cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01
Executado por Marcio (administrador) em MARCIO-PC (18-03-2016 01:08:36)
Executando a partir de C:\Users\Marcio\Desktop
Perfis Carregados: Marcio (Perfis Disponíveis: Marcio)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: "C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe" -- "%1")
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Baidu, Inc.) C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe
() C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe
() C:\Users\Marcio\AppData\Local\Crsoft\crsvc.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
() C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\Marcio\AppData\Roaming\NetService\netservice.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Windows\System32\PnkBstrB.exe
() C:\Program Files\QQS\serverqqs.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Baidu Inc.) C:\Program Files\baidu\Baidu Browser\sparkservice.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\st_rsser.exe
() C:\Program Files\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe
(TorchMedia Inc.) C:\Users\Marcio\AppData\Local\Torch\Update\TorchCrashHandler.exe
(TorrentsTime) C:\Program Files\TorrentsTime Media Player\bin\TTService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files\windowsvnew\windowsclnew.exe
() C:\Program Files\ScreenSnapshotTool\1.0.1.10301\ScreenSnapshot.exe
() C:\Users\Marcio\AppData\Roaming\WinNetSvc\WinNetSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
() C:\Users\Marcio\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bastray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Crawler Group, LLC) C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(VLOME) C:\Users\Marcio\AppData\Local\Temp\is-PO5EM.tmp\print.exe
() C:\Program Files\win_en_77\win_en_77.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
() C:\Users\Marcio\AppData\Roaming\Gameo\gameo.exe
(MediaDownloader ) C:\Users\Marcio\Downloads\MediaDownloader.exe
() C:\Users\Marcio\AppData\Local\Temp\is-HDIL2.tmp\MediaDownloader.tmp
() C:\Users\Marcio\AppData\Roaming\Gameo\gameo.exe
() C:\Users\Marcio\AppData\Roaming\Gameo\gameo.exe
() C:\Users\Marcio\AppData\Roaming\Gameo\gameo.exe
() C:\Windows\hrn.exe
() C:\Windows\mhrn.exe
() C:\Users\Marcio\AppData\Local\Setup Wizard\b5ab20e8-a20c-455e-93dc-aaca0f3b12b2\vlc-media-player.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
() C:\Program Files\win_en_77\win_en_77.exe
() C:\Users\Marcio\AppData\Local\Temp\Install_17376\ins_ytd.exe
() C:\Users\Marcio\AppData\Local\Temp\09429\skype.exe
() C:\Program Files\ShopperPro3\JSDriver\1.42.1.10650\jsdrv.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(BrowserV19.06) C:\Program Files\BrowserV19.06\640757cd-62f7-489a-b1c2-4b4a64f86ca3-1-6.exe
() C:\Users\Marcio\AppData\Local\Temp\11405\Setup.exe
() C:\Program Files\win_en_77\win_en_77.exe
() C:\Program Files\win_en_77\win_en_77.exe
() C:\Program Files\win_en_77\win_en_77.exe
() C:\Users\Marcio\AppData\Local\Installer\Installytd_21287\ytdiegut_gutdc_inst.exe
() C:\Users\Marcio\AppData\Local\Installer\Installytd_21287\ytdiegut_gutdc_inst.exe
() C:\Users\Marcio\AppData\Local\Temp\Install_2679\ins_ytd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\win_en_77\win_en_77.exe
(CatalinaGroup Ltd.) C:\Users\Marcio\AppData\Local\CatalinaGroup\Citrio\Application\citrio.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\win_en_77\win_en_77.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [3837552 2012-01-16] (VIA)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PlusService] => C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [5318992 2015-12-10] (Crawler Group, LLC)
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [5557584 2015-12-10] (Crawler Group, LLC)
HKLM\...\Run: [PSafeTray] => "C:\Program Files\PSafe\PSafeSysTray.exe"
HKLM\...\Run: [PSafeWDS] => "C:\Program Files\PSafe\PSafeWDS.exe"
HKLM\...\Run: [QqsnTerminal] => C:\Program Files\QQS\qvodterminal.exe [1027672 2013-04-15] (Shenzhen QVOD Technology Co.,Ltd)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM\...\Run: [EfficientStickyNotes] => [X]
HKLM\...\Run: [gmsd_br_276] => [X]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [gmsd_br_528] => [X]
HKLM\...\Run: [gmsd_br_554] => [X]
HKLM\...\Run: [gmsd_br_564] => [X]
HKLM\...\Run: [gmsd_br_596] => [X]
HKLM\...\Run: [gmsd_br_005010004] => [X]
HKLM\...\Run: [gmsd_br_005010005] => [X]
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [gmsd_br_005010007] => [X]
HKLM\...\Run: [gpuminer] => C:\Users\Marcio\AppData\Roaming\cpuminer\sgminer\sgminer.cmd [96 2015-05-02] ()
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM\...\Run: [SPDriver] => C:\Program Files\ShopperPro3\JSDriver\1.42.1.10650\jsdrv.exe [2720256 2016-03-13] ()
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [ICQ] => "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2013-05-21] (Microsoft Corporation)
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [lollipop_12052312] => "c:\users\marcio\appdata\local\lollipop\lollipop_12052312.exe" lollipop_12052312
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [QQIntl] => "C:\Program Files\Tencent\QQIntl\Bin\QQ.exe" /background
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [Viber] => "C:\Users\Marcio\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro\DTAgent.exe [842048 2011-03-17] (DT Soft Ltd)
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [CatalinaGroup Update] => C:\Users\Marcio\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe [130928 2015-12-07] (Catalina Group Ltd.)
