28 00:41 - 2016-03-28 00:41 - 00000000 ____D C:\ProgramData\c31d3c64-54b7-1
2016-03-28 00:41 - 2016-03-28 00:41 - 00000000 ____D C:\ProgramData\588cfdf1-06d5-1
2016-03-28 00:29 - 2016-03-28 00:29 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-03-28 00:29 - 2016-03-28 00:29 - 00000296 _____ C:\task.vbs
2016-03-28 00:28 - 2016-03-28 20:32 - 00000000 ____D C:\Users\Todos os Usuários\Ronzap
2016-03-28 00:28 - 2016-03-28 20:32 - 00000000 ____D C:\ProgramData\Ronzap
2016-03-28 00:28 - 2016-03-28 00:29 - 00000000 ____D C:\Users\Todos os Usuários\Ronzaps
2016-03-28 00:28 - 2016-03-28 00:29 - 00000000 ____D C:\ProgramData\Ronzaps
2016-03-28 00:28 - 2016-03-28 00:28 - 06493696 _____ C:\Users\Airton\AppData\Roaming\agent.dat
2016-03-28 00:28 - 2016-03-28 00:28 - 01621131 _____ C:\Users\Airton\AppData\Roaming\Blackis.tst
2016-03-28 00:28 - 2016-03-28 00:28 - 00126464 _____ C:\Users\Airton\AppData\Roaming\noah.dat
2016-03-28 00:28 - 2016-03-28 00:28 - 00065424 _____ C:\Users\Airton\AppData\Roaming\Config.xml
2016-03-28 00:28 - 2016-03-28 00:28 - 00018432 _____ C:\Users\Airton\AppData\Roaming\Main.dat
2016-03-28 00:28 - 2016-03-28 00:28 - 00000000 ____D C:\Users\Todos os Usuários\iWdMi
2016-03-28 00:28 - 2016-03-28 00:28 - 00000000 ____D C:\ProgramData\iWdMi
2016-03-28 00:27 - 2016-03-28 19:16 - 00003150 _____ C:\Windows\System32\Tasks\MAXDriverUpdaterRunAtStartup
2016-03-28 00:27 - 2016-03-28 00:39 - 00000000 ____D C:\Users\Airton\AppData\Roaming\mysites123
2016-03-28 00:27 - 2016-03-28 00:33 - 00000286 _____ C:\Windows\Tasks\MAXDriverUpdater_UPDATES.job
2016-03-28 00:27 - 2016-03-28 00:28 - 00005568 _____ C:\Users\Airton\AppData\Roaming\md.xml
2016-03-28 00:27 - 2016-03-28 00:27 - 00848437 _____ C:\Users\Airton\AppData\Roaming\StringZap.bin
2016-03-28 00:27 - 2016-03-28 00:27 - 00126464 _____ C:\Users\Airton\AppData\Roaming\lobby.dat
2016-03-28 00:27 - 2016-03-28 00:27 - 00072706 _____ C:\Users\Airton\AppData\Roaming\Zonefax.tst
2016-03-28 00:27 - 2016-03-28 00:27 - 00054272 _____ C:\Users\Airton\AppData\Roaming\ApplicationHosting.dat
2016-03-28 00:27 - 2016-03-28 00:27 - 00003032 _____ C:\Windows\System32\Tasks\MAXDriverUpdater_UPDATES
2016-03-28 00:27 - 2016-03-28 00:27 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-03-28 00:27 - 2016-03-28 00:27 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-03-28 00:27 - 2016-03-28 00:25 - 01073152 _____ C:\Users\Airton\AppData\Roaming\Zonefax.exe
2016-03-28 00:27 - 2016-03-28 00:25 - 01073152 _____ C:\Users\Airton\AppData\Roaming\Blackis.exe
2016-03-28 00:26 - 2016-03-28 20:32 - 00001956 ____R C:\Users\Airton\Desktop\Yeabeats Browser.lnk
2016-03-28 00:26 - 2016-03-28 00:39 - 00000000 ____D C:\Program Files\NewExt
2016-03-28 00:26 - 2016-03-28 00:26 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2016-03-28 00:26 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Airton\AppData\Roaming\delCalendarReg.exe
2016-03-28 00:26 - 2015-12-10 15:43 - 00600312 _____ C:\Users\Airton\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-03-28 00:25 - 2016-03-28 19:18 - 00015482 _____ C:\Users\Airton\AppData\Roaming\webad.xml
2016-03-28 00:25 - 2016-03-28 00:44 - 00001419 _____ C:\Users\Airton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-28 00:25 - 2016-03-28 00:26 - 00016992 _____ C:\Users\Airton\AppData\Roaming\InstallationConfiguration.xml
