Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:05-03-2016 01 Executado por Enilson Nunes (administrador) em PC-ITAUTEC (25-03-2016 13:34:16) Executando a partir de C:\Users\Enilson Nunes\Desktop Perfis Carregados: Enilson Nunes (Perfis Disponíveis: Enilson Nunes) Platform: Windows Embedded 8.1 Industry Pro (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) () C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\jnsd6187.tmp (tsvr.com) C:\Users\Enilson Nunes\AppData\Roaming\TSv\TSvr.exe () C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Ilitsudg.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (TData.com) C:\Program Files (x86)\TData\TData.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\hnsd7A9F.tmp (Microsoft Corporation) C:\Users\Enilson Nunes\AppData\Roaming\XBox\XBLive.exe () C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Kalme.exe () C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Rogbu.exe () C:\ProgramData\WindowsMsg\osmsg.exe (VLOME) C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Bumalagoh ) C:\Users\Enilson Nunes\AppData\Local\Temp\10869\MediaDownloaderSetup.exe () C:\Users\Enilson Nunes\AppData\Local\Setup Wizard\b365a1f9-a0b6-4382-9203-9bfa16a4433d\vlc-media-player.exe (Skype Technologies S.A.) C:\Users\Enilson Nunes\AppData\Local\Setup Wizard\9c7e21cb-f415-4857-a231-d8cea099faf7\skypesetupfull.exe () C:\Users\Enilson Nunes\AppData\Local\Temp\13678\Setup.exe (Microsoft Corporation) C:\Windows\FileManager\FileManager.exe () C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\knsmF4E2.tmp (Microsoft Corporation) C:\Windows\System32\WWAHost.exe () C:\Users\Enilson Nunes\AppData\Roaming\cpuminer\cpm.exe (skype.cog.cc) C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [cpuminer] => C:\Users\Enilson Nunes\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-02-29] () HKLM-x32\...\Run: [win_en_77] => [X] HKLM-x32\...\Run: [mbot_en_037050276] => [X] HKLM-x32\...\Run: [sun3] => [X] HKLM-x32\...\Run: [rec_en_233] => [X] HKLM-x32\...\RunOnce: [Update] => C:\Users\Enilson Nunes\AppData\Roaming\ASPackage\ASPackage.exe /runonce Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036736 2016-03-23] () HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Pritc] => C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe [2955264 2016-03-03] (VLOME) <===== ATENÇÃO HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [WindApp] => "C:\Users\Enilson Nunes\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Selection Tools] => "C:\Users\Enilson Nunes\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\Run: [Only-search] => C:\Program Files (x86)\onlysearch\onlysearch\1.3.22.1\onlysearch.exe HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [Uninstall C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6302.0225" HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [Uninstall C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Enilson Nunes\AppData\Local\Microsoft\OneDrive\17.3.6281.1202" HKU\S-1-5-21-1444870410-194518038-3171502822-1001\...\RunOnce: [UpdateTask] => [X] ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2010-02-09] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserJFile.lnk [2016-03-24] ShortcutTarget: WebBrowserJFile.lnk -> C:\Program Files (x86)\JFileManager\WebBrowser.exe (Nenhum Arquivo) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll Nenhum Arquivo Winsock: Catalog5-x64 07 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-03-24] () Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{602AB845-4083-4776-A80A-561F6577ADE5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{C845E9C5-51BF-4DFA-AB6A-9A684534BB74}: [DhcpNameServer] 192.168.1.1 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} HKU\S-1-5-21-1444870410-194518038-3171502822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://br.