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [DesktopReminder2ByPolenter] => C:\Program Files\Desktop-Reminder 2\DesktopReminder2.exe [2630208 2015-06-12] (Polenter - Software Solutions)
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [Pritc] => C:\Users\Marcio\AppData\Local\Temp\is-PO5EM.tmp\print.exe [2955264 2016-03-03] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] ()
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [WindApp] => "C:\Users\Marcio\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [Selection Tools] => "C:\Users\Marcio\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [Gameo] => C:\Users\Marcio\AppData\Roaming\Gameo\gameo.exe [42482176 2015-07-04] ()
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Run: [SPDriver] => C:\Program Files\ShopperPro3\JSDriver\1.42.1.10650\jsdrv.exe [2720256 2016-03-13] ()
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\MountPoints2: {48404d11-b41e-11e2-b5a6-c89cdcce257e} - E:\setup.exe
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\MountPoints2: {941c356b-2122-11e3-9e7a-c89cdcce257e} - G:\autorun.exe
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\MountPoints2: {f3549f6f-92ae-11e5-925a-c89cdcce257e} - E:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-03-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Media Player.vbe [2013-02-13] ()
Startup: C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2013-06-13]
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:64452;https=127.0.0.1:64452
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:64452;https=127.0.0.1:64452
ProxyServer: [S-1-5-21-2575527652-1528111661-3227582252-1000] => http=127.0.0.1:43164;https=127.0.0.1:43164
AutoConfigURL: [S-1-5-21-2575527652-1528111661-3227582252-1000] => http=127.0.0.1:43164;https=127.0.0.1:43164
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{AD82E6EE-0058-4F54-94CB-98F9431ECF77}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{B848E280-E017-4A76-8E8C-959B9B453B18}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <======= ATENÇÃO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdks_inner_hp_09_hao123_br&guid=a80f02333841d134de95fdba012ebcac
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv6&uid=6VPKQ1FT_ST31000524AS&tm=1434827048
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdks_inner_hp_09_hao123_br&guid=a80f02333841d134de95fdba012ebcac
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=mbtkv6&uid=6VPKQ1FT_ST31000524AS&tm=1434827048
HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.123rede.com?oem=mbtkv6&uid=6VPKQ1FT_ST31000524AS&tm=1443629838
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com/?bd=ds&oem=Cube&uid=ST31000524AS_6VPKQ1FTXXXX6VPKQ1FT&version=2.3.0.8724&pid=414031160&tid=422&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> {01B9766A-C55A-4A1D-A2F4-AAEAB962E0A7} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=slb2&utm_campaign=install_ie&utm_content=ds&from=slb2&uid=ST31000524AS_6VPKQ1FTXXXX6VPKQ1FT&ts=1434858482&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=slb2&utm_campaign=install_ie&utm_content=ds&from=slb2&uid=ST31000524AS_6VPKQ1FTXXXX6VPKQ1FT&ts=1434858482&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=dspp&ts=1434758486&z=1a2bfa8b080f3b2f150d53fgdz4cbzambw9bfzftbg&from=tt4u&uid=ST31000524AS_6VPKQ1FTXXXX6VPKQ1FT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=slb2&utm_campaign=install_ie&utm_content=ds&from=slb2&uid=ST31000524AS_6VPKQ1FTXXXX6VPKQ1FT&ts=1434858482&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=slb2&utm_campaign=install_ie&utm_content=ds&from=slb2&uid=ST31000524AS_6VPKQ1FTXXXX6VPKQ1FT&ts=1434858482&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2575527652-1528111661-3227582252-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll => Nenhum Arquivo
BHO: Sem Nome -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> Nenhum Arquivo
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-17] (Oracle Corporation)
BHO: Spyware Terminator 2015 Internet Guard -> {82A76710-4F98-4957-92BE-99648A4E2475} -> C:\Program Files\Spyware Terminator\STInternetGuard.dll [2015-07-28] (Crawler Group, LLC)
BHO: Auxiliar de Conexão do Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro3\ShopperPro3.dll [2016-03-13] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-17] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Users\Marcio\Desktop\Podcast\Skype4COM.dll [2011-09-07] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1434758425&z=6ecbebfc5ae5e032b032d97g8zfcdz8mbwdbbz6ccc&from=tt4u&uid=ST31000524AS_6VPKQ1FTXXXX6VPKQ1FT

FireFox:
========
FF ProfilePath: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: hxxp://www.yessearches.com/?ts=AHEpC38qBH0tAk..&v=20160315&uid=B606E4BACDD6AE6383792E51967FC7EB&ptid=wak&mode=ffseng
FF DefaultSearchEngine: yessearches
FF SelectedSearchEngine: yessearches
FF Homepage: hxxp://www.yessearches.com/?ts=AHEpC38qBH0tAk..&v=20160315&uid=B606E4BACDD6AE6383792E51967FC7EB&ptid=wak&mode=ffseng
FF Keyword.URL: hxxps://br.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=435371&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll [2014-01-29] (Adobe Systems, Inc.)
FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin: @flyordie.com/GamesPlugin -> C:\Program Files\Flyordie Plugin\npfod.dll [2014-09-17] (Solware)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @qq.com/npchrome -> C:\Program Files\Common Files\Tencent\Npchrome\npchrome.dll [Nenhum Arquivo]
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll [Nenhum Arquivo]
FF Plugin: @qqsn.com/QqsnInsert -> C:\Program Files\QQS\NpqqsnInsert.dll [2013-07-29] (Alliance Win Online Network Technology Co., LTD)
FF Plugin: @qqsp.com/QvodInsert -> C:\Program Files\QQS\npqqsp.dll [2013-07-29] (Alliance Win Online Network Technology Co., LTD)
FF Plugin: @qvod.com/QvodInsert -> C:\Program Files\QQS\npqplus.dll [2013-07-29] (Alliance Win Online Network Technology Co., LTD)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2014-10-16] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @vizzed.com/VizzedRGR -> C:\Program Files\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2013-01-11] (Vizzed.com)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2575527652-1528111661-3227582252-1000: @catalinahub.net/CatalinaGroup Update;version=3 -> C:\Users\Marcio\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-12-07] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-2575527652-1528111661-3227582252-1000: @catalinahub.net/CatalinaGroup Update;version=9 -> C:\Users\Marcio\AppData\Local\CatalinaGroup\Update\1.3.25.223\npCatalinaUpdate3.dll [2015-12-07] (Catalina Group Ltd.)
FF Plugin HKU\S-1-5-21-2575527652-1528111661-3227582252-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marcio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2575527652-1528111661-3227582252-1000: TorchVLC -> C:\Users\Marcio\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin HKU\S-1-5-21-2575527652-1528111661-3227582252-1000: torrents-time.com/TTPlugin -> C:\Program Files\TorrentsTime Media Player\bin\npTTPlugin.dll [2016-02-15] (Torrents Time)
FF SearchPlugin: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\searchplugins\search-simple.xml [2015-11-28]
FF SearchPlugin: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\searchplugins\smod.xml [2015-11-28]
FF SearchPlugin: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\searchplugins\yahoo_ff.xml [2015-11-23]
FF SearchPlugin: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-17]
FF SearchPlugin: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\search-simple.xml [2015-11-28]
FF SearchPlugin: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\smod.xml [2015-11-28]
FF SearchPlugin: C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo_ff.xml [2015-11-23]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2015-05-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2015-05-25]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\navegaki.xml [2015-06-21]
FF Extension: Stylish - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-06-17]
FF Extension: Sem Nome - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\extensions\searchffv2@gmail.com [não encontrado (a)]
FF Extension: Search Enginer - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\extensions\sweetsearch@gmail.com [2015-06-23] [não assinado]
FF Extension: deskCut - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\Extensions\deskCutv2@gmail.com [2015-11-28] [não assinado]
FF Extension: Magnify It - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\Extensions\magit@magit.com [2015-11-28] [não assinado]
FF Extension: YahooToolsProtected - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\Extensions\yahooprotected@gmail.com [2015-11-28] [não assinado]
FF Extension: SearchMoreKnow - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\Extensions\{401778d9-855a-4a0d-8520-712558407cc3}.xpi [2015-11-27] [não assinado]
FF Extension: MyStart Toolbar - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\Extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}.xpi [2015-11-13] [não assinado]
FF Extension: Lucky Bright - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\Extensions\{9a3127b0-4760-45c5-9ee8-a422a9987660}.xpi [2015-11-27] [não assinado]
FF Extension: Adblock Plus - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-17]
FF Extension: GsearchFinder - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-14]
FF Extension: deskCut - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\deskCutv2@gmail.com [2016-03-17] [não assinado]
FF Extension: Magnify It - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\magit@magit.com [2016-03-17] [não assinado]
FF Extension: Search Enginer - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\sweetsearch@gmail.com [2016-03-17] [não assinado]
FF Extension: YahooToolsProtected - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\yahooprotected@gmail.com [2016-03-17] [não assinado]
FF Extension: SearchMoreKnow - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{401778d9-855a-4a0d-8520-712558407cc3}.xpi [2015-11-27] [não assinado]
FF Extension: Stylish - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-06-17]
FF Extension: MyStart Toolbar - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}.xpi [2015-11-13] [não assinado]
FF Extension: Lucky Bright - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{9a3127b0-4760-45c5-9ee8-a422a9987660}.xpi [2015-11-27] [não assinado]
FF Extension: Adblock Plus - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-17]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-03-27] [não assinado]
FF HKLM\...\Firefox\Extensions: [{572dc62a-881e-45ca-b75a-a01da72a3ab6}] - C:\Program Files\shopperz\Firefox => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Marcio\AppData\Roaming\Mozilla\Firefox\Profiles\ij88v41v.default\extensions\sweetsearch@gmail.com
FF HKU\S-1-5-21-2575527652-1528111661-3227582252-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=B606E4BACDD6AE6383792E51967FC7EB&v=20160315&ts=AHEpC38qBH0tAk..
CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=B606E4BACDD6AE6383792E51967FC7EB&v=20160315&ts=AHEpC38qBH0tAk.."
CHR DefaultSearchURL: Default -> hxxp://www.yessearches.com/chrome.php?q={searchTerms}&ts=AHEpC38qBH0tAk..&v=20160315&uid=B606E4BACDD6AE6383792E51967FC7EB&ptid=wak&mode=nnnb
CHR DefaultSearchKeyword: Default -> yessearches
CHR Profile: C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Debug) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicpjbgbdmeebbjdelgojldchbmjakip [2016-02-02]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Marcio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-04]
CHR Extension: (Plugin Follow) - C:\Users\Marcio\AppData\Local\Plugin Follow\Component [2015-11-28]

Opera:
=======
OPR Extension: (Sem Nome) - C:\Users\Marcio\AppData\Roaming\Opera Software\Opera Stable\Extensions\cppdfeaamgpkngcgjpieiooeaajbdcjj [2015-11-28]
OPR Extension: (Sem Nome) - C:\Users\Marcio\AppData\Roaming\Opera Software\Opera Stable\Extensions\dimfohdigjaffdaanhmbocfkpolglnjk [2015-11-28]
OPR Extension: (Lucky Bright) - C:\Users\Marcio\AppData\Roaming\Opera Software\Opera Stable\Extensions\khoklbjcildphcoaecpencbakkidemgp [2015-11-28]
OPR Extension: (SearchMoreKnow) - C:\Users\Marcio\AppData\Roaming\Opera Software\Opera Stable\Extensions\kjhmddkolcfaeffbjdakeijfdgbmaoak [2015-11-28]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe www.123rede.com?oem=mbtkv6&uid=6VPKQ1FT_ST31000524AS&tm=1443629838

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 BASSVC; C:\Program Files\Baidu Security\MoboMarket\1.3.7.5967\bassvc.exe [208928 2015-04-22] (Baidu, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [274200 2012-01-12] (Intel Corporation)
R2 Crashhd; C:\Users\Marcio\AppData\Local\Crsoft\crsvc.exe [185800 2015-09-24] ()
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2135232 2014-03-07] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 hrn; c:\windows\hrn.exe [417792 2016-03-17] () [Arquivo não assinado]
R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-12-19] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 mhrn; c:\windows\mhrn.exe [408576 2016-03-17] () [Arquivo não assinado]
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-03-17] (DotC United Inc)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 NetTcpHandler; C:\Users\Marcio\AppData\Roaming\NetService\netservice.exe [173848 2015-06-12] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [Arquivo não assinado]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-05-29] ()
R2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [189248 2014-05-29] ()
R2 serverqqs; C:\Program Files\QQS\serverqqs.exe [712280 2014-01-26] ()
R2 SparkSvc; C:\Program Files\baidu\Baidu Browser\sparkservice.exe [97080 2016-01-24] (Baidu Inc.)
S3 SparkUpdater; C:\Program Files\Baidu\SparkUpdate\Sparkupdate.exe [1361720 2015-05-27] (Baidu.com, Inc.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-03-18] (Enigma Software Group USA, LLC.)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [2114384 2015-12-10] (Crawler Group, LLC)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
R2 TheScreenSnapshotService; C:\Program Files\ScreenSnapshotTool\1.0.1.10301\ScreenShotServ.exe [143520 2015-06-15] ()
R2 TorchCrashHandler; C:\Users\Marcio\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217032 2015-06-24] (TorchMedia Inc.) <==== ATENÇÃO
R2 TTService; C:\Program Files\TorrentsTime Media Player\bin\TTService.exe [3543576 2016-02-16] (TorrentsTime)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 windowsvnew; C:\Program Files\windowsvnew\windowsclnew.exe [36384 2014-08-15] ()
R2 WinNetSvc; C:\Users\Marcio\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
S2 Winsere; C:\Program Files\Winsere\Winsere\Winsere.exe [306736 2016-03-15] ()
R2 WMPNetworkAcSvc; C:\Users\Marcio\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [4984448 2016-03-15] ()
S4 zugowexi; C:\Users\Marcio\AppData\Roaming\03000200-1425490806-0500-0006-000700080009\nsk86C7.tmp [140800 2015-06-21] () [Arquivo não assinado]
S2 ggbugreport; "C:\Program Files\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
S2 Update Framed Display; "C:\Program Files\Framed Display\updateFramedDisplay.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [46440 2015-03-31] (Baidu, Inc.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [233024 2015-11-24] (DT Soft Ltd)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-03-18] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation)
U0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-03-17] (DotC United Inc)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-03-17] (DotC United Inc)
R1 sp_rsdrv2; C:\Windows\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [Arquivo não assinado]
R3 usbcamcl; C:\Windows\System32\DRIVERS\usbcamcl.sys [28416 2011-08-18] (usb camera)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1822832 2012-01-10] (VIA Technologies, Inc.)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys [X]
S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]
R2 SPDRIVER_1.42.1.10650; \??\C:\Program Files\ShopperPro3\JSDriver\1.42.1.10650\jsdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-18 01:06 - 2016-03-18 01:09 - 00039296 _____ C:\Users\Marcio\Desktop\FRST.txt
2016-03-18 01:06 - 2016-03-18 01:08 - 00000000 ____D C:\FRST
2016-03-18 01:05 - 2016-03-18 01:05 - 01725440 _____ (Farbar) C:\Users\Marcio\Desktop\FRST.exe
2016-03-18 00:40 - 2016-03-18 00:40 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Enigma Software Group
2016-03-18 00:40 - 2016-03-18 00:40 - 00000000 ____D C:\sh4ldr
2016-03-18 00:39 - 2016-03-18 00:39 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-18 00:39 - 2016-03-18 00:39 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-17 23:10 - 2016-03-17 23:10 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\PriceFountain
2016-03-17 22:59 - 2016-03-17 23:17 - 00000000 ____D C:\Program Files\ShopperPro3
2016-03-17 22:59 - 2016-03-17 23:01 - 00000000 ____D C:\Users\Todos os Usuários\ShopperPro3
2016-03-17 22:59 - 2016-03-17 23:01 - 00000000 ____D C:\ProgramData\ShopperPro3
2016-03-17 22:59 - 2016-03-17 22:59 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3
2016-03-17 22:56 - 2016-03-17 22:56 - 00001226 _____ C:\Users\Marcio\Desktop\Revo Uninstaller.lnk
