Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01
Executado por Usuario (administrador) em CPU (01-04-2016 14:57:38)
Executando a partir de C:\Users\Usuario\Desktop
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario & DefaultAppPool)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\ProgramData\Airtostrong\Airtostrong.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
() C:\Users\Usuario\AppData\Roaming\DensOfe\Momroak.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
() C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\knsqB2F8.tmp
() C:\Users\Usuario\AppData\Roaming\Xosypujn\Xosypujn.exe
() C:\Users\Usuario\AppData\Roaming\Xosypujn\Kiowtocj.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Sound+\idsccom_3B0.exe
() C:\Program Files\badu\uc.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Program Files\Hostify\idsccom_7WK.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
(BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Nex\NexServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe
(mycomputer) C:\Windows\Terms.exe
() C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\jnsrC477.tmp
() C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
(BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\pg_ctl.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\hnsr34E7.tmp
(Serasa Experian) C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(skype.cog.cc) C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
() C:\Program Files\SFK\SSFK.exe
() C:\Program Files\SFK\SSFK.exe
() C:\Users\Usuario\AppData\Local\Hotdox.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TFuns LIMITED) C:\ProgramData\1WdM1\WdMan.exe
() C:\Program Files\Microsoft Ucuqqs\Xftnwmx.exe
(mycomputer) C:\Program Files\Microsoft Hsampe\Xiqnppr.exe
() C:\Users\Usuario\AppData\Roaming\msiql.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
() C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Nex\NexAdmin.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Program Files\Sound+\idsccom_3B0.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
() C:\Program Files\Hostify\idsccom_7WK.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sound+\idsccom_3B0.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Usuario\AppData\Local\Temp\nsr4DB3.tmp
() C:\Windows\Temp\5BB7.tmp
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E\qnshA16F.tmp
() C:\Windows\Temp\5BCB.tmp
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: E - E:\SISetup.exe
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: {74c4a4f1-5c66-11e5-8f96-40167ebbc09e} - E:\SISetup.exe
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: {bb542486-5140-11e4-9aa8-806e6f6e6963} - W:\Setup.exe
AppInit_DLLs: C:\ProgramData\Airtostrong\Opestring.dll => C:\ProgramData\Airtostrong\Opestring.dll [257536 2016-04-01] ()
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nex-Serv.lnk [2016-03-31]
ShortcutTarget: Nex-Serv.lnk -> C:\Nex\NexServ.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Select a coupon.lnk [2015-09-16]
ShortcutTarget: Select a coupon.lnk -> C:\Program Files\EPSON\TMCommandEmulator\PopupWindow.exe (Seiko Epson Corporation)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-03-31] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E89417A4-827D-471F-ACE5-2E475B051077}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E89417A4-827D-471F-ACE5-2E475B051077}: [DhcpNameServer] 192.168.0.201
Tcpip\..\Interfaces\{FEADCE91-D9C7-4964-B0EA-4C6ED43AF53B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{FEADCE91-D9C7-4964-B0EA-4C6ED43AF53B}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBe-mc7MEemWbgzImDkIn5e4tivxX3Y7bH6bSPY0w7PweuxqwmKYG6I1cfQjajcyASjDlGfAG4P3YrBUCNh5BGxKXMGAvsI,
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> DefaultScope {38DDAB9B-6BFA-4568-88A6-86147209AFB9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {196F7251-90F6-4797-A3A4-B97B4F1AB45B} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {38DDAB9B-6BFA-4568-88A6-86147209AFB9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {73C82343-A6CD-4D84-B16A-2792581DD4BF} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV
FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: C:\ProgramData\Airtostrongs\ff.NT
FF DefaultSearchEngine: yessearches
FF SelectedSearchEngine: hohosearch
FF Homepage: C:\ProgramData\Airtostrongs\ff.HP
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=4A9F023F3360E18BDA58C065519EAC39&ptid=sqr1&ts=AHEpCHEoBX4qB0..&v=20160329&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3040219184-3333377178-3428145551-1000: gastecnologia.com.br/sf/bb -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-08-15] (GAS Tecnologia)
FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\user.js [2016-04-01]
FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-04-01]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\searchplugins\DD1B66D4.xml [2016-03-31]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\searchplugins\yahoo_ff.xml [2016-01-15]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-31]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\findit.xml [2016-04-01]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo_ff.xml [2016-01-15]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yessearches.xml [2016-03-31]
FF Extension: FirefixTab - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com [2016-03-31] [não assinado]
FF Extension: Adblock Plus - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: GsearchFinder - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29]
FF Extension: Adblock Plus - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvGoPydbHPSYngPp2DO0WbQcD8_gFuRaD6yA2Hvu4d0j_rpn-o4s3B62aJRWiHx8pmeahMXyAe4zXLkd-USOmRgWZpI1qk,
CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvKqmfBM9uKAcolvOFP22RbkahJJKYCBTXkP2YS8ZfzeIzA3QCoj-Vp-DISEn9ti_vm4AmG9oNrAfYq8p8CuNrTT50G3d0,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-04]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-01]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Wiki Search.me) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip [2016-04-01]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Yahoo Web) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-04]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [528896 2016-03-29] () [Arquivo não assinado]
R2 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2016-03-31] (Autodesk) [Arquivo não assinado]
R2 Befbie; C:\Users\Usuario\AppData\Roaming\DensOfe\Momroak.exe [125792 2016-03-31] () [Arquivo não assinado]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-03-31] () [Arquivo não assinado] <==== ATENÇÃO
R2 cehysojizbt; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\knsqB2F8.tmp [263680 2016-04-01] () [Arquivo não assinado]
R2 Cidsooj; C:\Users\Usuario\AppData\Roaming\Xosypujn\Xosypujn.exe [174432 2016-03-31] () [Arquivo não assinado]
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1162752 2016-03-31] () [Arquivo não assinado]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-01-29] (Intel Corporation)
R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [334848 2014-08-22] (SEIKO EPSON CORPORATION) [Arquivo não assinado]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [409600 2014-08-22] (SEIKO EPSON CORPORATION) [Arquivo não assinado]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 gerocyni; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\jnsrC477.tmp [302080 2016-03-31] () [Arquivo não assinado]
S2 ggbugreport; C:\Program Files\SearchesToYesbnd\bugreport.exe [1609280 2016-03-29] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\Users\Usuario\AppData\Roaming\svrupg.exe [2767872 2016-04-01] (TODO: ) [Arquivo não assinado]
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 mi-raysat_3dsmax9_32; C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [Arquivo não assinado]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 postgresql-9.2; D:\Zeus\PostgreSQL\9.2.9\bin\pg_ctl.exe [75776 2014-07-22] (PostgreSQL Global Development Group) [Arquivo não assinado]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 rijufoze; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\hnsr34E7.tmp [138240 2016-03-31] () [Arquivo não assinado]
R2 SerasaUpdate; C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe [29696 2014-04-11] (Serasa Experian) [Arquivo não assinado]
R2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [167352 2016-03-21] (skype.cog.cc)
R2 SSFK; C:\Program Files\SFK\SSFK.exe [173760 2016-03-31] ()
S2 sulpnar; C:\ProgramData\\sulpnar\\sulpnar.exe [528384 2016-04-01] () [Arquivo não assinado]
S2 SuperProServer; C:\Windows\Terms.exe [434238 2016-03-29] (mycomputer) [Arquivo não assinado]
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
R2 updaiqarodwntrauwxat; C:\Users\Usuario\AppData\Local\Hotdox.exe [28160 2016-03-31] () [Arquivo não assinado]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WdMan; C:\ProgramData\1WdM1\WdMan.exe [304808 2016-03-31] (TFuns LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 Winsere; C:\Program Files\Winsere\Winsere\Winsere.exe [316472 2016-03-29] ()
S2 Wskhjj lfwufffg; C:\Program Files\Microsoft Hsampe\Xiqnppr.exe [331776 2016-04-01] (mycomputer) [Arquivo não assinado]
U2 Wsmdsn srjlyihz; C:\Program Files\Microsoft Ucuqqs\Xftnwmx.exe [471102 2016-04-01] () [Arquivo não assinado]
S2 XBox; C:\Users\Usuario\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
R2 zigipyro; C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E\qnshA16F.tmp [158720 2015-12-26] () [Arquivo não assinado]
S2 Fghij Lmnopqr64 Tuab; C:\Windows\system32\buybfd.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-03-31] (Cherimoya Ltd)
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [19592 2012-06-22] (SEIKO EPSON CORPORATION)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-11-25] (GAS Tecnologia)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-10-31] (GAS Tecnologia)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1823344 2011-11-11] (VIA Technologies, Inc.)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-17] (CyberLink Corp.)
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2012-03-01] (Seiko Epson Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-01 14:57 - 2016-04-01 14:58 - 00025855 _____ C:\Users\Usuario\Desktop\FRST.txt
2016-04-01 14:57 - 2016-04-01 14:57 - 00000000 ____D C:\FRST
2016-04-01 14:55 - 2016-04-01 14:55 - 01725440 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe
2016-04-01 14:49 - 2016-04-01 14:49 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UPUpdata
2016-04-01 14:49 - 2016-04-01 14:49 - 00000000 ____D C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E
2016-04-01 14:22 - 2016-04-01 14:22 - 00000000 ____D C:\Program Files\CalendarTool
2016-04-01 14:21 - 2016-04-01 14:21 - 00000000 ____D C:\Users\Todos os Usuários\sulpnar
2016-04-01 14:21 - 2016-04-01 14:21 - 00000000 ____D C:\ProgramData\sulpnar
2016-04-01 14:13 - 2016-04-01 14:13 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-1c35-1
2016-04-01 14:13 - 2016-04-01 14:13 - 00000000 ____D C:\ProgramData\423e3ee8-1c35-1
2016-04-01 14:09 - 2016-04-01 14:15 - 00160200 _____ C:\Windows\ntbtlog.txt
2016-04-01 12:29 - 2016-04-01 12:33 - 00000016 _____ C:\InjectIntoProcess crash
2016-04-01 12:05 - 2016-04-01 12:05 - 00000000 ____D C:\Program Files\Microsoft Ucuqqs
2016-04-01 11:57 - 2016-04-01 11:58 - 00129024 _____ C:\Windows\system32\DhlServer.exe
2016-04-01 11:38 - 2016-04-01 11:38 - 00000000 ____D C:\Program Files\Microsoft Hsampe
2016-04-01 10:31 - 2016-04-01 10:31 - 00000000 ____D C:\Users\Todos os Usuários\Airtostrongs
2016-04-01 10:31 - 2016-04-01 10:31 - 00000000 ____D C:\ProgramData\Airtostrongs
2016-04-01 10:30 - 2016-04-01 14:20 - 00000000 ____D C:\Users\Todos os Usuários\Airtostrong
2016-04-01 10:30 - 2016-04-01 14:20 - 00000000 ____D C:\ProgramData\Airtostrong
2016-04-01 10:14 - 2016-04-01 10:14 - 00012288 _____ C:\Windows\system32\hra8.dll
2016-04-01 09:35 - 2016-04-01 09:35 - 02777282 _____ () C:\Program Files\Common Files\nlq21fdq.exe
2016-04-01 09:22 - 2016-04-01 09:22 - 00000000 ____D C:\Program Files\Common Files\425pzp0l
2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Xosypujn
2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DensOfe
2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\Tempfolder
2016-04-01 08:17 - 2016-03-29 17:05 - 00434238 ____H (mycomputer) C:\Windows\Terms.exe
2016-04-01 08:16 - 2016-04-01 08:16 - 00001896 ____R C:\Users\Usuario\Desktop\Yeabeats Browser.lnk
2016-03-31 16:30 - 2016-03-31 17:04 - 00000000 ____D C:\Program Files\SunnyDayApps
2016-03-31 16:30 - 2016-03-31 17:04 - 00000000 ____D C:\Program Files\rec_en_238
2016-03-31 16:30 - 2016-03-31 16:30 - 00000000 ____D C:\Users\Usuario\AppData\Local\rec_en_238
2016-03-31 16:23 - 2016-04-01 08:17 - 00000000 ____D C:\Program Files\BitTorrent
2016-03-31 16:23 - 2016-03-31 17:09 - 00000000 ____D C:\Program Files\Common Files\Saostock
2016-03-31 16:22 - 2016-04-01 10:31 - 00002393 _____ C:\Windows\system32\findit.xml
2016-03-31 16:22 - 2016-03-31 16:22 - 00189639 _____ () C:\Users\Usuario\AppData\Roaming\Voltcore.bin
2016-03-31 16:22 - 2016-03-31 16:22 - 00041472 _____ C:\Users\Usuario\AppData\Local\Hotdox.dat
2016-03-31 16:22 - 2016-03-31 16:22 - 00028160 _____ C:\Users\Usuario\AppData\Local\Hotdox.exe
2016-03-31 16:22 - 2016-03-31 16:22 - 00000187 _____ C:\Users\Usuario\AppData\Local\Hotdox.exe.config
2016-03-31 16:22 - 2016-03-31 16:22 - 00000000 ____D C:\Users\Todos os Usuários\Ronzaps
2016-03-31 16:22 - 2016-03-31 16:22 - 00000000 ____D C:\ProgramData\Ronzaps
2016-03-31 16:21 - 2016-03-31 16:21 - 06504960 _____ C:\Users\Usuario\AppData\Roaming\agent.dat
2016-03-31 16:21 - 2016-03-31 16:21 - 01626416 _____ C:\Users\Usuario\AppData\Roaming\Goldening.tst
2016-03-31 16:21 - 2016-03-31 16:21 - 00126464 _____ C:\Users\Usuario\AppData\Roaming\noah.dat
2016-03-31 16:21 - 2016-03-31 16:21 - 00065424 _____ C:\Users\Usuario\AppData\Roaming\Config.xml
2016-03-31 16:21 - 2016-03-31 16:21 - 00018432 _____ C:\Users\Usuario\AppData\Roaming\Main.dat
2016-03-31 16:21 - 2016-03-31 16:19 - 01162752 _____ C:\Users\Usuario\AppData\Roaming\Goldening.exe
2016-03-31 16:20 - 2016-03-31 16:21 - 00005568 _____ C:\Users\Usuario\AppData\Roaming\md.xml
2016-03-31 16:20 - 2016-03-31 16:20 - 00848437 _____ C:\Users\Usuario\AppData\Roaming\Indigostring.bin
2016-03-31 16:20 - 2016-03-31 16:20 - 00126464 _____ C:\Users\Usuario\AppData\Roaming\lobby.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 00072699 _____ C:\Users\Usuario\AppData\Roaming\S--Dox.tst
2016-03-31 16:20 - 2016-03-31 16:20 - 00054272 _____ C:\Users\Usuario\AppData\Roaming\ApplicationHosting.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-03-31 16:20 - 2016-03-31 16:20 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-03-31 16:20 - 2016-03-31 16:19 - 01162752 _____ C:\Users\Usuario\AppData\Roaming\S--Dox.exe
2016-03-31 16:19 - 2016-03-31 16:19 - 00264104 _____ C:\Users\Usuario\AppData\Roaming\inst.lat
2016-03-31 16:19 - 2016-03-31 16:19 - 00127488 _____ C:\Users\Usuario\AppData\Roaming\Installer.dat
2016-03-31 16:19 - 2016-03-31 16:19 - 00016992 _____ C:\Users\Usuario\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 16:18 - 2016-03-31 16:19 - 00000000 ____D C:\Users\Usuario\AppData\Local\app
2016-03-31 16:02 - 2016-04-01 08:16 - 00001071 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk
2016-03-31 16:02 - 2016-03-31 16:03 - 00000000 ____D C:\Users\Todos os Usuários\1WdM1
2016-03-31 16:02 - 2016-03-31 16:03 - 00000000 ____D C:\ProgramData\1WdM1
2016-03-31 16:02 - 2016-03-31 16:02 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 16:02 - 2016-03-31 16:02 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 16:02 - 2016-03-31 16:02 - 00000000 ____D C:\Program Files\SFK
2016-03-31 16:01 - 2016-03-31 17:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\mbot_en_037050284
2016-03-31 16:01 - 2016-03-31 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2016-03-31 16:01 - 2016-03-31 16:01 - 00000000 ____D C:\Program Files\mbot_en_037050284
2016-03-31 16:00 - 2016-03-31 16:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\yoursearching
2016-03-31 16:00 - 2016-03-31 16:00 - 00000641 _____ C:\yoursearching.xml
2016-03-31 15:28 - 2016-03-31 15:28 - 00000565 _____ C:\Users\Usuario\Desktop\Nex-Admin.lnk
2016-03-31 15:28 - 2016-03-31 15:28 - 00000558 _____ C:\Users\Usuario\Desktop\Nex-Servidor.lnk
2016-03-31 15:28 - 2016-03-31 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nex
2016-03-31 15:20 - 2016-03-31 15:21 - 00000886 _____ C:\Windows\system32\${LOGFILE}
2016-03-31 15:10 - 2016-03-31 15:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PriceFountain
2016-03-31 15:06 - 2016-03-31 15:36 - 00000000 ____D C:\Users\Usuario\AppData\Local\1D606720-1459436801-11DD-8906-40167EBBC09E
2016-03-31 15:05 - 2016-03-31 15:03 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-31 15:04 - 2016-04-01 12:21 - 00000000 ____D C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E
2016-03-31 14:55 - 2016-03-31 14:55 - 00000000 ____D C:\Program Files\badu
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Users\Todos os Usuários\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:37 - 00878606 _____ C:\Users\Todos os Usuários\YSIns.exe
2016-03-31 14:52 - 2016-03-31 14:37 - 00878606 _____ C:\ProgramData\YSIns.exe
2016-03-31 14:51 - 2016-03-31 16:46 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-31 14:51 - 2016-03-31 15:07 - 00000000 ____D C:\Program Files\Hiearki
2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\Company
2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\uninst
2016-03-31 14:51 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-03-31 14:51 - 2015-11-25 14:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-3015-0
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-2347-1
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\423e3ee8-3015-0
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\423e3ee8-2347-1
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Program Files\osTip
2016-03-31 14:50 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-03-31 14:50 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-03-31 14:49 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Usuario\AppData\Roaming\HomePage.exe
2016-03-31 14:48 - 2016-03-31 14:48 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-03-31 14:48 - 2016-03-31 14:48 - 00000000 ____D C:\ProgramData\Windows Update
2016-03-31 14:47 - 2016-04-01 14:13 - 00000000 ____D C:\Program Files\Hostify
2016-03-31 14:47 - 2016-04-01 12:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\CalendarTool
2016-03-31 14:47 - 2016-04-01 08:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\LightGate
2016-03-31 14:47 - 2016-03-31 17:19 - 00000000 ____D C:\Program Files\NewExt
2016-03-31 14:47 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Usuario\AppData\Roaming\delCalendarReg.exe
2016-03-31 14:47 - 2015-12-10 14:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:47 - 2015-12-10 14:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:47 - 2015-12-04 12:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-03-31 14:47 - 2015-12-04 12:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-03-31 14:45 - 2016-04-01 08:20 - 02767872 _____ (TODO: ) C:\Users\Usuario\AppData\Roaming\svrupg.exe
2016-03-31 14:45 - 2016-03-31 14:45 - 00000000 ____D C:\Users\Usuario\AppData\Local\tuto_monetize_120160330
2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\Users\Usuario\AppData\Roaming\msiql.exe
2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\Users\Todos os Usuários\msiql.exe
2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\ProgramData\msiql.exe
2016-03-31 14:45 - 2015-12-10 14:43 - 00600312 _____ C:\Users\Usuario\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:44 - 2016-03-31 14:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\tuto_monetize_220160330
2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Usuario\AppData\Roaming\service.exe
2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe
2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe
2016-03-31 14:43 - 2016-03-31 15:00 - 00000000 ____D C:\Program Files\SearchesToYesbnd
2016-03-31 14:43 - 2016-03-31 14:43 - 00000000 ____D C:\Users\Usuario\AppData\Local\csdi_monetize_220160330
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Users\Usuario\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\WinTaske
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\Winsere
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-03-31 14:41 - 2016-04-01 14:11 - 00000000 ____D C:\Program Files\sunnyday
2016-03-31 14:41 - 2016-03-31 14:41 - 00000000 ____D C:\Users\Usuario\AppData\Local\csdi_monetize_120160330
2016-03-31 14:39 - 2016-03-31 14:39 - 00000000 ____D C:\Program Files\SkypeUpdateEx
2016-03-31 14:38 - 2016-03-31 16:07 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-31 14:38 - 2016-03-31 16:07 - 00000000 ____D C:\ProgramData\System32
2016-03-31 14:36 - 2016-03-31 15:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\WTools
2016-03-31 14:36 - 2016-03-31 15:07 - 00000000 ____D C:\Program Files\Sound+
2016-03-31 14:35 - 2016-03-31 15:32 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Store
2016-03-31 14:34 - 2016-03-31 15:21 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Nosibay
2016-03-31 14:32 - 2016-03-31 14:32 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\XBox
2016-03-31 14:10 - 2016-03-31 14:11 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk
2016-03-31 14:10 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Autodesk
2016-03-31 14:10 - 2016-03-31 14:10 - 00001951 _____ C:\Users\Public\Desktop\Autodesk 3ds Max 9 32-bit.lnk
2016-03-31 14:07 - 2016-03-31 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-03-31 14:07 - 2016-03-31 14:11 - 00000000 ____D C:\Users\Usuario\AppData\Local\Autodesk
2016-03-31 14:05 - 2016-03-31 14:06 - 00000000 ____D C:\Users\Usuario\Desktop\3D Studio Max 9 + Tutorials and Keygen
2016-03-31 08:20 - 2016-04-01 14:19 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent
2016-03-30 15:31 - 2016-03-30 16:59 - 00000000 ____D C:\Users\Usuario\Desktop\embalagem gina
2016-03-30 15:25 - 2016-03-30 15:25 - 00000000 ____D C:\Users\Usuario\AppData\Local\CEF
2016-03-29 14:53 - 2016-03-29 14:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-29 14:53 - 2016-03-29 14:53 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-29 14:22 - 2016-03-31 14:58 - 00000000 ____D C:\Program Files\Autodesk
2016-03-29 14:22 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-03-29 14:22 - 2016-03-29 14:22 - 00000000 ____D C:\Users\Usuario\Desktop\Autodesk.3ds.MAX.8.incl.KEYGEN.and.All.Tutorials.+.Materials
2016-03-19 15:45 - 2016-03-30 16:52 - 00000132 _____ C:\Users\Usuario\AppData\Roaming\Preferências do Formato PNG CC da Adobe
2016-03-19 14:27 - 2016-03-19 14:27 - 00000000 ____D C:\Users\Todos os Usuários\UniqueId
2016-03-19 14:27 - 2016-03-19 14:27 - 00000000 ____D C:\ProgramData\UniqueId
2016-03-19 14:12 - 2016-03-31 16:22 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2016-03-14 16:58 - 2016-03-14 16:58 - 00000000 ____D C:\Users\Usuario\Desktop\rayane
2016-03-04 14:22 - 2016-04-01 14:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Opera Software
2016-03-04 14:22 - 2016-04-01 14:15 - 00000000 ____D C:\Users\Usuario\AppData\Local\Opera Software
2016-03-04 14:14 - 2016-04-01 14:15 - 00000000 ____D C:\Program Files\Opera
2016-03-02 15:21 - 2016-03-02 16:04 - 00000468 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-03-02 15:21 - 2016-03-02 16:04 - 00000468 __RSH C:\ProgramData\ntuser.pol
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-01 14:58 - 2016-01-15 15:57 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2016-04-01 14:31 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-01 14:31 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-01 14:24 - 2014-05-13 15:02 - 01751382 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 14:24 - 2009-07-14 05:31 - 00751794 _____ C:\Windows\system32\prfh0416.dat
2016-04-01 14:24 - 2009-07-14 05:31 - 00161222 _____ C:\Windows\system32\prfc0416.dat
2016-04-01 14:24 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-04-01 14:21 - 2014-05-14 15:47 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 14:21 - 2014-05-14 15:47 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-01 14:20 - 2016-01-07 15:03 - 00000000 ____D C:\Nex
2016-04-01 14:17 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 13:14 - 2014-05-14 17:34 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-01 10:31 - 2014-05-13 14:58 - 00001405 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-01 08:26 - 2014-05-14 15:46 - 00000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2016-04-01 08:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-01 08:17 - 2016-01-15 15:59 - 00000000 ___SD C:\Users\Usuario\AppData\LocalLow\Temp
2016-04-01 08:16 - 2014-05-24 09:05 - 00002066 ____R C:\Users\Usuario\Desktop\Google Chrome.lnk
2016-04-01 08:16 - 2014-05-24 09:05 - 00001871 ____R C:\Users\Usuario\Desktop\Mozilla Firefox.lnk
2016-04-01 08:16 - 2014-05-14 15:57 - 00001883 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-01 08:16 - 2014-05-14 15:47 - 00002078 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 14:10 - 2009-07-13 23:04 - 00017582 _____ C:\Windows\system32\Drivers\etc\services
2016-03-30 16:43 - 2016-01-12 14:23 - 00149005 _____ C:\Windows\FontData.fdb
2016-03-30 14:24 - 2009-07-14 01:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-29 14:53 - 2014-05-14 15:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-29 14:53 - 2014-05-14 15:46 - 00000000 ____D C:\Program Files\Adobe
2016-03-29 14:52 - 2014-05-14 15:45 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-03-29 14:52 - 2014-05-14 15:45 - 00000000 ____D C:\ProgramData\Adobe
2016-03-29 14:46 - 2014-05-14 17:41 - 00001912 _____ C:\Windows\epplauncher.mif
2016-03-26 10:14 - 2014-05-14 17:34 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-26 10:14 - 2014-05-14 17:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-17 16:12 - 2016-01-12 14:40 - 00000000 ____D C:\Users\Usuario\Desktop\HM
2016-03-14 16:59 - 2016-01-08 15:24 - 00000000 ____D C:\Users\Usuario\Desktop\musicas vitor
2016-03-14 16:58 - 2014-05-13 14:57 - 00000000 ____D C:\Users\Usuario
2016-03-02 15:21 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
==================== Arquivos na raiz de alguns diretórios =======
2016-04-01 09:35 - 2016-04-01 09:35 - 2777282 _____ () C:\Program Files\Common Files\nlq21fdq.exe
2016-03-31 16:21 - 2016-03-31 16:21 - 6504960 _____ () C:\Users\Usuario\AppData\Roaming\agent.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 0054272 _____ () C:\Users\Usuario\AppData\Roaming\ApplicationHosting.dat
2016-03-31 14:32 - 2016-03-31 14:36 - 0001279 _____ () C:\Users\Usuario\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-31 14:34 - 2016-03-31 14:34 - 0005726 _____ () C:\Users\Usuario\AppData\Roaming\Bubble Dock.installation.log
2016-03-31 16:21 - 2016-03-31 16:21 - 0065424 _____ () C:\Users\Usuario\AppData\Roaming\Config.xml
2016-03-31 14:47 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\Usuario\AppData\Roaming\delCalendarReg.exe
2016-03-31 16:21 - 2016-03-31 16:19 - 1162752 _____ () C:\Users\Usuario\AppData\Roaming\Goldening.exe
2016-03-31 16:21 - 2016-03-31 16:21 - 1626416 _____ () C:\Users\Usuario\AppData\Roaming\Goldening.tst
2016-03-31 14:49 - 2015-11-25 14:31 - 1100288 _____ () C:\Users\Usuario\AppData\Roaming\HomePage.exe
2016-03-31 16:20 - 2016-03-31 16:20 - 0848437 _____ () C:\Users\Usuario\AppData\Roaming\Indigostring.bin
2016-03-31 16:19 - 2016-03-31 16:19 - 0264104 _____ () C:\Users\Usuario\AppData\Roaming\inst.lat
2016-03-31 16:19 - 2016-03-31 16:19 - 0016992 _____ () C:\Users\Usuario\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 16:19 - 2016-03-31 16:19 - 0127488 _____ () C:\Users\Usuario\AppData\Roaming\Installer.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 0126464 _____ () C:\Users\Usuario\AppData\Roaming\lobby.dat
2016-03-31 16:21 - 2016-03-31 16:21 - 0018432 _____ () C:\Users\Usuario\AppData\Roaming\Main.dat
2016-03-31 16:20 - 2016-03-31 16:21 - 0005568 _____ () C:\Users\Usuario\AppData\Roaming\md.xml
2016-03-31 14:45 - 2016-03-31 11:51 - 1916928 _____ () C:\Users\Usuario\AppData\Roaming\msiql.exe
2016-03-31 16:21 - 2016-03-31 16:21 - 0126464 _____ () C:\Users\Usuario\AppData\Roaming\noah.dat
2016-03-19 15:45 - 2016-03-30 16:52 - 0000132 _____ () C:\Users\Usuario\AppData\Roaming\Preferências do Formato PNG CC da Adobe
2016-03-31 16:20 - 2016-03-31 16:19 - 1162752 _____ () C:\Users\Usuario\AppData\Roaming\S--Dox.exe
2016-03-31 16:20 - 2016-03-31 16:20 - 0072699 _____ () C:\Users\Usuario\AppData\Roaming\S--Dox.tst
2016-03-31 14:36 - 2016-03-31 14:36 - 0000078 _____ () C:\Users\Usuario\AppData\Roaming\Selection Tools.installation.log
2016-03-31 14:44 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Usuario\AppData\Roaming\service.exe
2016-03-31 14:45 - 2016-04-01 08:20 - 2767872 _____ (TODO: ) C:\Users\Usuario\AppData\Roaming\svrupg.exe
2014-10-31 19:06 - 2014-10-31 19:06 - 0016808 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat
2014-10-31 19:06 - 2014-10-31 19:05 - 0815314 _____ () C:\Users\Usuario\AppData\Roaming\unins000.exe
2016-03-31 16:23 - 2016-03-31 16:23 - 0001150 _____ () C:\Users\Usuario\AppData\Roaming\uninstall_temp.ico
2016-03-31 16:22 - 2016-03-31 16:22 - 0189639 _____ () C:\Users\Usuario\AppData\Roaming\Voltcore.bin
2016-03-31 14:32 - 2016-03-31 14:32 - 0000097 _____ () C:\Users\Usuario\AppData\Roaming\WindApp.boostrap.log
2016-03-31 14:35 - 2016-03-31 14:35 - 0000078 _____ () C:\Users\Usuario\AppData\Roaming\WindApp.installation.log
2016-03-31 14:45 - 2015-12-10 14:43 - 0600312 _____ () C:\Users\Usuario\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 16:22 - 2016-03-31 16:22 - 0041472 _____ () C:\Users\Usuario\AppData\Local\Hotdox.dat
2016-03-31 16:22 - 2016-03-31 16:22 - 0028160 _____ () C:\Users\Usuario\AppData\Local\Hotdox.exe
2016-03-31 16:22 - 2016-03-31 16:22 - 0000187 _____ () C:\Users\Usuario\AppData\Local\Hotdox.exe.config
2014-10-15 20:11 - 2014-10-15 20:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-03-31 14:50 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2016-03-31 14:51 - 2015-11-25 14:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-03-31 14:47 - 2015-12-04 12:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-03-31 14:45 - 2016-03-31 11:51 - 1916928 _____ () C:\ProgramData\msiql.exe
2016-01-07 15:04 - 2016-01-07 15:04 - 0000047 _____ () C:\ProgramData\nex.ini
2016-03-31 14:44 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe
2016-03-31 14:47 - 2015-12-10 14:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:52 - 2016-03-31 14:37 - 0878606 _____ () C:\ProgramData\YSIns.exe
2016-03-31 16:02 - 2016-03-31 16:02 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\ProgramData\YSIns.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\YSIns.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\1CD3.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\1PEQQO01FL.exe
C:\Users\Usuario\AppData\Local\Temp\1UY9AHN6Z2.exe
C:\Users\Usuario\AppData\Local\Temp\29O70OV3CI.exe
C:\Users\Usuario\AppData\Local\Temp\2A205T4QAS.exe
C:\Users\Usuario\AppData\Local\Temp\2HYP0B3AI3.exe
C:\Users\Usuario\AppData\Local\Temp\2NKDLD50MP.exe
C:\Users\Usuario\AppData\Local\Temp\3d Max 9 64 Bit Downloader__3687_i1906767572_il1014030.exe
C:\Users\Usuario\AppData\Local\Temp\5TXFQ7C5G4.exe
C:\Users\Usuario\AppData\Local\Temp\6DX390B32V.exe
C:\Users\Usuario\AppData\Local\Temp\7RP6QM41E9.exe
C:\Users\Usuario\AppData\Local\Temp\A90C.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\BackupSetup.exe
C:\Users\Usuario\AppData\Local\Temp\C3BD.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\F67E.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\KEX1RF7QGT.exe
C:\Users\Usuario\AppData\Local\Temp\KQ4Y32HVZ8.exe
C:\Users\Usuario\AppData\Local\Temp\LQBIK9RPO3.exe
C:\Users\Usuario\AppData\Local\Temp\NAEKOAE982.exe
C:\Users\Usuario\AppData\Local\Temp\nsgA297.exe
C:\Users\Usuario\AppData\Local\Temp\P9MYD7EKLY.exe
C:\Users\Usuario\AppData\Local\Temp\PRYPPKS1Q9.exe
C:\Users\Usuario\AppData\Local\Temp\Q9HD08YI4Q.exe
C:\Users\Usuario\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_78289_Silence.exe
C:\Users\Usuario\AppData\Local\Temp\QT7WA1Y2NK.exe
C:\Users\Usuario\AppData\Local\Temp\set.exe
C:\Users\Usuario\AppData\Local\Temp\setup_nex_.exe
C:\Users\Usuario\AppData\Local\Temp\SHHSN7349X.exe
C:\Users\Usuario\AppData\Local\Temp\soundplus-installer.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-03-29 09:53
==================== Fim de FRST.txt ============================
Executado por Usuario (administrador) em CPU (01-04-2016 14:57:38)
Executando a partir de C:\Users\Usuario\Desktop
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario & DefaultAppPool)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\ProgramData\Airtostrong\Airtostrong.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
() C:\Users\Usuario\AppData\Roaming\DensOfe\Momroak.exe
() C:\Program Files\BitTorrent\BitTorrent.exe
() C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\knsqB2F8.tmp
() C:\Users\Usuario\AppData\Roaming\Xosypujn\Xosypujn.exe
() C:\Users\Usuario\AppData\Roaming\Xosypujn\Kiowtocj.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Sound+\idsccom_3B0.exe
() C:\Program Files\badu\uc.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Program Files\Hostify\idsccom_7WK.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
(BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Nex\NexServ.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe
(mycomputer) C:\Windows\Terms.exe
() C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\jnsrC477.tmp
() C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
(BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\pg_ctl.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\hnsr34E7.tmp
(Serasa Experian) C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe
(skype.cog.cc) C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe
() C:\Program Files\SFK\SSFK.exe
() C:\Program Files\SFK\SSFK.exe
() C:\Users\Usuario\AppData\Local\Hotdox.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TFuns LIMITED) C:\ProgramData\1WdM1\WdMan.exe
() C:\Program Files\Microsoft Ucuqqs\Xftnwmx.exe
(mycomputer) C:\Program Files\Microsoft Hsampe\Xiqnppr.exe
() C:\Users\Usuario\AppData\Roaming\msiql.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe
() C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Nex\NexAdmin.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Program Files\Sound+\idsccom_3B0.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
() C:\Program Files\Hostify\idsccom_7WK.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sound+\idsccom_3B0.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\Usuario\AppData\Local\Temp\nsr4DB3.tmp
() C:\Windows\Temp\5BB7.tmp
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
() C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E\qnshA16F.tmp
() C:\Windows\Temp\5BCB.tmp
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: E - E:\SISetup.exe
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: {74c4a4f1-5c66-11e5-8f96-40167ebbc09e} - E:\SISetup.exe
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: {bb542486-5140-11e4-9aa8-806e6f6e6963} - W:\Setup.exe
AppInit_DLLs: C:\ProgramData\Airtostrong\Opestring.dll => C:\ProgramData\Airtostrong\Opestring.dll [257536 2016-04-01] ()
ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nex-Serv.lnk [2016-03-31]
ShortcutTarget: Nex-Serv.lnk -> C:\Nex\NexServ.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Select a coupon.lnk [2015-09-16]
ShortcutTarget: Select a coupon.lnk -> C:\Program Files\EPSON\TMCommandEmulator\PopupWindow.exe (Seiko Epson Corporation)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-03-31] ()
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E89417A4-827D-471F-ACE5-2E475B051077}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{E89417A4-827D-471F-ACE5-2E475B051077}: [DhcpNameServer] 192.168.0.201
Tcpip\..\Interfaces\{FEADCE91-D9C7-4964-B0EA-4C6ED43AF53B}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{FEADCE91-D9C7-4964-B0EA-4C6ED43AF53B}: [DhcpNameServer] 192.168.1.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBe-mc7MEemWbgzImDkIn5e4tivxX3Y7bH6bSPY0w7PweuxqwmKYG6I1cfQjajcyASjDlGfAG4P3YrBUCNh5BGxKXMGAvsI,
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> DefaultScope {38DDAB9B-6BFA-4568-88A6-86147209AFB9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {196F7251-90F6-4797-A3A4-B97B4F1AB45B} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {38DDAB9B-6BFA-4568-88A6-86147209AFB9} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {73C82343-A6CD-4D84-B16A-2792581DD4BF} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV
FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: C:\ProgramData\Airtostrongs\ff.NT
FF DefaultSearchEngine: yessearches
FF SelectedSearchEngine: hohosearch
FF Homepage: C:\ProgramData\Airtostrongs\ff.HP
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=4A9F023F3360E18BDA58C065519EAC39&ptid=sqr1&ts=AHEpCHEoBX4qB0..&v=20160329&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-26] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3040219184-3333377178-3428145551-1000: gastecnologia.com.br/sf/bb -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-08-15] (GAS Tecnologia)
FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\user.js [2016-04-01]
FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-04-01]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\searchplugins\DD1B66D4.xml [2016-03-31]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\searchplugins\yahoo_ff.xml [2016-01-15]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-31]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\findit.xml [2016-04-01]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo_ff.xml [2016-01-15]
FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yessearches.xml [2016-03-31]
FF Extension: FirefixTab - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com [2016-03-31] [não assinado]
FF Extension: Adblock Plus - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: GsearchFinder - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29]
FF Extension: Adblock Plus - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvGoPydbHPSYngPp2DO0WbQcD8_gFuRaD6yA2Hvu4d0j_rpn-o4s3B62aJRWiHx8pmeahMXyAe4zXLkd-USOmRgWZpI1qk,
CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV"
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvKqmfBM9uKAcolvOFP22RbkahJJKYCBTXkP2YS8ZfzeIzA3QCoj-Vp-DISEn9ti_vm4AmG9oNrAfYq8p8CuNrTT50G3d0,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-04]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-01]
CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Wiki Search.me) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip [2016-04-01]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Yahoo Web) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-04]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [528896 2016-03-29] () [Arquivo não assinado]
R2 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2016-03-31] (Autodesk) [Arquivo não assinado]
R2 Befbie; C:\Users\Usuario\AppData\Roaming\DensOfe\Momroak.exe [125792 2016-03-31] () [Arquivo não assinado]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-03-31] () [Arquivo não assinado] <==== ATENÇÃO
R2 cehysojizbt; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\knsqB2F8.tmp [263680 2016-04-01] () [Arquivo não assinado]
R2 Cidsooj; C:\Users\Usuario\AppData\Roaming\Xosypujn\Xosypujn.exe [174432 2016-03-31] () [Arquivo não assinado]
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1162752 2016-03-31] () [Arquivo não assinado]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-01-29] (Intel Corporation)
R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [334848 2014-08-22] (SEIKO EPSON CORPORATION) [Arquivo não assinado]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [409600 2014-08-22] (SEIKO EPSON CORPORATION) [Arquivo não assinado]
R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia)
R2 gerocyni; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\jnsrC477.tmp [302080 2016-03-31] () [Arquivo não assinado]
S2 ggbugreport; C:\Program Files\SearchesToYesbnd\bugreport.exe [1609280 2016-03-29] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\Users\Usuario\AppData\Roaming\svrupg.exe [2767872 2016-04-01] (TODO: ) [Arquivo não assinado]
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 mi-raysat_3dsmax9_32; C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [Arquivo não assinado]
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 postgresql-9.2; D:\Zeus\PostgreSQL\9.2.9\bin\pg_ctl.exe [75776 2014-07-22] (PostgreSQL Global Development Group) [Arquivo não assinado]
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 rijufoze; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\hnsr34E7.tmp [138240 2016-03-31] () [Arquivo não assinado]
R2 SerasaUpdate; C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe [29696 2014-04-11] (Serasa Experian) [Arquivo não assinado]
R2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [167352 2016-03-21] (skype.cog.cc)
R2 SSFK; C:\Program Files\SFK\SSFK.exe [173760 2016-03-31] ()
S2 sulpnar; C:\ProgramData\\sulpnar\\sulpnar.exe [528384 2016-04-01] () [Arquivo não assinado]
S2 SuperProServer; C:\Windows\Terms.exe [434238 2016-03-29] (mycomputer) [Arquivo não assinado]
R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
R2 updaiqarodwntrauwxat; C:\Users\Usuario\AppData\Local\Hotdox.exe [28160 2016-03-31] () [Arquivo não assinado]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WdMan; C:\ProgramData\1WdM1\WdMan.exe [304808 2016-03-31] (TFuns LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 Winsere; C:\Program Files\Winsere\Winsere\Winsere.exe [316472 2016-03-29] ()
S2 Wskhjj lfwufffg; C:\Program Files\Microsoft Hsampe\Xiqnppr.exe [331776 2016-04-01] (mycomputer) [Arquivo não assinado]
U2 Wsmdsn srjlyihz; C:\Program Files\Microsoft Ucuqqs\Xftnwmx.exe [471102 2016-04-01] () [Arquivo não assinado]
S2 XBox; C:\Users\Usuario\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
R2 zigipyro; C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E\qnshA16F.tmp [158720 2015-12-26] () [Arquivo não assinado]
S2 Fghij Lmnopqr64 Tuab; C:\Windows\system32\buybfd.exe [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-03-31] (Cherimoya Ltd)
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [19592 2012-06-22] (SEIKO EPSON CORPORATION)
R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-11-25] (GAS Tecnologia)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-10-31] (GAS Tecnologia)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1823344 2011-11-11] (VIA Technologies, Inc.)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-17] (CyberLink Corp.)
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2012-03-01] (Seiko Epson Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-01 14:57 - 2016-04-01 14:58 - 00025855 _____ C:\Users\Usuario\Desktop\FRST.txt
2016-04-01 14:57 - 2016-04-01 14:57 - 00000000 ____D C:\FRST
2016-04-01 14:55 - 2016-04-01 14:55 - 01725440 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe
2016-04-01 14:49 - 2016-04-01 14:49 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UPUpdata
2016-04-01 14:49 - 2016-04-01 14:49 - 00000000 ____D C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E
2016-04-01 14:22 - 2016-04-01 14:22 - 00000000 ____D C:\Program Files\CalendarTool
2016-04-01 14:21 - 2016-04-01 14:21 - 00000000 ____D C:\Users\Todos os Usuários\sulpnar
2016-04-01 14:21 - 2016-04-01 14:21 - 00000000 ____D C:\ProgramData\sulpnar
2016-04-01 14:13 - 2016-04-01 14:13 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-1c35-1
2016-04-01 14:13 - 2016-04-01 14:13 - 00000000 ____D C:\ProgramData\423e3ee8-1c35-1
2016-04-01 14:09 - 2016-04-01 14:15 - 00160200 _____ C:\Windows\ntbtlog.txt
2016-04-01 12:29 - 2016-04-01 12:33 - 00000016 _____ C:\InjectIntoProcess crash
2016-04-01 12:05 - 2016-04-01 12:05 - 00000000 ____D C:\Program Files\Microsoft Ucuqqs
2016-04-01 11:57 - 2016-04-01 11:58 - 00129024 _____ C:\Windows\system32\DhlServer.exe
2016-04-01 11:38 - 2016-04-01 11:38 - 00000000 ____D C:\Program Files\Microsoft Hsampe
2016-04-01 10:31 - 2016-04-01 10:31 - 00000000 ____D C:\Users\Todos os Usuários\Airtostrongs
2016-04-01 10:31 - 2016-04-01 10:31 - 00000000 ____D C:\ProgramData\Airtostrongs
2016-04-01 10:30 - 2016-04-01 14:20 - 00000000 ____D C:\Users\Todos os Usuários\Airtostrong
2016-04-01 10:30 - 2016-04-01 14:20 - 00000000 ____D C:\ProgramData\Airtostrong
2016-04-01 10:14 - 2016-04-01 10:14 - 00012288 _____ C:\Windows\system32\hra8.dll
2016-04-01 09:35 - 2016-04-01 09:35 - 02777282 _____ () C:\Program Files\Common Files\nlq21fdq.exe
2016-04-01 09:22 - 2016-04-01 09:22 - 00000000 ____D C:\Program Files\Common Files\425pzp0l
2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Xosypujn
2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DensOfe
2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\Tempfolder
2016-04-01 08:17 - 2016-03-29 17:05 - 00434238 ____H (mycomputer) C:\Windows\Terms.exe
2016-04-01 08:16 - 2016-04-01 08:16 - 00001896 ____R C:\Users\Usuario\Desktop\Yeabeats Browser.lnk
2016-03-31 16:30 - 2016-03-31 17:04 - 00000000 ____D C:\Program Files\SunnyDayApps
2016-03-31 16:30 - 2016-03-31 17:04 - 00000000 ____D C:\Program Files\rec_en_238
2016-03-31 16:30 - 2016-03-31 16:30 - 00000000 ____D C:\Users\Usuario\AppData\Local\rec_en_238
2016-03-31 16:23 - 2016-04-01 08:17 - 00000000 ____D C:\Program Files\BitTorrent
2016-03-31 16:23 - 2016-03-31 17:09 - 00000000 ____D C:\Program Files\Common Files\Saostock
2016-03-31 16:22 - 2016-04-01 10:31 - 00002393 _____ C:\Windows\system32\findit.xml
2016-03-31 16:22 - 2016-03-31 16:22 - 00189639 _____ () C:\Users\Usuario\AppData\Roaming\Voltcore.bin
2016-03-31 16:22 - 2016-03-31 16:22 - 00041472 _____ C:\Users\Usuario\AppData\Local\Hotdox.dat
2016-03-31 16:22 - 2016-03-31 16:22 - 00028160 _____ C:\Users\Usuario\AppData\Local\Hotdox.exe
2016-03-31 16:22 - 2016-03-31 16:22 - 00000187 _____ C:\Users\Usuario\AppData\Local\Hotdox.exe.config
2016-03-31 16:22 - 2016-03-31 16:22 - 00000000 ____D C:\Users\Todos os Usuários\Ronzaps
2016-03-31 16:22 - 2016-03-31 16:22 - 00000000 ____D C:\ProgramData\Ronzaps
2016-03-31 16:21 - 2016-03-31 16:21 - 06504960 _____ C:\Users\Usuario\AppData\Roaming\agent.dat
2016-03-31 16:21 - 2016-03-31 16:21 - 01626416 _____ C:\Users\Usuario\AppData\Roaming\Goldening.tst
2016-03-31 16:21 - 2016-03-31 16:21 - 00126464 _____ C:\Users\Usuario\AppData\Roaming\noah.dat
2016-03-31 16:21 - 2016-03-31 16:21 - 00065424 _____ C:\Users\Usuario\AppData\Roaming\Config.xml
2016-03-31 16:21 - 2016-03-31 16:21 - 00018432 _____ C:\Users\Usuario\AppData\Roaming\Main.dat
2016-03-31 16:21 - 2016-03-31 16:19 - 01162752 _____ C:\Users\Usuario\AppData\Roaming\Goldening.exe
2016-03-31 16:20 - 2016-03-31 16:21 - 00005568 _____ C:\Users\Usuario\AppData\Roaming\md.xml
2016-03-31 16:20 - 2016-03-31 16:20 - 00848437 _____ C:\Users\Usuario\AppData\Roaming\Indigostring.bin
2016-03-31 16:20 - 2016-03-31 16:20 - 00126464 _____ C:\Users\Usuario\AppData\Roaming\lobby.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 00072699 _____ C:\Users\Usuario\AppData\Roaming\S--Dox.tst
2016-03-31 16:20 - 2016-03-31 16:20 - 00054272 _____ C:\Users\Usuario\AppData\Roaming\ApplicationHosting.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-03-31 16:20 - 2016-03-31 16:20 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-03-31 16:20 - 2016-03-31 16:19 - 01162752 _____ C:\Users\Usuario\AppData\Roaming\S--Dox.exe
2016-03-31 16:19 - 2016-03-31 16:19 - 00264104 _____ C:\Users\Usuario\AppData\Roaming\inst.lat
2016-03-31 16:19 - 2016-03-31 16:19 - 00127488 _____ C:\Users\Usuario\AppData\Roaming\Installer.dat
2016-03-31 16:19 - 2016-03-31 16:19 - 00016992 _____ C:\Users\Usuario\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 16:18 - 2016-03-31 16:19 - 00000000 ____D C:\Users\Usuario\AppData\Local\app
2016-03-31 16:02 - 2016-04-01 08:16 - 00001071 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk
2016-03-31 16:02 - 2016-03-31 16:03 - 00000000 ____D C:\Users\Todos os Usuários\1WdM1
2016-03-31 16:02 - 2016-03-31 16:03 - 00000000 ____D C:\ProgramData\1WdM1
2016-03-31 16:02 - 2016-03-31 16:02 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 16:02 - 2016-03-31 16:02 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-31 16:02 - 2016-03-31 16:02 - 00000000 ____D C:\Program Files\SFK
2016-03-31 16:01 - 2016-03-31 17:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\mbot_en_037050284
2016-03-31 16:01 - 2016-03-31 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2016-03-31 16:01 - 2016-03-31 16:01 - 00000000 ____D C:\Program Files\mbot_en_037050284
2016-03-31 16:00 - 2016-03-31 16:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\yoursearching
2016-03-31 16:00 - 2016-03-31 16:00 - 00000641 _____ C:\yoursearching.xml
2016-03-31 15:28 - 2016-03-31 15:28 - 00000565 _____ C:\Users\Usuario\Desktop\Nex-Admin.lnk
2016-03-31 15:28 - 2016-03-31 15:28 - 00000558 _____ C:\Users\Usuario\Desktop\Nex-Servidor.lnk
2016-03-31 15:28 - 2016-03-31 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nex
2016-03-31 15:20 - 2016-03-31 15:21 - 00000886 _____ C:\Windows\system32\${LOGFILE}
2016-03-31 15:10 - 2016-03-31 15:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PriceFountain
2016-03-31 15:06 - 2016-03-31 15:36 - 00000000 ____D C:\Users\Usuario\AppData\Local\1D606720-1459436801-11DD-8906-40167EBBC09E
2016-03-31 15:05 - 2016-03-31 15:03 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-03-31 15:04 - 2016-04-01 12:21 - 00000000 ____D C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E
2016-03-31 14:55 - 2016-03-31 14:55 - 00000000 ____D C:\Program Files\badu
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Users\Todos os Usuários\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\ProgramData\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions
2016-03-31 14:52 - 2016-03-31 14:37 - 00878606 _____ C:\Users\Todos os Usuários\YSIns.exe
2016-03-31 14:52 - 2016-03-31 14:37 - 00878606 _____ C:\ProgramData\YSIns.exe
2016-03-31 14:51 - 2016-03-31 16:46 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-31 14:51 - 2016-03-31 15:07 - 00000000 ____D C:\Program Files\Hiearki
2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\Company
2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\uninst
2016-03-31 14:51 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-03-31 14:51 - 2015-11-25 14:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-3015-0
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-2347-1
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\423e3ee8-3015-0
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\423e3ee8-2347-1
2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Program Files\osTip
2016-03-31 14:50 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-03-31 14:50 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-03-31 14:49 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Usuario\AppData\Roaming\HomePage.exe
2016-03-31 14:48 - 2016-03-31 14:48 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-03-31 14:48 - 2016-03-31 14:48 - 00000000 ____D C:\ProgramData\Windows Update
2016-03-31 14:47 - 2016-04-01 14:13 - 00000000 ____D C:\Program Files\Hostify
2016-03-31 14:47 - 2016-04-01 12:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\CalendarTool
2016-03-31 14:47 - 2016-04-01 08:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\LightGate
2016-03-31 14:47 - 2016-03-31 17:19 - 00000000 ____D C:\Program Files\NewExt
2016-03-31 14:47 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Usuario\AppData\Roaming\delCalendarReg.exe
2016-03-31 14:47 - 2015-12-10 14:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:47 - 2015-12-10 14:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:47 - 2015-12-04 12:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-03-31 14:47 - 2015-12-04 12:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-03-31 14:45 - 2016-04-01 08:20 - 02767872 _____ (TODO: ) C:\Users\Usuario\AppData\Roaming\svrupg.exe
2016-03-31 14:45 - 2016-03-31 14:45 - 00000000 ____D C:\Users\Usuario\AppData\Local\tuto_monetize_120160330
2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\Users\Usuario\AppData\Roaming\msiql.exe
2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\Users\Todos os Usuários\msiql.exe
2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\ProgramData\msiql.exe
2016-03-31 14:45 - 2015-12-10 14:43 - 00600312 _____ C:\Users\Usuario\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:44 - 2016-03-31 14:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\tuto_monetize_220160330
2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Usuario\AppData\Roaming\service.exe
2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe
2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe
2016-03-31 14:43 - 2016-03-31 15:00 - 00000000 ____D C:\Program Files\SearchesToYesbnd
2016-03-31 14:43 - 2016-03-31 14:43 - 00000000 ____D C:\Users\Usuario\AppData\Local\csdi_monetize_220160330
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Users\Usuario\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\WinTaske
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\Winsere
2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-03-31 14:41 - 2016-04-01 14:11 - 00000000 ____D C:\Program Files\sunnyday
2016-03-31 14:41 - 2016-03-31 14:41 - 00000000 ____D C:\Users\Usuario\AppData\Local\csdi_monetize_120160330
2016-03-31 14:39 - 2016-03-31 14:39 - 00000000 ____D C:\Program Files\SkypeUpdateEx
2016-03-31 14:38 - 2016-03-31 16:07 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-03-31 14:38 - 2016-03-31 16:07 - 00000000 ____D C:\ProgramData\System32
2016-03-31 14:36 - 2016-03-31 15:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\WTools
2016-03-31 14:36 - 2016-03-31 15:07 - 00000000 ____D C:\Program Files\Sound+
2016-03-31 14:35 - 2016-03-31 15:32 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Store
2016-03-31 14:34 - 2016-03-31 15:21 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Nosibay
2016-03-31 14:32 - 2016-03-31 14:32 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\XBox
2016-03-31 14:10 - 2016-03-31 14:11 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk
2016-03-31 14:10 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Autodesk
2016-03-31 14:10 - 2016-03-31 14:10 - 00001951 _____ C:\Users\Public\Desktop\Autodesk 3ds Max 9 32-bit.lnk
2016-03-31 14:07 - 2016-03-31 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2016-03-31 14:07 - 2016-03-31 14:11 - 00000000 ____D C:\Users\Usuario\AppData\Local\Autodesk
2016-03-31 14:05 - 2016-03-31 14:06 - 00000000 ____D C:\Users\Usuario\Desktop\3D Studio Max 9 + Tutorials and Keygen
2016-03-31 08:20 - 2016-04-01 14:19 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent
2016-03-30 15:31 - 2016-03-30 16:59 - 00000000 ____D C:\Users\Usuario\Desktop\embalagem gina
2016-03-30 15:25 - 2016-03-30 15:25 - 00000000 ____D C:\Users\Usuario\AppData\Local\CEF
2016-03-29 14:53 - 2016-03-29 14:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-29 14:53 - 2016-03-29 14:53 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-29 14:22 - 2016-03-31 14:58 - 00000000 ____D C:\Program Files\Autodesk
2016-03-29 14:22 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-03-29 14:22 - 2016-03-29 14:22 - 00000000 ____D C:\Users\Usuario\Desktop\Autodesk.3ds.MAX.8.incl.KEYGEN.and.All.Tutorials.+.Materials
2016-03-19 15:45 - 2016-03-30 16:52 - 00000132 _____ C:\Users\Usuario\AppData\Roaming\Preferências do Formato PNG CC da Adobe
2016-03-19 14:27 - 2016-03-19 14:27 - 00000000 ____D C:\Users\Todos os Usuários\UniqueId
2016-03-19 14:27 - 2016-03-19 14:27 - 00000000 ____D C:\ProgramData\UniqueId
2016-03-19 14:12 - 2016-03-31 16:22 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2016-03-14 16:58 - 2016-03-14 16:58 - 00000000 ____D C:\Users\Usuario\Desktop\rayane
2016-03-04 14:22 - 2016-04-01 14:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Opera Software
2016-03-04 14:22 - 2016-04-01 14:15 - 00000000 ____D C:\Users\Usuario\AppData\Local\Opera Software
2016-03-04 14:14 - 2016-04-01 14:15 - 00000000 ____D C:\Program Files\Opera
2016-03-02 15:21 - 2016-03-02 16:04 - 00000468 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-03-02 15:21 - 2016-03-02 16:04 - 00000468 __RSH C:\ProgramData\ntuser.pol
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-01 14:58 - 2016-01-15 15:57 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent
2016-04-01 14:31 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-01 14:31 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-01 14:24 - 2014-05-13 15:02 - 01751382 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-01 14:24 - 2009-07-14 05:31 - 00751794 _____ C:\Windows\system32\prfh0416.dat
2016-04-01 14:24 - 2009-07-14 05:31 - 00161222 _____ C:\Windows\system32\prfc0416.dat
2016-04-01 14:24 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-04-01 14:21 - 2014-05-14 15:47 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-01 14:21 - 2014-05-14 15:47 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-01 14:20 - 2016-01-07 15:03 - 00000000 ____D C:\Nex
2016-04-01 14:17 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-01 13:14 - 2014-05-14 17:34 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-01 10:31 - 2014-05-13 14:58 - 00001405 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-01 08:26 - 2014-05-14 15:46 - 00000000 ____D C:\Users\Usuario\AppData\Local\Adobe
2016-04-01 08:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-01 08:17 - 2016-01-15 15:59 - 00000000 ___SD C:\Users\Usuario\AppData\LocalLow\Temp
2016-04-01 08:16 - 2014-05-24 09:05 - 00002066 ____R C:\Users\Usuario\Desktop\Google Chrome.lnk
2016-04-01 08:16 - 2014-05-24 09:05 - 00001871 ____R C:\Users\Usuario\Desktop\Mozilla Firefox.lnk
2016-04-01 08:16 - 2014-05-14 15:57 - 00001883 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-01 08:16 - 2014-05-14 15:47 - 00002078 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-31 14:10 - 2009-07-13 23:04 - 00017582 _____ C:\Windows\system32\Drivers\etc\services
2016-03-30 16:43 - 2016-01-12 14:23 - 00149005 _____ C:\Windows\FontData.fdb
2016-03-30 14:24 - 2009-07-14 01:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-29 14:53 - 2014-05-14 15:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-29 14:53 - 2014-05-14 15:46 - 00000000 ____D C:\Program Files\Adobe
2016-03-29 14:52 - 2014-05-14 15:45 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-03-29 14:52 - 2014-05-14 15:45 - 00000000 ____D C:\ProgramData\Adobe
2016-03-29 14:46 - 2014-05-14 17:41 - 00001912 _____ C:\Windows\epplauncher.mif
2016-03-26 10:14 - 2014-05-14 17:34 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-26 10:14 - 2014-05-14 17:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-17 16:12 - 2016-01-12 14:40 - 00000000 ____D C:\Users\Usuario\Desktop\HM
2016-03-14 16:59 - 2016-01-08 15:24 - 00000000 ____D C:\Users\Usuario\Desktop\musicas vitor
2016-03-14 16:58 - 2014-05-13 14:57 - 00000000 ____D C:\Users\Usuario
2016-03-02 15:21 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
==================== Arquivos na raiz de alguns diretórios =======
2016-04-01 09:35 - 2016-04-01 09:35 - 2777282 _____ () C:\Program Files\Common Files\nlq21fdq.exe
2016-03-31 16:21 - 2016-03-31 16:21 - 6504960 _____ () C:\Users\Usuario\AppData\Roaming\agent.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 0054272 _____ () C:\Users\Usuario\AppData\Roaming\ApplicationHosting.dat
2016-03-31 14:32 - 2016-03-31 14:36 - 0001279 _____ () C:\Users\Usuario\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-31 14:34 - 2016-03-31 14:34 - 0005726 _____ () C:\Users\Usuario\AppData\Roaming\Bubble Dock.installation.log
2016-03-31 16:21 - 2016-03-31 16:21 - 0065424 _____ () C:\Users\Usuario\AppData\Roaming\Config.xml
2016-03-31 14:47 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\Usuario\AppData\Roaming\delCalendarReg.exe
2016-03-31 16:21 - 2016-03-31 16:19 - 1162752 _____ () C:\Users\Usuario\AppData\Roaming\Goldening.exe
2016-03-31 16:21 - 2016-03-31 16:21 - 1626416 _____ () C:\Users\Usuario\AppData\Roaming\Goldening.tst
2016-03-31 14:49 - 2015-11-25 14:31 - 1100288 _____ () C:\Users\Usuario\AppData\Roaming\HomePage.exe
2016-03-31 16:20 - 2016-03-31 16:20 - 0848437 _____ () C:\Users\Usuario\AppData\Roaming\Indigostring.bin
2016-03-31 16:19 - 2016-03-31 16:19 - 0264104 _____ () C:\Users\Usuario\AppData\Roaming\inst.lat
2016-03-31 16:19 - 2016-03-31 16:19 - 0016992 _____ () C:\Users\Usuario\AppData\Roaming\InstallationConfiguration.xml
2016-03-31 16:19 - 2016-03-31 16:19 - 0127488 _____ () C:\Users\Usuario\AppData\Roaming\Installer.dat
2016-03-31 16:20 - 2016-03-31 16:20 - 0126464 _____ () C:\Users\Usuario\AppData\Roaming\lobby.dat
2016-03-31 16:21 - 2016-03-31 16:21 - 0018432 _____ () C:\Users\Usuario\AppData\Roaming\Main.dat
2016-03-31 16:20 - 2016-03-31 16:21 - 0005568 _____ () C:\Users\Usuario\AppData\Roaming\md.xml
2016-03-31 14:45 - 2016-03-31 11:51 - 1916928 _____ () C:\Users\Usuario\AppData\Roaming\msiql.exe
2016-03-31 16:21 - 2016-03-31 16:21 - 0126464 _____ () C:\Users\Usuario\AppData\Roaming\noah.dat
2016-03-19 15:45 - 2016-03-30 16:52 - 0000132 _____ () C:\Users\Usuario\AppData\Roaming\Preferências do Formato PNG CC da Adobe
2016-03-31 16:20 - 2016-03-31 16:19 - 1162752 _____ () C:\Users\Usuario\AppData\Roaming\S--Dox.exe
2016-03-31 16:20 - 2016-03-31 16:20 - 0072699 _____ () C:\Users\Usuario\AppData\Roaming\S--Dox.tst
2016-03-31 14:36 - 2016-03-31 14:36 - 0000078 _____ () C:\Users\Usuario\AppData\Roaming\Selection Tools.installation.log
2016-03-31 14:44 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Usuario\AppData\Roaming\service.exe
2016-03-31 14:45 - 2016-04-01 08:20 - 2767872 _____ (TODO: ) C:\Users\Usuario\AppData\Roaming\svrupg.exe
2014-10-31 19:06 - 2014-10-31 19:06 - 0016808 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat
2014-10-31 19:06 - 2014-10-31 19:05 - 0815314 _____ () C:\Users\Usuario\AppData\Roaming\unins000.exe
2016-03-31 16:23 - 2016-03-31 16:23 - 0001150 _____ () C:\Users\Usuario\AppData\Roaming\uninstall_temp.ico
2016-03-31 16:22 - 2016-03-31 16:22 - 0189639 _____ () C:\Users\Usuario\AppData\Roaming\Voltcore.bin
2016-03-31 14:32 - 2016-03-31 14:32 - 0000097 _____ () C:\Users\Usuario\AppData\Roaming\WindApp.boostrap.log
2016-03-31 14:35 - 2016-03-31 14:35 - 0000078 _____ () C:\Users\Usuario\AppData\Roaming\WindApp.installation.log
2016-03-31 14:45 - 2015-12-10 14:43 - 0600312 _____ () C:\Users\Usuario\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 16:22 - 2016-03-31 16:22 - 0041472 _____ () C:\Users\Usuario\AppData\Local\Hotdox.dat
2016-03-31 16:22 - 2016-03-31 16:22 - 0028160 _____ () C:\Users\Usuario\AppData\Local\Hotdox.exe
2016-03-31 16:22 - 2016-03-31 16:22 - 0000187 _____ () C:\Users\Usuario\AppData\Local\Hotdox.exe.config
2014-10-15 20:11 - 2014-10-15 20:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-03-31 14:50 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2016-03-31 14:51 - 2015-11-25 14:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-03-31 14:47 - 2015-12-04 12:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-03-31 14:45 - 2016-03-31 11:51 - 1916928 _____ () C:\ProgramData\msiql.exe
2016-01-07 15:04 - 2016-01-07 15:04 - 0000047 _____ () C:\ProgramData\nex.ini
2016-03-31 14:44 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe
2016-03-31 14:47 - 2015-12-10 14:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-03-31 14:52 - 2016-03-31 14:37 - 0878606 _____ () C:\ProgramData\YSIns.exe
2016-03-31 16:02 - 2016-03-31 16:02 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\ProgramData\YSIns.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\YSIns.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\1CD3.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\1PEQQO01FL.exe
C:\Users\Usuario\AppData\Local\Temp\1UY9AHN6Z2.exe
C:\Users\Usuario\AppData\Local\Temp\29O70OV3CI.exe
C:\Users\Usuario\AppData\Local\Temp\2A205T4QAS.exe
C:\Users\Usuario\AppData\Local\Temp\2HYP0B3AI3.exe
C:\Users\Usuario\AppData\Local\Temp\2NKDLD50MP.exe
C:\Users\Usuario\AppData\Local\Temp\3d Max 9 64 Bit Downloader__3687_i1906767572_il1014030.exe
C:\Users\Usuario\AppData\Local\Temp\5TXFQ7C5G4.exe
C:\Users\Usuario\AppData\Local\Temp\6DX390B32V.exe
C:\Users\Usuario\AppData\Local\Temp\7RP6QM41E9.exe
C:\Users\Usuario\AppData\Local\Temp\A90C.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\BackupSetup.exe
C:\Users\Usuario\AppData\Local\Temp\C3BD.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\F67E.tmp.exe
C:\Users\Usuario\AppData\Local\Temp\KEX1RF7QGT.exe
C:\Users\Usuario\AppData\Local\Temp\KQ4Y32HVZ8.exe
C:\Users\Usuario\AppData\Local\Temp\LQBIK9RPO3.exe
C:\Users\Usuario\AppData\Local\Temp\NAEKOAE982.exe
C:\Users\Usuario\AppData\Local\Temp\nsgA297.exe
C:\Users\Usuario\AppData\Local\Temp\P9MYD7EKLY.exe
C:\Users\Usuario\AppData\Local\Temp\PRYPPKS1Q9.exe
C:\Users\Usuario\AppData\Local\Temp\Q9HD08YI4Q.exe
C:\Users\Usuario\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_78289_Silence.exe
C:\Users\Usuario\AppData\Local\Temp\QT7WA1Y2NK.exe
C:\Users\Usuario\AppData\Local\Temp\set.exe
C:\Users\Usuario\AppData\Local\Temp\setup_nex_.exe
C:\Users\Usuario\AppData\Local\Temp\SHHSN7349X.exe
C:\Users\Usuario\AppData\Local\Temp\soundplus-installer.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-03-29 09:53
==================== Fim de FRST.txt ============================