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro HKU\S-1-5-21-1444870410-194518038-3171502822-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms} SearchScopes: HKLM -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yoursites123.com/web?type=ds&ts=1458827722&z=7687f603cd2e221c4140cfdg1zewcbab3o3m0mcofw&from=wpm0314&uid=SAMSUNGXHN-M320MBB_S2SNJ56B814088&q={searchTerms} SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_mp3_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDtBtDtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyEtCtAyC0EzztBtGtDzytD0CtGtCyDzzzztGtDzyzzzztG0DyCyB0DyCtBtAyDtBzzyByD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyCyByC%26cr%3D859380173%26a%3Dwncy_mp3_16_09%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_adsafld_16_12¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutBtDyB0Czz0FyCtBtDzytB0CyBzy0F0EtN0D0Tzu0StCyDyEyEtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StA0ByE0ByEtDyB0EtGyDzy0EyCtGyDzzzztBtGtAyEyByDtG0F0AzztCtA0Fzzzz0E0Czz0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0C0D0CyBzztBtAtGzzzytAzztGyEtD0A0EtGzy0AtA0DtG0F0F0C0E0AzzyEyC0BtByEyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D998963062%26a%3Djmb_adsafld_16_12%26os_ver%3D6.3%26os%3DWindows%2BEmbedded%2B8.1%2BIndustry%2BPro&p={searchTerms} SearchScopes: HKU\S-1-5-21-1444870410-194518038-3171502822-1001 -> {EBC49DFA-65DD-4D8C-83DD-E88221ECDDD5} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=132174&q={searchTerms}&r=109 BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Enilson Nunes\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-06-18] () StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default FF NewTab: FF DefaultSearchEngine: Search The Web (Only-Search) FF SelectedSearchEngine: Search The Web (Only-Search) FF Homepage: hxxp://www.only-search.com/?babsrc=HP_kms&affID=132174 FF Keyword.URL: FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.) FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\onlysearchkms1.xml [2016-03-24] FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\Search Provided by Yahoo.xml [2016-03-24] FF SearchPlugin: C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\searchplugins\yoursites123.xml [2016-03-24] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml [2016-03-24] FF Extension: Default NewTab - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\Extensions\default_newtabff@gmail.com [2016-03-24] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\extensions\deskCutv2@gmail.com => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Enilson Nunes\AppData\Roaming\Mozilla\Firefox\Profiles\yyw7imt7.default\extensions\default_newtabff@gmail.com StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSearchKeyword: Default -> yahoo CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24] CHR Extension: (Google Drive) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24] CHR Extension: (Search Manager) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-03-24] CHR Extension: (YouTube) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24] CHR Extension: (Google Sheets) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-24] CHR Extension: (Google Docs Offline) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24] CHR Extension: (AdBlock) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-25] CHR Extension: (Yahoo!) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijepgjdjkdbopbnaopmlmobimmhjklhd [2016-03-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24] CHR Extension: (Gmail) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24] CHR Profile: C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Slides) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-24] CHR Extension: (Google Docs) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-24] CHR Extension: (Google Drive) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-24] CHR Extension: (Search Manager) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-03-24] CHR Extension: (WhatsChrome) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-03-24] CHR Extension: (YouTube) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-24] CHR Extension: (Adblock Plus) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-24] CHR Extension: (Tampermonkey) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-03-24] CHR Extension: (Google Sheets) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-24] CHR Extension: (WebMoney Advisor) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gclcmokkcfnjpghegbnebiokigholeli [2016-03-24] CHR Extension: (Google Docs Offline) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-24] CHR Extension: (AdBlock) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-24] CHR Extension: (Yahoo!) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ijepgjdjkdbopbnaopmlmobimmhjklhd [2016-03-24] CHR Extension: (GBBD Banco do Brasil) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll [2016-03-24] CHR Extension: (Google Play) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-03-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-24] CHR Extension: (Gmail) - C:\Users\Enilson Nunes\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-24] CHR HKU\S-1-5-21-1444870410-194518038-3171502822-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ijepgjdjkdbopbnaopmlmobimmhjklhd] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 cimusimezbt; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\knsmF4E2.tmp [246784 2016-03-24] () [Arquivo não assinado] R2 gerocyni; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\jnsd6187.tmp [302080 2016-03-23] () [Arquivo não assinado] R2 IhPul; C:\Users\Enilson Nunes\AppData\Roaming\TSv\TSvr.exe [291064 2016-03-23] (tsvr.com) R2 Juchims; C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg\Ilitsudg.exe [174440 2016-03-23] () S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-24] (DotC United Inc) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc) R2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [167352 2016-03-21] (skype.cog.cc) R2 TDataSvr; C:\Program Files (x86)\TData\TData.exe [104680 2016-03-24] (TData.com) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 wucotusy; C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A\hnsd7A9F.tmp [416256 2016-03-23] () [Arquivo não assinado] R2 XBox; C:\Users\Enilson Nunes\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation) S2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65856 2016-03-23] (Windows (R) Win 7 DDK provider) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) U1 egg_protect; C:\Windows\EProtect_amd64.sys [20352 2016-03-25] () R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-24] (DotC United Inc) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-25 13:24 - 2016-03-25 13:25 - 00027526 _____ C:\Users\Enilson Nunes\Desktop\Addition.txt 2016-03-25 13:22 - 2016-03-25 13:34 - 00025481 _____ C:\Users\Enilson Nunes\Desktop\FRST.txt 2016-03-25 13:22 - 2016-03-25 13:34 - 00000000 ____D C:\FRST 2016-03-25 13:21 - 2016-03-25 13:21 - 02374144 _____ (Farbar) C:\Users\Enilson Nunes\Desktop\FRST64.exe 2016-03-25 12:55 - 2016-03-25 12:55 - 00001102 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Users\Todos os Usuários\VS Revo Group 2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\VS Revo Group 2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\ProgramData\VS Revo Group 2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2016-03-25 12:55 - 2016-03-25 12:55 - 00000000 ____D C:\Program Files\VS Revo Group 2016-03-25 12:55 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2016-03-25 12:54 - 2016-03-25 12:55 - 11199448 _____ (VS