Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01 Executado por Usuario (administrador) em CPU (01-04-2016 14:57:38) Executando a partir de C:\Users\Usuario\Desktop Perfis Carregados: Usuario (Perfis Disponíveis: Usuario & DefaultAppPool) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (GAS Tecnologia) C:\Program Files\GbPlugin\gbpsv.exe (Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe () C:\ProgramData\Airtostrong\Airtostrong.exe (Autodesk) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe () C:\Users\Usuario\AppData\Roaming\DensOfe\Momroak.exe () C:\Program Files\BitTorrent\BitTorrent.exe () C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\knsqB2F8.tmp () C:\Users\Usuario\AppData\Roaming\Xosypujn\Xosypujn.exe () C:\Users\Usuario\AppData\Roaming\Xosypujn\Kiowtocj.exe () C:\ProgramData\CloudPrinter\CloudPrinter.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\Sound+\idsccom_3B0.exe () C:\Program Files\badu\uc.exe () C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe () C:\Program Files\Hostify\idsccom_7WK.exe () C:\Program Files\rec_en_238\rec_en_238.exe (BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe () C:\Nex\NexServ.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe (mycomputer) C:\Windows\Terms.exe () C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\jnsrC477.tmp () C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe (BitTorrent Inc.) C:\Users\Usuario\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\pg_ctl.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\hnsr34E7.tmp (Serasa Experian) C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe (PostgreSQL Global Development Group) D:\Zeus\PostgreSQL\9.2.9\bin\postgres.exe (skype.cog.cc) C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe () C:\Program Files\SFK\SSFK.exe () C:\Program Files\SFK\SSFK.exe () C:\Users\Usuario\AppData\Local\Hotdox.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (TFuns LIMITED) C:\ProgramData\1WdM1\WdMan.exe () C:\Program Files\Microsoft Ucuqqs\Xftnwmx.exe (mycomputer) C:\Program Files\Microsoft Hsampe\Xiqnppr.exe () C:\Users\Usuario\AppData\Roaming\msiql.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_51\bin\jp2launcher.exe () C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe () C:\Nex\NexAdmin.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Nero AG) C:\Program Files\Nero\Update\NASvc.exe () C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe () C:\Program Files\Sound+\idsccom_3B0.exe () C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe () C:\Program Files\rec_en_238\rec_en_238.exe () C:\Program Files\rec_en_238\rec_en_238.exe () C:\Program Files\Hostify\idsccom_7WK.exe () C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\Sound+\idsccom_3B0.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Users\Usuario\AppData\Local\Temp\nsr4DB3.tmp () C:\Windows\Temp\5BB7.tmp () C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe () C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E\qnshA16F.tmp () C:\Windows\Temp\5BCB.tmp (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\mbot_en_037050284\mbot_en_037050284.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: E - E:\SISetup.exe HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: {74c4a4f1-5c66-11e5-8f96-40167ebbc09e} - E:\SISetup.exe HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\...\MountPoints2: {bb542486-5140-11e4-9aa8-806e6f6e6963} - W:\Setup.exe AppInit_DLLs: C:\ProgramData\Airtostrong\Opestring.dll => C:\ProgramData\Airtostrong\Opestring.dll [257536 2016-04-01] () ShellExecuteHooks: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nex-Serv.lnk [2016-03-31] ShortcutTarget: Nex-Serv.lnk -> C:\Nex\NexServ.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Select a coupon.lnk [2015-09-16] ShortcutTarget: Select a coupon.lnk -> C:\Program Files\EPSON\TMCommandEmulator\PopupWindow.exe (Seiko Epson Corporation) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-03-31] () Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{E89417A4-827D-471F-ACE5-2E475B051077}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{E89417A4-827D-471F-ACE5-2E475B051077}: [DhcpNameServer] 192.168.0.201 Tcpip\..