2016-03-28 00:25 - 2016-03-28 00:25 - 02786816 _____ (TODO: ) C:\Users\Airton\AppData\Roaming\svrupg.exe
2016-03-28 00:25 - 2016-03-28 00:25 - 00174249 _____ C:\Users\Airton\AppData\Roaming\inst.lat
2016-03-28 00:25 - 2016-03-28 00:25 - 00127488 _____ C:\Users\Airton\AppData\Roaming\Installer.dat
2016-03-28 00:25 - 2016-03-28 00:25 - 00003336 _____ C:\Windows\System32\Tasks\Eaigidil
2016-03-28 00:25 - 2016-03-28 00:25 - 00000000 ____D C:\Users\Airton\AppData\LocalLow\Company
2016-03-28 00:25 - 2016-03-28 00:25 - 00000000 ____D C:\Users\Airton\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-28 00:25 - 2016-03-28 00:25 - 00000000 ____D C:\Users\Airton\AppData\Local\tuto_monetize_220160325
2016-03-28 00:25 - 2016-03-28 00:25 - 00000000 ____D C:\uninst
2016-03-28 00:25 - 2016-03-02 10:49 - 01888256 _____ C:\Users\Airton\AppData\Roaming\msiql.exe
2016-03-28 00:25 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Airton\AppData\Roaming\service.exe
2016-03-28 00:25 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Airton\AppData\Roaming\HomePage.exe
2016-03-28 00:24 - 2016-03-28 19:52 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-03-28 00:24 - 2016-03-28 00:39 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-03-28 00:24 - 2016-03-28 00:24 - 00000000 ____D C:\Users\Airton\AppData\Roaming\Ruifg
2016-03-28 00:24 - 2016-03-28 00:24 - 00000000 ____D C:\Users\Airton\AppData\Local\tuto_monetize_120160325
2016-03-28 00:24 - 2016-03-28 00:24 - 00000000 ____D C:\Users\Airton\AppData\Local\Tempfolder
2016-03-27 22:35 - 2016-03-28 00:25 - 00082752 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-27 22:04 - 2016-03-27 22:04 - 00000000 ____D C:\Users\Airton\AppData\Local\ugpopular
2016-03-27 21:52 - 2016-03-27 21:52 - 00000041 _____ C:\Users\Todos os Usuários\xcgui_debug.txt
2016-03-27 21:52 - 2016-03-27 21:52 - 00000041 _____ C:\ProgramData\xcgui_debug.txt
2016-03-27 21:40 - 2016-03-27 21:40 - 00000000 ____D C:\Users\Todos os Usuários\c31d3c64-11c3-0
2016-03-27 21:40 - 2016-03-27 21:40 - 00000000 ____D C:\ProgramData\c31d3c64-11c3-0
2016-03-27 21:38 - 2016-03-28 20:40 - 00000064 _____ C:\Users\Airton\AppData\Roaming\WB.CFG
2016-03-27 21:37 - 2016-03-27 21:37 - 00631808 _____ C:\Windows\wia.dat
2016-03-27 21:37 - 2016-03-27 21:37 - 00417792 _____ C:\Windows\wia.exe
2016-03-27 21:37 - 2016-03-27 21:37 - 00408576 _____ C:\Windows\mwia.exe
2016-03-27 21:35 - 2016-03-27 21:35 - 44044288 ____H (VElon Cusk) C:\Users\Airton\ppyymxkk.exe
2016-03-27 21:35 - 2016-03-27 21:35 - 00000000 __SHD C:\Users\Todos os Usuários\PCCRASHFIX
2016-03-27 21:35 - 2016-03-27 21:35 - 00000000 __SHD C:\ProgramData\PCCRASHFIX
2016-03-27 21:34 - 2016-03-27 21:34 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx
2016-03-27 21:33 - 2016-03-27 21:33 - 00000000 ____D C:\Users\Airton\AppData\Roaming\UG
2016-03-27 21:32 - 2016-03-27 21:37 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-27 21:32 - 2016-03-27 21:37 - 00000000 ____D C:\ProgramData\System32
2016-03-27 21:32 - 2016-03-27 21:32 - 00020352 _____ C:\Windows\EProtect_amd64.sys
2016-03-27 21:31 - 2016-03-27 21:31 - 00000000 ____D C:\Users\Todos os Usuários\c31d3c64-58f7-1
2016-03-27 21:31 - 2016-03-27 21:31 - 00000000 ____D C:\ProgramData\c31d3c64-58f7-1
