Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:09-05-2016 Executado por sabino (administrador) em SABINO-PC (11-05-2016 22:48:06) Executando a partir de C:\Users\sabino\Desktop Perfis Carregados: sabino (Perfis Disponíveis: sabino) Platform: Windows 7 Ultimate (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: FF) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Users\sabino\AppData\Roaming\Oporsuk\Oporsuk.exe () C:\Users\sabino\AppData\Roaming\Nithut\Nithut.exe () C:\Program Files (x86)\32475242-1462477301-3046-5433-B4B52FFA8AC6\knsf2C69.tmp (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe () C:\Users\sabino\AppData\Roaming\Oporsuk\Oynyy.exe () C:\Users\sabino\AppData\Roaming\Nithut\Cacojopbu.exe () C:\Users\sabino\AppData\Roaming\Nithut\Necso.exe () C:\Users\sabino\AppData\Roaming\Oporsuk\Garai.exe () C:\Users\sabino\AppData\Roaming\msiql.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe () C:\Program Files (x86)\FusionPlayer\BrowserBanner.exe () C:\xampp\xampp-control.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe () C:\xampp\mysql\bin\mysqld.exe (Apache Software Foundation) C:\xampp\apache\bin\httpd.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe () C:\Program Files (x86)\WeatherTool\2.0.1.11244\WeatherService.exe () C:\Users\sabino\AppData\Roaming\BikbadKifbiom\Baomb.exe () C:\Users\sabino\AppData\Local\32475242-1463006198-3046-5433-B4B52FFA8AC6\qnsmB952.tmp (ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11244\weather.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\...\Run: [msiql] => C:\Users\sabino\AppData\Roaming\msiql.exe [1916928 2016-04-26] () HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-10-17] (Tonec Inc.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{AD3FCB8A-D862-4D00-9E66-7D7389F68B32}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{AD3FCB8A-D862-4D00-9E66-7D7389F68B32}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{D3396D3E-8DE8-4ADF-AF36-87DD0C1CE8C7}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{DDD3BA2A-85F6-4A40-B6E9-0CCCC480C713}: [NameServer] 104.197.191.4 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=07169fd02256e7b7c487449270a3ec8a HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=07169fd02256e7b7c487449270a3ec8a HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=07169fd02256e7b7c487449270a3ec8a SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adsafld_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0CyDtB0A0Fzy0CtB0A0DyEtAtC0D0DtN0D0Tzu0StCyDtBtBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyE0CtC0Fzy0CtGtD0E0DzytGtDyE0F0BtGtC0C0D0CtGyB0F0A0CtBtAzzyByBtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByEtA0FyCtDtAtGzz0A0B0BtGyE0B0AyBtGzzyCyDzztG0B0D0AtA0D0BtDyCtDyByD0C2QtN0A0LzuyE%26cr%3D1275830400%26a%3Dwncy_adsafld_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adsafld_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0CyDtB0A0Fzy0CtB0A0DyEtAtC0D0DtN0D0Tzu0StCyDtBtBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyE0CtC0Fzy0CtGtD0E0DzytGtDyE0F0BtGtC0C0D0CtGyB0F0A0CtBtAzzyByBtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByEtA0FyCtDtAtGzz0A0B0BtGyE0B0AyBtGzzyCyDzztG0B0D0AtA0D0BtDyCtDyByD0C2QtN0A0LzuyE%26cr%3D1275830400%26a%3Dwncy_adsafld_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-4294840478-2875466509-2565211912-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adsafld_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0CyDtB0A0Fzy0CtB0A0DyEtAtC0D0DtN0D0Tzu0StCyDtBtBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyE0CtC0Fzy0CtGtD0E0DzytGtDyE0F0BtGtC0C0D0CtGyB0F0A0CtBtAzzyByBtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByEtA0FyCtDtAtGzz0A0B0BtGyE0B0AyBtGzzyCyDzztG0B0D0AtA0D0BtDyCtDyByD0C2QtN0A0LzuyE%26cr%3D1275830400%26a%3Dwncy_adsafld_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} SearchScopes: HKU\S-1-5-21-4294840478-2875466509-2565211912-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_adsafld_16_09¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0C0CyDtB0A0Fzy0CtB0A0DyEtAtC0D0DtN0D0Tzu0StCyDtBtBtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCyE0CtC0Fzy0CtGtD0E0DzytGtDyE0F0BtGtC0C0D0CtGyB0F0A0CtBtAzzyByBtDyD0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByEtA0FyCtDtAtGzz0A0B0BtGyE0B0AyBtGzzyCyDzztG0B0D0AtA0D0BtDyCtDyByD0C2QtN0A0LzuyE%26cr%3D1275830400%26a%3Dwncy_adsafld_16_09%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms} BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.) BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-13] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-13] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\sabino\AppData\Roaming\Mozilla\Firefox\Profiles\ze2m9nbo.default FF NewTab: about:newtab FF DefaultSearchEngine: Search Provided by Yahoo FF SelectedSearchEngine: Search Provided by Yahoo FF Homepage: hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=07169fd02256e7b7c487449270a3ec8a FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-02-26] (Adobe Systems Inc.) FF user.js: detected! => C:\Users\sabino\AppData\Roaming\Mozilla\Firefox\Profiles\ze2m9nbo.default\user.js [2016-05-06] FF SearchPlugin: C:\Users\sabino\AppData\Roaming\Mozilla\Firefox\Profiles\ze2m9nbo.default\searchplugins\Search Provided by Yahoo.xml [2016-03-02] FF HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02] FF HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\sabino\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\sabino\AppData\Roaming\IDM\idmmzcc5 [2016-05-11] [não assinado] FF HKU\S-1-5-21-4294840478-2875466509-2565211912-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi Chrome: ======= CHR HomePage: ChromeDefaultData -> hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=07169fd02256e7b7c487449270a3ec8a CHR StartupUrls: ChromeDefaultData -> "hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&guid=07169fd02256e7b7c487449270a3ec8a" CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-16] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 Bonedes; C:\Users\sabino\AppData\Roaming\Oporsuk\Oporsuk.exe [174936 2016-05-06] () S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-05-05] () [Arquivo não assinado] S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2783744 2016-05-05] (TODO: ) [Arquivo não assinado] R2 Imict; C:\Users\sabino\AppData\Roaming\Nithut\Nithut.exe [174936 2016-05-05] () R2 jegekovozbt; C:\Program Files (x86)\32475242-1462477301-3046-5433-B4B52FFA8AC6\knsf2C69.tmp [222208 2016-05-09] () [Arquivo não assinado] R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-05] (DotC United Inc) S2 MputyqasiedHostservice; C:\Program Files (x86)\Mputyqasied\MputyqasiedHostservice.exe [999080 2016-05-03] () S2 ProntSpooler; C:\Users\sabino\AppData\Local\Apps\2.0\abril.exe [130048 2016-04-23] () [Arquivo não assinado] R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] () R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11244\WeatherService.exe [141960 2016-03-11] () R2 Vhuseml; C:\Users\sabino\AppData\Roaming\BikbadKifbiom\Baomb.exe [125784 2016-05-06] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 zigipyro; C:\Users\sabino\AppData\Local\32475242-1463006198-3046-5433-B4B52FFA8AC6\qnsmB952.tmp [158720 2015-12-26] () [Arquivo não assinado] S2 Iugomfeb; "C:\Users\sabino\AppData\Roaming\FufikeEopun\Iwutk.exe" -cms [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-05-06] (Cherimoya Ltd) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation) R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-05] (DotC United Inc) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [752856 2015-05-29] (Realsil Semiconductor Corporation) U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-11 22:48 - 2016-05-11 22:48 - 00015225 _____ C:\Users\sabino\Desktop\FRST.txt 2016-05-11 22:47 - 2016-05-11 22:48 - 00000000 ____D C:\FRST 2016-05-11 22:46 - 2016-05-11 22:46 - 02381312 _____ (Farbar) C:\Users\sabino\Desktop\FRST64.exe 2016-05-11 22:39 - 2016-05-11 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC 2016-05-11 22:37 - 2016-05-11 22:37 - 00000000 ____D C:\Windows\system32\cudu 2016-05-11 22:36 - 2016-05-11 22:36 - 00127488 _____ C:\Users\sabino\AppData\Roaming\Installer.dat 2016-05-11 22:36 - 2016-05-11 22:36 - 00011568 _____ C:\Users\sabino\AppData\Roaming\InstallationConfiguration.xml 2016-05-11 22:36 - 2016-05-11 22:36 - 00000000 ____D C:\Users\sabino\AppData\Local\32475242-1463006198-3046-5433-B4B52FFA8AC6 2016-05-11 22:03 - 2016-05-11 22:03 - 00000000 ____D C:\Windows\system32\posc 2016-05-11 22:01 - 2016-05-11 22:01 - 00000000 ____D C:\Windows\pss 2016-05-11 21:20 - 2016-05-11 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP 2016-05-11 21:11 - 2016-05-11 22:02 - 00000000 ____D C:\xampp 2016-05-11 21:08 - 2016-05-11 22:40 - 00002259 _____ C:\Users\sabino\AppData\Roaming\webad.xml 2016-05-09 13:48 - 2016-05-09 13:48 - 00000000 ____D C:\Windows\system32\rop 2016-05-09 01:55 - 2016-05-09 03:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-05-08 07:38 - 2016-05-08 07:38 - 00000000 ____D C:\Windows\system32\xuke 2016-05-08 07:37 - 2016-05-08 07:37 - 05892175 _____ (MediaDownloader ) C:\Users\sabino\Downloads\MediaDownloader.exe 2016-05-08 01:32 - 2016-05-11 22:39 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk 2016-05-06 12:30 - 2016-05-06 12:30 - 00001152 _____ C:\Users\sabino\Desktop\Stellar Phoenix Photo Recovery.lnk 2016-05-06 12:30 - 2016-05-06 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Photo Recovery 2016-05-06 12:30 - 2016-05-06 12:30 - 00000000 ____D C:\Program Files (x86)\Stellar Phoenix Photo Recovery 2016-05-06 12:15 - 2016-05-06 12:20 - 00000000 ____D C:\Program Files (x86)\M3 Software 2016-05-06 11:48 - 2016-05-06 12:11 - 00000000 ____D C:\Program Files\Fofmygneknil 2016-05-06 11:48 - 2016-05-06 11:48 - 00000000 ____D C:\Users\sabino\AppData\Roaming\Oporsuk 2016-05-06 11:48 - 2016-05-06 11:48 - 00000000 ____D C:\Users\sabino\AppData\Roaming\BikbadKifbiom 2016-05-06 11:45 - 2016-05-06 11:45 - 00002086 _____ C:\Users\Public\Desktop\SDFormatter.lnk 2016-05-06 11:45 - 2016-05-06 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter 2016-05-06 