Revo Group ) C:\Users\Enilson Nunes\Downloads\RevoUninProSetup.exe 2016-03-25 12:49 - 2016-03-25 12:49 - 01188386 _____ C:\Users\Enilson Nunes\Downloads\deletedr.exe 2016-03-25 12:19 - 2016-03-25 12:19 - 00020352 _____ C:\Windows\EProtect_amd64.sys 2016-03-24 17:45 - 2016-03-24 17:46 - 00940359 _____ C:\Users\Enilson Nunes\Downloads\Plugin (1).zip 2016-03-24 17:44 - 2016-03-24 17:44 - 00060632 _____ C:\Users\Enilson Nunes\Downloads\Plugin [1].exe 2016-03-24 17:43 - 2016-03-24 17:43 - 00940359 _____ C:\Users\Enilson Nunes\Downloads\Plugin.zip 2016-03-24 17:29 - 2016-03-24 17:29 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-24 17:29 - 2016-03-24 17:29 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-03-24 17:28 - 2016-03-25 13:33 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-03-24 17:28 - 2016-03-24 17:33 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-03-24 17:28 - 2016-03-24 17:28 - 00004076 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-03-24 17:28 - 2016-03-24 17:28 - 00003840 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-03-24 17:24 - 2016-03-24 17:24 - 00987728 _____ (Google Inc.) C:\Users\Enilson Nunes\Downloads\ChromeSetup.exe 2016-03-24 17:08 - 2016-03-24 17:08 - 00000714 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChromeSetup.lnk 2016-03-24 16:49 - 2016-03-24 16:49 - 00480560 _____ C:\Users\Enilson Nunes\Downloads\adobe_flash_player-103869245.exe 2016-03-24 16:48 - 2016-03-24 16:48 - 01034904 _____ ( ) C:\Users\Enilson Nunes\Downloads\JavaPlugin.exe 2016-03-24 16:41 - 2016-03-24 16:41 - 00000985 _____ C:\Users\Enilson Nunes\Desktop\Advertisement.url 2016-03-24 16:39 - 2016-03-25 11:59 - 00000001 _____ C:\Windows\SysWOW64\br.html 2016-03-24 15:18 - 2016-03-25 13:19 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-03-24 15:18 - 2016-03-24 15:18 - 00003790 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-03-24 15:11 - 2016-03-24 18:17 - 00000380 ____H C:\Windows\Tasks\VLEBCLKPVFUXCULF.job 2016-03-24 15:11 - 2016-03-24 15:37 - 00000000 ____D C:\Users\Todos os Usuários\LolliScan 2016-03-24 15:11 - 2016-03-24 15:37 - 00000000 ____D C:\ProgramData\LolliScan 2016-03-24 15:11 - 2016-03-24 15:11 - 00003404 _____ C:\Windows\System32\Tasks\VLEBCLKPVFUXCULF 2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\Users\Todos os Usuários\Service7609 2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\Users\Todos os Usuários\7c0535b143fc4671b6ebd202fbffe066 2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\ProgramData\Service7609 2016-03-24 15:11 - 2016-03-24 15:11 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 2016-03-24 14:43 - 2016-03-24 15:47 - 00000000 ____D C:\Program Files (x86)\MixVideoPlayer 2016-03-24 14:41 - 2016-03-24 14:41 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\node-webkit 2016-03-24 14:39 - 2016-03-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC 2016-03-24 14:31 - 2016-03-24 14:32 - 00001001 _____ C:\Windows\SysWOW64\${LOGFILE} 2016-03-24 14:30 - 2016-03-24 14:47 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Gameo 2016-03-24 14:30 - 2016-03-24 14:30 - 00000181 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url 2016-03-24 14:30 - 2016-03-24 14:30 - 00000000 ___HD C:\Users\Enilson Nunes\AppData\Roaming\GoldenGate 2016-03-24 14:29 - 2016-03-24 14:47 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Gameo 2016-03-24 14:29 - 2016-03-24 14:28 - 05892175 _____ (MediaDownloader ) C:\Users\Enilson Nunes\Downloads\MediaDownloader.exe 2016-03-24 10:15 - 2016-03-24 10:15 - 00262144 _____ C:\Windows\Minidump\032416-29734-01.dmp 2016-03-24 10:14 - 2016-03-24 10:14 - 434138656 _____ C:\Windows\MEMORY.DMP 2016-03-24 10:01 - 2016-03-24 10:01 - 00000000 ____D C:\Users\Todos os Usuários\MWdMM 2016-03-24 10:01 - 2016-03-24 10:01 - 00000000 ____D C:\ProgramData\MWdMM 