\Interfaces\{FEADCE91-D9C7-4964-B0EA-4C6ED43AF53B}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{FEADCE91-D9C7-4964-B0EA-4C6ED43AF53B}: [DhcpNameServer] 192.168.1.1 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/ HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms} HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBe-mc7MEemWbgzImDkIn5e4tivxX3Y7bH6bSPY0w7PweuxqwmKYG6I1cfQjajcyASjDlGfAG4P3YrBUCNh5BGxKXMGAvsI, HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms} HKU\S-1-5-21-3040219184-3333377178-3428145551-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms} SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms} SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> DefaultScope {38DDAB9B-6BFA-4568-88A6-86147209AFB9} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {196F7251-90F6-4797-A3A4-B97B4F1AB45B} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {38DDAB9B-6BFA-4568-88A6-86147209AFB9} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {73C82343-A6CD-4D84-B16A-2792581DD4BF} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms} SearchScopes: HKU\S-1-5-21-3040219184-3333377178-3428145551-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvddzBTGlkz6EjpjEYZ9XUQvg9qpI4EXBj8f1JI6eyv89b65eBjWk3rV_Z4wQlw4VPiQyHDqb8981c2cAFXMUT1fhUWPVk,&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV FireFox: ======== FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1 FF NewTab: C:\ProgramData\Airtostrongs\ff.NT FF DefaultSearchEngine: yessearches FF SelectedSearchEngine: hohosearch FF Homepage: C:\ProgramData\Airtostrongs\ff.HP FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=4A9F023F3360E18BDA58C065519EAC39&ptid=sqr1&ts=AHEpCHEoBX4qB0..&v=20160329&mode=ffexttoolbar&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-26] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3040219184-3333377178-3428145551-1000: gastecnologia.com.br/sf/bb -> C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2014-08-15] (GAS Tecnologia) FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\user.js [2016-04-01] FF user.js: detected! => C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2016-04-01] FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\searchplugins\DD1B66D4.xml [2016-03-31] FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\searchplugins\yahoo_ff.xml [2016-01-15] FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-31] FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\findit.xml [2016-04-01] FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo_ff.xml [2016-01-15] FF SearchPlugin: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yessearches.xml [2016-03-31] FF Extension: FirefixTab - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com [2016-03-31] [não assinado] FF Extension: Adblock Plus - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\eiob83cm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23] FF Extension: GsearchFinder - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29] FF Extension: Adblock Plus - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23] FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\deskCutv2@gmail.com StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV Chrome: ======= CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvGoPydbHPSYngPp2DO0WbQcD8_gFuRaD6yA2Hvu4d0j_rpn-o4s3B62aJRWiHx8pmeahMXyAe4zXLkd-USOmRgWZpI1qk, CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV" CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzIzWpjgBnLTsVRrjUynf2_XK1DrnvpLNYlO6-tYCGqxmohxn7Q0Bre-cJBSeUQvA3Kx0iSSEJ3P-DBvKqmfBM9uKAcolvOFP22RbkahJJKYCBTXkP2YS8ZfzeIzA3QCoj-Vp-DISEn9ti_vm4AmG9oNrAfYq8p8CuNrTT50G3d0,&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-04] CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29] CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Adblock Plus) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-01] CHR Extension: (Google Search) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Wiki Search.me) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip [2016-04-01] CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Yahoo Web) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-04-01] CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-04] CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx Opera: ======= StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.yoursearching.com/?type=sc&ts=1459450817&z=e49d62f9e5d2cbb7781db4cg0zfwet5z3w8e9b7ofz&from=face&uid=ST1000DM003-1CH162_S1DJD7SVXXXXS1DJD7SV ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated) R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [528896 2016-03-29] () [Arquivo não assinado] R2 Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [72704 2016-03-31] (Autodesk) [Arquivo não assinado] R2 Befbie; C:\Users\Usuario\AppData\Roaming\DensOfe\Momroak.exe [125792 2016-03-31] () [Arquivo não assinado] R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-03-31] () [Arquivo não assinado] <==== ATENÇÃO R2 