2016-03-17 22:56 - 2016-03-17 22:56 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-17 22:56 - 2016-03-17 22:56 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-17 22:55 - 2016-03-17 22:54 - 00052968 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-03-17 22:55 - 2016-03-17 22:54 - 00029032 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys
2016-03-17 22:53 - 2016-03-17 22:53 - 00631808 _____ C:\Windows\hrn.dat
2016-03-17 22:53 - 2016-03-17 22:53 - 00417792 _____ C:\Windows\hrn.exe
2016-03-17 22:53 - 2016-03-17 22:53 - 00408576 _____ C:\Windows\mhrn.exe
2016-03-17 22:51 - 2016-03-17 22:52 - 00000000 ____D C:\Users\Marcio\AppData\Local\Setup Wizard
2016-03-17 22:49 - 2016-03-17 22:51 - 00000000 ____D C:\Users\Marcio\AppData\Local\Gameo
2016-03-17 22:49 - 2016-03-17 22:49 - 00001777 _____ C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2016-03-17 22:49 - 2016-03-17 22:49 - 00000174 _____ C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2016-03-17 22:49 - 2016-03-17 22:49 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
2016-03-17 22:48 - 2016-03-17 23:27 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Gameo
2016-03-17 22:47 - 2016-03-17 23:11 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\WarThunder
2016-03-17 22:47 - 2016-03-17 22:47 - 05892175 _____ (MediaDownloader ) C:\Users\Marcio\Downloads\MediaDownloader.exe
2016-03-17 22:42 - 2016-03-17 23:21 - 00000000 ____D C:\Program Files\win_en_77
2016-03-17 22:42 - 2016-03-17 22:44 - 00000000 ____D C:\Program Files\Sound+
2016-03-17 22:42 - 2016-03-17 22:42 - 00000000 ____D C:\Users\Marcio\AppData\Local\win_en_77
2016-03-17 22:41 - 2016-03-17 23:14 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\WTools
2016-03-17 22:41 - 2016-03-17 23:10 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Store
2016-03-17 22:40 - 2016-03-17 23:35 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Nosibay
2016-03-17 22:39 - 2016-03-17 22:42 - 00000000 ____D C:\Users\Marcio\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-17 22:39 - 2016-03-17 22:39 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-17 22:39 - 2016-03-17 22:39 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-17 22:38 - 2016-03-18 00:38 - 00000000 ____D C:\Program Files\SearchesToYesbnd
2016-03-17 22:38 - 2016-03-17 22:38 - 00000000 ____D C:\Program Files\WinTaske
2016-03-17 22:38 - 2016-03-17 22:38 - 00000000 ____D C:\Program Files\Winsere
2016-03-17 22:37 - 2016-03-17 22:38 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-03-15 09:47 - 2016-03-17 19:24 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\WMPNetworkAcSvc
2016-03-12 23:54 - 2016-03-13 00:42 - 00000000 ____D C:\Users\Marcio\AppData\Local\TinderPlusPlus
2016-03-12 23:54 - 2016-03-12 23:54 - 00001343 _____ C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tinder++.lnk
2016-03-11 10:17 - 2016-03-11 10:17 - 11035328 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-03-09 22:45 - 2016-02-12 15:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 22:45 - 2016-02-12 15:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 22:45 - 2016-02-12 15:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 22:45 - 2016-02-12 15:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 22:45 - 2016-02-12 15:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 22:45 - 2016-02-12 15:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 22:45 - 2016-02-12 15:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 22:45 - 2016-02-12 15:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 22:45 - 2016-02-12 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 22:45 - 2016-02-12 15:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 22:45 - 2016-02-12 15:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 22:45 - 2016-02-11 15:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-09 22:45 - 2016-02-11 15:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 22:45 - 2016-02-11 15:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 22:45 - 2016-02-11 15:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 22:45 - 2016-02-11 15:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 22:45 - 2016-02-11 15:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 22:45 - 2016-02-11 15:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 22:45 - 2016-02-11 15:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 22:45 - 2016-02-11 15:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 22:45 - 2016-02-11 15:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 22:45 - 2016-02-11 15:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 22:45 - 2016-02-11 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 22:45 - 2016-02-11 15:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 22:45 - 2016-02-11 15:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 22:45 - 2016-02-11 15:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 22:45 - 2016-02-11 15:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 22:45 - 2016-02-11 15:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 22:45 - 2016-02-11 15:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 22:45 - 2016-02-11 15:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 22:45 - 2016-02-11 15:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 22:45 - 2016-02-11 15:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 22:45 - 2016-02-11 15:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 22:45 - 2016-02-11 15:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 22:45 - 2016-02-11 15:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 22:45 - 2016-02-11 14:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 22:45 - 2016-02-11 14:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 22:45 - 2016-02-11 14:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 22:45 - 2016-02-11 14:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 22:45 - 2016-02-11 14:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 22:45 - 2016-02-11 14:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 22:45 - 2016-02-11 14:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 22:45 - 2016-02-11 14:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 22:45 - 2016-02-11 14:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 22:45 - 2016-02-09 06:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 22:45 - 2016-02-04 15:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 