2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Todos os Usuários\5495ea18-6e61-0 2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Todos os Usuários\5495ea18-25d3-1 2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\TSv 2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\ProgramData\5495ea18-6e61-0 2016-03-24 09:58 - 2016-03-24 09:58 - 00000000 ____D C:\ProgramData\5495ea18-25d3-1 2016-03-24 09:57 - 2016-03-24 09:57 - 00000000 ____D C:\Windows\3 2016-03-24 09:56 - 2016-03-24 09:56 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\MCorp 2016-03-24 09:54 - 2016-03-24 10:09 - 00000072 _____ C:\Windows\SysWOW64\123.html 2016-03-24 09:52 - 2016-03-24 09:52 - 00000000 ____D C:\Windows\SysWOW64\_tWm 2016-03-24 09:45 - 2016-03-24 09:45 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\macpromosoft 2016-03-24 09:23 - 2016-03-24 14:23 - 00000336 _____ C:\Windows\Tasks\Price Fountain.job 2016-03-24 09:23 - 2016-03-24 09:23 - 00002674 _____ C:\Windows\System32\Tasks\Price Fountain 2016-03-24 09:23 - 2016-03-24 09:23 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\PriceFountain 2016-03-24 09:22 - 2016-03-24 14:34 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\PriceFountain 2016-03-24 09:22 - 2016-03-24 09:51 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-03-24 09:22 - 2016-03-24 09:22 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys 2016-03-24 09:19 - 2016-03-24 15:17 - 00004004 _____ C:\Windows\System32\Tasks\LaunchPreSignup 2016-03-24 09:17 - 2016-03-24 14:28 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\WTools 2016-03-24 09:17 - 2016-03-24 10:02 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Store 2016-03-24 09:17 - 2016-03-24 09:57 - 00000000 ____D C:\Program Files (x86)\SkypeUpdateEx 2016-03-24 09:17 - 2016-03-24 09:28 - 00000000 ____D C:\Users\Todos os Usuários\System32 2016-03-24 09:17 - 2016-03-24 09:28 - 00000000 ____D C:\ProgramData\System32 2016-03-24 09:16 - 2016-03-24 09:16 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\UG 2016-03-24 09:16 - 2016-03-24 09:16 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Nosibay 2016-03-24 09:15 - 2016-03-24 09:45 - 00000000 ____D C:\Program Files (x86)\UPCleaner 2016-03-24 09:15 - 2016-03-24 09:15 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\FrivLauncher 2016-03-24 09:14 - 2016-03-24 09:14 - 00002487 _____ C:\Windows\patsearch.bin 2016-03-24 09:14 - 2016-03-24 09:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf 2016-03-24 09:13 - 2016-03-24 16:02 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Setup Wizard 2016-03-24 09:12 - 2016-03-24 09:53 - 00002992 _____ C:\Windows\System32\Tasks\Pritc 2016-03-24 09:12 - 2016-03-24 09:12 - 00003038 _____ C:\Windows\System32\Tasks\ttwifi 2016-03-24 09:12 - 2016-03-24 09:12 - 00002934 _____ C:\Windows\System32\Tasks\osTip 2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\XBox 2016-03-24 09:12 - 2016-03-24 09:12 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-03-24 09:11 - 2016-03-24 09:11 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} 2016-03-24 08:38 - 2016-03-24 08:38 - 00000270 _____ C:\Users\Enilson Nunes\Documents\CorelDRAW Graphics Suite X7.txt 2016-03-24 08:38 - 2016-03-24 08:38 - 00000000 ____D C:\Users\Enilson Nunes\Documents\Minhas paletas 2016-03-24 08:29 - 2016-03-24 08:29 - 00000000 ____D C:\Program Files\Common Files\Corel 2016-03-24 08:25 - 2016-03-24 08:20 - 00003031 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk 2016-03-24 08:23 - 2016-03-24 08:23 - 00000000 ____D C:\Program Files\Common Files\Protexis 2016-03-24 08:21 - 2016-03-24 08:21 - 00000000 ____D C:\Users\Public\Documents\Corel 2016-03-24 08:20 - 2016-03-24 08:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit) 2016-03-24 08:19 - 2016-03-25 13:09 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1444870410-194518038-3171502822-1001 2016-03-24 