2016-03-27 21:28 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-03-27 21:28 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-03-27 21:27 - 2016-03-28 00:44 - 00000000 ____D C:\Users\Airton\AppData\Roaming\istartpageing
2016-03-27 21:27 - 2016-03-28 00:40 - 00000000 ____D C:\Users\Airton\AppData\Roaming\yoursearching
2016-03-27 21:27 - 2016-03-28 00:28 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-27 21:27 - 2016-03-28 00:28 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-27 21:27 - 2016-03-27 21:28 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-03-27 21:27 - 2016-03-27 21:28 - 00000000 ____D C:\ProgramData\Windows Update
2016-03-27 21:27 - 2016-03-27 21:27 - 00007347 _____ C:\Users\Todos os Usuários\webad.xml
2016-03-27 21:27 - 2016-03-27 21:27 - 00007347 _____ C:\ProgramData\webad.xml
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\Users\Todos os Usuários\SWdMS
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\Users\Todos os Usuários\QWdMQ
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\Users\Airton\AppData\Roaming\CalendarTool
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\ProgramData\SWdMS
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\ProgramData\QWdMQ
2016-03-27 21:27 - 2016-03-27 21:27 - 00000000 ____D C:\Program Files (x86)\SFK
2016-03-27 21:27 - 2016-03-27 21:26 - 01734656 _____ C:\Users\Todos os Usuários\service.exe
2016-03-27 21:27 - 2016-03-27 21:26 - 01734656 _____ C:\ProgramData\service.exe
2016-03-27 21:27 - 2016-03-02 13:36 - 01888256 _____ C:\Users\Todos os Usuários\mspop.exe
2016-03-27 21:27 - 2016-03-02 13:36 - 01888256 _____ C:\ProgramData\mspop.exe
2016-03-27 21:27 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-03-27 21:27 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-03-27 21:26 - 2016-03-28 21:04 - 00000000 ____D C:\Users\Airton\AppData\Roaming\UPUpdata
2016-03-27 21:26 - 2016-03-28 00:38 - 00000000 ____D C:\Program Files\SpaceSoundPro
2016-03-27 21:26 - 2016-03-27 21:26 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-03-27 21:26 - 2016-03-27 21:26 - 00000000 ____D C:\Users\Airton\AppData\Roaming\XBox
2016-03-27 20:55 - 2016-03-27 20:55 - 00000000 ____D C:\Users\Airton\AppData\Roaming\MCorp
2016-03-27 20:54 - 2016-03-27 20:52 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-27 20:53 - 2016-03-27 22:54 - 00000000 ____D C:\Program Files (x86)\44313030-1459122818-4346-3844-3046FFFFFFFF
2016-03-27 20:44 - 2016-03-27 21:31 - 00003730 _____ C:\Windows\System32\Tasks\DNS Monitoring
2016-03-27 20:44 - 2016-03-27 20:44 - 00022172 _____ C:\Windows\System32\Tasks\DNSWILLISTON
2016-03-27 20:42 - 2016-03-27 20:42 - 00023218 _____ C:\Windows\System32\Tasks\{0B0B0C47-797D-7D79-0C11-090F0405110E}
2016-03-27 20:42 - 2016-03-27 20:42 - 00000000 ____D C:\Users\Todos os Usuários\588cfdf1-78f7-0
2016-03-27 20:42 - 2016-03-27 20:42 - 00000000 ____D C:\Users\Todos os Usuários\588cfdf1-0115-1
2016-03-27 20:42 - 2016-03-27 20:42 - 00000000 ____D C:\ProgramData\588cfdf1-78f7-0
2016-03-27 20:42 - 2016-03-27 20:42 - 00000000 ____D C:\ProgramData\588cfdf1-0115-1
2016-03-27 20:41 - 2016-03-27 20:41 - 00003240 _____ C:\Windows\System32\Tasks\Price Fountain
2016-03-27 20:40 - 2016-03-28 19:38 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-27 20:40 - 2016-03-27 20:40 - 00003610 _____ C:\Windows\System32\Tasks\PFExe