cehysojizbt; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\knsqB2F8.tmp [263680 2016-04-01] () [Arquivo não assinado] R2 Cidsooj; C:\Users\Usuario\AppData\Roaming\Xosypujn\Xosypujn.exe [174432 2016-03-31] () [Arquivo não assinado] R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1162752 2016-03-31] () [Arquivo não assinado] S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-01-29] (Intel Corporation) R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [334848 2014-08-22] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [409600 2014-08-22] (SEIKO EPSON CORPORATION) [Arquivo não assinado] R2 GbpSv; C:\Program Files\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia) R2 gerocyni; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\jnsrC477.tmp [302080 2016-03-31] () [Arquivo não assinado] S2 ggbugreport; C:\Program Files\SearchesToYesbnd\bugreport.exe [1609280 2016-03-29] () S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado] S2 GoogleChromeUpSvc; C:\Users\Usuario\AppData\Roaming\svrupg.exe [2767872 2016-04-01] (TODO: ) [Arquivo não assinado] S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation) R2 mi-raysat_3dsmax9_32; C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [65536 2006-09-29] () [Arquivo não assinado] R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG) R2 postgresql-9.2; D:\Zeus\PostgreSQL\9.2.9\bin\pg_ctl.exe [75776 2014-07-22] (PostgreSQL Global Development Group) [Arquivo não assinado] R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 rijufoze; C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E\hnsr34E7.tmp [138240 2016-03-31] () [Arquivo não assinado] R2 SerasaUpdate; C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe [29696 2014-04-11] (Serasa Experian) [Arquivo não assinado] R2 SkypeUpdateEx; C:\Program Files\SkypeUpdateEx\SkypeUpdateEx.exe [167352 2016-03-21] (skype.cog.cc) R2 SSFK; C:\Program Files\SFK\SSFK.exe [173760 2016-03-31] () S2 sulpnar; C:\ProgramData\\sulpnar\\sulpnar.exe [528384 2016-04-01] () [Arquivo não assinado] S2 SuperProServer; C:\Windows\Terms.exe [434238 2016-03-29] (mycomputer) [Arquivo não assinado] R2 TheCalendarService; C:\Program Files\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] () R2 updaiqarodwntrauwxat; C:\Users\Usuario\AppData\Local\Hotdox.exe [28160 2016-03-31] () [Arquivo não assinado] R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.) R2 WdMan; C:\ProgramData\1WdM1\WdMan.exe [304808 2016-03-31] (TFuns LIMITED) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S2 Winsere; C:\Program Files\Winsere\Winsere\Winsere.exe [316472 2016-03-29] () S2 Wskhjj lfwufffg; C:\Program Files\Microsoft Hsampe\Xiqnppr.exe [331776 2016-04-01] (mycomputer) [Arquivo não assinado] U2 Wsmdsn srjlyihz; C:\Program Files\Microsoft Ucuqqs\Xftnwmx.exe [471102 2016-04-01] () [Arquivo não assinado] S2 XBox; C:\Users\Usuario\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation) R2 zigipyro; C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E\qnshA16F.tmp [158720 2015-12-26] () [Arquivo não assinado] S2 Fghij Lmnopqr64 Tuab; C:\Windows\system32\buybfd.exe [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-03-31] (Cherimoya Ltd) S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [19592 2012-06-22] (SEIKO EPSON CORPORATION) R0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [49496 2015-11-25] (GAS Tecnologia) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) R1 ndisrd; C:\Windows\System32\DRIVERS\gbpndisrdn.sys [29400 2014-10-31] (GAS Tecnologia) R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1823344 2011-11-11] (VIA Technologies, Inc.) R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [26824 2014-03-17] (CyberLink Corp.) S0 gbpddreg; system32\drivers\gbpddreg32.sys [X] U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2012-03-01] (Seiko Epson Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-04-01 14:57 - 2016-04-01 14:58 - 00025855 _____ C:\Users\Usuario\Desktop\FRST.txt 2016-04-01 14:57 - 2016-04-01 14:57 - 00000000 ____D C:\FRST 2016-04-01 14:55 - 2016-04-01 14:55 - 01725440 _____ (Farbar) C:\Users\Usuario\Desktop\FRST.exe 2016-04-01 14:49 - 2016-04-01 14:49 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\UPUpdata 2016-04-01 14:49 - 2016-04-01 14:49 - 00000000 ____D C:\Users\Usuario\AppData\Local\1D606720-1459522147-11DD-8906-40167EBBC09E 2016-04-01 14:22 - 2016-04-01 14:22 - 00000000 ____D C:\Program Files\CalendarTool 2016-04-01 14:21 - 2016-04-01 14:21 - 00000000 ____D C:\Users\Todos os Usuários\sulpnar 2016-04-01 14:21 - 2016-04-01 14:21 - 00000000 ____D C:\ProgramData\sulpnar 2016-04-01 14:13 - 2016-04-01 14:13 