08:19 - 2016-03-24 08:19 - 00000000 ____D C:\Program Files\Corel 2016-03-24 08:16 - 2016-03-24 08:28 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64 2016-03-24 08:16 - 2016-03-24 08:28 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64 2016-03-24 08:13 - 2016-03-24 08:13 - 00625240 _____ C:\Windows\system32\FNTCACHE.DAT 2016-03-23 14:07 - 2016-03-23 14:07 - 00000000 ____D C:\Windows\system32\mox 2016-03-23 14:06 - 2016-03-24 10:01 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-03-23 14:06 - 2016-03-24 10:01 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-03-23 14:06 - 2016-03-23 14:06 - 00000000 ____D C:\Users\Todos os Usuários\HWdMH 2016-03-23 14:06 - 2016-03-23 14:06 - 00000000 ____D C:\ProgramData\HWdMH 2016-03-23 14:05 - 2016-03-24 07:53 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\mysites123 2016-03-23 14:04 - 2016-03-24 07:54 - 00000000 ____D C:\Program Files (x86)\Hostify 2016-03-23 14:01 - 2016-03-24 07:54 - 00000000 ____D C:\Program Files (x86)\sunnyday 2016-03-23 14:01 - 2016-03-23 14:01 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\tuto_monetize_1 2016-03-23 14:00 - 2016-03-24 18:17 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\gplyra 2016-03-23 14:00 - 2016-03-24 18:17 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\cpuminer 2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\UPUpdata 2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Ilitsudg 2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Company 2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Tempfolder 2016-03-23 14:00 - 2016-03-23 14:00 - 00000000 ____D C:\uninst 2016-03-23 13:59 - 2016-03-23 14:00 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater 2016-03-23 11:12 - 2016-03-24 09:57 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\app 2016-03-23 11:10 - 2016-03-23 11:10 - 00000286 __RSH C:\Users\Enilson Nunes\ntuser.pol 2016-03-23 11:00 - 2016-03-23 11:35 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\8D1B9413-1458730809-C5E3-B271-1DED1F1F413A 2016-03-23 10:58 - 2016-03-25 11:54 - 00000000 ____D C:\Program Files (x86)\8D1B9413-1458745089-C5E3-B271-1DED1F1F413A 2016-03-23 10:58 - 2016-03-23 10:56 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-03-23 10:57 - 2016-03-24 09:58 - 00000000 ____D C:\Program Files (x86)\TData 2016-03-23 10:55 - 2016-03-23 10:55 - 00000000 ____D C:\Users\Enilson Nunes\Downloads\Torrentex 2016-03-23 10:51 - 2016-03-23 10:51 - 06128221 _____ C:\Users\Enilson Nunes\Downloads\CorelDraw Graphics Suit X6 Keygen _Serial Number Crack.rar 2016-03-23 10:24 - 2016-03-23 10:24 - 00000000 ____D C:\Users\Todos os Usuários\Protexis 2016-03-23 10:24 - 2016-03-23 10:24 - 00000000 ____D C:\ProgramData\Protexis 2016-03-23 10:18 - 2016-03-23 14:00 - 00065856 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys 2016-03-23 09:45 - 2016-03-23 09:53 - 528017024 _____ (Acresso Software Inc. ) C:\Users\Enilson Nunes\Downloads\CorelDRAWGraphicsSuiteX6Installer_EN32Bit.exe 2016-03-15 16:00 - 2016-03-21 15:09 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Atos 27 2016-03-10 14:56 - 2016-03-10 14:56 - 00440714 _____ C:\Users\Enilson Nunes\Desktop\Celeiro Embutido.pdf 2016-03-10 10:29 - 2016-03-10 10:29 - 00000291 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lixeira.lnk 2016-03-09 13:31 - 2016-03-09 13:32 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Nova pasta (2) 2016-03-02 11:08 - 2015-04-02 08:45 - 00532118 _____ C:\Users\Enilson Nunes\Desktop\Backup_of_propa new.cdr 2016-02-29 11:35 - 2016-02-29 11:35 - 00000042 _____ C:\Users\Enilson Nunes\AppData\Roaming\WB.CFG 2016-02-29 10:39 - 2016-03-21 16:35 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\MP3 Rocket 2016-02-29 10:39 - 2016-03-21 15:09 - 00000000 ____D C:\Users\Enilson Nunes\Incomplete 2016-02-29 10:39 - 2016-02-29 10:39 - 00000000 ____D