2016-03-27 20:40 - 2016-03-27 20:40 - 00000000 ____D C:\Users\Airton\AppData\Roaming\PriceFountain
2016-03-27 20:39 - 2016-03-27 20:46 - 00000000 ____D C:\Users\Airton\AppData\Local\Setup Wizard
2016-03-27 20:38 - 2016-03-28 20:36 - 00000000 ____D C:\Users\Airton\AppData\Local\app
2016-03-27 20:38 - 2016-03-27 20:38 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-03-27 20:38 - 2016-03-27 20:37 - 05892175 _____ (MediaDownloader ) C:\Users\Airton\Downloads\MediaDownloader.exe
2016-03-27 20:35 - 2016-03-27 21:28 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-27 20:35 - 2016-03-27 21:28 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-27 20:35 - 2016-03-27 20:35 - 00002918 _____ C:\Windows\System32\Tasks\osTip
2016-03-27 20:33 - 2016-03-27 20:33 - 00003640 _____ C:\Windows\System32\Tasks\DivXUpdate
2016-03-27 20:32 - 2016-03-28 00:44 - 00000000 ____D C:\Users\Airton\AppData\Roaming\DivX
2016-03-27 20:29 - 2016-03-27 20:30 - 00000000 ____D C:\Users\Airton\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-27 20:28 - 2016-03-28 00:44 - 00000000 ____D C:\Users\Todos os Usuários\DivX
2016-03-27 20:28 - 2016-03-28 00:44 - 00000000 ____D C:\ProgramData\DivX
2016-03-27 20:28 - 2016-03-28 00:40 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
2016-03-27 20:28 - 2016-03-27 20:28 - 02555860 _____ C:\Windows\chromebrowser.exe
2016-03-27 20:28 - 2016-03-27 20:28 - 00015160 _____ C:\Windows\System32\Tasks\WinTaske
2016-03-27 20:28 - 2016-03-27 20:28 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-03-27 20:28 - 2016-03-27 20:28 - 00000000 ____D C:\Program Files (x86)\WinTaske
2016-03-27 20:28 - 2016-03-27 20:28 - 00000000 ____D C:\Program Files (x86)\Winsere
2016-03-27 20:05 - 2016-03-27 20:05 - 00037102 _____ C:\Users\Airton\Downloads\legendas_tv_20160324214644000000.rar
2016-03-27 20:03 - 2016-03-27 20:04 - 00000000 ____D C:\Users\Airton\Downloads\Deadpool 2015 720p BrRip x264 - ARROW
2016-03-27 18:06 - 2016-03-27 18:12 - 22887435 ____R C:\Users\Airton\Downloads\Velho Logan v2 01 (2016) (Renegados-MdHQ).cbr
2016-03-27 18:06 - 2016-03-27 18:11 - 20810813 ____R C:\Users\Airton\Downloads\Velho Logan v2 02 (2016) (MdHQ-Renegados).cbr
2016-03-27 18:05 - 2016-03-27 18:09 - 22771313 _____ C:\Users\Airton\Downloads\Luke Cage e Punho de Ferro #01(2016)(MK-SQ).cbr
2016-03-27 17:59 - 2016-03-27 18:00 - 24590028 _____ C:\Users\Airton\Downloads\Extraordinários X-Men V1 006 (01-2016) HQBR [impossiveisbr.blogspot.com.br].cbr
2016-03-27 17:57 - 2016-03-27 17:58 - 17723486 _____ C:\Users\Airton\Downloads\Capitão América - Sam Wilson V1 002 (10-2015) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:57 - 2016-03-27 17:58 - 14130096 _____ C:\Users\Airton\Downloads\Homem-Aranha 2099 V3 006 (02-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:57 - 2016-03-27 17:57 - 15809418 _____ C:\Users\Airton\Downloads\Homem-Aranha 2099 V3 005 (01-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:57 - 2016-03-27 17:57 - 15120255 _____ C:\Users\Airton\Downloads\Capitão América - Sam Wilson V1 003 (11-2015) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:57 - 2016-03-27 17:57 - 15085494 _____ C:\Users\Airton\Downloads\O Invencível Homem de Ferro V2 005 (01-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:56 - 2016-03-27 17:57 - 30214731 _____ C:\Users\Airton\Downloads\00 Vingadores - O Impasse V1 - Bem-Vindo à Pleasant Hill 001 (02-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:56 - 2016-03-27 17:56 - 18109585 _____ C:\Users\Airton\Downloads\Novíssimos Inumanos V1 002 (12-2015) HQBR [Os Impossiveis & Só Quadrinhos].cbr
2016-03-27 17:55 - 2016-03-27 17:56 - 19410598 _____ C:\Users\Airton\Downloads\O Espetacular Homem-Aranha V4 009 (03-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:55 - 2016-03-27 17:55 - 11998269 _____ C:\Users\Airton\Downloads\O Espetacular Homem-Aranha V4 008 (02-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:54 - 2016-03-27 17:54 - 17035778 _____ C:\Users\Airton\Downloads\Os Novíssimos e Incomparáveis Vingadores V1 005 (02-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:54 - 2016-03-27 17:54 - 16720494 _____ C:\Users\Airton\Downloads\Homem-Aranha V2 001 (02-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:54 - 2016-03-27 17:54 - 15004314 _____ C:\Users\Airton\Downloads\Homem-Aranha V2 002 (03-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:54 - 2016-03-27 17:54 - 12838999 _____ C:\Users\Airton\Downloads\O Espetacular Homem-Aranha V4 007 (01-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:50 - 2016-03-27 17:50 - 16532575 _____ C:\Users\Airton\Downloads\Os Novíssimos e Incomparáveis Vingadores V1 004 (01-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:48 - 2016-03-27 17:49 - 16871570 _____ C:\Users\Airton\Downloads\Os Novíssimos e Incomparáveis Vingadores V1 006 (02-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-27 17:47 - 2016-03-27 17:48 - 24153302 _____ C:\Users\Airton\Downloads\Demolidor V5 003 (01-2016) HQBR [impossiveisbr.blogspot.com].cbr
2016-03-26 08:51 - 2016-03-26 08:51 - 02752327 _____ C:\Users\Airton\Downloads\20160326085948134.pdf
2016-03-26 08:50 - 2016-03-26 08:50 - 03870514 _____ C:\Users\Airton\Downloads\20160326085829641.pdf
2016-03-26 08:41 - 2016-03-26 08:41 - 01756967 _____ C:\Users\Airton\Downloads\20160326085651457.pdf
2016-03-26 08:26 - 2016-03-26 08:26 - 04823214 _____ C:\Users\Airton\Downloads\20160326085223649.pdf
2016-03-01 10:50 - 2016-03-01 10:50 - 00001058 _____ C:\Windows\run.vbs

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-28 21:33 - 2015-12-05 13:05 - 00000000 ____D C:\Users\Airton\AppData\Roaming\uTorrent
2016-03-28 21:25 - 2009-07-14 00:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-28 21:16 - 2015-12-26 17:05 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-28 20:50 - 2015-12-14 18:31 - 00000000 ____D C:\Users\Airton\AppData\Roaming\Spotify
2016-03-28 20:35 - 2016-02-04 19:47 - 00000000 ___SD C:\Users\Airton\AppData\LocalLow\Temp
2016-03-28 20:32 - 2015-12-26 17:06 - 00002104 ____R C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-28 20:32 - 2015-12-14 18:32 - 00000000 ____D C:\Users\Airton\AppData\Local\Spotify
2016-03-28 20:32 - 2015-12-05 12:09 - 00000865 ____R C:\Users\Airton\Desktop\Firefox.lnk
2016-03-28 20:31 - 2015-12-26 17:05 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-28 20:31 - 2015-12-05 12:54 - 00000000 ____D C:\Users\Todos os Usuários\NVIDIA
2016-03-28 20:31 - 2015-12-05 12:54 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-28 20:31 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-28 19:47 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-03-28 19:27 - 2015-12-24 20:13 - 00000000 ____D C:\Users\Airton\AppData\Roaming\DAEMON Tools Lite
2016-03-28 19:27 - 2015-12-05 13:30 - 00000000 ____D C:\Users\Airton\AppData\Roaming\Media Player Classic
2016-03-28 00:44 - 2015-12-26 17:06 - 00002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-28 00:44 - 2015-04-12 15:13 - 00001385 _____ C:\Users\Airton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-03-28 00:43 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-28 00:40 - 2015-12-05 12:15 - 00000000 ____D C:\Program Files\CCleaner
2016-03-28 00:23 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-27 21:35 - 2015-04-12 15:12 - 00000000 ____D C:\Users\Airton
2016-03-27 21:33 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-27 21:30 - 2009-07-14 02:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-27 21:27 - 2015-12-05 22:27 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-03-21 20:26 - 2015-12-24 20:48 - 00000000 ____D C:\Users\Airton\Documents\FIFA 07

==================== Arquivos na raiz de alguns diretórios =======

2016-03-28 00:28 - 2016-03-28 00:28 - 6493696 _____ () C:\Users\Airton\AppData\Roaming\agent.dat
2016-03-28 00:27 - 2016-03-28 00:27 - 0054272 _____ () C:\Users\Airton\AppData\Roaming\ApplicationHosting.dat
2016-03-28 00:27 - 2016-03-28 00:25 - 1073152 _____ () C:\Users\Airton\AppData\Roaming\Blackis.exe
2016-03-28 00:28 - 2016-03-28 00:28 - 1621131 _____ () C:\Users\Airton\AppData\Roaming\Blackis.tst
2016-03-27 20:35 - 2016-03-27 20:36 - 0001296 _____ () C:\Users\Airton\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-28 00:28 - 2016-03-28 00:28 - 0065424 _____ () C:\Users\Airton\AppData\Roaming\Config.xml
2016-03-28 00:26 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\Airton\AppData\Roaming\delCalendarReg.exe
2016-03-28 00:25 - 2015-11-25 15:31 - 1100288 _____ () C:\Users\Airton\AppData\Roaming\HomePage.exe
2016-03-28 00:25 - 2016-03-28 00:25 - 0174249 _____ () C:\Users\Airton\AppData\Roaming\inst.lat
2016-03-28 00:25 - 2016-03-28 00:26 - 0016992 _____ () C:\Users\Airton\AppData\Roaming\InstallationConfiguration.xml
2016-03-28 00:25 - 2016-03-28 00:25 - 0127488 _____ () C:\Users\Airton\AppData\Roaming\Installer.dat
2016-03-28 00:27 - 2016-03-28 00:27 - 0126464 _____ () C:\Users\Airton\AppData\Roaming\lobby.dat
2016-03-28 00:28 - 2016-03-28 00:28 - 0018432 _____ () C:\Users\Airton\AppData\Roaming\Main.dat
2016-03-28 00:27 - 2016-03-28 00:28 - 0005568 _____ () C:\Users\Airton\AppData\Roaming\md.xml
2016-03-28 00:25 - 2016-03-02 10:49 - 1888256 _____ () C:\Users\Airton\AppData\Roaming\msiql.exe
2016-03-28 00:28 - 2016-03-28 00:28 - 0126464 _____ () C:\Users\Airton\AppData\Roaming\noah.dat
2016-03-28 00:25 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\Airton\AppData\Roaming\service.exe
2016-03-28 00:27 - 2016-03-28 00:27 - 0848437 _____ () C:\Users\Airton\AppData\Roaming\StringZap.bin
2016-03-28 00:25 - 2016-03-28 00:25 - 2786816 _____ (TODO: ) C:\Users\Airton\AppData\Roaming\svrupg.exe
2016-03-27 21:38 - 2016-03-28 20:40 - 0000064 _____ () C:\Users\Airton\AppData\Roaming\WB.CFG
2016-03-28 00:25 - 2016-03-28 19:18 - 0015482 _____ () C:\Users\Airton\AppData\Roaming\webad.xml