22:45 - 2016-02-04 14:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 22:45 - 2016-02-03 14:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 22:44 - 2016-02-19 15:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 22:44 - 2016-02-19 15:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 22:44 - 2016-02-19 11:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 22:44 - 2016-02-11 11:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 22:44 - 2016-02-09 06:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 22:44 - 2016-02-09 06:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 22:44 - 2016-02-09 06:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 22:44 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 22:44 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 22:44 - 2016-02-09 03:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 22:44 - 2016-02-08 18:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 22:44 - 2016-02-08 17:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 22:44 - 2016-02-08 17:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 22:44 - 2016-02-08 17:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 22:44 - 2016-02-08 17:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 22:44 - 2016-02-08 17:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 22:44 - 2016-02-08 17:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 22:44 - 2016-02-08 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 22:44 - 2016-02-08 17:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 22:44 - 2016-02-08 17:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 22:44 - 2016-02-08 17:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 22:44 - 2016-02-08 17:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 22:44 - 2016-02-08 17:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 22:44 - 2016-02-08 17:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 22:44 - 2016-02-08 17:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 22:44 - 2016-02-08 17:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 22:44 - 2016-02-08 17:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 22:44 - 2016-02-08 17:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 22:44 - 2016-02-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 22:44 - 2016-02-08 17:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 22:44 - 2016-02-08 17:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 22:44 - 2016-02-08 17:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 22:44 - 2016-02-08 17:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 22:44 - 2016-02-08 17:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 22:44 - 2016-02-08 17:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 22:44 - 2016-02-08 17:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 22:44 - 2016-02-08 17:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 22:44 - 2016-02-08 17:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 22:44 - 2016-02-08 17:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 22:44 - 2016-02-08 17:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 22:44 - 2016-02-08 17:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 22:44 - 2016-02-08 16:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 22:44 - 2016-02-08 16:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 22:44 - 2016-02-08 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 22:44 - 2016-02-05 15:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 22:44 - 2016-02-05 15:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 22:44 - 2016-02-05 15:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 22:44 - 2016-02-05 14:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 22:44 - 2016-02-05 14:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 22:44 - 2016-02-05 11:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 22:44 - 2016-02-05 11:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 22:44 - 2016-02-05 11:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 22:44 - 2016-02-03 15:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 22:44 - 2016-02-03 15:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-09 22:44 - 2016-02-03 15:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 22:44 - 2016-01-11 15:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 22:44 - 2015-11-19 11:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 22:44 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-05 17:35 - 2016-03-05 17:35 - 00192090 _____ C:\Users\Marcio\Downloads\E99F.tmp
2016-02-20 17:58 - 2016-02-20 17:58 - 00000000 ____D C:\Users\Todos os Usuários\gbas
2016-02-20 17:58 - 2016-02-20 17:58 - 00000000 ____D C:\ProgramData\gbas
2016-02-20 17:56 - 2016-02-20 17:56 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú
2016-02-20 17:56 - 2016-02-20 17:56 - 00000000 ____D C:\Users\Marcio\AppData\Local\Aplicativo Itau
2016-02-19 14:10 - 2016-02-19 14:10 - 00000000 ____D C:\Users\Marcio\AppData\Local\Steam
2016-02-19 14:10 - 2016-02-19 14:10 - 00000000 ____D C:\Users\Marcio\AppData\Local\CEF
2016-02-17 00:55 - 2016-02-17 00:55 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\DesktopReminder
2016-02-17 00:36 - 2016-03-17 19:22 - 00000000 ____D C:\Users\Marcio\Documents\DesktopReminder
2016-02-17 00:36 - 2016-02-17 00:37 - 00000000 ____D C:\Users\Todos os Usuários\Isolated Storage
2016-02-17 00:36 - 2016-02-17 00:37 - 00000000 ____D C:\ProgramData\Isolated Storage
2016-02-17 00:36 - 2016-02-17 00:36 - 00000000 ____D C:\Users\Marcio\AppData\Local\Polenter_-_Software_Solut
2016-02-17 00:35 - 2016-03-17 19:22 - 00000000 ____D C:\Program Files\Desktop-Reminder 2
2016-02-17 00:35 - 2016-02-17 00:36 - 00000000 __HDC C:\Users\Todos os Usuários\{CC0B0E1E-8497-4220-ABA4-783565C4912F}
2016-02-17 00:35 - 2016-02-17 00:36 - 00000000 __HDC C:\ProgramData\{CC0B0E1E-8497-4220-ABA4-783565C4912F}
2016-02-17 00:35 - 2016-02-17 00:35 - 00002031 _____ C:\Users\Public\Desktop\Desktop-Reminder 2.lnk
2016-02-17 00:35 - 2016-02-17 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop-Reminder 2
2016-02-17 00:34 - 2016-02-17 00:34 - 00000000 ____D C:\Users\Marcio\AppData\Local\InstallAware Installation Information
2016-02-17 00:09 - 2016-02-17 00:24 - 00000000 ____D C:\Users\Marcio\Desktop\Animangás