C:\Users\Enilson Nunes\Documents\HyperCam3 2016-02-29 10:39 - 2016-02-29 10:39 - 00000000 ____D C:\Users\Enilson Nunes\.swt 2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Todos os Usuários\Sun 2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Todos os Usuários\Oracle 2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Sun 2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\Users\Enilson Nunes\AppData\LocalLow\Oracle 2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\ProgramData\Sun 2016-02-29 10:38 - 2016-02-29 10:38 - 00000000 ____D C:\ProgramData\Oracle 2016-02-29 10:35 - 2016-03-24 17:45 - 00000818 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-02-29 10:35 - 2016-03-24 17:45 - 00000818 __RSH C:\ProgramData\ntuser.pol 2016-02-29 10:35 - 2016-02-29 10:38 - 30431144 _____ (Oracle Corporation) C:\Users\Enilson Nunes\Desktop\jre-8u31-windows-i586.exe 2016-02-29 10:35 - 2016-02-29 10:35 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-02-29 10:35 - 2016-02-29 10:35 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\PriceFountainUpdateVer 2016-02-29 10:33 - 2016-02-29 10:33 - 01430388 _____ (Lite Internet App ) C:\Users\Enilson Nunes\Downloads\MP3Rocket_Setup_Manager.exe 2016-02-29 10:22 - 2016-02-29 10:22 - 00706136 _____ (Reezaa.com ) C:\Users\Enilson Nunes\Downloads\mp3tageditor.exe ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-03-25 13:05 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf 2016-03-24 17:28 - 2016-01-04 20:21 - 00000000 ____D C:\Program Files (x86)\Google 2016-03-24 17:11 - 2014-03-18 05:55 - 01797166 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-24 17:11 - 2014-03-18 05:27 - 00774900 _____ C:\Windows\system32\prfh0416.dat 2016-03-24 17:11 - 2014-03-18 05:27 - 00158494 _____ C:\Windows\system32\prfc0416.dat 2016-03-24 15:13 - 2015-12-30 16:58 - 00000000 ____D C:\Program Files\Microsoft Office 2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft 2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-03-24 15:13 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-03-24 15:12 - 2016-01-04 20:21 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Google 2016-03-24 14:42 - 2016-02-08 13:23 - 00000000 ___RD C:\Users\Enilson Nunes\OneDrive 2016-03-24 14:38 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-24 14:13 - 2016-01-23 20:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-03-24 10:24 - 2015-12-29 12:09 - 00000000 ____D C:\Users\Enilson Nunes 2016-03-24 10:15 - 2016-01-12 10:23 - 00000000 ____D C:\Windows\Minidump 2016-03-24 09:55 - 2015-12-29 12:09 - 00001721 _____ C:\Users\Enilson Nunes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-03-24 08:56 - 2016-01-04 01:26 - 00000000 ____D C:\Users\Todos os Usuários\Corel 2016-03-24 08:56 - 2016-01-04 01:26 - 00000000 ____D C:\ProgramData\Corel 2016-03-24 08:35 - 2016-01-04 05:27 - 00000000 ____D C:\Users\Todos os Usuários\Protexis64 2016-03-24 08:35 - 2016-01-04 05:27 - 00000000 ____D C:\ProgramData\Protexis64 2016-03-24 08:35 - 2013-04-03 01:31 - 00000000 ____D C:\Users\Enilson Nunes\Documents\Corel 2016-03-24 08:32 - 2016-01-04 05:27 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\Corel 2016-03-24 08:09 - 2016-01-11 18:57 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Roaming\TeamViewer 2016-03-24 08:06 - 2015-07-17 00:25 - 00000000 ____D C:\Windows.old.001 2016-03-24 08:02 - 2015-12-29 10:37 - 00000000 ____D C:\Windows\Panther 2016-03-23 14:21 - 2015-06-22 19:05 - 00000270 _____ C:\Users\Enilson Nunes\Documents\CorelDRAW Graphics Suite X6.txt 2016-03-23 14:18 - 2016-01-04 01:29 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help 2016-03-23 14:18 - 2016-01-02 08:55 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X6 2016-03-23 14:18 - 2016-01-02 08:55 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6 2016-03-23 14:07 - 2015-12-30 17:28 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-03-23 14:07 - 2015-12-30 17:28 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-03-23 10:57 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-03-23 09:40 - 2016-02-16 10:22 - 00000000 ____D C:\Users\Enilson Nunes\Downloads\1 2016-03-20 15:33 - 2015-04-11 22:15 - 00000000 ____D C:\Users\Enilson Nunes\A Pregar 2016-03-18 13:29 - 2015-12-30 18:10 - 00000000 ____D C:\Users\Todos os Usuários\KMSAutoS 2016-03-18 13:29 - 2015-12-30 18:10 - 00000000 ____D C:\ProgramData\KMSAutoS 2016-03-16 10:43 - 2015-09-02 08:10 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Forte Pão 2016-03-10 15:48 - 2015-10-01 19:48 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Embutidos celeiro 2016-03-10 14:11 - 2016-02-18 07:34 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\tunel de congelado celeiro 2016-02-29 09:53 - 2015-12-29 12:09 - 00000000 ____D C:\Users\Enilson Nunes\AppData\Local\Packages 2016-02-29 09:22 - 2016-02-08 13:30 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Lac 2016-02-29 09:18 - 2015-10-26 14:09 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Acobrar 2016-02-29 08:27 - 2015-11-22 13:32 - 00000000 ____D C:\Users\Enilson Nunes\Desktop\Nova pasta ==================== Arquivos na raiz de alguns diretórios ======= 2016-03-24 09:16 - 2016-03-24 09:17 - 0001292 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Bubble Dock.boostrap.log 2016-03-24 09:16 - 2016-03-24 09:17 - 0005761 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Bubble Dock.installation.log 2016-03-24 09:17 - 2016-03-24 09:17 - 0000078 _____ () C:\Users\Enilson Nunes\AppData\Roaming\Selection Tools.installation.log 2016-02-29 11:35 - 2016-02-29 11:35 - 0000042 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WB.CFG 2016-03-24 09:16 - 2016-03-24 09:16 - 0000097 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WindApp.boostrap.log 2016-03-24 09:17 - 2016-03-24 09:17 - 0000078 _____ () C:\Users\Enilson Nunes\AppData\Roaming\WindApp.installation.log 2016-03-23 14:06 - 2016-03-24 10:01 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Arquivos para serem movidos ou deletados: ==================== C:\Users\Enilson Nunes\AppData\Local\Temp\is-E1B7G.tmp\print.exe C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns arquivos em TEMP: ==================== C:\Users\Enilson Nunes\AppData\Local\Temp\260D.tmp.exe C:\Users\Enilson Nunes\AppData\Local\Temp\29da41ca244e4f799399c35fcd889891455037.exe C:\Users\Enilson Nunes\AppData\Local\Temp\30F6.tmp.exe C:\Users\Enilson Nunes\AppData\Local\Temp\94492374-D784-9438-D90A-88FF9BFD79E8.exe C:\Users\Enilson Nunes\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.dll C:\Users\Enilson Nunes\AppData\Local\Temp\A443FE17-5C97-711F-43A5-7F5243D9D11B.exe C:\Users\Enilson Nunes\AppData\Local\Temp\B267.tmp.exe C:\Users\Enilson Nunes\AppData\Local\Temp\BackupSetup.exe C:\Users\Enilson Nunes\AppData\Local\Temp\C5F2.tmp.exe C:\Users\Enilson Nunes\AppData\Local\Temp\DownPageDll.dll C:\Users\Enilson Nunes\AppData\Local\Temp\fsd139A.exe C:\Users\Enilson Nunes\AppData\Local\Temp\fsd5C3C.exe C:\Users\Enilson Nunes\AppData\Local\Temp\ICReinstall_260D.tmp.exe C:\Users\Enilson Nunes\AppData\Local\Temp\onlysetup.exe C:\Users\Enilson Nunes\AppData\Local\Temp\res.dll C:\Users\Enilson Nunes\AppData\Local\Temp\sqlite3.dll C:\Users\Enilson Nunes\AppData\Local\Temp\tmp3B0B.tmp.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll [2015-12-30 17:28] - [2016-03-23 14:07] - 0655360 ____A (Microsoft Corporation) 7B5CA8548225C300014540E4254BA86E C:\Windows\SysWOW64\dnsapi.dll [2015-12-30 17:28] - [2016-03-23 14:07] - 0494592 ____A (Microsoft Corporation) 3B8D00626BF63E1D94D3D2D59D3233B3 C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-03-16 08:52 ==================== Fim de FRST.txt ============================