2016-03-27 20:36 - 2016-03-27 20:36 - 0000097 _____ () C:\Users\Airton\AppData\Roaming\WindApp.boostrap.log
2016-03-28 00:26 - 2015-12-10 15:43 - 0600312 _____ () C:\Users\Airton\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-03-28 00:27 - 2016-03-28 00:25 - 1073152 _____ () C:\Users\Airton\AppData\Roaming\Zonefax.exe
2016-03-28 00:27 - 2016-03-28 00:27 - 0072706 _____ () C:\Users\Airton\AppData\Roaming\Zonefax.tst
2016-03-27 21:28 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-03-27 21:27 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-03-27 21:27 - 2016-03-02 13:36 - 1888256 _____ () C:\ProgramData\mspop.exe
2016-03-27 21:27 - 2016-03-27 21:26 - 1734656 _____ () C:\ProgramData\service.exe
2016-03-27 21:27 - 2016-03-27 21:27 - 0007347 _____ () C:\ProgramData\webad.xml
2016-03-27 21:52 - 2016-03-27 21:52 - 0000041 _____ () C:\ProgramData\xcgui_debug.txt
2016-03-27 21:27 - 2016-03-28 00:28 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Arquivos para serem movidos ou deletados:
====================
C:\Users\Airton\ppyymxkk.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\mspop.exe
C:\ProgramData\service.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\mspop.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Alguns arquivos em TEMP:
====================
C:\Users\Airton\AppData\Local\Temp\0CV94M70M1.exe
C:\Users\Airton\AppData\Local\Temp\10RY3FK8TX.exe
C:\Users\Airton\AppData\Local\Temp\1D93.tmp.exe
C:\Users\Airton\AppData\Local\Temp\2972.tmp.exe
C:\Users\Airton\AppData\Local\Temp\2CF1L3TRYO.exe
C:\Users\Airton\AppData\Local\Temp\37A3.tmp.exe
C:\Users\Airton\AppData\Local\Temp\6EDA.tmp.exe
C:\Users\Airton\AppData\Local\Temp\8B12.tmp.exe
C:\Users\Airton\AppData\Local\Temp\CC73.tmp.exe
C:\Users\Airton\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Airton\AppData\Local\Temp\D242.tmp.exe
C:\Users\Airton\AppData\Local\Temp\dxdiag.exe
C:\Users\Airton\AppData\Local\Temp\F74D.tmp.exe
C:\Users\Airton\AppData\Local\Temp\fcSLE.exe
C:\Users\Airton\AppData\Local\Temp\fsd86DB.exe
C:\Users\Airton\AppData\Local\Temp\fsd8A45.exe
C:\Users\Airton\AppData\Local\Temp\fsdE437.exe
C:\Users\Airton\AppData\Local\Temp\FVJYW5AQPV.exe
C:\Users\Airton\AppData\Local\Temp\GARQV3OD4F.exe
C:\Users\Airton\AppData\Local\Temp\i4jdel0.exe
C:\Users\Airton\AppData\Local\Temp\LF1Q67IF85.exe
C:\Users\Airton\AppData\Local\Temp\MediaPlayer__3137_il148421.exe
C:\Users\Airton\AppData\Local\Temp\msconfig.exe
C:\Users\Airton\AppData\Local\Temp\NSOAZQUD0R.exe
C:\Users\Airton\AppData\Local\Temp\OIOV5PLQL4.exe
C:\Users\Airton\AppData\Local\Temp\skskjmbvhtn.exe
C:\Users\Airton\AppData\Local\Temp\uninstall_temp_120417.exe
C:\Users\Airton\AppData\Local\Temp\wFzDu.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll
[2010-11-21 00:24] - [2015-12-05 13:54] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 00:24] - [2015-12-05 13:54] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll
[2010-11-21 00:24] - [2010-11-21 00:24] - 0357888 ____A (Microsoft Corporation) CCB7187191FE47568A7516FA61E637FF

C:\Windows\SysWOW64\dnsapi.dll
[2010-11-21 00:24] - [2010-11-21 00:24] - 0270336 ____A (Microsoft Corporation) 87D1A278FED2BF0DACFFAD1EDD09B167

C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-03-21 21:50

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité