Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01
Executado por Enilson Nunes (administrador) em PC-ITAUTEC (25-03-2016 13:34:16)
Executando a partir de C:\Users\Enilson Nunes\Desktop
Perfis Carregados: Enilson Nunes (Perfis Disponíveis: Enilson Nunes)
Platform: Windows Embedded 8.1 Industry Pro (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
() C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\jnsd6187.tmp
(tsvr.com) C:\Users\Enilson Nunes\AppData\Roaming\TSv\TSvr.exe
() C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Ilitsudg.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TData.com) C:\Program Files (x86)\TData\TData.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\hnsd7A9F.tmp
(Microsoft Corporation) C:\Users\Enilson Nunes\AppData\Roaming\XBox\XBLive.exe
() C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Kalme.exe
() C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Rogbu.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(VLOME) C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Bumalagoh ) C:\Users\Enilson Nunes\AppData\Local\Temp\10869\MediaDownloaderSetup.exe
() C:\Users\Enilson Nunes\AppData\Local\Setup Wizard\b365a1f9-a0b6-4382-9203-9bfa16a4433d\vlc-media-player.exe
(Skype Technologies S.A.) C:\Users\Enilson Nunes\AppData\Local\Setup Wizard\9c7e21cb-f415-4857-a231-d8cea099faf7\skypesetupfull.exe
() C:\Users\Enilson Nunes\AppData\Local\Temp\13678\Setup.exe
(Microsoft Corporation) C:\Windows\FileManager\FileManager.exe
() C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\knsmF4E2.tmp
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Users\Enilson Nunes\AppData\Roaming\cpuminer\cpm.exe
(skype.cog.cc) C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [cpuminer] => C:\Users\Enilson Nunes\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-02-29] ()
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [mbot_en_037050276] => [X]
HKLM-x32\...\Run: [sun3] => [X]
HKLM-x32\...\Run: [rec_en_233] => [X]
HKLM-x32\...\RunOnce: [Update] => C:\Users\Enilson Nunes\AppData\Roaming\ASPackage\ASPackage.exe /runonce
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036736 2016-03-23] ()
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Pritc] => C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe [2955264 2016-03-03] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [WindApp] => "C:\Users\Enilson Nunes\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Selection Tools] => "C:\Users\Enilson Nunes\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Only-search] => C:\Program Files (x86)\onlysearch\onlysearch\1.3.22.1\onlysearch.exe
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [Uninstall C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [Uninstall C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [UpdateTask] => [X]
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-09] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserJFile.lnk [2016-03-24]
ShortcutTarget: WebBrowserJFile.lnk -> C:\Program Files (x86)\JFileManager\WebBrowser.exe (Nenhum Arquivo)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-03-24] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{602AB845-4083-4776-A80A-561F6577ADE5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{C845E9C5-51BF-4DFA-AB6A-9A684534BB74}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKLM -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {EBC49DFA-65DD-4D8C-83DD-E88221ECDDD5} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=132174&q={searchTerms}&r=109
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Enilson Nunes\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-06-18] ()
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default
FF NewTab:
FF DefaultSearchEngine: Search The Web (Only-Search)
FF SelectedSearchEngine: Search The Web (Only-Search)
FF Homepage: hxxp://www.only-search.com/?babsrc=HP_kms&affID=132174
FF Keyword.URL:
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\onlysearchkms1.xml [2016-03-24]
FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\Search Provided by Yahoo.xml [2016-03-24]
FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\yoursites123.xml [2016-03-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml [2016-03-24]
FF Extension: Default NewTab - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\Extensions\default_newtabff@gmail.com [2016-03-24] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\extensions\deskCutv2@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\extensions\default_newtabff@gmail.com
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (Google Drive) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (Search Manager) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-03-24]
CHR Extension: (YouTube) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Google Sheets) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-25]
CHR Extension: (Yahoo!) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijepgjdjkdbopbnaopmlmobimmhjklhd [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
CHR Extension: (Gmail) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR Profile: C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-24]
CHR Extension: (Google Docs) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (Google Drive) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (Search Manager) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-03-24]
CHR Extension: (WhatsChrome) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-03-24]
CHR Extension: (YouTube) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Adblock Plus) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-24]
CHR Extension: (Tampermonkey) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-03-24]
CHR Extension: (Google Sheets) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-24]
CHR Extension: (WebMoney Advisor) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gclcmokkcfnjpghegbnebiokigholeli [2016-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-24]
CHR Extension: (Yahoo!) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijepgjdjkdbopbnaopmlmobimmhjklhd [2016-03-24]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll [2016-03-24]
CHR Extension: (Google Play) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
CHR Extension: (Gmail) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR HKU\S-1-5-21-1444870410-194518038-3171502822-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ijepgjdjkdbopbnaopmlmobimmhjklhd] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 cimusimezbt; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\knsmF4E2.tmp [246784 2016-03-24] () [Arquivo não assinado]
R2 gerocyni; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\jnsd6187.tmp [302080 2016-03-23] () [Arquivo não assinado]
R2 IhPul; C:\Users\Enilson Nunes\AppData\Roaming\TSv\TSvr.exe [291064 2016-03-23] (tsvr.com)
R2 Juchims; C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Ilitsudg.exe [174440 2016-03-23] ()
S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-24] (DotC United Inc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [167352 2016-03-21] (skype.cog.cc)
R2 TDataSvr; C:\Program Files (x86)\TData\TData.exe [104680 2016-03-24] (TData.com)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 wucotusy; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\hnsd7A9F.tmp [416256 2016-03-23] () [Arquivo não assinado]
R2 XBox; C:\Users\Enilson Nunes\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
S2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65856 2016-03-23] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U1 egg_protect; C:\Windows\EProtect_amd64.sys [20352 2016-03-25] ()
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-24] (DotC United Inc)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-25 13:24 - 2016-03-25 13:25 - 00027526 _____ C:\Users\Enilson Nunes\Desktop\Addition.txt
2016-03-25 13:22 - 2016-03-25 13:34 - 00025481 _____ C:\Users\Enilson Nunes\Desktop\FRST.txt
2016-03-25 13:22 - 2016-03-25 13:34 - 00000000 ____D C:\FRST
2016-03-25 13:21 - 2016-03-25 13:21 - 02374144 _____ (Farbar) C:\Users\Enilson Nunes\Desktop\FRST64.exe
2016-03-25 12:55 - 2016-03-25 12:55 - 00001102 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\VS Revo Group
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-25 12:55 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-03-25 12:54 - 2016-03-25 12:55 - 11199448 _____ (VS Revo Group ) C:\Users\Enilson Nunes\Downloads\RevoUninProSetup.exe
2016-03-25 12:49 - 2016-03-25 12:49 - 01188386 _____ C:\Users\Enilson Nunes\Downloads\deletedr.exe
2016-03-25 12:19 - 2016-03-25 12:19 - 00020352 _____ C:\Windows\EProtect_amd64.sys
2016-03-24 17:45 - 2016-03-24 17:46 - 00940359 _____ C:\Users\Enilson Nunes\Downloads\Plugin (1).zip
2016-03-24 17:44 - 2016-03-24 17:44 - 00060632 _____ C:\Users\Enilson Nunes\Downloads\Plugin [1].exe
2016-03-24 17:43 - 2016-03-24 17:43 - 00940359 _____ C:\Users\Enilson Nunes\Downloads\Plugin.zip
2016-03-24 17:29 - 2016-03-24 17:29 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-24 17:29 - 2016-03-24 17:29 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-24 17:28 - 2016-03-25 13:33 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-24 17:28 - 2016-03-24 17:33 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-24 17:28 - 2016-03-24 17:28 - 00004076 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-24 17:28 - 2016-03-24 17:28 - 00003840 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-24 17:24 - 2016-03-24 17:24 - 00987728 _____ (Google Inc.) C:\Users\Enilson Nunes\Downloads\ChromeSetup.exe
2016-03-24 17:08 - 2016-03-24 17:08 - 00000714 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChromeSetup.lnk
2016-03-24 16:49 - 2016-03-24 16:49 - 00480560 _____ C:\Users\Enilson Nunes\Downloads\adobe_flash_player-103869245.exe
2016-03-24 16:48 - 2016-03-24 16:48 - 01034904 _____ ( ) C:\Users\Enilson Nunes\Downloads\JavaPlugin.exe
2016-03-24 16:41 - 2016-03-24 16:41 - 00000985 _____ C:\Users\Enilson Nunes\Desktop\Advertisement.url
2016-03-24 16:39 - 2016-03-25 11:59 - 00000001 _____ C:\Windows\SysWOW64\br.html
2016-03-24 15:18 - 2016-03-25 13:19 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-24 15:18 - 2016-03-24 15:18 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-24 15:11 - 2016-03-24 18:17 - 00000380 ____H C:\Windows\Tasks\VLEBCLKPVFUXCULF.job
2016-03-24 15:11 - 2016-03-24 15:37 - 00000000 ____D C:\Users\Todos os Usuários\LolliScan
2016-03-24 15:11 - 2016-03-24 15:37 - 00000000 ____D C:\ProgramData\LolliScan
2016-03-24 15:11 - 2016-03-24 15:11 - 00003404 _____ C:\Windows\System32\Tasks\VLEBCLKPVFUXCULF
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\Users\Todos os Usuários\Service7609
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\Users\Todos os Usuários\7c0535b143fc4671b6ebd202fbffe066
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\ProgramData\Service7609
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2016-03-24 14:43 - 2016-03-24 15:47 - 00000000 ____D C:\Program Files (x86)\MixVideoPlayer
2016-03-24 14:41 - 2016-03-24 14:41 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\node-webkit
2016-03-24 14:39 - 2016-03-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-03-24 14:31 - 2016-03-24 14:32 - 00001001 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-03-24 14:30 - 2016-03-24 14:47 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Gameo
2016-03-24 14:30 - 2016-03-24 14:30 - 00000181 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2016-03-24 14:30 - 2016-03-24 14:30 - 00000000 ___HD C:\Users\Enilson Nunes\AppData\Roaming\GoldenGate
2016-03-24 14:29 - 2016-03-24 14:47 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Gameo
2016-03-24 14:29 - 2016-03-24 14:28 - 05892175 _____ (MediaDownloader ) C:\Users\Enilson Nunes\Downloads\MediaDownloader.exe
2016-03-24 10:15 - 2016-03-24 10:15 - 00262144 _____ C:\Windows\Minidump\032416-29734-01.dmp
2016-03-24 10:14 - 2016-03-24 10:14 - 434138656 _____ C:\Windows\MEMORY.DMP
2016-03-24 10:01 - 2016-03-24 10:01 - 00000000 ____D C:\Users\Todos os Usuários\MWdMM
2016-03-24 10:01 - 2016-03-24 10:01 - 00000000 ____D C:\ProgramData\MWdMM
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Todos os Usuários\5495ea18-6e61-0
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Todos os Usuários\5495ea18-25d3-1
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\TSv
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\ProgramData\5495ea18-6e61-0
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\ProgramData\5495ea18-25d3-1
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 ____D C:\Windows\3
2016-03-24 09:56 - 2016-03-24 09:56 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\MCorp
2016-03-24 09:54 - 2016-03-24 10:09 - 00000072 _____ C:\Windows\SysWOW64\123.html
2016-03-24 09:52 - 2016-03-24 09:52 - 00000000 ____D C:\Windows\SysWOW64\_tWm
2016-03-24 09:45 - 2016-03-24 09:45 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\macpromosoft
2016-03-24 09:23 - 2016-03-24 14:23 - 00000336 _____ C:\Windows\Tasks\Price Fountain.job
2016-03-24 09:23 - 2016-03-24 09:23 - 00002674 _____ C:\Windows\System32\Tasks\Price Fountain
2016-03-24 09:23 - 2016-03-24 09:23 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\PriceFountain
2016-03-24 09:22 - 2016-03-24 14:34 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\PriceFountain