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-1c35-1 2016-04-01 14:13 - 2016-04-01 14:13 - 00000000 ____D C:\ProgramData\423e3ee8-1c35-1 2016-04-01 14:09 - 2016-04-01 14:15 - 00160200 _____ C:\Windows\ntbtlog.txt 2016-04-01 12:29 - 2016-04-01 12:33 - 00000016 _____ C:\InjectIntoProcess crash 2016-04-01 12:05 - 2016-04-01 12:05 - 00000000 ____D C:\Program Files\Microsoft Ucuqqs 2016-04-01 11:57 - 2016-04-01 11:58 - 00129024 _____ C:\Windows\system32\DhlServer.exe 2016-04-01 11:38 - 2016-04-01 11:38 - 00000000 ____D C:\Program Files\Microsoft Hsampe 2016-04-01 10:31 - 2016-04-01 10:31 - 00000000 ____D C:\Users\Todos os Usuários\Airtostrongs 2016-04-01 10:31 - 2016-04-01 10:31 - 00000000 ____D C:\ProgramData\Airtostrongs 2016-04-01 10:30 - 2016-04-01 14:20 - 00000000 ____D C:\Users\Todos os Usuários\Airtostrong 2016-04-01 10:30 - 2016-04-01 14:20 - 00000000 ____D C:\ProgramData\Airtostrong 2016-04-01 10:14 - 2016-04-01 10:14 - 00012288 _____ C:\Windows\system32\hra8.dll 2016-04-01 09:35 - 2016-04-01 09:35 - 02777282 _____ () C:\Program Files\Common Files\nlq21fdq.exe 2016-04-01 09:22 - 2016-04-01 09:22 - 00000000 ____D C:\Program Files\Common Files\425pzp0l 2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Xosypujn 2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\DensOfe 2016-04-01 08:52 - 2016-04-01 08:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\Tempfolder 2016-04-01 08:17 - 2016-03-29 17:05 - 00434238 ____H (mycomputer) C:\Windows\Terms.exe 2016-04-01 08:16 - 2016-04-01 08:16 - 00001896 ____R C:\Users\Usuario\Desktop\Yeabeats Browser.lnk 2016-03-31 16:30 - 2016-03-31 17:04 - 00000000 ____D C:\Program Files\SunnyDayApps 2016-03-31 16:30 - 2016-03-31 17:04 - 00000000 ____D C:\Program Files\rec_en_238 2016-03-31 16:30 - 2016-03-31 16:30 - 00000000 ____D C:\Users\Usuario\AppData\Local\rec_en_238 2016-03-31 16:23 - 2016-04-01 08:17 - 00000000 ____D C:\Program Files\BitTorrent 2016-03-31 16:23 - 2016-03-31 17:09 - 00000000 ____D C:\Program Files\Common Files\Saostock 2016-03-31 16:22 - 2016-04-01 10:31 - 00002393 _____ C:\Windows\system32\findit.xml 2016-03-31 16:22 - 2016-03-31 16:22 - 00189639 _____ () C:\Users\Usuario\AppData\Roaming\Voltcore.bin 2016-03-31 16:22 - 2016-03-31 16:22 - 00041472 _____ C:\Users\Usuario\AppData\Local\Hotdox.dat 2016-03-31 16:22 - 2016-03-31 16:22 - 00028160 _____ C:\Users\Usuario\AppData\Local\Hotdox.exe 2016-03-31 16:22 - 2016-03-31 16:22 - 00000187 _____ C:\Users\Usuario\AppData\Local\Hotdox.exe.config 2016-03-31 16:22 - 2016-03-31 16:22 - 00000000 ____D C:\Users\Todos os Usuários\Ronzaps 2016-03-31 16:22 - 2016-03-31 16:22 - 00000000 ____D C:\ProgramData\Ronzaps 2016-03-31 16:21 - 2016-03-31 16:21 - 06504960 _____ C:\Users\Usuario\AppData\Roaming\agent.dat 2016-03-31 16:21 - 2016-03-31 16:21 - 01626416 _____ C:\Users\Usuario\AppData\Roaming\Goldening.tst 2016-03-31 16:21 - 2016-03-31 16:21 - 00126464 _____ C:\Users\Usuario\AppData\Roaming\noah.dat 2016-03-31 16:21 - 2016-03-31 16:21 - 00065424 _____ C:\Users\Usuario\AppData\Roaming\Config.xml 2016-03-31 16:21 - 2016-03-31 16:21 - 00018432 _____ C:\Users\Usuario\AppData\Roaming\Main.dat 2016-03-31 16:21 - 2016-03-31 16:19 - 01162752 _____ C:\Users\Usuario\AppData\Roaming\Goldening.exe 2016-03-31 16:20 - 2016-03-31 16:21 - 00005568 _____ C:\Users\Usuario\AppData\Roaming\md.xml 2016-03-31 16:20 - 2016-03-31 16:20 - 00848437 _____ C:\Users\Usuario\AppData\Roaming\Indigostring.bin 2016-03-31 16:20 - 2016-03-31 16:20 - 00126464 _____ C:\Users\Usuario\AppData\Roaming\lobby.dat 2016-03-31 16:20 - 2016-03-31 16:20 - 00072699 _____ C:\Users\Usuario\AppData\Roaming\S--Dox.tst 2016-03-31 16:20 - 2016-03-31 16:20 - 00054272 _____ C:\Users\Usuario\AppData\Roaming\ApplicationHosting.dat 2016-03-31 16:20 - 2016-03-31 16:20 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter 2016-03-31 16:20 - 2016-03-31 16:20 - 00000000 ____D C:\ProgramData\CloudPrinter 2016-03-31 16:20 - 2016-03-31 16:19 - 01162752 _____ C:\Users\Usuario\AppData\Roaming\S--Dox.exe 2016-03-31 16:19 - 2016-03-31 16:19 - 00264104 _____ C:\Users\Usuario\AppData\Roaming\inst.lat 2016-03-31 16:19 - 2016-03-31 16:19 - 00127488 _____ C:\Users\Usuario\AppData\Roaming\Installer.dat 2016-03-31 16:19 - 2016-03-31 16:19 - 00016992 _____ C:\Users\Usuario\AppData\Roaming\InstallationConfiguration.xml 2016-03-31 16:18 - 2016-03-31 16:19 - 00000000 ____D C:\Users\Usuario\AppData\Local\app 2016-03-31 16:02 - 2016-04-01 08:16 - 00001071 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk 2016-03-31 16:02 - 2016-03-31 16:03 - 00000000 ____D C:\Users\Todos os Usuários\1WdM1 2016-03-31 16:02 - 2016-03-31 16:03 - 00000000 ____D C:\ProgramData\1WdM1 2016-03-31 16:02 - 2016-03-31 16:02 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-03-31 16:02 - 2016-03-31 16:02 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2016-03-31 16:02 - 2016-03-31 16:02 - 00000000 ____D C:\Program Files\SFK 2016-03-31 16:01 - 2016-03-31 17:06 - 00000000 ____D C:\Users\Usuario\AppData\Local\mbot_en_037050284 2016-03-31 16:01 - 2016-03-31 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY 2016-03-31 16:01 - 2016-03-31 16:01 - 00000000 ____D C:\Program Files\mbot_en_037050284 2016-03-31 16:00 - 2016-03-31 16:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\yoursearching 2016-03-31 16:00 - 2016-03-31 16:00 - 00000641 _____ C:\yoursearching.xml 2016-03-31 15:28 - 2016-03-31 15:28 - 00000565 _____ C:\Users\Usuario\Desktop\Nex-Admin.lnk 2016-03-31 15:28 - 2016-03-31 15:28 - 00000558 _____ C:\Users\Usuario\Desktop\Nex-Servidor.lnk 2016-03-31 15:28 - 2016-03-31 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nex 2016-03-31 15:20 - 2016-03-31 15:21 - 00000886 _____ C:\Windows\system32\${LOGFILE} 2016-03-31 15:10 - 2016-03-31 15:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\PriceFountain 2016-03-31 15:06 - 2016-03-31 15:36 - 00000000 ____D C:\Users\Usuario\AppData\Local\1D606720-1459436801-11DD-8906-40167EBBC09E 2016-03-31 15:05 - 2016-03-31 15:03 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-03-31 15:04 - 2016-04-01 12:21 - 00000000 ____D C:\Program Files\1D606720-1459447473-11DD-8906-40167EBBC09E 2016-03-31 14:55 - 2016-03-31 14:55 - 00000000 ____D C:\Program Files\badu 2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Users\Usuario\AppData\Local\Innovative Solutions 2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Users\Todos os Usuários\Innovative Solutions 2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\ProgramData\Innovative Solutions 2016-03-31 14:52 - 2016-03-31 14:52 - 00000000 ____D C:\Program Files\Common Files\Innovative Solutions 2016-03-31 14:52 - 2016-03-31 14:37 - 00878606 _____ C:\Users\Todos os Usuários\YSIns.exe 2016-03-31 14:52 - 2016-03-31 14:37 - 00878606 _____ C:\ProgramData\YSIns.exe 2016-03-31 14:51 - 2016-03-31 16:46 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-03-31 14:51 - 2016-03-31 15:07 - 00000000 ____D C:\Program Files\Hiearki 2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\Company 2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-03-31 14:51 - 2016-03-31 14:51 - 00000000 ____D C:\uninst 2016-03-31 14:51 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe 2016-03-31 14:51 - 2015-11-25 14:31 - 01100288 _____ C:\ProgramData\HomePage.exe 2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-3015-0 2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Users\Todos os Usuários\423e3ee8-2347-1 2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\423e3ee8-3015-0 2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\ProgramData\423e3ee8-2347-1 2016-03-31 14:50 - 2016-03-31 14:50 - 00000000 ____D C:\Program Files\osTip 2016-03-31 14:50 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe 2016-03-31 14:50 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe 2016-03-31 14:49 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Usuario\AppData\Roaming\HomePage.exe 2016-03-31 14:48 - 2016-03-31 14:48 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2016-03-31 14:48 - 2016-03-31 14:48 - 00000000 ____D C:\ProgramData\Windows Update 2016-03-31 14:47 - 2016-04-01 14:13 - 00000000 ____D C:\Program Files\Hostify 2016-03-31 14:47 - 2016-04-01 12:38 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\CalendarTool 2016-03-31 14:47 - 2016-04-01 08:16 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\LightGate 2016-03-31 14:47 - 2016-03-31 17:19 - 00000000 ____D C:\Program Files\NewExt 2016-03-31 14:47 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Usuario\AppData\Roaming\delCalendarReg.exe 2016-03-31 14:47 - 2015-12-10 14:43 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe 2016-03-31 14:47 - 2015-12-10 14:43 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2016-03-31 14:47 - 2015-12-04 12:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe 2016-03-31 14:47 - 2015-12-04 12:14 - 01081344 _____ C:\ProgramData\LightGate.exe 2016-03-31 14:45 - 2016-04-01 08:20 - 02767872 _____ (TODO: ) C:\Users\Usuario\AppData\Roaming\svrupg.exe 2016-03-31 14:45 - 2016-03-31 14:45 - 00000000 ____D C:\Users\Usuario\AppData\Local\tuto_monetize_120160330 2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\Users\Usuario\AppData\Roaming\msiql.exe 2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\Users\Todos os Usuários\msiql.exe 2016-03-31 14:45 - 2016-03-31 11:51 - 01916928 _____ C:\ProgramData\msiql.exe 2016-03-31 14:45 - 2015-12-10 14:43 - 00600312 _____ C:\Users\Usuario\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-03-31 14:44 - 2016-03-31 14:44 - 00000000 ____D C:\Users\Usuario\AppData\Local\tuto_monetize_220160330 2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Usuario\AppData\Roaming\service.exe 2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe 2016-03-31 14:44 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe 2016-03-31 14:43 - 2016-03-31 15:00 - 00000000 ____D C:\Program Files\SearchesToYesbnd 2016-03-31 14:43 - 2016-03-31 14:43 - 00000000 ____D C:\Users\Usuario\AppData\Local\csdi_monetize_220160330 2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Users\Usuario\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\WinTaske 2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\Winsere 2016-03-31 14:42 - 2016-03-31 14:42 - 00000000 ____D C:\Program Files\Windows Screen Manager 2016-03-31 14:41 - 2016-04-01 14:11 - 00000000 ____D C:\Program Files\sunnyday 2016-03-31 14:41 - 2016-03-31 14:41 - 00000000 ____D C:\Users\Usuario\AppData\Local\csdi_monetize_120160330 2016-03-31 14:39 - 2016-03-31 14:39 - 00000000 ____D C:\Program Files\SkypeUpdateEx 2016-03-31 14:38 - 2016-03-31 16:07 - 00000000 ____D C:\Users\Todos os Usuários\System32 2016-03-31 14:38 - 2016-03-31 16:07 - 00000000 ____D C:\ProgramData\System32 2016-03-31 14:36 - 2016-03-31 15:10 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\WTools 2016-03-31 14:36 - 2016-03-31 15:07 - 00000000 ____D C:\Program Files\Sound+ 2016-03-31 14:35 - 2016-03-31 15:32 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Store 2016-03-31 14:34 - 2016-03-31 15:21 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Nosibay 2016-03-31 14:32 - 2016-03-31 14:32 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\XBox 2016-03-31 14:10 - 2016-03-31 14:11 - 00000000 ____D C:\Users\Todos os Usuários\Autodesk 2016-03-31 14:10 - 2016-03-31 14:11 - 00000000 ____D C:\ProgramData\Autodesk 2016-03-31 14:10 - 2016-03-31 14:10 - 00001951 _____ C:\Users\Public\Desktop\Autodesk 3ds Max 9 32-bit.lnk 2016-03-31 14:07 - 2016-03-31 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-03-31 14:07 - 2016-03-31 14:11 - 00000000 ____D C:\Users\Usuario\AppData\Local\Autodesk 2016-03-31 14:05 - 2016-03-31 14:06 - 00000000 ____D C:\Users\Usuario\Desktop\3D Studio Max 9 + Tutorials and Keygen 2016-03-31 08:20 - 2016-04-01 14:19 - 00000000 ____D C:\Users\Usuario\AppData\LocalLow\uTorrent 2016-03-30 15:31 - 2016-03-30 16:59 - 00000000 ____D C:\Users\Usuario\Desktop\embalagem gina 2016-03-30 15:25 - 2016-03-30 15:25 - 00000000 ____D C:\Users\Usuario\AppData\Local\CEF 2016-03-29 14:53 - 2016-03-29 14:53 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-03-29 14:53 - 2016-03-29 14:53 - 00002017 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-03-29 14:22 - 2016-03-31 14:58 - 00000000 ____D C:\Program Files\Autodesk 2016-03-29 14:22 - 2016-03-31 14:11 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2016-03-29 14:22 - 2016-03-29 14:22 - 00000000 ____D C:\Users\Usuario\Desktop\Autodesk.3ds.MAX.8.incl.KEYGEN.and.All.Tutorials.+.Materials 2016-03-19 15:45 - 2016-03-30 16:52 - 00000132 _____ C:\Users\Usuario\AppData\Roaming\Preferências do Formato PNG CC da Adobe 2016-03-19 14:27 - 2016-03-19 14:27 - 00000000 ____D C:\Users\Todos os Usuários\UniqueId 2016-03-19 14:27 - 2016-03-19 14:27 - 00000000 ____D C:\ProgramData\UniqueId 2016-03-19 14:12 - 2016-03-31 16:22 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC 2016-03-14 16:58 - 2016-03-14 16:58 - 00000000 ____D C:\Users\Usuario\Desktop\rayane 2016-03-04 14:22 - 2016-04-01 14:15 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\Opera Software 2016-03-04 14:22 - 2016-04-01 14:15 - 00000000 ____D C:\Users\Usuario\AppData\Local\Opera Software 2016-03-04 14:14 - 2016-04-01 14:15 - 00000000 ____D C:\Program Files\Opera 2016-03-02 15:21 - 2016-03-02 16:04 - 00000468 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-03-02 15:21 - 2016-03-02 16:04 - 00000468 __RSH C:\ProgramData\ntuser.pol ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-04-01 14:58 - 2016-01-15 15:57 - 00000000 ____D C:\Users\Usuario\AppData\Roaming\uTorrent 2016-04-01 14:31 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-04-01 14:31 - 2009-07-14 01:34 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-04-01 14:24 - 2014-05-13 15:02 - 01751382 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-01 14:24 - 2009-07-14 05:31 - 00751794 _____ C:\Windows\system32\prfh0416.dat 2016-04-01 14:24 - 2009-07-14 05:31 - 00161222 _____ C:\Windows\system32\prfc0416.dat 2016-04-01 14:24 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf 2016-04-01 14:21 - 2014-05-14 15:47 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-01 14:21 - 2014-05-14 15:47 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-01 14:20 - 2016-01-07 15:03 - 00000000 ____D C:\Nex 2016-04-01 14:17 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-04-01 13:14 - 2014-05-14 17:34 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-04-01 10:31 - 2014-05-13 14:58 - 00001405 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-04-01 08:26 - 2014-05-14 15:46 - 00000000 ____D C:\Users\Usuario\AppData\Local\Adobe 2016-04-01 08:20 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-04-01 08:17 - 2016-01-15 15:59 - 00000000 ___SD C:\Users\Usuario\AppData\LocalLow\Temp 2016-04-01 08:16 - 2014-05-24 09:05 - 00002066 ____R C:\Users\Usuario\Desktop\Google Chrome.lnk 2016-04-01 08:16 - 2014-05-24 09:05 - 00001871 ____R C:\Users\Usuario\Desktop\Mozilla Firefox.lnk 2016-04-01 08:16 - 2014-05-14 15:57 - 00001883 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-04-01 08:16 - 2014-05-14 15:47 - 00002078 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-03-31 14:10 - 2009-07-13 23:04 - 00017582 _____ C:\Windows\system32\Drivers\etc\services 2016-03-30 16:43 - 2016-01-12 14:23 - 00149005 _____ C:\Windows\FontData.fdb 2016-03-30 14:24 - 2009-07-14 01:52 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-03-29 14:53 - 2014-05-14 15:46 - 00000000 ____D C:\Program Files\Common Files\Adobe 2016-03-29 14:53 - 2014-05-14 15:46 - 00000000 ____D C:\Program Files\Adobe 2016-03-29 14:52 - 2014-05-14 15:45 - 00000000 ____D C:\Users\Todos os Usuários\Adobe 2016-03-29 14:52 - 2014-05-14 15:45 - 00000000 ____D C:\ProgramData\Adobe 2016-03-29 14:46 - 2014-05-14 17:41 - 00001912 _____ C:\Windows\epplauncher.mif 2016-03-26 10:14 - 2014-05-14 17:34 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-03-26 10:14 - 2014-05-14 17:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-03-17 16:12 - 2016-01-12 14:40 - 00000000 ____D C:\Users\Usuario\Desktop\HM 2016-03-14 16:59 - 2016-01-08 15:24 - 00000000 ____D C:\Users\Usuario\Desktop\musicas vitor 2016-03-14 16:58 - 2014-05-13 14:57 - 00000000 ____D C:\Users\Usuario 2016-03-02 15:21 - 2009-07-13 23:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy ==================== Arquivos na raiz de alguns diretórios ======= 2016-04-01 09:35 - 2016-04-01 09:35 - 2777282 _____ () C:\Program Files\Common Files\nlq21fdq.exe 2016-03-31 16:21 - 2016-03-31 16:21 - 6504960 _____ () C:\Users\Usuario\AppData\Roaming\agent.dat 2016-03-31 16:20 - 2016-03-31 16:20 - 0054272 _____ () C:\Users\Usuario\AppData\Roaming\ApplicationHosting.dat 2016-03-31 14:32 - 2016-03-31 14:36 - 0001279 _____ () C:\Users\Usuario\AppData\Roaming\Bubble Dock.boostrap.log 2016-03-31 14:34 - 2016-03-31 14:34 - 0005726 _____ () C:\Users\Usuario\AppData\Roaming\Bubble Dock.installation.log 2016-03-31 16:21 - 2016-03-31 16:21 - 0065424 _____ () C:\Users\Usuario\AppData\Roaming\Config.xml 2016-03-31 14:47 - 2016-02-24 06:18 - 1085440 _____ () C:\Users\Usuario\AppData\Roaming\delCalendarReg.exe 2016-03-31 16:21 - 2016-03-31 16:19 - 1162752 _____ () C:\Users\Usuario\AppData\Roaming\Goldening.exe 2016-03-31 16:21 - 2016-03-31 16:21 - 1626416 _____ () C:\Users\Usuario\AppData\Roaming\Goldening.tst 2016-03-31 14:49 - 2015-11-25 14:31 - 1100288 _____ () C:\Users\Usuario\AppData\Roaming\HomePage.exe 2016-03-31 16:20 - 2016-03-31 16:20 - 0848437 _____ () C:\Users\Usuario\AppData\Roaming\Indigostring.bin 2016-03-31 16:19 - 2016-03-31 16:19 - 0264104 _____ () C:\Users\Usuario\AppData\Roaming\inst.lat 2016-03-31 16:19 - 2016-03-31 16:19 - 0016992 _____ () C:\Users\Usuario\AppData\Roaming\InstallationConfiguration.xml 2016-03-31 16:19 - 2016-03-31 16:19 - 0127488 _____ () C:\Users\Usuario\AppData\Roaming\Installer.dat 2016-03-31 16:20 - 2016-03-31 16:20 - 0126464 _____ () C:\Users\Usuario\AppData\Roaming\lobby.dat 2016-03-31 16:21 - 2016-03-31 16:21 - 0018432 _____ () C:\Users\Usuario\AppData\Roaming\Main.dat 2016-03-31 16:20 - 2016-03-31 16:21 - 0005568 _____ () C:\Users\Usuario\AppData\Roaming\md.xml 2016-03-31 14:45 - 2016-03-31 11:51 - 1916928 _____ () C:\Users\Usuario\AppData\Roaming\msiql.exe 2016-03-31 16:21 - 2016-03-31 16:21 - 0126464 _____ () C:\Users\Usuario\AppData\Roaming\noah.dat 2016-03-19 15:45 - 2016-03-30 16:52 - 0000132 _____ () C:\Users\Usuario\AppData\Roaming\Preferências do Formato PNG CC da Adobe 2016-03-31 16:20 - 2016-03-31 16:19 - 1162752 _____ () C:\Users\Usuario\AppData\Roaming\S--Dox.exe 2016-03-31 16:20 - 2016-03-31 16:20 - 0072699 _____ () C:\Users\Usuario\AppData\Roaming\S--Dox.tst 2016-03-31 14:36 - 2016-03-31 14:36 - 0000078 _____ () C:\Users\Usuario\AppData\Roaming\Selection Tools.installation.log 2016-03-31 14:44 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Usuario\AppData\Roaming\service.exe 2016-03-31 14:45 - 2016-04-01 08:20 - 2767872 _____ (TODO: ) C:\Users\Usuario\AppData\Roaming\svrupg.exe 2014-10-31 19:06 - 2014-10-31 19:06 - 0016808 _____ () C:\Users\Usuario\AppData\Roaming\unins000.dat 2014-10-31 19:06 - 2014-10-31 19:05 - 0815314 _____ () C:\Users\Usuario\AppData\Roaming\unins000.exe 2016-03-31 16:23 - 2016-03-31 16:23 - 0001150 _____ () C:\Users\Usuario\AppData\Roaming\uninstall_temp.ico 2016-03-31 16:22 - 2016-03-31 16:22 - 0189639 _____ () C:\Users\Usuario\AppData\Roaming\Voltcore.bin 2016-03-31 14:32 - 2016-03-31 14:32 - 0000097 _____ () C:\Users\Usuario\AppData\Roaming\WindApp.boostrap.log 2016-03-31 14:35 - 2016-03-31 14:35 - 0000078 _____ () C:\Users\Usuario\AppData\Roaming\WindApp.installation.log 2016-03-31 14:45 - 2015-12-10 14:43 - 0600312 _____ () C:\Users\Usuario\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-03-31 16:22 - 2016-03-31 16:22 - 0041472 _____ () C:\Users\Usuario\AppData\Local\Hotdox.dat 2016-03-31 16:22 - 2016-03-31 16:22 - 0028160 _____ () C:\Users\Usuario\AppData\Local\Hotdox.exe 2016-03-31 16:22 - 2016-03-31 16:22 - 0000187 _____ () C:\Users\Usuario\AppData\Local\Hotdox.exe.config 2014-10-15 20:11 - 2014-10-15 20:11 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-03-31 14:50 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe 2016-03-31 14:51 - 2015-11-25 14:31 - 1100288 _____ () C:\ProgramData\HomePage.exe 2016-03-31 14:47 - 2015-12-04 12:14 - 1081344 _____ () C:\ProgramData\LightGate.exe 2016-03-31 14:45 - 2016-03-31 11:51 - 1916928 _____ () C:\ProgramData\msiql.exe 2016-01-07 15:04 - 2016-01-07 15:04 - 0000047 _____ () C:\ProgramData\nex.ini 2016-03-31 14:44 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe 2016-03-31 14:47 - 2015-12-10 14:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2016-03-31 14:52 - 2016-03-31 14:37 - 0878606 _____ () C:\ProgramData\YSIns.exe 2016-03-31 16:02 - 2016-03-31 16:02 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\delCalendarReg.exe C:\ProgramData\HomePage.exe C:\ProgramData\LightGate.exe C:\ProgramData\msiql.exe C:\ProgramData\service.exe C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe C:\ProgramData\YSIns.exe C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat C:\Users\Todos os Usuários\delCalendarReg.exe C:\Users\Todos os Usuários\HomePage.exe C:\Users\Todos os Usuários\LightGate.exe C:\Users\Todos os Usuários\msiql.exe C:\Users\Todos os Usuários\service.exe C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe C:\Users\Todos os Usuários\YSIns.exe C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat Alguns arquivos em TEMP: ==================== C:\Users\Usuario\AppData\Local\Temp\1CD3.tmp.exe C:\Users\Usuario\AppData\Local\Temp\1PEQQO01FL.exe C:\Users\Usuario\AppData\Local\Temp\1UY9AHN6Z2.exe C:\Users\Usuario\AppData\Local\Temp\29O70OV3CI.exe C:\Users\Usuario\AppData\Local\Temp\2A205T4QAS.exe C:\Users\Usuario\AppData\Local\Temp\2HYP0B3AI3.exe C:\Users\Usuario\AppData\Local\Temp\2NKDLD50MP.exe C:\Users\Usuario\AppData\Local\Temp\3d Max 9 64 Bit Downloader__3687_i1906767572_il1014030.exe C:\Users\Usuario\AppData\Local\Temp\5TXFQ7C5G4.exe C:\Users\Usuario\AppData\Local\Temp\6DX390B32V.exe C:\Users\Usuario\AppData\Local\Temp\7RP6QM41E9.exe C:\Users\Usuario\AppData\Local\Temp\A90C.tmp.exe C:\Users\Usuario\AppData\Local\Temp\BackupSetup.exe C:\Users\Usuario\AppData\Local\Temp\C3BD.tmp.exe C:\Users\Usuario\AppData\Local\Temp\F67E.tmp.exe C:\Users\Usuario\AppData\Local\Temp\KEX1RF7QGT.exe C:\Users\Usuario\AppData\Local\Temp\KQ4Y32HVZ8.exe C:\Users\Usuario\AppData\Local\Temp\LQBIK9RPO3.exe C:\Users\Usuario\AppData\Local\Temp\NAEKOAE982.exe C:\Users\Usuario\AppData\Local\Temp\nsgA297.exe C:\Users\Usuario\AppData\Local\Temp\P9MYD7EKLY.exe C:\Users\Usuario\AppData\Local\Temp\PRYPPKS1Q9.exe C:\Users\Usuario\AppData\Local\Temp\Q9HD08YI4Q.exe C:\Users\Usuario\AppData\Local\Temp\qqpcmgr_v11.2.17058.221_78289_Silence.exe C:\Users\Usuario\AppData\Local\Temp\QT7WA1Y2NK.exe C:\Users\Usuario\AppData\Local\Temp\set.exe C:\Users\Usuario\AppData\Local\Temp\setup_nex_.exe C:\Users\Usuario\AppData\Local\Temp\SHHSN7349X.exe C:\Users\Usuario\AppData\Local\Temp\soundplus-installer.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-03-29 09:53 ==================== Fim de FRST.txt ============================