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-18 01:08 - 2015-06-19 21:08 - 00003112 _____ C:\Windows\Tasks\640757cd-62f7-489a-b1c2-4b4a64f86ca3-1-6.job
2016-03-18 01:06 - 2015-06-19 18:10 - 00000000 ____D C:\Users\Marcio\AppData\LocalLow\HPAppData
2016-03-18 00:56 - 2015-12-07 11:35 - 00000942 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2575527652-1528111661-3227582252-1000UA.job
2016-03-18 00:53 - 2015-06-21 03:13 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-18 00:50 - 2013-05-13 21:30 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2016-03-18 00:40 - 2013-04-27 12:05 - 00000000 ____D C:\Users\Marcio
2016-03-18 00:39 - 2009-07-14 01:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-18 00:38 - 2014-02-03 13:40 - 00000000 ____D C:\Users\Todos os Usuários\Origin
2016-03-18 00:38 - 2014-02-03 13:40 - 00000000 ____D C:\ProgramData\Origin
2016-03-18 00:37 - 2014-10-01 00:50 - 00000000 ____D C:\Users\Marcio\AppData\Local\CrashDumps
2016-03-18 00:24 - 2013-04-27 12:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-03-18 00:20 - 2013-04-27 13:41 - 00000000 ____D C:\Program Files\DsNET Corp
2016-03-18 00:20 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-03-18 00:17 - 2013-05-03 14:45 - 00000000 ____D C:\Users\Todos os Usuários\KONAMI
2016-03-18 00:17 - 2013-05-03 14:45 - 00000000 ____D C:\ProgramData\KONAMI
2016-03-18 00:17 - 2013-04-27 14:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-17 23:59 - 2014-02-03 13:48 - 00000000 ____D C:\Program Files\Origin Games
2016-03-17 23:45 - 2015-11-24 13:55 - 00000000 ____D C:\Program Files\Grand Theft Auto V
2016-03-17 23:40 - 2015-06-21 03:13 - 00002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-17 22:54 - 2015-11-28 14:07 - 00000000 ____D C:\Program Files\MPC Cleaner
2016-03-17 22:51 - 2014-08-09 01:58 - 00000000 ___HD C:\Users\Marcio\AppData\Roaming\GoldenGate
2016-03-17 22:00 - 2015-10-01 10:00 - 00000420 _____ C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job
2016-03-17 22:00 - 2015-10-01 10:00 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform
2016-03-17 22:00 - 2015-10-01 10:00 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2016-03-17 21:09 - 2015-06-19 21:09 - 00002420 _____ C:\Windows\Tasks\640757cd-62f7-489a-b1c2-4b4a64f86ca3-5_user.job
2016-03-17 21:09 - 2015-06-19 21:08 - 00002420 _____ C:\Windows\Tasks\640757cd-62f7-489a-b1c2-4b4a64f86ca3-5.job
2016-03-17 21:08 - 2015-06-19 21:08 - 00003112 _____ C:\Windows\Tasks\640757cd-62f7-489a-b1c2-4b4a64f86ca3-1-7.job
2016-03-17 21:06 - 2015-06-19 21:06 - 00005492 _____ C:\Windows\Tasks\640757cd-62f7-489a-b1c2-4b4a64f86ca3-7.job
2016-03-17 21:06 - 2015-06-19 21:06 - 00005158 _____ C:\Windows\Tasks\640757cd-62f7-489a-b1c2-4b4a64f86ca3-11.job
2016-03-17 21:06 - 2015-06-19 21:06 - 00004132 _____ C:\Windows\Tasks\640757cd-62f7-489a-b1c2-4b4a64f86ca3-3.job
2016-03-17 19:29 - 2009-07-14 01:34 - 00028672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-17 19:29 - 2009-07-14 01:34 - 00028672 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 19:19 - 2015-07-10 21:57 - 00000000 ____D C:\Users\Todos os Usuários\TorchCrashHandler
2016-03-17 19:19 - 2015-07-10 21:57 - 00000000 ____D C:\ProgramData\TorchCrashHandler
2016-03-17 19:19 - 2015-06-21 03:12 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-17 19:19 - 2013-04-27 14:58 - 00000000 ____D C:\Users\Todos os Usuários\TEMP
2016-03-17 19:19 - 2013-04-27 14:58 - 00000000 ____D C:\ProgramData\TEMP
2016-03-17 19:19 - 2013-04-27 14:41 - 00000000 ____D C:\Users\Marcio\Tracing
2016-03-17 19:19 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-17 12:56 - 2015-12-07 11:35 - 00000890 _____ C:\Windows\Tasks\CatalinaGroupUpdateTaskUserS-1-5-21-2575527652-1528111661-3227582252-1000Core.job
2016-03-17 10:44 - 2013-05-05 15:36 - 00000000 ____D C:\Users\Marcio\AppData\Local\Adobe
2016-03-16 23:38 - 2014-09-24 01:11 - 01851392 _____ C:\Users\Marcio\Documents\MyStickyNotes.esnx
2016-03-16 11:09 - 2013-05-22 12:17 - 00000000 ____D C:\Users\Todos os Usuários\Spyware Terminator
2016-03-16 11:09 - 2013-05-22 12:17 - 00000000 ____D C:\ProgramData\Spyware Terminator
2016-03-16 01:27 - 2015-09-30 17:04 - 00002991 _____ C:\Users\Marcio\Desktop\Popcorn Time.lnk
2016-03-15 09:47 - 2015-12-17 10:54 - 00000000 _____ C:\END
2016-03-15 09:47 - 2015-06-20 16:04 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\RunDir
2016-03-15 00:31 - 2013-04-27 13:32 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-03-12 14:24 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\rescache
2016-03-11 10:17 - 2013-04-27 14:41 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-03-11 10:17 - 2013-04-27 14:41 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-10 19:42 - 2013-04-27 14:57 - 00000000 ____D C:\Windows\Panther
2016-03-10 19:37 - 2016-02-13 10:03 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-10 06:16 - 2013-04-27 12:09 - 01642326 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-10 06:16 - 2009-07-14 05:31 - 00708378 _____ C:\Windows\system32\prfh0416.dat
2016-03-10 06:16 - 2009-07-14 05:31 - 00148158 _____ C:\Windows\system32\prfc0416.dat
2016-03-10 06:11 - 2009-07-14 01:33 - 03806536 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 06:08 - 2014-12-18 10:57 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-05 21:57 - 2013-04-27 16:40 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Audacity
2016-03-05 15:41 - 2016-02-11 20:21 - 00000132 _____ C:\Users\Marcio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-03-04 10:40 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-03 01:48 - 2014-09-24 01:12 - 00000000 ____D C:\Users\Marcio\Documents\Efficient Organizer AutoBackup
2016-02-29 23:41 - 2013-04-27 12:51 - 00000000 ___RD C:\Users\Marcio\Desktop\Diddy
2016-02-27 02:20 - 2013-04-27 13:46 - 00000000 ____D C:\Users\Marcio\AppData\Roaming\Skype
2016-02-26 02:10 - 2015-04-05 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-23 20:11 - 2015-03-19 15:55 - 00000000 ____D C:\Users\Marcio\AppData\Local\PokerStars
2016-02-23 20:11 - 2015-03-19 15:51 - 00000000 ____D C:\Program Files\PokerStars
2016-02-19 17:02 - 2013-12-19 21:51 - 00000000 ____D C:\Program Files\Steam
2016-02-19 14:15 - 2015-07-02 23:02 - 00001532 _____ C:\Users\Marcio\Desktop\ygopro_vs - Atalho.lnk
2016-02-19 14:15 - 2014-05-15 18:59 - 00001297 _____ C:\Users\Marcio\Desktop\mugen - Atalho.lnk
2016-02-18 01:52 - 2013-04-27 12:16 - 00000000 ____D C:\Users\Marcio\AppData\Local\ElevatedDiagnostics
2016-02-17 22:28 - 2014-12-02 12:26 - 00003114 _____ C:\Users\Marcio\Desktop\Músicas - Atalho.lnk
2016-02-17 00:54 - 2013-04-27 13:09 - 00000000 ____D C:\Users\Marcio\Desktop\Arquivos
2016-02-17 00:22 - 2013-04-27 12:54 - 00000000 ____D C:\Users\Marcio\Desktop\PS

==================== Arquivos na raiz de alguns diretórios =======

2015-04-19 09:20 - 2015-06-21 13:09 - 0000626 _____ () C:\Users\Marcio\AppData\Roaming\06XD5DsiPEsP3JjdOCPspVR
2016-02-11 20:21 - 2016-03-05 15:41 - 0000132 _____ () C:\Users\Marcio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-08-14 19:36 - 2013-08-14 19:36 - 0000000 _____ () C:\Users\Marcio\AppData\Roaming\bitlord_log.txt
2016-03-17 22:39 - 2016-03-17 22:41 - 0001294 _____ () C:\Users\Marcio\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-17 22:39 - 2016-03-17 22:40 - 0005720 _____ () C:\Users\Marcio\AppData\Roaming\Bubble Dock.installation.log
2014-05-29 04:31 - 2014-05-29 04:31 - 0138056 _____ () C:\Users\Marcio\AppData\Roaming\PnkBstrK.sys
2014-11-15 16:50 - 2014-11-15 16:50 - 0045270 _____ () C:\Users\Marcio\AppData\Roaming\room_v3.dat
2016-03-17 22:41 - 2016-03-17 22:41 - 0000078 _____ () C:\Users\Marcio\AppData\Roaming\Selection Tools.installation.log
2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 _____ () C:\Users\Marcio\AppData\Roaming\uHaFbkvQuIR7GRVRHJMRvTMpx
2013-12-19 00:42 - 2014-03-31 04:02 - 0000167 _____ () C:\Users\Marcio\AppData\Roaming\WB.CFG
2015-11-28 11:54 - 2015-11-28 11:54 - 0004313 _____ () C:\Users\Marcio\AppData\Roaming\webad.xml
2016-03-17 22:39 - 2016-03-17 22:39 - 0000097 _____ () C:\Users\Marcio\AppData\Roaming\WindApp.boostrap.log
2016-03-17 22:41 - 2016-03-17 22:41 - 0000078 _____ () C:\Users\Marcio\AppData\Roaming\WindApp.installation.log
2015-11-28 14:48 - 2015-11-28 14:48 - 0000161 _____ () C:\Users\Marcio\AppData\Roaming\xcgui_debug.txt
2014-09-25 11:10 - 2014-09-25 11:10 - 0418156 _____ () C:\Users\Marcio\AppData\Local\ars.cache
2015-10-23 09:07 - 2015-10-23 09:07 - 0000000 _____ () C:\Users\Marcio\AppData\Local\BITD567.tmp
2013-05-30 17:10 - 2014-07-10 22:56 - 0014336 _____ () C:\Users\Marcio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-25 10:49 - 2014-09-25 10:49 - 0000036 _____ () C:\Users\Marcio\AppData\Local\housecall.guid.cache
2015-05-25 11:44 - 2015-05-25 11:44 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nsc59CE.tmp
2015-06-17 12:21 - 2015-06-17 12:21 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nsh3081.tmp
2015-06-16 22:12 - 2015-06-16 22:12 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nsh45C5.tmp
2015-06-10 19:39 - 2015-06-10 19:38 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nsrAA23.tmp
2015-06-19 16:14 - 2015-06-19 16:13 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nss5668.tmp
2015-06-06 15:19 - 2015-06-06 15:18 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nsuB3B4.tmp
2015-06-05 12:01 - 2015-06-05 12:01 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nsy92AC.tmp
2015-06-03 12:44 - 2015-06-03 12:44 - 0613255 _____ (CMI Limited) C:\Users\Marcio\AppData\Local\nsy99AE.tmp
2013-08-14 19:40 - 2013-08-14 19:40 - 0000218 _____ () C:\Users\Marcio\AppData\Local\recently-used.xbel
2015-01-23 14:53 - 2015-01-23 14:53 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor1031reg
2015-01-23 00:17 - 2015-01-23 00:17 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor1088reg
2015-01-23 16:57 - 2015-01-23 16:57 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor1441reg
2015-02-04 11:34 - 2015-02-04 11:34 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor1946reg
2015-01-25 09:31 - 2015-01-25 09:31 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor2208reg
2015-01-25 19:22 - 2015-01-25 19:22 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor2280reg
2015-01-26 10:19 - 2015-01-26 10:19 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor2376reg
2015-02-01 20:27 - 2015-02-01 20:27 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor3177reg
2015-02-03 12:09 - 2015-02-03 12:09 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor3238reg
2015-01-23 11:01 - 2015-01-23 11:01 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor3802reg
2015-01-22 15:26 - 2015-01-22 15:26 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor3923reg
2015-01-22 07:47 - 2015-01-22 07:47 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor4973reg
2015-01-23 12:12 - 2015-01-23 12:12 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor5298reg
2015-01-22 22:45 - 2015-01-22 22:45 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor6075reg
2015-02-02 11:38 - 2015-02-02 11:38 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor633reg
2015-01-21 07:19 - 2015-01-21 07:19 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor6714reg
2015-02-02 15:42 - 2015-02-02 15:42 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor7085reg
2015-01-20 17:19 - 2015-01-20 17:19 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor7499reg
2014-12-18 11:00 - 2014-12-18 11:00 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor7589reg
2015-01-28 09:45 - 2015-01-28 09:45 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor8119reg
2015-01-23 13:44 - 2015-01-23 13:44 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor820reg
2015-01-06 17:23 - 2015-01-06 17:23 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor8440reg
2014-12-16 11:18 - 2014-12-16 11:18 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor8906reg
2015-01-23 11:35 - 2015-01-23 11:35 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor8986reg
2015-02-02 16:12 - 2015-02-02 16:12 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor9195reg
2015-02-01 21:31 - 2015-02-01 21:31 - 0000131 _____ () C:\Users\Marcio\AppData\Local\Temphistor9354reg
2015-02-05 12:28 - 2015-02-05 12:28 - 0000000 _____ () C:\Users\Marcio\AppData\Local\TempXHRtcC50bWZw
2015-11-21 10:18 - 2015-11-21 10:18 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{888923BF-19F8-4158-9675-322BDC951608}
2015-10-23 09:01 - 2015-10-23 09:01 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{AAA3BD0B-1F4F-4815-A277-65570B9645FA}
2015-11-10 06:46 - 2015-11-10 06:46 - 0000000 _____ () C:\Users\Marcio\AppData\Local\{F8F3C44A-A829-4C3F-B137-83B5869DB56A}
2015-02-05 12:26 - 2015-02-05 12:26 - 0000005 _____ () C:\ProgramData\101