2016-03-24 09:22 - 2016-03-24 09:51 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-24 09:22 - 2016-03-24 09:22 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-03-24 09:19 - 2016-03-24 15:17 - 00004004 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2016-03-24 09:17 - 2016-03-24 14:28 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\WTools
2016-03-24 09:17 - 2016-03-24 10:02 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Store
2016-03-24 09:17 - 2016-03-24 09:57 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx
2016-03-24 09:17 - 2016-03-24 09:28 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-24 09:17 - 2016-03-24 09:28 - 00000000 ____D C:\ProgramData\System32
2016-03-24 09:16 - 2016-03-24 09:16 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\UG
2016-03-24 09:16 - 2016-03-24 09:16 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Nosibay
2016-03-24 09:15 - 2016-03-24 09:45 - 00000000 ____D C:\Program Files (x86)\UPCleaner
2016-03-24 09:15 - 2016-03-24 09:15 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\FrivLauncher
2016-03-24 09:14 - 2016-03-24 09:14 - 00002487 _____ C:\Windows\patsearch.bin
2016-03-24 09:14 - 2016-03-24 09:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2016-03-24 09:13 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Setup Wizard
2016-03-24 09:12 - 2016-03-24 09:53 - 00002992 _____ C:\Windows\System32\Tasks\Pritc
2016-03-24 09:12 - 2016-03-24 09:12 - 00003038 _____ C:\Windows\System32\Tasks\ttwifi
2016-03-24 09:12 - 2016-03-24 09:12 - 00002934 _____ C:\Windows\System32\Tasks\osTip
2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\XBox
2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-24 09:11 - 2016-03-24 09:11 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-03-24 08:38 - 2016-03-24 08:38 - 00000270 _____ C:\Users\Enilson Nunes\Documents\CorelDRAW Graphics Suite X7.txt
2016-03-24 08:38 - 2016-03-24 08:38 - 00000000 ____D C:\Users\Enilson Nunes\Documents\Minhas paletas
2016-03-24 08:29 - 2016-03-24 08:29 - 00000000 ____D C:\Program Files\Common Files\Corel
2016-03-24 08:25 - 2016-03-24 08:20 - 00003031 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2016-03-24 08:23 - 2016-03-24 08:23 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-03-24 08:21 - 2016-03-24 08:21 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-03-24 08:20 - 2016-03-24 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2016-03-24 08:19 - 2016-03-25 13:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1444870410-194518038-3171502822-1001
2016-03-24 08:19 - 2016-03-24 08:19 - 00000000 ____D C:\Program Files\Corel
2016-03-24 08:16 - 2016-03-24 08:28 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64
2016-03-24 08:16 - 2016-03-24 08:28 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2016-03-24 08:13 - 2016-03-24 08:13 - 00625240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-23 14:07 - 2016-03-23 14:07 - 00000000 ____D C:\Windows\system32\mox
2016-03-23 14:06 - 2016-03-24 10:01 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-23 14:06 - 2016-03-24 10:01 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-23 14:06 - 2016-03-23 14:06 - 00000000 ____D C:\Users\Todos os Usuários\HWdMH
2016-03-23 14:06 - 2016-03-23 14:06 - 00000000 ____D C:\ProgramData\HWdMH
2016-03-23 14:05 - 2016-03-24 07:53 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\mysites123
2016-03-23 14:04 - 2016-03-24 07:54 - 00000000 ____D C:\Program Files (x86)\Hostify
2016-03-23 14:01 - 2016-03-24 07:54 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-03-23 14:01 - 2016-03-23 14:01 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\tuto_monetize_1
2016-03-23 14:00 - 2016-03-24 18:17 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\gplyra
2016-03-23 14:00 - 2016-03-24 18:17 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\cpuminer
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\UPUpdata
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Company
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Tempfolder
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\uninst
2016-03-23 13:59 - 2016-03-23 14:00 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-03-23 11:12 - 2016-03-24 09:57 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\app
2016-03-23 11:10 - 2016-03-23 11:10 - 00000286 __RSH C:\Users\Enilson Nunes\ntuser.pol
2016-03-23 11:00 - 2016-03-23 11:35 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\8D1B9413-1458730809-C5E3-B271-1DED1F1F413A
2016-03-23 10:58 - 2016-03-25 11:54 - 00000000 ____D C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A
2016-03-23 10:58 - 2016-03-23 10:56 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-23 10:57 - 2016-03-24 09:58 - 00000000 ____D C:\Program Files (x86)\TData
2016-03-23 10:55 - 2016-03-23 10:55 - 00000000 ____D C:\Users\Enilson Nunes\Downloads\Torrentex
2016-03-23 10:51 - 2016-03-23 10:51 - 06128221 _____ C:\Users\Enilson Nunes\Downloads\CorelDraw Graphics Suit X6 Keygen _Serial Number Crack.rar
2016-03-23 10:24 - 2016-03-23 10:24 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2016-03-23 10:24 - 2016-03-23 10:24 - 00000000 ____D C:\ProgramData\Protexis
2016-03-23 10:18 - 2016-03-23 14:00 - 00065856 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-23 09:45 - 2016-03-23 09:53 - 528017024 _____ (Acresso Software Inc. ) C:\Users\Enilson Nunes\Downloads\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe
2016-03-15 16:00 - 2016-03-21 15:09 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Atos 27
2016-03-10 14:56 - 2016-03-10 14:56 - 00440714 _____ C:\Users\Enilson Nunes\Desktop\Celeiro Embutido.pdf
2016-03-10 10:29 - 2016-03-10 10:29 - 00000291 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira.lnk
2016-03-09 13:31 - 2016-03-09 13:32 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Nova pasta (2)
2016-03-02 11:08 - 2015-04-02 08:45 - 00532118 _____ C:\Users\Enilson Nunes\Desktop\Backup_of_propa new.cdr
2016-02-29 11:35 - 2016-02-29 11:35 - 00000042 _____ C:\Users\Enilson Nunes\AppData\Roaming\WB.CFG
2016-02-29 10:39 - 2016-03-21 16:35 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\MP3 Rocket
2016-02-29 10:39 - 2016-03-21 15:09 - 00000000 ____D C:\Users\Enilson Nunes\Incomplete
2016-02-29 10:39 - 2016-02-29 10:39 - 00000000 ____D C:\Users\Enilson Nunes\Documents\HyperCam3
2016-02-29 10:39 - 2016-02-29 10:39 - 00000000 ____D C:\Users\Enilson Nunes\.swt
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Todos os Usuários\Sun
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Sun
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Oracle
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\ProgramData\Sun
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\ProgramData\Oracle
2016-02-29 10:35 - 2016-03-24 17:45 - 00000818 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-02-29 10:35 - 2016-03-24 17:45 - 00000818 __RSH C:\ProgramData\ntuser.pol
2016-02-29 10:35 - 2016-02-29 10:38 - 30431144 _____ (Oracle Corporation) C:\Users\Enilson Nunes\Desktop\jre-8u31-windows-i586.exe
2016-02-29 10:35 - 2016-02-29 10:35 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-02-29 10:35 - 2016-02-29 10:35 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\PriceFountainUpdateVer
2016-02-29 10:33 - 2016-02-29 10:33 - 01430388 _____ (Lite Internet App ) C:\Users\Enilson Nunes\Downloads\MP3Rocket_Setup_Manager.exe
2016-02-29 10:22 - 2016-02-29 10:22 - 00706136 _____ (Reezaa.com ) C:\Users\Enilson Nunes\Downloads\mp3tageditor.exe
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-25 13:05 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-03-24 17:28 - 2016-01-04 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-24 17:11 - 2014-03-18 05:55 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-24 17:11 - 2014-03-18 05:27 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2016-03-24 17:11 - 2014-03-18 05:27 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2016-03-24 15:13 - 2015-12-30 16:58 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-24 15:12 - 2016-01-04 20:21 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Google
2016-03-24 14:42 - 2016-02-08 13:23 - 00000000 ___RD C:\Users\Enilson Nunes\OneDrive
2016-03-24 14:38 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-24 14:13 - 2016-01-23 20:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-24 10:24 - 2015-12-29 12:09 - 00000000 ____D C:\Users\Enilson Nunes
2016-03-24 10:15 - 2016-01-12 10:23 - 00000000 ____D C:\Windows\Minidump
2016-03-24 09:55 - 2015-12-29 12:09 - 00001721 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 08:56 - 2016-01-04 01:26 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-03-24 08:56 - 2016-01-04 01:26 - 00000000 ____D C:\ProgramData\Corel
2016-03-24 08:35 - 2016-01-04 05:27 - 00000000 ____D C:\Users\Todos os Usuários\Protexis64
2016-03-24 08:35 - 2016-01-04 05:27 - 00000000 ____D C:\ProgramData\Protexis64
2016-03-24 08:35 - 2013-04-03 01:31 - 00000000 ____D C:\Users\Enilson Nunes\Documents\Corel
2016-03-24 08:32 - 2016-01-04 05:27 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Corel
2016-03-24 08:09 - 2016-01-11 18:57 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\TeamViewer
2016-03-24 08:06 - 2015-07-17 00:25 - 00000000 ____D C:\Windows.old.001
2016-03-24 08:02 - 2015-12-29 10:37 - 00000000 ____D C:\Windows\Panther
2016-03-23 14:21 - 2015-06-22 19:05 - 00000270 _____ C:\Users\Enilson Nunes\Documents\CorelDRAW Graphics Suite X6.txt
2016-03-23 14:18 - 2016-01-04 01:29 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-03-23 14:18 - 2016-01-02 08:55 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X6
2016-03-23 14:18 - 2016-01-02 08:55 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2016-03-23 14:07 - 2015-12-30 17:28 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-03-23 14:07 - 2015-12-30 17:28 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-03-23 10:57 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-23 09:40 - 2016-02-16 10:22 - 00000000 ____D C:\Users\Enilson Nunes\Downloads\1
2016-03-20 15:33 - 2015-04-11 22:15 - 00000000 ____D C:\Users\Enilson Nunes\A Pregar
2016-03-18 13:29 - 2015-12-30 18:10 - 00000000 ____D C:\Users\Todos os Usuários\KMSAutoS
2016-03-18 13:29 - 2015-12-30 18:10 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-03-16 10:43 - 2015-09-02 08:10 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Forte Pão
2016-03-10 15:48 - 2015-10-01 19:48 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Embutidos celeiro
2016-03-10 14:11 - 2016-02-18 07:34 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\tunel de congelado celeiro
2016-02-29 09:53 - 2015-12-29 12:09 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Packages
2016-02-29 09:22 - 2016-02-08 13:30 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Lac
2016-02-29 09:18 - 2015-10-26 14:09 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Acobrar
2016-02-29 08:27 - 2015-11-22 13:32 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Nova pasta
==================== Arquivos na raiz de alguns diretórios =======
2016-03-24 09:16 - 2016-03-24 09:17 - 0001292 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-24 09:16 - 2016-03-24 09:17 - 0005761 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Bubble Dock.installation.log
2016-03-24 09:17 - 2016-03-24 09:17 - 0000078 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Selection Tools.installation.log
2016-02-29 11:35 - 2016-02-29 11:35 - 0000042 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WB.CFG
2016-03-24 09:16 - 2016-03-24 09:16 - 0000097 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WindApp.boostrap.log
2016-03-24 09:17 - 2016-03-24 09:17 - 0000078 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WindApp.installation.log
2016-03-23 14:06 - 2016-03-24 10:01 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Enilson Nunes\AppData\Local\Temp\260D.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\29da41ca244e4f799399c35fcd889891455037.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\30F6.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\94492374-D784-9438-D90A-88FF9BFD79E8.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\B267.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\BackupSetup.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\C5F2.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\DownPageDll.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\fsd139A.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\fsd5C3C.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\ICReinstall_260D.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\onlysetup.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\res.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\sqlite3.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\tmp3B0B.tmp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll
[2015-12-30 17:28] - [2016-03-23 14:07] - 0655360 ____A (Microsoft Corporation) 7B5CA8548225C300014540E4254BA86E
C:\Windows\SysWOW64\dnsapi.dll
[2015-12-30 17:28] - [2016-03-23 14:07] - 0494592 ____A (Microsoft Corporation) 3B8D00626BF63E1D94D3D2D59D3233B3
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-03-16 08:52
==================== Fim de FRST.txt ============================
Executado por Enilson Nunes (administrador) em PC-ITAUTEC (25-03-2016 13:34:16)
Executando a partir de C:\Users\Enilson Nunes\Desktop
Perfis Carregados: Enilson Nunes (Perfis Disponíveis: Enilson Nunes)
Platform: Windows Embedded 8.1 Industry Pro (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
() C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\jnsd6187.tmp
(tsvr.com) C:\Users\Enilson Nunes\AppData\Roaming\TSv\TSvr.exe
() C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Ilitsudg.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TData.com) C:\Program Files (x86)\TData\TData.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\hnsd7A9F.tmp
(Microsoft Corporation) C:\Users\Enilson Nunes\AppData\Roaming\XBox\XBLive.exe
() C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Kalme.exe
() C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Rogbu.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(VLOME) C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Bumalagoh ) C:\Users\Enilson Nunes\AppData\Local\Temp\10869\MediaDownloaderSetup.exe
() C:\Users\Enilson Nunes\AppData\Local\Setup Wizard\b365a1f9-a0b6-4382-9203-9bfa16a4433d\vlc-media-player.exe
(Skype Technologies S.A.) C:\Users\Enilson Nunes\AppData\Local\Setup Wizard\9c7e21cb-f415-4857-a231-d8cea099faf7\skypesetupfull.exe
() C:\Users\Enilson Nunes\AppData\Local\Temp\13678\Setup.exe
(Microsoft Corporation) C:\Windows\FileManager\FileManager.exe
() C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\knsmF4E2.tmp
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Users\Enilson Nunes\AppData\Roaming\cpuminer\cpm.exe
(skype.cog.cc) C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [cpuminer] => C:\Users\Enilson Nunes\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-02-29] ()
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [mbot_en_037050276] => [X]
HKLM-x32\...\Run: [sun3] => [X]
HKLM-x32\...\Run: [rec_en_233] => [X]
HKLM-x32\...\RunOnce: [Update] => C:\Users\Enilson Nunes\AppData\Roaming\ASPackage\ASPackage.exe /runonce
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036736 2016-03-23] ()
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Pritc] => C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe [2955264 2016-03-03] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [WindApp] => "C:\Users\Enilson Nunes\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Selection Tools] => "C:\Users\Enilson Nunes\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Only-search] => C:\Program Files (x86)\onlysearch\onlysearch\1.3.22.1\onlysearch.exe
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [Uninstall C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [Uninstall C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [UpdateTask] => [X]
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-09] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserJFile.lnk [2016-03-24]
ShortcutTarget: WebBrowserJFile.lnk -> C:\Program Files (x86)\JFileManager\WebBrowser.exe (Nenhum Arquivo)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo
Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-03-24] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{602AB845-4083-4776-A80A-561F6577ADE5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{C845E9C5-51BF-4DFA-AB6A-9A684534BB74}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro
HKU\S-1-5-21-1444870410-194518038-3171502822-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKLM -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {EBC49DFA-65DD-4D8C-83DD-E88221ECDDD5} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=132174&q={searchTerms}&r=109
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Enilson Nunes\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-06-18] ()
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default
FF NewTab:
FF DefaultSearchEngine: Search The Web (Only-Search)
FF SelectedSearchEngine: Search The Web (Only-Search)
FF Homepage: hxxp://www.only-search.com/?babsrc=HP_kms&affID=132174
FF Keyword.URL:
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\onlysearchkms1.xml [2016-03-24]
FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\Search Provided by Yahoo.xml [2016-03-24]
FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\yoursites123.xml [2016-03-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml [2016-03-24]
FF Extension: Default NewTab - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\Extensions\default_newtabff@gmail.com [2016-03-24] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\extensions\deskCutv2@gmail.com => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\extensions\default_newtabff@gmail.com
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (Google Drive) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (Search Manager) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-03-24]
CHR Extension: (YouTube) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Google Sheets) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-25]
CHR Extension: (Yahoo!) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijepgjdjkdbopbnaopmlmobimmhjklhd [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
CHR Extension: (Gmail) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR Profile: C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-24]
CHR Extension: (Google Docs) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24]
CHR Extension: (Google Drive) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24]
CHR Extension: (Search Manager) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-03-24]
CHR Extension: (WhatsChrome) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-03-24]
CHR Extension: (YouTube) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24]
CHR Extension: (Adblock Plus) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-24]
CHR Extension: (Tampermonkey) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-03-24]
CHR Extension: (Google Sheets) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-24]
CHR Extension: (WebMoney Advisor) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gclcmokkcfnjpghegbnebiokigholeli [2016-03-24]
CHR Extension: (Google Docs Offline) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24]
CHR Extension: (AdBlock) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-24]
CHR Extension: (Yahoo!) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijepgjdjkdbopbnaopmlmobimmhjklhd [2016-03-24]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll [2016-03-24]
CHR Extension: (Google Play) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24]
CHR Extension: (Gmail) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24]
CHR HKU\S-1-5-21-1444870410-194518038-3171502822-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ijepgjdjkdbopbnaopmlmobimmhjklhd] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 cimusimezbt; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\knsmF4E2.tmp [246784 2016-03-24] () [Arquivo não assinado]
R2 gerocyni; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\jnsd6187.tmp [302080 2016-03-23] () [Arquivo não assinado]
R2 IhPul; C:\Users\Enilson Nunes\AppData\Roaming\TSv\TSvr.exe [291064 2016-03-23] (tsvr.com)
R2 Juchims; C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Ilitsudg.exe [174440 2016-03-23] ()
S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-24] (DotC United Inc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [167352 2016-03-21] (skype.cog.cc)
R2 TDataSvr; C:\Program Files (x86)\TData\TData.exe [104680 2016-03-24] (TData.com)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 wucotusy; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\hnsd7A9F.tmp [416256 2016-03-23] () [Arquivo não assinado]
R2 XBox; C:\Users\Enilson Nunes\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
S2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65856 2016-03-23] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
U1 egg_protect; C:\Windows\EProtect_amd64.sys [20352 2016-03-25] ()
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-24] (DotC United Inc)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-25 13:24 - 2016-03-25 13:25 - 00027526 _____ C:\Users\Enilson Nunes\Desktop\Addition.txt
2016-03-25 13:22 - 2016-03-25 13:34 - 00025481 _____ C:\Users\Enilson Nunes\Desktop\FRST.txt
2016-03-25 13:22 - 2016-03-25 13:34 - 00000000 ____D C:\FRST
2016-03-25 13:21 - 2016-03-25 13:21 - 02374144 _____ (Farbar) C:\Users\Enilson Nunes\Desktop\FRST64.exe
2016-03-25 12:55 - 2016-03-25 12:55 - 00001102 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\VS Revo Group
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-25 12:55 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-03-25 12:54 - 2016-03-25 12:55 - 11199448 _____ (VS Revo Group ) C:\Users\Enilson Nunes\Downloads\RevoUninProSetup.exe
2016-03-25 12:49 - 2016-03-25 12:49 - 01188386 _____ C:\Users\Enilson Nunes\Downloads\deletedr.exe
2016-03-25 12:19 - 2016-03-25 12:19 - 00020352 _____ C:\Windows\EProtect_amd64.sys
2016-03-24 17:45 - 2016-03-24 17:46 - 00940359 _____ C:\Users\Enilson Nunes\Downloads\Plugin (1).zip
2016-03-24 17:44 - 2016-03-24 17:44 - 00060632 _____ C:\Users\Enilson Nunes\Downloads\Plugin [1].exe
2016-03-24 17:43 - 2016-03-24 17:43 - 00940359 _____ C:\Users\Enilson Nunes\Downloads\Plugin.zip
2016-03-24 17:29 - 2016-03-24 17:29 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-24 17:29 - 2016-03-24 17:29 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-24 17:28 - 2016-03-25 13:33 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-24 17:28 - 2016-03-24 17:33 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-24 17:28 - 2016-03-24 17:28 - 00004076 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-24 17:28 - 2016-03-24 17:28 - 00003840 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-24 17:24 - 2016-03-24 17:24 - 00987728 _____ (Google Inc.) C:\Users\Enilson Nunes\Downloads\ChromeSetup.exe
2016-03-24 17:08 - 2016-03-24 17:08 - 00000714 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChromeSetup.lnk
2016-03-24 16:49 - 2016-03-24 16:49 - 00480560 _____ C:\Users\Enilson Nunes\Downloads\adobe_flash_player-103869245.exe
2016-03-24 16:48 - 2016-03-24 16:48 - 01034904 _____ ( ) C:\Users\Enilson Nunes\Downloads\JavaPlugin.exe
2016-03-24 16:41 - 2016-03-24 16:41 - 00000985 _____ C:\Users\Enilson Nunes\Desktop\Advertisement.url
2016-03-24 16:39 - 2016-03-25 11:59 - 00000001 _____ C:\Windows\SysWOW64\br.html
2016-03-24 15:18 - 2016-03-25 13:19 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-24 15:18 - 2016-03-24 15:18 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-24 15:11 - 2016-03-24 18:17 - 00000380 ____H C:\Windows\Tasks\VLEBCLKPVFUXCULF.job
2016-03-24 15:11 - 2016-03-24 15:37 - 00000000 ____D C:\Users\Todos os Usuários\LolliScan
2016-03-24 15:11 - 2016-03-24 15:37 - 00000000 ____D C:\ProgramData\LolliScan
2016-03-24 15:11 - 2016-03-24 15:11 - 00003404 _____ C:\Windows\System32\Tasks\VLEBCLKPVFUXCULF
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\Users\Todos os Usuários\Service7609
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\Users\Todos os Usuários\7c0535b143fc4671b6ebd202fbffe066
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\ProgramData\Service7609
2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2016-03-24 14:43 - 2016-03-24 15:47 - 00000000 ____D C:\Program Files (x86)\MixVideoPlayer
2016-03-24 14:41 - 2016-03-24 14:41 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\node-webkit
2016-03-24 14:39 - 2016-03-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-03-24 14:31 - 2016-03-24 14:32 - 00001001 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-03-24 14:30 - 2016-03-24 14:47 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Gameo
2016-03-24 14:30 - 2016-03-24 14:30 - 00000181 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2016-03-24 14:30 - 2016-03-24 14:30 - 00000000 ___HD C:\Users\Enilson Nunes\AppData\Roaming\GoldenGate
2016-03-24 14:29 - 2016-03-24 14:47 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Gameo
2016-03-24 14:29 - 2016-03-24 14:28 - 05892175 _____ (MediaDownloader ) C:\Users\Enilson Nunes\Downloads\MediaDownloader.exe
2016-03-24 10:15 - 2016-03-24 10:15 - 00262144 _____ C:\Windows\Minidump\032416-29734-01.dmp
2016-03-24 10:14 - 2016-03-24 10:14 - 434138656 _____ C:\Windows\MEMORY.DMP
2016-03-24 10:01 - 2016-03-24 10:01 - 00000000 ____D C:\Users\Todos os Usuários\MWdMM
2016-03-24 10:01 - 2016-03-24 10:01 - 00000000 ____D C:\ProgramData\MWdMM
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Todos os Usuários\5495ea18-6e61-0
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Todos os Usuários\5495ea18-25d3-1
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\TSv
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\ProgramData\5495ea18-6e61-0
2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\ProgramData\5495ea18-25d3-1
2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 ____D C:\Windows\3
2016-03-24 09:56 - 2016-03-24 09:56 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\MCorp
2016-03-24 09:54 - 2016-03-24 10:09 - 00000072 _____ C:\Windows\SysWOW64\123.html
2016-03-24 09:52 - 2016-03-24 09:52 - 00000000 ____D C:\Windows\SysWOW64\_tWm
2016-03-24 09:45 - 2016-03-24 09:45 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\macpromosoft
2016-03-24 09:23 - 2016-03-24 14:23 - 00000336 _____ C:\Windows\Tasks\Price Fountain.job
2016-03-24 09:23 - 2016-03-24 09:23 - 00002674 _____ C:\Windows\System32\Tasks\Price Fountain
2016-03-24 09:23 - 2016-03-24 09:23 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\PriceFountain
2016-03-24 09:22 - 2016-03-24 14:34 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\PriceFountain
2016-03-24 09:22 - 2016-03-24 09:51 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-24 09:22 - 2016-03-24 09:22 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-03-24 09:19 - 2016-03-24 15:17 - 00004004 _____ C:\Windows\System32\Tasks\LaunchPreSignup
2016-03-24 09:17 - 2016-03-24 14:28 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\WTools
2016-03-24 09:17 - 2016-03-24 10:02 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Store
2016-03-24 09:17 - 2016-03-24 09:57 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx
2016-03-24 09:17 - 2016-03-24 09:28 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-24 09:17 - 2016-03-24 09:28 - 00000000 ____D C:\ProgramData\System32
2016-03-24 09:16 - 2016-03-24 09:16 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\UG
2016-03-24 09:16 - 2016-03-24 09:16 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Nosibay
2016-03-24 09:15 - 2016-03-24 09:45 - 00000000 ____D C:\Program Files (x86)\UPCleaner
2016-03-24 09:15 - 2016-03-24 09:15 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\FrivLauncher
2016-03-24 09:14 - 2016-03-24 09:14 - 00002487 _____ C:\Windows\patsearch.bin
2016-03-24 09:14 - 2016-03-24 09:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2016-03-24 09:13 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Setup Wizard
2016-03-24 09:12 - 2016-03-24 09:53 - 00002992 _____ C:\Windows\System32\Tasks\Pritc
2016-03-24 09:12 - 2016-03-24 09:12 - 00003038 _____ C:\Windows\System32\Tasks\ttwifi
2016-03-24 09:12 - 2016-03-24 09:12 - 00002934 _____ C:\Windows\System32\Tasks\osTip
2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\XBox
2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-24 09:11 - 2016-03-24 09:11 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-03-24 08:38 - 2016-03-24 08:38 - 00000270 _____ C:\Users\Enilson Nunes\Documents\CorelDRAW Graphics Suite X7.txt
2016-03-24 08:38 - 2016-03-24 08:38 - 00000000 ____D C:\Users\Enilson Nunes\Documents\Minhas paletas
2016-03-24 08:29 - 2016-03-24 08:29 - 00000000 ____D C:\Program Files\Common Files\Corel
2016-03-24 08:25 - 2016-03-24 08:20 - 00003031 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2016-03-24 08:23 - 2016-03-24 08:23 - 00000000 ____D C:\Program Files\Common Files\Protexis
2016-03-24 08:21 - 2016-03-24 08:21 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-03-24 08:20 - 2016-03-24 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2016-03-24 08:19 - 2016-03-25 13:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1444870410-194518038-3171502822-1001
2016-03-24 08:19 - 2016-03-24 08:19 - 00000000 ____D C:\Program Files\Corel
2016-03-24 08:16 - 2016-03-24 08:28 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64
2016-03-24 08:16 - 2016-03-24 08:28 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2016-03-24 08:13 - 2016-03-24 08:13 - 00625240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-23 14:07 - 2016-03-23 14:07 - 00000000 ____D C:\Windows\system32\mox
2016-03-23 14:06 - 2016-03-24 10:01 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-23 14:06 - 2016-03-24 10:01 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-23 14:06 - 2016-03-23 14:06 - 00000000 ____D C:\Users\Todos os Usuários\HWdMH
2016-03-23 14:06 - 2016-03-23 14:06 - 00000000 ____D C:\ProgramData\HWdMH
2016-03-23 14:05 - 2016-03-24 07:53 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\mysites123
2016-03-23 14:04 - 2016-03-24 07:54 - 00000000 ____D C:\Program Files (x86)\Hostify
2016-03-23 14:01 - 2016-03-24 07:54 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-03-23 14:01 - 2016-03-23 14:01 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\tuto_monetize_1
2016-03-23 14:00 - 2016-03-24 18:17 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\gplyra
2016-03-23 14:00 - 2016-03-24 18:17 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\cpuminer
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\UPUpdata
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Company
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Tempfolder
2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\uninst
2016-03-23 13:59 - 2016-03-23 14:00 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-03-23 11:12 - 2016-03-24 09:57 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\app
2016-03-23 11:10 - 2016-03-23 11:10 - 00000286 __RSH C:\Users\Enilson Nunes\ntuser.pol
2016-03-23 11:00 - 2016-03-23 11:35 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\8D1B9413-1458730809-C5E3-B271-1DED1F1F413A
2016-03-23 10:58 - 2016-03-25 11:54 - 00000000 ____D C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A
2016-03-23 10:58 - 2016-03-23 10:56 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-23 10:57 - 2016-03-24 09:58 - 00000000 ____D C:\Program Files (x86)\TData
2016-03-23 10:55 - 2016-03-23 10:55 - 00000000 ____D C:\Users\Enilson Nunes\Downloads\Torrentex
2016-03-23 10:51 - 2016-03-23 10:51 - 06128221 _____ C:\Users\Enilson Nunes\Downloads\CorelDraw Graphics Suit X6 Keygen _Serial Number Crack.rar
2016-03-23 10:24 - 2016-03-23 10:24 - 00000000 ____D C:\Users\Todos os Usuários\Protexis
2016-03-23 10:24 - 2016-03-23 10:24 - 00000000 ____D C:\ProgramData\Protexis
2016-03-23 10:18 - 2016-03-23 14:00 - 00065856 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-23 09:45 - 2016-03-23 09:53 - 528017024 _____ (Acresso Software Inc. ) C:\Users\Enilson Nunes\Downloads\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe
2016-03-15 16:00 - 2016-03-21 15:09 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Atos 27
2016-03-10 14:56 - 2016-03-10 14:56 - 00440714 _____ C:\Users\Enilson Nunes\Desktop\Celeiro Embutido.pdf
2016-03-10 10:29 - 2016-03-10 10:29 - 00000291 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira.lnk
2016-03-09 13:31 - 2016-03-09 13:32 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Nova pasta (2)
2016-03-02 11:08 - 2015-04-02 08:45 - 00532118 _____ C:\Users\Enilson Nunes\Desktop\Backup_of_propa new.cdr
2016-02-29 11:35 - 2016-02-29 11:35 - 00000042 _____ C:\Users\Enilson Nunes\AppData\Roaming\WB.CFG
2016-02-29 10:39 - 2016-03-21 16:35 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\MP3 Rocket
2016-02-29 10:39 - 2016-03-21 15:09 - 00000000 ____D C:\Users\Enilson Nunes\Incomplete
2016-02-29 10:39 - 2016-02-29 10:39 - 00000000 ____D C:\Users\Enilson Nunes\Documents\HyperCam3
2016-02-29 10:39 - 2016-02-29 10:39 - 00000000 ____D C:\Users\Enilson Nunes\.swt
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Todos os Usuários\Sun
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Sun
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Oracle
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\ProgramData\Sun
2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\ProgramData\Oracle
2016-02-29 10:35 - 2016-03-24 17:45 - 00000818 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-02-29 10:35 - 2016-03-24 17:45 - 00000818 __RSH C:\ProgramData\ntuser.pol
2016-02-29 10:35 - 2016-02-29 10:38 - 30431144 _____ (Oracle Corporation) C:\Users\Enilson Nunes\Desktop\jre-8u31-windows-i586.exe
2016-02-29 10:35 - 2016-02-29 10:35 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-02-29 10:35 - 2016-02-29 10:35 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\PriceFountainUpdateVer
2016-02-29 10:33 - 2016-02-29 10:33 - 01430388 _____ (Lite Internet App ) C:\Users\Enilson Nunes\Downloads\MP3Rocket_Setup_Manager.exe
2016-02-29 10:22 - 2016-02-29 10:22 - 00706136 _____ (Reezaa.com ) C:\Users\Enilson Nunes\Downloads\mp3tageditor.exe
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-03-25 13:05 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-03-24 17:28 - 2016-01-04 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-24 17:11 - 2014-03-18 05:55 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-24 17:11 - 2014-03-18 05:27 - 00774900 _____ C:\Windows\system32\prfh0416.dat
2016-03-24 17:11 - 2014-03-18 05:27 - 00158494 _____ C:\Windows\system32\prfc0416.dat
2016-03-24 15:13 - 2015-12-30 16:58 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-24 15:12 - 2016-01-04 20:21 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Google
2016-03-24 14:42 - 2016-02-08 13:23 - 00000000 ___RD C:\Users\Enilson Nunes\OneDrive
2016-03-24 14:38 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-24 14:13 - 2016-01-23 20:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-24 10:24 - 2015-12-29 12:09 - 00000000 ____D C:\Users\Enilson Nunes
2016-03-24 10:15 - 2016-01-12 10:23 - 00000000 ____D C:\Windows\Minidump
2016-03-24 09:55 - 2015-12-29 12:09 - 00001721 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-24 08:56 - 2016-01-04 01:26 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-03-24 08:56 - 2016-01-04 01:26 - 00000000 ____D C:\ProgramData\Corel
2016-03-24 08:35 - 2016-01-04 05:27 - 00000000 ____D C:\Users\Todos os Usuários\Protexis64
2016-03-24 08:35 - 2016-01-04 05:27 - 00000000 ____D C:\ProgramData\Protexis64
2016-03-24 08:35 - 2013-04-03 01:31 - 00000000 ____D C:\Users\Enilson Nunes\Documents\Corel
2016-03-24 08:32 - 2016-01-04 05:27 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Corel
2016-03-24 08:09 - 2016-01-11 18:57 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\TeamViewer
2016-03-24 08:06 - 2015-07-17 00:25 - 00000000 ____D C:\Windows.old.001
2016-03-24 08:02 - 2015-12-29 10:37 - 00000000 ____D C:\Windows\Panther
2016-03-23 14:21 - 2015-06-22 19:05 - 00000270 _____ C:\Users\Enilson Nunes\Documents\CorelDRAW Graphics Suite X6.txt
2016-03-23 14:18 - 2016-01-04 01:29 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-03-23 14:18 - 2016-01-02 08:55 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X6
2016-03-23 14:18 - 2016-01-02 08:55 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2016-03-23 14:07 - 2015-12-30 17:28 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-03-23 14:07 - 2015-12-30 17:28 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-03-23 10:57 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-23 09:40 - 2016-02-16 10:22 - 00000000 ____D C:\Users\Enilson Nunes\Downloads\1
2016-03-20 15:33 - 2015-04-11 22:15 - 00000000 ____D C:\Users\Enilson Nunes\A Pregar
2016-03-18 13:29 - 2015-12-30 18:10 - 00000000 ____D C:\Users\Todos os Usuários\KMSAutoS
2016-03-18 13:29 - 2015-12-30 18:10 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-03-16 10:43 - 2015-09-02 08:10 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Forte Pão
2016-03-10 15:48 - 2015-10-01 19:48 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Embutidos celeiro
2016-03-10 14:11 - 2016-02-18 07:34 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\tunel de congelado celeiro
2016-02-29 09:53 - 2015-12-29 12:09 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Packages
2016-02-29 09:22 - 2016-02-08 13:30 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Lac
2016-02-29 09:18 - 2015-10-26 14:09 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Acobrar
2016-02-29 08:27 - 2015-11-22 13:32 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Nova pasta
==================== Arquivos na raiz de alguns diretórios =======
2016-03-24 09:16 - 2016-03-24 09:17 - 0001292 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-24 09:16 - 2016-03-24 09:17 - 0005761 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Bubble Dock.installation.log
2016-03-24 09:17 - 2016-03-24 09:17 - 0000078 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Selection Tools.installation.log
2016-02-29 11:35 - 2016-02-29 11:35 - 0000042 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WB.CFG
2016-03-24 09:16 - 2016-03-24 09:16 - 0000097 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WindApp.boostrap.log
2016-03-24 09:17 - 2016-03-24 09:17 - 0000078 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WindApp.installation.log
2016-03-23 14:06 - 2016-03-24 10:01 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Enilson Nunes\AppData\Local\Temp\260D.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\29da41ca244e4f799399c35fcd889891455037.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\30F6.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\94492374-D784-9438-D90A-88FF9BFD79E8.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\B267.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\BackupSetup.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\C5F2.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\DownPageDll.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\fsd139A.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\fsd5C3C.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\ICReinstall_260D.tmp.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\onlysetup.exe
C:\Users\Enilson Nunes\AppData\Local\Temp\res.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\sqlite3.dll
C:\Users\Enilson Nunes\AppData\Local\Temp\tmp3B0B.tmp.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll
[2015-12-30 17:28] - [2016-03-23 14:07] - 0655360 ____A (Microsoft Corporation) 7B5CA8548225C300014540E4254BA86E
C:\Windows\SysWOW64\dnsapi.dll
[2015-12-30 17:28] - [2016-03-23 14:07] - 0494592 ____A (Microsoft Corporation) 3B8D00626BF63E1D94D3D2D59D3233B3
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-03-16 08:52
==================== Fim de FRST.txt ============================