11:45 - 2016-05-06 11:45 - 00000000 ____D C:\Program Files (x86)\SDA 2016-05-06 11:44 - 2016-05-06 11:44 - 00000000 ____D C:\Users\sabino\AppData\Local\Downloaded Installations 2016-05-06 09:10 - 2016-05-06 11:48 - 00082240 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys 2016-05-06 06:35 - 2016-05-06 06:35 - 00000000 ____D C:\Windows\system32\rasr 2016-05-05 21:23 - 2016-05-05 21:24 - 00000000 ____D C:\Users\sabino\AppData\Local\TubedNurse 2016-05-05 21:23 - 2016-05-05 21:23 - 00003438 _____ C:\Windows\System32\Tasks\sabinoTubedNurseV2 2016-05-05 21:18 - 2016-05-05 21:18 - 00000000 ____D C:\Users\sabino\AppData\Local\Setup2546279 2016-05-05 21:18 - 2016-05-05 21:18 - 00000000 ____D C:\Users\sabino\AppData\Local\rere 2016-05-05 21:09 - 2016-05-05 21:09 - 00000016 _____ C:\Users\Todos os Usuários\mntemp 2016-05-05 21:09 - 2016-05-05 21:09 - 00000016 _____ C:\ProgramData\mntemp 2016-05-05 20:52 - 2016-05-05 20:52 - 00001839 _____ C:\Users\Public\Desktop\Notícias quentes.lnk 2016-05-05 17:38 - 2016-05-05 17:38 - 00000000 ____D C:\Users\sabino\AppData\Roaming\MCorp 2016-05-05 17:36 - 2016-05-05 17:36 - 00003074 _____ C:\Windows\System32\Tasks\FusionPlayer browser banner 2016-05-05 17:36 - 2016-05-05 17:36 - 00001953 _____ C:\Users\sabino\Desktop\FusionPlayer.lnk 2016-05-05 17:36 - 2016-05-05 17:36 - 00000000 ____D C:\Users\sabino\AppData\Local\FusionPlayer 2016-05-05 17:36 - 2016-05-05 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FusionPlayer 2016-05-05 17:35 - 2016-05-05 17:36 - 00000000 ____D C:\Program Files (x86)\FusionPlayer 2016-05-05 17:28 - 2016-05-05 17:28 - 00000000 ____D C:\Program Files (x86)\hohobnd 2016-05-05 17:23 - 2016-05-05 17:23 - 00000286 __RSH C:\Users\sabino\ntuser.pol 2016-05-05 17:22 - 2016-05-05 17:22 - 00000000 ____D C:\Program Files (x86)\CalendarTool 2016-05-05 17:19 - 2016-05-05 17:19 - 00000000 ____D C:\Users\sabino\AppData\Local\tuto_monetize_120160505 2016-05-05 17:18 - 2016-04-26 06:27 - 01916928 _____ C:\Users\sabino\AppData\Roaming\msiql.exe 2016-05-05 17:18 - 2016-04-19 05:58 - 00600312 _____ C:\Users\sabino\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-05-05 17:17 - 2016-05-05 17:24 - 00000000 ____D C:\Users\sabino\AppData\Local\app 2016-05-05 17:17 - 2016-05-05 17:17 - 00000000 ____D C:\Users\Todos os Usuários\Thunder Network 2016-05-05 17:17 - 2016-05-05 17:17 - 00000000 ____D C:\Users\Public\Thunder Network 2016-05-05 17:17 - 2016-05-05 17:17 - 00000000 ____D C:\ProgramData\Thunder Network 2016-05-05 17:17 - 2016-04-27 03:51 - 01755136 _____ C:\Users\sabino\AppData\Roaming\service.exe 2016-05-05 17:15 - 2016-05-06 04:24 - 00000000 ____D C:\Users\sabino\AppData\Local\Apps\2.0 2016-05-05 17:15 - 2016-05-05 17:21 - 00000000 ____D C:\Program Files (x86)\EasyHotspot 2016-05-05 17:13 - 2016-05-05 17:13 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2016-05-05 17:13 - 2016-05-05 17:13 - 00000000 ____D C:\ProgramData\Windows Update 2016-05-05 17:13 - 2016-05-05 17:13 - 00000000 ____D C:\Program Files (x86)\osTip 2016-05-05 17:12 - 2016-05-11 22:40 - 02783744 _____ (TODO: ) C:\Users\sabino\AppData\Roaming\svrupg.exe 2016-05-05 17:12 - 2016-05-05 17:12 - 00002303 _____ C:\Users\Todos os Usuários\webad.xml 2016-05-05 17:12 - 2016-05-05 17:12 - 00002303 _____ C:\ProgramData\webad.xml 2016-05-05 17:12 - 2016-04-26 06:27 - 01916928 _____ C:\Users\Todos os Usuários\msiql.exe 2016-05-05 17:12 - 2016-04-26 06:27 - 01916928 _____ C:\ProgramData\msiql.exe 2016-05-05 17:10 - 2016-05-05 17:10 - 01755136 _____ C:\Users\Todos os Usuários\service.exe 2016-05-05 17:10 - 2016-05-05 17:10 - 01755136 _____ C:\ProgramData\service.exe 2016-05-05 17:09 - 2016-05-11 22:14 - 00000000 ____D C:\Users\sabino\AppData\Roaming\CalendarTool 2016-05-05 17:09 - 2016-05-11 21:11 - 00000000 ____D C:\Users\sabino\AppData\Local\Setup Wizard 2016-05-05 17:08 - 2016-05-05 17:17 - 00000000 ____D C:\Users\sabino\AppData\Roaming\UPUpdata 2016-05-05 17:07 - 2016-05-05 17:08 - 00000000 ____D C:\Users\sabino\AppData\Roaming\cpuminer 2016-05-05 17:04 - 2016-05-11 22:39 - 00003088 _____ C:\Windows\System32\Tasks\osTip 2016-05-05 17:04 - 2016-05-05 17:13 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-05-05 17:04 - 2016-05-05 17:13 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-05-05 16:52 - 2016-05-05 17:26 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-05-05 16:52 - 2016-05-05 16:52 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys 2016-05-05 16:41 - 2016-05-09 02:24 - 00000000 ____D C:\Program Files (x86)\32475242-1462477301-3046-5433-B4B52FFA8AC6 2016-05-05 16:41 - 2016-05-05 20:34 - 00305980 _____ ( ) C:\Windows\systwin.exe 2016-05-05 16:40 - 2016-05-06 11:48 - 00000000 ____D C:\Users\sabino\AppData\Local\Tempfolder 2016-05-05 16:40 - 2016-05-05 16:49 - 00000000 ____D C:\Program Files\Fhliibdic 2016-05-05 16:40 - 2016-05-05 16:44 - 00000000 ____D C:\Program Files (x86)\sunnyday 2016-05-05 16:40 - 2016-05-05 16:40 - 00000000 ____D C:\Users\sabino\AppData\Roaming\Nithut 2016-05-05 16:40 - 2016-05-05 16:40 - 00000000 ____D C:\Users\sabino\AppData\LocalLow\Company 2016-05-05 16:40 - 2016-05-05 16:40 - 00000000 ____D C:\Users\sabino\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} 2016-05-05 16:40 - 2016-05-05 16:40 - 00000000 ____D C:\uninst 2016-05-05 16:39 - 2016-05-05 16:39 - 00008952 _____ C:\Windows\System32\Tasks\Mputyqasied Host 2016-05-05 16:39 - 2016-05-05 16:39 - 00001091 _____ C:\Users\Public\Desktop\Download EaseUS Data Re...lnk 2016-05-05 16:39 - 2016-05-05 16:39 - 00000000 ____D C:\Users\sabino\AppData\Roaming\CCACCBF1-7AB4-4CF5-B32D-668C686A539F 2016-05-05 16:38 - 2016-05-05 16:39 - 00000000 ____D C:\Users\sabino\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-05-05 16:38 - 2016-05-05 16:39 - 00000000 ____D C:\Program Files (x86)\Mputyqasied 2016-05-05 16:38 - 2016-05-05 16:38 - 00000000 ____D C:\Users\sabino\AppData\Local\csdi_monetize_120160505 2016-05-05 16:37 - 2016-05-05 16:39 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-05-05 16:31 - 2016-05-05 16:33 - 06311724 _____ C:\Users\sabino\Downloads\EaseUS Data Recovery Wizard 9.rar 2016-05-05 15:40 - 2016-05-05 15:40 - 00000000 ____D C:\Users\sabino\AppData\Roaming\Remo 2016-05-05 15:27 - 2016-05-05 15:27 - 00000320 _____ C:\Users\sabino\Documents\Recovery Session File # Thu, 05-May-2016[15 27 50].ysrs 2016-05-05 15:25 - 2016-05-05 15:29 - 00000000 ____D C:\Users\Todos os Usuários\TEMP 2016-05-05 15:25 - 2016-05-05 15:29 - 00000000 ____D C:\ProgramData\TEMP 2016-05-05 15:25 - 2009-02-12 15:11 - 00026024 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rsdrvx64.sys 2016-05-05 13:28 - 2016-05-05 13:28 - 00000000 ____D C:\Users\sabino\Documents\My Data Files 2016-05-05 13:27 - 2016-05-05 15:17 - 00000000 ____D C:\Users\Todos os Usuários\Wondershare 2016-05-05 13:27 - 2016-05-05 15:17 - 00000000 ____D C:\ProgramData\Wondershare 2016-05-05 13:27 - 2016-05-05 15:17 - 00000000 ____D C:\Program Files (x86)\Wondershare 2016-05-05 13:27 - 2016-05-05 13:27 - 00000000 ____D C:\Users\sabino\AppData\Local\Wondershare 2016-05-05 13:25 - 2016-05-05 13:27 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2016-05-05 13:18 - 2016-05-05 13:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-05-05 13:18 - 2016-05-05 13:18 - 00000000 ____D C:\Windows\SysWOW64\sda 2016-05-05 13:18 - 2016-05-05 13:18 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-05-05 13:18 - 2015-06-02 22:47 - 00313048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsBaStor.sys 2016-05-05 13:18 - 2015-06-02 07:04 - 00365272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys 2016-05-05 13:18 - 2015-06-01 06:44 - 00301784 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys 2016-05-05 13:18 - 2015-05-29 03:35 - 00752856 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsPer.sys 2016-05-05 13:18 - 2015-05-27 03:13 - 00402136 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys 2016-05-05 13:18 - 2014-10-20 06:50 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll 2016-05-05 13:18 - 2014-01-27 02:39 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll 2016-05-05 13:09 - 2016-05-05 13:09 - 00000000 ____D C:\Users\Todos os Usuários\DriversCloud.com 2016-05-05 13:09 - 2016-05-05 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com 2016-05-05 13:09 - 2016-05-05 13:09 - 00000000 ____D C:\ProgramData\DriversCloud.com 2016-05-05 13:09 - 2016-05-05 13:09 - 00000000 ____D C:\Program Files\DriversCloud.com 2016-04-24 00:46 - 2016-05-05 17:33 - 00002316 _____ C:\Users\sabino\Desktop\Chromium.lnk 2016-04-24 00:46 - 2016-04-24 00:46 - 00000000 ____D C:\Users\sabino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium 2016-04-24 00:46 - 2016-04-24 00:46 - 00000000 ____D C:\Users\sabino\AppData\Local\Chromium 2016-04-23 22:43 - 2016-04-23 22:44 - 00038375 _____ C:\Users\sabino\Downloads\formulario_ajax_2014.zip 2016-04-17 09:48 - 2016-04-17 10:13 - 00000000 ____D C:\Users\sabino\Desktop\Joel Peterson_arquivos 2016-04-17 09:47 - 2016-04-17 10:07 - 00011725 _____ C:\Users\sabino\Desktop\Joel Peterson.htm 2016-04-12 01:47 - 2016-04-12 01:47 - 00040421 _____ C:\Users\sabino\Downloads\index.html ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-11 22:47 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-11 22:47 - 2009-07-14 01:45 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-11 22:43 - 2016-03-02 19:43 - 00000274 _____ C:\Windows\Tasks\UpdateTask.job 2016-05-11 22:40 - 2016-01-30 21:29 - 00000000 ____D C:\Users\sabino\AppData\Local\Adobe 2016-05-11 22:39 - 2016-03-30 19:39 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-11 22:38 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-11 22:03 - 2016-04-07 14:03 - 00000000 ____D C:\Users\sabino\AppData\Roaming\DMCache 2016-05-11 21:56 - 2016-02-05 02:59 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-11 21:51 - 2016-03-30 19:39 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-11 21:45 - 2016-03-30 19:39 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 21:45 - 2016-03-30 19:39 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-11 21:43 - 2016-03-02 20:43 - 00000171 _____ C:\Users\sabino\AppData\Roaming\WB.CFG 2016-05-11 21:33 - 2009-07-14 14:55 - 00705268 _____ C:\Windows\system32\prfh0416.dat 2016-05-11 21:33 - 2009-07-14 14:55 - 00147108 _____ C:\Windows\system32\prfc0416.dat 2016-05-11 21:33 - 2009-07-14 02:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-11 21:33 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2016-05-09 13:34 - 2016-01-30 21:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-05-09 01:13 - 2016-03-02 19:41 - 00000000 ____D C:\Users\sabino\AppData\Roaming\WeatherTool 2016-05-06 11:40 - 2016-04-07 14:03 - 00000000 ____D C:\Users\sabino\Downloads\Compressed 2016-05-05 17:23 - 2016-01-29 20:25 - 00000000 ____D C:\Users\sabino 2016-05-05 16:42 - 2016-03-30 19:41 - 00002326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-05 16:42 - 2016-03-30 19:41 - 00002314 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-05 16:42 - 2016-01-30 21:26 - 00002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-05 16:42 - 2016-01-30 21:26 - 00002017 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-05-05 16:42 - 2016-01-29 20:26 - 00002297 _____ C:\Users\sabino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-05 16:42 - 2016-01-29 20:26 - 00002287 _____ C:\Users\sabino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-05-05 16:38 - 2016-03-02 19:42 - 00000766 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-05-05 16:38 - 2016-03-02 19:42 - 00000766 __RSH C:\ProgramData\ntuser.pol 2016-05-05 16:38 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-04-24 22:36 - 2016-03-30 19:41 - 00000000 ____D C:\Users\sabino\AppData\Local\Google 2016-04-24 00:44 - 2016-03-02 19:42 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk 2016-04-24 00:44 - 2016-03-02 19:42 - 00000000 ____D C:\Users\sabino\AppData\Local\{8509B355-A1A1-DFED-CC39-FA05E851069D} 2016-04-17 21:20 - 2016-03-20 00:05 - 00000132 _____ C:\Users\sabino\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-04-11 17:35 - 2016-04-07 14:34 - 00000000 ____D C:\Users\sabino\AppData\Roaming\IDM ==================== Arquivos na raiz de alguns diretórios ======= 2016-03-20 00:05 - 2016-04-17 21:20 - 0000132 _____ () C:\Users\sabino\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-05-05 16:40 - 2016-05-05 16:42 - 0001278 _____ () C:\Users\sabino\AppData\Roaming\Bubble Dock.boostrap.log 2016-05-05 16:40 - 2016-05-05 16:42 - 0005718 _____ () C:\Users\sabino\AppData\Roaming\Bubble Dock.installation.log 2016-05-11 22:36 - 2016-05-11 22:36 - 0011568 _____ () C:\Users\sabino\AppData\Roaming\InstallationConfiguration.xml 2016-05-11 22:36 - 2016-05-11 22:36 - 0127488 _____ () C:\Users\sabino\AppData\Roaming\Installer.dat 2016-05-05 17:18 - 2016-04-26 06:27 - 1916928 _____ () C:\Users\sabino\AppData\Roaming\msiql.exe 2016-05-05 17:17 - 2016-04-27 03:51 - 1755136 _____ () C:\Users\sabino\AppData\Roaming\service.exe 2016-05-05 17:12 - 2016-05-11 22:40 - 2783744 _____ (TODO: ) C:\Users\sabino\AppData\Roaming\svrupg.exe 2016-03-02 20:43 - 2016-05-11 21:43 - 0000171 _____ () C:\Users\sabino\AppData\Roaming\WB.CFG 2016-05-11 21:08 - 2016-05-11 22:40 - 0002259 _____ () C:\Users\sabino\AppData\Roaming\webad.xml 2016-05-05 16:40 - 2016-05-05 16:40 - 0000097 _____ () C:\Users\sabino\AppData\Roaming\WindApp.boostrap.log 2016-05-05 17:18 - 2016-04-19 05:58 - 0600312 _____ () C:\Users\sabino\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-03-28 22:35 - 2016-03-28 22:45 - 0001456 _____ () C:\Users\sabino\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-05-05 21:09 - 2016-05-05 21:09 - 0000016 _____ () C:\ProgramData\mntemp 2016-05-05 17:12 - 2016-04-26 06:27 - 1916928 _____ () C:\ProgramData\msiql.exe 2016-05-05 17:10 - 2016-05-05 17:10 - 1755136 _____ () C:\ProgramData\service.exe 2016-05-05 17:12 - 2016-05-05 17:12 - 0002303 _____ () C:\ProgramData\webad.xml Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\msiql.exe C:\ProgramData\service.exe C:\Users\Todos os Usuários\msiql.exe C:\Users\Todos os Usuários\service.exe Alguns arquivos em TEMP: ==================== C:\Users\sabino\AppData\Local\Temp\13F2.tmp.exe C:\Users\sabino\AppData\Local\Temp\14B1.tmp.exe C:\Users\sabino\AppData\Local\Temp\175B.tmp.exe C:\Users\sabino\AppData\Local\Temp\19EC.tmp.exe C:\Users\sabino\AppData\Local\Temp\1DBB.tmp.exe C:\Users\sabino\AppData\Local\Temp\27X4XTUZ5C.exe C:\Users\sabino\AppData\Local\Temp\281B.tmp.exe C:\Users\sabino\AppData\Local\Temp\286D.tmp.exe C:\Users\sabino\AppData\Local\Temp\30D2.tmp.exe C:\Users\sabino\AppData\Local\Temp\3287.tmp.exe C:\Users\sabino\AppData\Local\Temp\3498.tmp.exe C:\Users\sabino\AppData\Local\Temp\3573.tmp.exe C:\Users\sabino\AppData\Local\Temp\37A4.tmp.exe C:\Users\sabino\AppData\Local\Temp\3C58.tmp.exe C:\Users\sabino\AppData\Local\Temp\3F8.tmp.exe C:\Users\sabino\AppData\Local\Temp\47E5.tmp.exe C:\Users\sabino\AppData\Local\Temp\5069.tmp.exe C:\Users\sabino\AppData\Local\Temp\59D7.tmp.exe C:\Users\sabino\AppData\Local\Temp\59F5.tmp.exe C:\Users\sabino\AppData\Local\Temp\6735.tmp.exe C:\Users\sabino\AppData\Local\Temp\67C8.tmp.exe C:\Users\sabino\AppData\Local\Temp\6B8D.tmp.exe C:\Users\sabino\AppData\Local\Temp\798D.tmp.exe C:\Users\sabino\AppData\Local\Temp\908.tmp.exe C:\Users\sabino\AppData\Local\Temp\92AE.tmp.exe C:\Users\sabino\AppData\Local\Temp\9495.tmp.exe C:\Users\sabino\AppData\Local\Temp\96ED.tmp.exe C:\Users\sabino\AppData\Local\Temp\981A.tmp.exe C:\Users\sabino\AppData\Local\Temp\A0B2.tmp.exe C:\Users\sabino\AppData\Local\Temp\A1D1VZZ9AE.exe C:\Users\sabino\AppData\Local\Temp\B78F.tmp.exe C:\Users\sabino\AppData\Local\Temp\BF40.tmp.exe C:\Users\sabino\AppData\Local\Temp\C023.tmp.exe C:\Users\sabino\AppData\Local\Temp\C2B7.tmp.exe C:\Users\sabino\AppData\Local\Temp\C405.tmp.exe C:\Users\sabino\AppData\Local\Temp\C9MHX6TNII.exe C:\Users\sabino\AppData\Local\Temp\CF8F.tmp.exe C:\Users\sabino\AppData\Local\Temp\D2D.tmp.exe C:\Users\sabino\AppData\Local\Temp\DinosaursVolleyer.dll C:\Users\sabino\AppData\Local\Temp\E3AD.tmp.exe C:\Users\sabino\AppData\Local\Temp\E853.tmp.exe C:\Users\sabino\AppData\Local\Temp\EF10.tmp.exe C:\Users\sabino\AppData\Local\Temp\F280.tmp.exe C:\Users\sabino\AppData\Local\Temp\F2DC.tmp.exe C:\Users\sabino\AppData\Local\Temp\F7D6.tmp.exe C:\Users\sabino\AppData\Local\Temp\F8B8.tmp.exe C:\Users\sabino\AppData\Local\Temp\FFTPYJ9IOV.exe C:\Users\sabino\AppData\Local\Temp\fsd55FC.exe C:\Users\sabino\AppData\Local\Temp\fsd712A.exe C:\Users\sabino\AppData\Local\Temp\IC7APO97TE.exe C:\Users\sabino\AppData\Local\Temp\KB14OV08QB.exe C:\Users\sabino\AppData\Local\Temp\nsu40CC.tmp.exe C:\Users\sabino\AppData\Local\Temp\ui.dll C:\Users\sabino\AppData\Local\Temp\Uninstall.exe C:\Users\sabino\AppData\Local\Temp\YFYT0AS7S5.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-04-26 00:28 ==================== Fim de FRST.txt ============================