2014-12-16 11:18 - 2014-12-16 11:18 - 0000004 _____ () C:\ProgramData\17
2015-02-04 11:34 - 2015-02-04 11:34 - 0000005 _____ () C:\ProgramData\191
2015-01-21 07:19 - 2015-01-21 07:19 - 0000004 _____ () C:\ProgramData\98
2015-01-20 17:19 - 2015-01-20 17:19 - 0000004 _____ () C:\ProgramData\99
2014-11-01 05:33 - 2014-11-01 05:33 - 0000020 _____ () C:\ProgramData\bc.ini
2015-11-28 12:52 - 2015-11-26 06:58 - 4127064 _____ () C:\ProgramData\ch_dl_url
2013-11-22 08:40 - 2013-11-22 08:40 - 0170344 _____ (Baidu, Inc.) C:\ProgramData\FileSplitUpLoad.dll
2014-03-26 22:42 - 2015-04-13 19:43 - 0010236 _____ () C:\ProgramData\hpzinstall.log
2015-09-30 14:08 - 2015-04-24 03:22 - 1029096 _____ (ShenZhen Enode Techology co,.Ltd) C:\ProgramData\WeatherMini.exe
2015-11-28 16:06 - 2015-11-28 16:06 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Arquivos para serem movidos ou deletados:
====================
C:\Users\Marcio\AppData\Local\Temp\is-PO5EM.tmp\print.exe
C:\ProgramData\FileSplitUpLoad.dll
C:\ProgramData\WeatherMini.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Public\Patchv23-SITECS-2013.exe
C:\Users\Public\sXeInjectedSetup.14.0.Fix.2.exe
C:\Users\Todos os Usuários\FileSplitUpLoad.dll
C:\Users\Todos os Usuários\WeatherMini.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Alguns arquivos em TEMP:
====================
C:\Users\Marcio\AppData\Local\Temp\26438.exe
C:\Users\Marcio\AppData\Local\Temp\2901.exe
C:\Users\Marcio\AppData\Local\Temp\3095.exe
C:\Users\Marcio\AppData\Local\Temp\4630.exe
C:\Users\Marcio\AppData\Local\Temp\4916C34F-D681-3BA5-7E60-3822A0D47CAD.dll
C:\Users\Marcio\AppData\Local\Temp\4980.exe
C:\Users\Marcio\AppData\Local\Temp\62E701F2-A93B-E5F0-7047-648F525B28C7.exe
C:\Users\Marcio\AppData\Local\Temp\6623.exe
C:\Users\Marcio\AppData\Local\Temp\7015.exe
C:\Users\Marcio\AppData\Local\Temp\7114.exe
C:\Users\Marcio\AppData\Local\Temp\712.exe
C:\Users\Marcio\AppData\Local\Temp\7672.exe
C:\Users\Marcio\AppData\Local\Temp\8638.exe
C:\Users\Marcio\AppData\Local\Temp\8882.exe
C:\Users\Marcio\AppData\Local\Temp\9316.exe
C:\Users\Marcio\AppData\Local\Temp\9QITA5IJLW.exe
C:\Users\Marcio\AppData\Local\Temp\ABC06D0D163A42EDA0FCD09E38B7EC4F.exe
C:\Users\Marcio\AppData\Local\Temp\adwcleaner-4-206-multi-win.exe
C:\Users\Marcio\AppData\Local\Temp\aplicativoitau.exe
C:\Users\Marcio\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Marcio\AppData\Local\Temp\avast_free_antivirus_setup_online.exe
C:\Users\Marcio\AppData\Local\Temp\avira_ptbr_av_55c3bdea40b93__ws.exe
C:\Users\Marcio\AppData\Local\Temp\BackupSetup.exe
C:\Users\Marcio\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe
C:\Users\Marcio\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.5.65301.exe
C:\Users\Marcio\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.7.72269.exe
C:\Users\Marcio\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.9.76716.exe
C:\Users\Marcio\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.9.107990.exe
C:\Users\Marcio\AppData\Local\Temp\Baidu_Secure_SystemUp_5.1.3.126764.exe
C:\Users\Marcio\AppData\Local\Temp\BavPro_Setup_Mini_051.exe
C:\Users\Marcio\AppData\Local\Temp\bdg4507.exe
C:\Users\Marcio\AppData\Local\Temp\bdgD063.exe
C:\Users\Marcio\AppData\Local\Temp\bdgDC1D.exe
C:\Users\Marcio\AppData\Local\Temp\CitrioSetup.exe
C:\Users\Marcio\AppData\Local\Temp\CloudBackup4617.exe
C:\Users\Marcio\AppData\Local\Temp\dotNetFx40_Client_setup.exe
C:\Users\Marcio\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Marcio\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Marcio\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Marcio\AppData\Local\Temp\E60EBAA4-7AF6-F88D-1DA2-D55004A65BA9.dll
C:\Users\Marcio\AppData\Local\Temp\E60EBAA4-7AF6-F88D-1DA2-D55004A65BA9.exe
C:\Users\Marcio\AppData\Local\Temp\Firefox Setup Stub 38.0.5.exe
C:\Users\Marcio\AppData\Local\Temp\GUR4C6A.exe
C:\Users\Marcio\AppData\Local\Temp\htmlayout.dll
C:\Users\Marcio\AppData\Local\Temp\ICReinstall_advanced-pdf-to-jpg-converter-19934-baixaki-32-bits.exe
C:\Users\Marcio\AppData\Local\Temp\ICReinstall_JSE_install_app-1436575429466.exe
C:\Users\Marcio\AppData\Local\Temp\ICReinstall_pcsx2-10-32-bits.exe
C:\Users\Marcio\AppData\Local\Temp\ICReinstall_virtualbox-4-3-14-95030-32-bits.exe
C:\Users\Marcio\AppData\Local\Temp\install_reader11_br_mssd_awb_aih.exe
C:\Users\Marcio\AppData\Local\Temp\MEGAsyncSetup.exe
C:\Users\Marcio\AppData\Local\Temp\MsgPlusUninstall.exe
C:\Users\Marcio\AppData\Local\Temp\nsg3E40.exe
C:\Users\Marcio\AppData\Local\Temp\nsj59A7.exe
C:\Users\Marcio\AppData\Local\Temp\nsyBEEC.exe
C:\Users\Marcio\AppData\Local\Temp\offer-8FF11C63-2288-4F1F-8007-28EB21B7295D1.exe
C:\Users\Marcio\AppData\Local\Temp\ose00000.exe
C:\Users\Marcio\AppData\Local\Temp\Popcorn-Time-0.3.8-2-Setup.exe
C:\Users\Marcio\AppData\Local\Temp\Popcorn-Time-0.3.8-5-Setup.exe
C:\Users\Marcio\AppData\Local\Temp\PriceFountainUpdateVer.exe
C:\Users\Marcio\AppData\Local\Temp\RegClean2.exe
C:\Users\Marcio\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Marcio\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Marcio\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Marcio\AppData\Local\Temp\setup.exe
C:\Users\Marcio\AppData\Local\Temp\setup_553.exe
C:\Users\Marcio\AppData\Local\Temp\setup_B348.exe
C:\Users\Marcio\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marcio\AppData\Local\Temp\spark_install.exe
C:\Users\Marcio\AppData\Local\Temp\sqlite3.dll
C:\Users\Marcio\AppData\Local\Temp\toolbar23352335.exe
C:\Users\Marcio\AppData\Local\Temp\TorchSetup-r23-n-bc.exe
C:\Users\Marcio\AppData\Local\Temp\TsuA59F463B.dll
C:\Users\Marcio\AppData\Local\Temp\tu17p84.exe
C:\Users\Marcio\AppData\Local\Temp\uninst1.exe
C:\Users\Marcio\AppData\Local\Temp\Uninstall.exe
C:\Users\Marcio\AppData\Local\Temp\uninstall23742962.exe
C:\Users\Marcio\AppData\Local\Temp\UNT5F3A.exe
C:\Users\Marcio\AppData\Local\Temp\UNT5F3C.exe
C:\Users\Marcio\AppData\Local\Temp\UNT5F3E.exe
C:\Users\Marcio\AppData\Local\Temp\update.exe
C:\Users\Marcio\AppData\Local\Temp\Update_f947.exe
C:\Users\Marcio\AppData\Local\Temp\uTorrent.exe
C:\Users\Marcio\AppData\Local\Temp\V4GT9Qu96N.exe
C:\Users\Marcio\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Marcio\AppData\Local\Temp\winziprosetup-WZRO6_20130221.exe
C:\Users\Marcio\AppData\Local\Temp\XU5I8RCQM8.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-03-09 00:14

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité