Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:09-05-2016
Executado por PC (administrador) em PC-PC (09-05-2016 15:33:19)
Executando a partir de C:\Users\PC\Desktop
Perfis Carregados: PC (Perfis Disponíveis: PC)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\jnsb1FB.tmp
() C:\ProgramData\Lamzap\Lamzap.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\sqlservr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\hnsg2046.tmp
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\knslE0AF.tmpfs
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231\qnsgB7BC.tmp
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(HsljuT) C:\Program Files (x86)\sunnyday\otutnetwork.exe
(HsljuT) C:\Program Files (x86)\mobilepcstarterkit\otutnetwork.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\PC\AppData\Local\SunnyDay21\usun.exe
() C:\Program Files (x86)\sunnyday\wincom_K5T.exe
() C:\Users\PC\AppData\Roaming\cpuminer\cpm.exe
() C:\Program Files (x86)\mobilepcstarterkit\wincom_0LT.exe
(ImageEd) C:\Users\PC\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe
(JUASz) C:\Program Files\Caster\wizzcaster.exe
() C:\ProgramData\msiql.exe
() C:\LedCommerce\Utilitarios\Backup_Automatico.exe
() C:\Program Files (x86)\SunnyDay21\SunnyDay.exe
() C:\Program Files (x86)\comoBoss\comowin.exe
() C:\Program Files (x86)\badu\uc.exe
(VLOME) C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
() C:\Users\PC\AppData\Roaming\msiql.exe
() C:\Users\PC\AppData\Local\Temp\30269\Setup.exe
() C:\Program Files (x86)\Torrent Search\IEEF\INFoanSeSFZQ.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe
() C:\Program Files\UBar\UbarService.exe
(UBar Plugin Soft) C:\Program Files\UBar\ubar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\SunnyDay21\SunnyDay.exe
() C:\Program Files (x86)\comoBoss\comowin.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [IDSCCOMZZ2] => "C:\Program Files\Sound+\idsccom_ZZ2.exe"
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM\...\Run: [WINCOMK5T] => C:\Program Files (x86)\sunnyday\wincom_K5T.exe [4325888 2016-05-09] ()
HKLM\...\Run: [cpuminer] => C:\Users\PC\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-03-31] ()
HKLM\...\Run: [WINCOM0LT] => C:\Program Files (x86)\mobilepcstarterkit\wincom_0LT.exe [4325888 2016-05-09] ()
HKLM-x32\...\Run: [LedBackup] => C:\LedCommerce\Utilitarios\Backup_Automatico.exe [752640 2015-08-27] ()
HKLM-x32\...\Run: [sun21] => C:\Program Files (x86)\SunnyDay21\SunnyDay.exe [4332032 2016-05-09] ()
HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4325888 2016-05-08] ()
HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [307290 2016-05-08] ()
HKLM\...\RunOnce: [OTUTPRODUCT_XKCHZ] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [188928 2016-05-09] (HsljuT)
HKLM\...\RunOnce: [OTUTPRODUCT_XOIOP] => C:\Program Files (x86)\mobilepcstarterkit\otutnetwork.exe [188928 2016-05-09] (HsljuT)
HKLM-x32\...\RunOnce: [usun.exe] => C:\Users\PC\AppData\Local\SunnyDay21\usun.exe [3294720 2016-05-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [ImageEd] => C:\Users\PC\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe [395944 2016-05-05] (ImageEd)
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [YeaInstaller] => C:\Users\PC\AppData\Local\Temp\REXDG78NH\REXDG78NH.exe [1970176 2016-05-09] (TZ) <===== ATENÇÃO
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [Caster] => C:\Program Files\Caster\wizzcaster.exe [172032 2016-05-09] (JUASz)
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [msiql] => c:\users\pc\appdata\roaming\msiql.exe [1920000 2016-05-09] ()
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-16] ()
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [Pritc] => C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe [2958848 2016-05-09] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\MountPoints2: {6b5aef56-0dfc-11e6-b5f2-f04da2e1c080} - F:\Setup.exe
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\MountPoints2: {6b5aef5c-0dfc-11e6-b5f2-f04da2e1c080} - F:\Setup.exe
AppInit_DLLs: C:\ProgramData\Lamzap\RoundLex.dll => C:\ProgramData\Lamzap\RoundLex.dll [361984 2016-05-09] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\Homestrong.dll => C:\ProgramData\Lamzap\Homestrong.dll [257536 2016-05-09] ()
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 189.45.16.18 189.45.16.19 8.8.8.8
Tcpip\..\Interfaces\{4DE7F42F-045F-4348-A79A-D59E5E3C4B61}: [DhcpNameServer] 189.45.16.18 189.45.16.19 8.8.8.8
Tcpip\..\Interfaces\{5378B1F5-46BC-4781-8E8D-7C4899370996}: [DhcpNameServer] 192.168.0.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\38w9icVLckkY.dll [2016-05-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\qcZtGKqHlUOe.dll [2016-05-09] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default
FF NewTab: C:\\ProgramData\\Lamzaps\\ff.NT
FF DefaultSearchEngine: findit
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\searchplugins\findit.xml [2016-05-09]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\searchplugins\Search Provided by Yahoo.xml [2016-03-28]
FF Extension: Personas Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\extensions\personas@christopher.beard.xpi [2016-04-17]
FF Extension: TSearch - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-05-09] [não assinado]
FF HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => não encontrado (a)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-13]
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-13]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13]
CHR Extension: (Search Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-05-02]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-01-13]
CHR Extension: (Marc Ecko) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-01-16]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-13]
CHR Extension: (Skype Calling) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-02-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKU\S-1-5-21-2760107221-826286760-2741309303-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [948736 2016-05-09] () [Arquivo não assinado]
R2 forilysy; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\jnsb1FB.tmp [97792 2016-05-09] () [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-04-27] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2783744 2016-05-09] (TODO: ) [Arquivo não assinado]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [948736 2016-05-09] () [Arquivo não assinado]
S2 lrcReportsService; C:\Program Files (x86)\Lorckphsary\lrcReportsService.exe [1005736 2016-05-06] ()
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-09] (DotC United Inc)
R2 MSSQL$LEDWARE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 rijufoze; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\hnsg2046.tmp [138240 2016-05-09] () [Arquivo não assinado]
S4 SQLAgent$LEDWARE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
R2 UbarPolicyProvider; C:\Program Files\UBar\UbarService.exe [96264 2016-05-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 zigipyro; C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231\qnsgB7BC.tmp [158720 2015-12-26] () [Arquivo não assinado]
R2 syfyfubozbt; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\knslE0AF.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-01-19] (Highresolution Enterprises [www.highrez.co.uk])
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-09] (DotC United Inc)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
R2 UbarCalloutDriver; C:\Program Files\UBar\UbarDriver.sys [13392 2016-05-09] ()
R3 usbio; C:\Windows\System32\Drivers\usbio_x64.sys [48488 2012-11-12] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-09 15:33 - 2016-05-09 15:33 - 00023283 _____ C:\Users\PC\Desktop\FRST.txt
2016-05-09 15:33 - 2016-05-09 15:33 - 00000000 ____D C:\FRST
2016-05-09 15:31 - 2016-05-09 15:32 - 02381312 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2016-05-09 15:27 - 2016-05-09 15:27 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2016-05-09 15:25 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-05-09 15:23 - 2016-05-09 15:23 - 00413439 _____ C:\Users\Todos os Usuários\xdo.zip
2016-05-09 15:23 - 2016-05-09 15:23 - 00413439 _____ C:\ProgramData\xdo.zip
2016-05-09 15:23 - 2016-04-26 18:03 - 01253376 _____ (eee) C:\Users\Todos os Usuários\apptj.exe
2016-05-09 15:23 - 2016-04-26 18:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe
2016-05-09 15:22 - 2016-05-09 15:22 - 00001011 _____ C:\Users\Public\Desktop\ttwifi.lnk
2016-05-09 15:22 - 2016-05-09 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ttwifi
2016-05-09 15:22 - 2016-05-09 15:22 - 00000000 ____D C:\Program Files (x86)\ttwifi
2016-05-09 15:21 - 2016-05-09 15:25 - 00003072 _____ C:\Windows\System32\Tasks\osTip
2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\Program Files (x86)\osTip
2016-05-09 15:21 - 2016-05-09 15:21 - 00000000 ____D C:\Program Files (x86)\Hostify
2016-05-09 15:21 - 2016-05-09 15:13 - 00073402 _____ C:\Users\Todos os Usuários\YSIns.exe
2016-05-09 15:21 - 2016-05-09 15:13 - 00073402 _____ C:\ProgramData\YSIns.exe
2016-05-09 15:20 - 2016-05-09 15:25 - 00000000 ____D C:\Users\Todos os Usuários\Lamzap
2016-05-09 15:20 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\Lamzap
2016-05-09 15:20 - 2016-05-09 15:20 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-05-09 15:20 - 2016-05-09 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Lamzaps
2016-05-09 15:20 - 2016-05-09 15:20 - 00000000 ____D C:\ProgramData\Lamzaps
2016-05-09 15:20 - 2016-04-25 12:06 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-05-09 15:20 - 2016-04-25 12:06 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-05-09 15:19 - 2016-05-09 15:19 - 01626777 _____ C:\Users\PC\AppData\Roaming\TrippleQvofix.tst
2016-05-09 15:19 - 2016-05-09 15:19 - 00072717 _____ C:\Users\PC\AppData\Roaming\Tresplus.tst
2016-05-09 15:19 - 2016-05-09 15:19 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-05-09 15:19 - 2016-05-09 15:19 - 00000000 ____D C:\ProgramData\Windows Update
2016-05-09 15:19 - 2016-05-09 15:16 - 00948736 _____ C:\Users\PC\AppData\Roaming\TrippleQvofix.exe
2016-05-09 15:19 - 2016-04-19 05:58 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:19 - 2016-04-19 05:58 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:18 - 2016-05-09 15:18 - 00848437 _____ C:\Users\PC\AppData\Roaming\U-Saoin.bin
2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\MCorp
2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\gplyra
2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\cpuminer
2016-05-09 15:18 - 2016-05-09 15:16 - 00948736 _____ C:\Users\PC\AppData\Roaming\Tresplus.exe
2016-05-09 15:17 - 2016-05-06 01:51 - 01085440 _____ C:\Users\PC\AppData\Roaming\delCalendarReg.exe
2016-05-09 15:16 - 2016-05-09 15:27 - 02783744 _____ (TODO: ) C:\Users\PC\AppData\Roaming\svrupg.exe
2016-05-09 15:16 - 2016-05-09 15:23 - 00000000 ____D C:\Program Files (x86)\mobilepcstarterkit
2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Users\PC\AppData\Roaming\CalendarTool
2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Program Files (x86)\badu
2016-05-09 15:16 - 2016-05-09 03:45 - 01920000 _____ C:\Users\Todos os Usuários\msiql.exe
2016-05-09 15:16 - 2016-05-09 03:45 - 01920000 _____ C:\ProgramData\msiql.exe
2016-05-09 15:15 - 2016-05-09 15:16 - 00000000 ____D C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231
2016-05-09 15:15 - 2016-05-09 15:15 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-05-09 15:15 - 2016-04-19 05:58 - 00600312 _____ C:\Users\PC\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:14 - 2016-05-09 03:45 - 01920000 _____ C:\Users\PC\AppData\Roaming\msiql.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\Users\Todos os Usuários\service.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\Users\PC\AppData\Roaming\service.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\ProgramData\service.exe
2016-05-09 15:13 - 2016-05-09 15:24 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-05-09 15:13 - 2016-05-09 15:13 - 00000286 __RSH C:\Users\PC\ntuser.pol
2016-05-09 15:11 - 2016-05-09 15:23 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-05-09 15:11 - 2016-05-09 15:23 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-05-09 15:11 - 2016-05-09 15:20 - 06494208 _____ C:\Users\PC\AppData\Roaming\agent.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 00126464 _____ C:\Users\PC\AppData\Roaming\noah.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 00065568 _____ C:\Users\PC\AppData\Roaming\Config.xml
2016-05-09 15:11 - 2016-05-09 15:20 - 00018432 _____ C:\Users\PC\AppData\Roaming\Main.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 00005568 _____ C:\Users\PC\AppData\Roaming\md.xml
2016-05-09 15:11 - 2016-05-09 15:19 - 00126464 _____ C:\Users\PC\AppData\Roaming\lobby.dat
2016-05-09 15:11 - 2016-05-09 15:19 - 00054272 _____ C:\Users\PC\AppData\Roaming\ApplicationHosting.dat
2016-05-09 15:11 - 2016-05-09 15:11 - 01626777 _____ C:\Users\PC\AppData\Roaming\Greenjob.tst
2016-05-09 15:11 - 2016-05-09 15:11 - 00848437 _____ C:\Users\PC\AppData\Roaming\Trisdax.bin
2016-05-09 15:11 - 2016-05-09 15:11 - 00072717 _____ C:\Users\PC\AppData\Roaming\Ranksoft.tst
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Users\Todos os Usuários\Statdex
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Users\PC\AppData\LocalLow\TSearch
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\ProgramData\Statdex
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231
2016-05-09 15:11 - 2016-05-09 15:10 - 00948736 _____ C:\Users\PC\AppData\Roaming\Ranksoft.exe
2016-05-09 15:11 - 2016-05-09 15:10 - 00948736 _____ C:\Users\PC\AppData\Roaming\Greenjob.exe
2016-05-09 15:11 - 2016-05-09 15:08 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-05-09 15:10 - 2016-05-09 15:16 - 00127488 _____ C:\Users\PC\AppData\Roaming\Installer.dat
2016-05-09 15:10 - 2016-05-09 15:16 - 00015888 _____ C:\Users\PC\AppData\Roaming\InstallationConfiguration.xml
2016-05-09 15:10 - 2016-05-09 15:13 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-05-09 15:10 - 2016-05-09 15:10 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-05-09 15:10 - 2016-05-09 15:10 - 00000000 ____D C:\Users\PC\AppData\Local\csdi_monetize_220160509
2016-05-09 15:10 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\comoBoss
2016-05-09 15:09 - 2016-05-09 15:28 - 00000000 ____D C:\Users\PC\AppData\Local\SunnyDay21
2016-05-09 15:09 - 2016-05-09 15:13 - 00000324 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job
2016-05-09 15:09 - 2016-05-09 15:10 - 00000000 ____D C:\Users\PC\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-09 15:09 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\hohobnd
2016-05-09 15:09 - 2016-05-09 15:09 - 00008954 _____ C:\Windows\System32\Tasks\Lorckphsary Reports
2016-05-09 15:09 - 2016-05-09 15:09 - 00002946 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search2
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Users\PC\AppData\Roaming\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Users\PC\AppData\Local\tuto_monetize_120160509
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files\Caster
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files (x86)\SunnyDay21
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files (x86)\Lorckphsary
2016-05-09 15:08 - 2016-05-09 15:25 - 00000324 _____ C:\Windows\Tasks\Update Service for Torrent Search.job
2016-05-09 15:08 - 2016-05-09 15:09 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-05-09 15:08 - 2016-05-09 15:08 - 00002644 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search
2016-05-09 15:07 - 2016-05-09 15:21 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-05-09 15:07 - 2016-05-09 15:08 - 00000000 ____D C:\Program Files (x86)\Torrent Search
2016-05-09 15:06 - 2016-05-09 15:06 - 00000000 ____D C:\Users\PC\AppData\Local\csdi_monetize_120160509
2016-05-09 15:05 - 2016-05-09 15:19 - 00000000 ____D C:\Program Files\Sound+
2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\Users\Todos os Usuários\UBar
2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\ProgramData\UBar
2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\Program Files\UBar
2016-05-09 15:04 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\HomePageDefender
2016-05-09 15:04 - 2016-05-09 15:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\ImageCropResize
2016-05-03 14:19 - 2016-05-03 14:19 - 00001014 _____ C:\Users\PC\Desktop\TagScanner.lnk
2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\TagScanner
2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\Program Files (x86)\TagScanner
2016-05-03 14:17 - 2016-05-03 14:18 - 02623253 _____ (Sergey Serkov ) C:\Users\PC\Downloads\tagscan-6.0.8-setup.exe
2016-05-03 14:16 - 2016-05-03 14:17 - 00000529 _____ C:\Windows\mp3tageditor.INI
2016-05-03 14:15 - 2016-05-03 14:15 - 00001028 _____ C:\Users\Public\Desktop\Reezaa MP3 Tag Editor.lnk
2016-05-03 14:15 - 2016-05-03 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reezaa MP3 Tag Editor
2016-05-03 14:15 - 2016-05-03 14:15 - 00000000 ____D C:\Program Files (x86)\Reezaa MP3 Tag Editor
2016-05-03 14:14 - 2016-05-03 14:14 - 00706136 _____ (Reezaa.com ) C:\Users\PC\Downloads\mp3tageditor.exe
2016-04-29 16:07 - 2016-04-29 16:07 - 00000000 ____D C:\Program Files (x86)\android-sdk
2016-04-29 15:27 - 2016-04-29 15:27 - 00000000 ____D C:\Windows\android-sdk-windows
2016-04-29 15:04 - 2016-04-29 15:04 - 00000000 ____D C:\Users\PC\.android
2016-04-29 15:03 - 2016-05-02 16:13 - 00000000 ____D C:\Users\PC\Desktop\com.ea.games.r3_row
2016-04-29 13:38 - 2016-04-29 13:38 - 00000000 ____D C:\Program Files\ZenFoneRootKit
2016-04-29 13:38 - 2016-04-29 13:38 - 00000000 ____D C:\Program Files (x86)\ZenFoneRootKit
2016-04-29 12:58 - 2016-04-29 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-04-29 12:58 - 2016-04-29 12:58 - 00000000 ____D C:\Program Files\7-Zip
2016-04-29 12:55 - 2016-04-29 12:56 - 01371668 _____ (Igor Pavlov) C:\Users\PC\Downloads\7z1514-x64.exe
2016-04-26 09:24 - 2016-04-26 09:24 - 00000009 ____N C:\Users\Todos os Usuários\a.bat
2016-04-26 09:24 - 2016-04-26 09:24 - 00000009 ____N C:\ProgramData\a.bat
2016-04-15 14:54 - 2016-04-15 15:07 - 00666240 _____ C:\Users\PC\Desktop\SINTEGRA MARÇO 2016.txt
2016-04-15 13:35 - 2016-04-15 16:58 - 00000000 ____D C:\Users\PC\Desktop\x
2016-04-15 13:30 - 2016-04-15 13:30 - 00000370 _____ C:\Users\PC\Desktop\123.txt
2016-04-12 20:02 - 2016-04-12 20:02 - 00395776 _____ C:\Users\PC\Documents\Untitled-1.cdr
2016-04-12 17:52 - 2016-04-12 17:49 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2016-04-12 17:50 - 2016-04-12 17:50 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-04-12 17:49 - 2016-04-16 14:03 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-04-12 17:49 - 2016-04-16 14:03 - 00000000 ____D C:\ProgramData\Corel
2016-04-12 17:49 - 2016-04-12 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2016-04-12 17:49 - 2016-04-12 17:49 - 00000000 ____D C:\Program Files\Corel
2016-04-11 15:41 - 2016-04-11 15:41 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-11 13:09 - 2016-04-11 13:47 - 00660352 _____ C:\Users\PC\Desktop\SINTEGRA MARÇO.txt
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-09 15:32 - 2009-07-14 01:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-09 15:32 - 2009-07-14 01:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-09 15:31 - 2016-01-12 21:07 - 01657136 _____ C:\Windows\system32\prfh0416.dat
2016-05-09 15:31 - 2016-01-12 21:07 - 01017698 _____ C:\Windows\system32\prfc0416.dat
2016-05-09 15:31 - 2009-07-14 02:13 - 00006680 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-09 15:25 - 2016-03-03 12:36 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-05-09 15:24 - 2016-01-13 10:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-09 15:24 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-09 15:20 - 2016-01-13 16:48 - 00002031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-09 15:20 - 2016-01-13 10:06 - 00002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-09 15:20 - 2016-01-13 00:15 - 00002305 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-09 15:17 - 2016-01-13 10:04 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-09 15:13 - 2016-01-13 00:14 - 00000000 ____D C:\Users\PC
2016-05-09 15:10 - 2016-01-13 00:15 - 00002283 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-05-09 15:07 - 2016-03-28 18:15 - 00000766 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-05-09 15:07 - 2016-03-28 18:15 - 00000766 __RSH C:\ProgramData\ntuser.pol
2016-05-09 15:07 - 2016-01-13 09:59 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-09 15:07 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-09 14:49 - 2016-01-15 16:23 - 00011893 _____ C:\Windows\SysWOW64\BemaFI32.ini
2016-05-09 14:49 - 2016-01-15 16:23 - 00000000 ____D C:\LedCommerce
2016-05-09 11:21 - 2016-01-25 09:33 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2016-05-08 12:00 - 2016-01-20 07:42 - 00002294 _____ C:\Retorno.txt
2016-05-08 12:00 - 2016-01-15 16:23 - 00011877 _____ C:\Windows\BemaFI32.ini
2016-05-03 12:37 - 2016-03-16 15:26 - 00000000 ___RD C:\Users\PC\Desktop\Léo
2016-04-29 15:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-04-19 08:39 - 2016-04-08 14:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-04-17 11:59 - 2016-04-08 14:52 - 00000000 ___SD C:\Users\PC\AppData\LocalLow\Temp
2016-04-15 16:53 - 2016-01-19 13:21 - 00000109 _____ C:\Windows\ODBC.INI
2016-04-15 16:01 - 2016-01-13 10:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-15 14:24 - 2016-02-01 09:24 - 00000000 ____D C:\Program Files (x86)\Validador Sintegra 2015
2016-04-12 17:59 - 2016-04-08 16:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\Corel
2016-04-12 17:59 - 2016-04-08 15:53 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64
2016-04-12 17:59 - 2016-04-08 15:53 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2016-04-12 17:59 - 2016-01-13 09:54 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2016-04-12 17:51 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-09 08:06 - 2009-07-14 01:45 - 00494312 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Arquivos na raiz de alguns diretórios =======
2016-05-09 15:11 - 2016-05-09 15:20 - 6494208 _____ () C:\Users\PC\AppData\Roaming\agent.dat
2016-05-09 15:11 - 2016-05-09 15:19 - 0054272 _____ () C:\Users\PC\AppData\Roaming\ApplicationHosting.dat
2016-05-09 15:10 - 2016-05-09 15:11 - 0001222 _____ () C:\Users\PC\AppData\Roaming\Bubble Dock.boostrap.log
2016-05-09 15:11 - 2016-05-09 15:20 - 0065568 _____ () C:\Users\PC\AppData\Roaming\Config.xml
2016-05-09 15:17 - 2016-05-06 01:51 - 1085440 _____ () C:\Users\PC\AppData\Roaming\delCalendarReg.exe
2016-05-09 15:11 - 2016-05-09 15:10 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Greenjob.exe
2016-05-09 15:11 - 2016-05-09 15:11 - 1626777 _____ () C:\Users\PC\AppData\Roaming\Greenjob.tst
2016-05-09 15:10 - 2016-05-09 15:16 - 0015888 _____ () C:\Users\PC\AppData\Roaming\InstallationConfiguration.xml
2016-05-09 15:10 - 2016-05-09 15:16 - 0127488 _____ () C:\Users\PC\AppData\Roaming\Installer.dat
2016-05-09 15:11 - 2016-05-09 15:19 - 0126464 _____ () C:\Users\PC\AppData\Roaming\lobby.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 0018432 _____ () C:\Users\PC\AppData\Roaming\Main.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 0005568 _____ () C:\Users\PC\AppData\Roaming\md.xml
2016-05-09 15:14 - 2016-05-09 03:45 - 1920000 _____ () C:\Users\PC\AppData\Roaming\msiql.exe
2016-05-09 15:11 - 2016-05-09 15:20 - 0126464 _____ () C:\Users\PC\AppData\Roaming\noah.dat
2016-05-09 15:11 - 2016-05-09 15:10 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Ranksoft.exe
2016-05-09 15:11 - 2016-05-09 15:11 - 0072717 _____ () C:\Users\PC\AppData\Roaming\Ranksoft.tst
2016-05-09 15:14 - 2016-04-27 09:46 - 1755136 _____ () C:\Users\PC\AppData\Roaming\service.exe
2016-05-09 15:16 - 2016-05-09 15:27 - 2783744 _____ (TODO: ) C:\Users\PC\AppData\Roaming\svrupg.exe
2016-05-09 15:18 - 2016-05-09 15:16 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Tresplus.exe
2016-05-09 15:19 - 2016-05-09 15:19 - 0072717 _____ () C:\Users\PC\AppData\Roaming\Tresplus.tst
2016-05-09 15:19 - 2016-05-09 15:16 - 0948736 _____ () C:\Users\PC\AppData\Roaming\TrippleQvofix.exe
2016-05-09 15:19 - 2016-05-09 15:19 - 1626777 _____ () C:\Users\PC\AppData\Roaming\TrippleQvofix.tst
2016-05-09 15:11 - 2016-05-09 15:11 - 0848437 _____ () C:\Users\PC\AppData\Roaming\Trisdax.bin
2016-05-09 15:18 - 2016-05-09 15:18 - 0848437 _____ () C:\Users\PC\AppData\Roaming\U-Saoin.bin
2016-05-09 15:20 - 2016-05-09 15:20 - 0032038 _____ () C:\Users\PC\AppData\Roaming\uninstall_temp.ico
2016-05-09 15:11 - 2016-05-09 15:11 - 0000097 _____ () C:\Users\PC\AppData\Roaming\WindApp.boostrap.log
2016-05-09 15:15 - 2016-04-19 05:58 - 0600312 _____ () C:\Users\PC\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-01-15 12:36 - 2016-01-15 12:36 - 0000000 _____ () C:\Users\PC\AppData\Local\{4D7C917B-F5B0-4829-BAE9-328C57C05325}
2016-04-26 09:24 - 2016-04-26 09:24 - 0000009 ____N () C:\ProgramData\a.bat
2010-08-28 17:43 - 2010-08-28 17:43 - 0577335 ____N () C:\ProgramData\adb.exe
2010-08-28 17:43 - 2010-08-28 17:43 - 0096256 ____N (Google, inc) C:\ProgramData\AdbWinApi.dll
2010-08-28 17:43 - 2010-08-28 17:43 - 0060928 ____N (Google, inc) C:\ProgramData\AdbWinUsbApi.dll
2016-05-09 15:23 - 2016-04-26 18:03 - 1253376 _____ (eee) C:\ProgramData\apptj.exe
2016-05-09 15:20 - 2016-04-25 12:06 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2010-08-28 17:43 - 2010-08-28 17:43 - 0356009 ____N () C:\ProgramData\fastboot.exe
2016-05-09 15:16 - 2016-05-09 03:45 - 1920000 _____ () C:\ProgramData\msiql.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 1755136 _____ () C:\ProgramData\service.exe
2016-05-09 15:23 - 2016-05-09 15:23 - 0413439 _____ () C:\ProgramData\xdo.zip
2016-05-09 15:19 - 2016-04-19 05:58 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:21 - 2016-05-09 15:13 - 0073402 _____ () C:\ProgramData\YSIns.exe
Arquivos para serem movidos ou deletados:
====================
C:\Users\PC\AppData\Local\Temp\REXDG78NH\REXDG78NH.exe
C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe
C:\ProgramData\a.bat
C:\ProgramData\adb.exe
C:\ProgramData\AdbWinApi.dll
C:\ProgramData\AdbWinUsbApi.dll
C:\ProgramData\apptj.exe
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\fastboot.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\ProgramData\YSIns.exe
C:\Users\Todos os Usuários\a.bat
C:\Users\Todos os Usuários\adb.exe
C:\Users\Todos os Usuários\AdbWinApi.dll
C:\Users\Todos os Usuários\AdbWinUsbApi.dll
C:\Users\Todos os Usuários\apptj.exe
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\fastboot.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\YSIns.exe
Alguns arquivos em TEMP:
====================
C:\Users\PC\AppData\Local\Temp\23333.exe
C:\Users\PC\AppData\Local\Temp\4JLBC1ZZFT.exe
C:\Users\PC\AppData\Local\Temp\Browser_V5.6.12150.8_r_4644_(Build1604251144).exe
C:\Users\PC\AppData\Local\Temp\fsd6F65.exe
C:\Users\PC\AppData\Local\Temp\KP2M706SE7.exe
C:\Users\PC\AppData\Local\Temp\MPCSetup_1.exe
C:\Users\PC\AppData\Local\Temp\nsd45E7.tmp.exe
C:\Users\PC\AppData\Local\Temp\nsrFFD3.tmp.exe
C:\Users\PC\AppData\Local\Temp\TransliterationCines.dll
C:\Users\PC\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\PC\AppData\Local\Temp\Y0ESCU6E07.exe
C:\Users\PC\AppData\Local\Temp\YD92TCRPY2.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-05-09 09:05
==================== Fim de FRST.txt ============================
Executado por PC (administrador) em PC-PC (09-05-2016 15:33:19)
Executando a partir de C:\Users\PC\Desktop
Perfis Carregados: PC (Perfis Disponíveis: PC)
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\jnsb1FB.tmp
() C:\ProgramData\Lamzap\Lamzap.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\sqlservr.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\hnsg2046.tmp
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\knslE0AF.tmpfs
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231\qnsgB7BC.tmp
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(HsljuT) C:\Program Files (x86)\sunnyday\otutnetwork.exe
(HsljuT) C:\Program Files (x86)\mobilepcstarterkit\otutnetwork.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\PC\AppData\Local\SunnyDay21\usun.exe
() C:\Program Files (x86)\sunnyday\wincom_K5T.exe
() C:\Users\PC\AppData\Roaming\cpuminer\cpm.exe
() C:\Program Files (x86)\mobilepcstarterkit\wincom_0LT.exe
(ImageEd) C:\Users\PC\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe
(JUASz) C:\Program Files\Caster\wizzcaster.exe
() C:\ProgramData\msiql.exe
() C:\LedCommerce\Utilitarios\Backup_Automatico.exe
() C:\Program Files (x86)\SunnyDay21\SunnyDay.exe
() C:\Program Files (x86)\comoBoss\comowin.exe
() C:\Program Files (x86)\badu\uc.exe
(VLOME) C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
() C:\Users\PC\AppData\Roaming\msiql.exe
() C:\Users\PC\AppData\Local\Temp\30269\Setup.exe
() C:\Program Files (x86)\Torrent Search\IEEF\INFoanSeSFZQ.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe
() C:\Program Files\UBar\UbarService.exe
(UBar Plugin Soft) C:\Program Files\UBar\ubar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\SunnyDay21\SunnyDay.exe
() C:\Program Files (x86)\comoBoss\comowin.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [IDSCCOMZZ2] => "C:\Program Files\Sound+\idsccom_ZZ2.exe"
HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
HKLM\...\Run: [WINCOMK5T] => C:\Program Files (x86)\sunnyday\wincom_K5T.exe [4325888 2016-05-09] ()
HKLM\...\Run: [cpuminer] => C:\Users\PC\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-03-31] ()
HKLM\...\Run: [WINCOM0LT] => C:\Program Files (x86)\mobilepcstarterkit\wincom_0LT.exe [4325888 2016-05-09] ()
HKLM-x32\...\Run: [LedBackup] => C:\LedCommerce\Utilitarios\Backup_Automatico.exe [752640 2015-08-27] ()
HKLM-x32\...\Run: [sun21] => C:\Program Files (x86)\SunnyDay21\SunnyDay.exe [4332032 2016-05-09] ()
HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4325888 2016-05-08] ()
HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [307290 2016-05-08] ()
HKLM\...\RunOnce: [OTUTPRODUCT_XKCHZ] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [188928 2016-05-09] (HsljuT)
HKLM\...\RunOnce: [OTUTPRODUCT_XOIOP] => C:\Program Files (x86)\mobilepcstarterkit\otutnetwork.exe [188928 2016-05-09] (HsljuT)
HKLM-x32\...\RunOnce: [usun.exe] => C:\Users\PC\AppData\Local\SunnyDay21\usun.exe [3294720 2016-05-09] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal)
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [ImageEd] => C:\Users\PC\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe [395944 2016-05-05] (ImageEd)
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [YeaInstaller] => C:\Users\PC\AppData\Local\Temp\REXDG78NH\REXDG78NH.exe [1970176 2016-05-09] (TZ) <===== ATENÇÃO
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [Caster] => C:\Program Files\Caster\wizzcaster.exe [172032 2016-05-09] (JUASz)
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [msiql] => c:\users\pc\appdata\roaming\msiql.exe [1920000 2016-05-09] ()
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-16] ()
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [Pritc] => C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe [2958848 2016-05-09] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\MountPoints2: {6b5aef56-0dfc-11e6-b5f2-f04da2e1c080} - F:\Setup.exe
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\MountPoints2: {6b5aef5c-0dfc-11e6-b5f2-f04da2e1c080} - F:\Setup.exe
AppInit_DLLs: C:\ProgramData\Lamzap\RoundLex.dll => C:\ProgramData\Lamzap\RoundLex.dll [361984 2016-05-09] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\Homestrong.dll => C:\ProgramData\Lamzap\Homestrong.dll [257536 2016-05-09] ()
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 189.45.16.18 189.45.16.19 8.8.8.8
Tcpip\..\Interfaces\{4DE7F42F-045F-4348-A79A-D59E5E3C4B61}: [DhcpNameServer] 189.45.16.18 189.45.16.19 8.8.8.8
Tcpip\..\Interfaces\{5378B1F5-46BC-4781-8E8D-7C4899370996}: [DhcpNameServer] 192.168.0.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms}
BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\38w9icVLckkY.dll [2016-05-09] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\qcZtGKqHlUOe.dll [2016-05-09] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default
FF NewTab: C:\\ProgramData\\Lamzaps\\ff.NT
FF DefaultSearchEngine: findit
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-13] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-13] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\searchplugins\findit.xml [2016-05-09]
FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\searchplugins\Search Provided by Yahoo.xml [2016-03-28]
FF Extension: Personas Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\extensions\personas@christopher.beard.xpi [2016-04-17]
FF Extension: TSearch - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-05-09] [não assinado]
FF HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => não encontrado (a)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-13]
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-13]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13]
CHR Extension: (Search Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-05-02]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13]
CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-01-13]
CHR Extension: (Marc Ecko) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-01-16]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-13]
CHR Extension: (Skype Calling) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-02-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKU\S-1-5-21-2760107221-826286760-2741309303-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [948736 2016-05-09] () [Arquivo não assinado]
R2 forilysy; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\jnsb1FB.tmp [97792 2016-05-09] () [Arquivo não assinado]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-04-27] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2783744 2016-05-09] (TODO: ) [Arquivo não assinado]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [948736 2016-05-09] () [Arquivo não assinado]
S2 lrcReportsService; C:\Program Files (x86)\Lorckphsary\lrcReportsService.exe [1005736 2016-05-06] ()
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-09] (DotC United Inc)
R2 MSSQL$LEDWARE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 rijufoze; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\hnsg2046.tmp [138240 2016-05-09] () [Arquivo não assinado]
S4 SQLAgent$LEDWARE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] ()
R2 UbarPolicyProvider; C:\Program Files\UBar\UbarService.exe [96264 2016-05-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 zigipyro; C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231\qnsgB7BC.tmp [158720 2015-12-26] () [Arquivo não assinado]
R2 syfyfubozbt; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\knslE0AF.tmpfs [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia)
R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-01-19] (Highresolution Enterprises [www.highrez.co.uk])
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-09] (DotC United Inc)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
R2 UbarCalloutDriver; C:\Program Files\UBar\UbarDriver.sys [13392 2016-05-09] ()
R3 usbio; C:\Windows\System32\Drivers\usbio_x64.sys [48488 2012-11-12] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA)
S1 gbpddfac; system32\drivers\gbpddfac64.sys [X]
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
S3 netr28ux; system32\DRIVERS\netr28ux.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-09 15:33 - 2016-05-09 15:33 - 00023283 _____ C:\Users\PC\Desktop\FRST.txt
2016-05-09 15:33 - 2016-05-09 15:33 - 00000000 ____D C:\FRST
2016-05-09 15:31 - 2016-05-09 15:32 - 02381312 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2016-05-09 15:27 - 2016-05-09 15:27 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2016-05-09 15:25 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-05-09 15:23 - 2016-05-09 15:23 - 00413439 _____ C:\Users\Todos os Usuários\xdo.zip
2016-05-09 15:23 - 2016-05-09 15:23 - 00413439 _____ C:\ProgramData\xdo.zip
2016-05-09 15:23 - 2016-04-26 18:03 - 01253376 _____ (eee) C:\Users\Todos os Usuários\apptj.exe
2016-05-09 15:23 - 2016-04-26 18:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe
2016-05-09 15:22 - 2016-05-09 15:22 - 00001011 _____ C:\Users\Public\Desktop\ttwifi.lnk
2016-05-09 15:22 - 2016-05-09 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ttwifi
2016-05-09 15:22 - 2016-05-09 15:22 - 00000000 ____D C:\Program Files (x86)\ttwifi
2016-05-09 15:21 - 2016-05-09 15:25 - 00003072 _____ C:\Windows\System32\Tasks\osTip
2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\Program Files (x86)\osTip
2016-05-09 15:21 - 2016-05-09 15:21 - 00000000 ____D C:\Program Files (x86)\Hostify
2016-05-09 15:21 - 2016-05-09 15:13 - 00073402 _____ C:\Users\Todos os Usuários\YSIns.exe
2016-05-09 15:21 - 2016-05-09 15:13 - 00073402 _____ C:\ProgramData\YSIns.exe
2016-05-09 15:20 - 2016-05-09 15:25 - 00000000 ____D C:\Users\Todos os Usuários\Lamzap
2016-05-09 15:20 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\Lamzap
2016-05-09 15:20 - 2016-05-09 15:20 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-05-09 15:20 - 2016-05-09 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Lamzaps
2016-05-09 15:20 - 2016-05-09 15:20 - 00000000 ____D C:\ProgramData\Lamzaps
2016-05-09 15:20 - 2016-04-25 12:06 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-05-09 15:20 - 2016-04-25 12:06 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-05-09 15:19 - 2016-05-09 15:19 - 01626777 _____ C:\Users\PC\AppData\Roaming\TrippleQvofix.tst
2016-05-09 15:19 - 2016-05-09 15:19 - 00072717 _____ C:\Users\PC\AppData\Roaming\Tresplus.tst
2016-05-09 15:19 - 2016-05-09 15:19 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-05-09 15:19 - 2016-05-09 15:19 - 00000000 ____D C:\ProgramData\Windows Update
2016-05-09 15:19 - 2016-05-09 15:16 - 00948736 _____ C:\Users\PC\AppData\Roaming\TrippleQvofix.exe
2016-05-09 15:19 - 2016-04-19 05:58 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:19 - 2016-04-19 05:58 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:18 - 2016-05-09 15:18 - 00848437 _____ C:\Users\PC\AppData\Roaming\U-Saoin.bin
2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\MCorp
2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\gplyra
2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\cpuminer
2016-05-09 15:18 - 2016-05-09 15:16 - 00948736 _____ C:\Users\PC\AppData\Roaming\Tresplus.exe
2016-05-09 15:17 - 2016-05-06 01:51 - 01085440 _____ C:\Users\PC\AppData\Roaming\delCalendarReg.exe
2016-05-09 15:16 - 2016-05-09 15:27 - 02783744 _____ (TODO: ) C:\Users\PC\AppData\Roaming\svrupg.exe
2016-05-09 15:16 - 2016-05-09 15:23 - 00000000 ____D C:\Program Files (x86)\mobilepcstarterkit
2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Users\PC\AppData\Roaming\CalendarTool
2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Program Files (x86)\badu
2016-05-09 15:16 - 2016-05-09 03:45 - 01920000 _____ C:\Users\Todos os Usuários\msiql.exe
2016-05-09 15:16 - 2016-05-09 03:45 - 01920000 _____ C:\ProgramData\msiql.exe
2016-05-09 15:15 - 2016-05-09 15:16 - 00000000 ____D C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231
2016-05-09 15:15 - 2016-05-09 15:15 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-05-09 15:15 - 2016-04-19 05:58 - 00600312 _____ C:\Users\PC\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:14 - 2016-05-09 03:45 - 01920000 _____ C:\Users\PC\AppData\Roaming\msiql.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\Users\Todos os Usuários\service.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\Users\PC\AppData\Roaming\service.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\ProgramData\service.exe
2016-05-09 15:13 - 2016-05-09 15:24 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-05-09 15:13 - 2016-05-09 15:13 - 00000286 __RSH C:\Users\PC\ntuser.pol
2016-05-09 15:11 - 2016-05-09 15:23 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-05-09 15:11 - 2016-05-09 15:23 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-05-09 15:11 - 2016-05-09 15:20 - 06494208 _____ C:\Users\PC\AppData\Roaming\agent.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 00126464 _____ C:\Users\PC\AppData\Roaming\noah.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 00065568 _____ C:\Users\PC\AppData\Roaming\Config.xml
2016-05-09 15:11 - 2016-05-09 15:20 - 00018432 _____ C:\Users\PC\AppData\Roaming\Main.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 00005568 _____ C:\Users\PC\AppData\Roaming\md.xml
2016-05-09 15:11 - 2016-05-09 15:19 - 00126464 _____ C:\Users\PC\AppData\Roaming\lobby.dat
2016-05-09 15:11 - 2016-05-09 15:19 - 00054272 _____ C:\Users\PC\AppData\Roaming\ApplicationHosting.dat
2016-05-09 15:11 - 2016-05-09 15:11 - 01626777 _____ C:\Users\PC\AppData\Roaming\Greenjob.tst
2016-05-09 15:11 - 2016-05-09 15:11 - 00848437 _____ C:\Users\PC\AppData\Roaming\Trisdax.bin
2016-05-09 15:11 - 2016-05-09 15:11 - 00072717 _____ C:\Users\PC\AppData\Roaming\Ranksoft.tst
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Users\Todos os Usuários\Statdex
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Users\PC\AppData\LocalLow\TSearch
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\ProgramData\Statdex
2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231
2016-05-09 15:11 - 2016-05-09 15:10 - 00948736 _____ C:\Users\PC\AppData\Roaming\Ranksoft.exe
2016-05-09 15:11 - 2016-05-09 15:10 - 00948736 _____ C:\Users\PC\AppData\Roaming\Greenjob.exe
2016-05-09 15:11 - 2016-05-09 15:08 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-05-09 15:10 - 2016-05-09 15:16 - 00127488 _____ C:\Users\PC\AppData\Roaming\Installer.dat
2016-05-09 15:10 - 2016-05-09 15:16 - 00015888 _____ C:\Users\PC\AppData\Roaming\InstallationConfiguration.xml
2016-05-09 15:10 - 2016-05-09 15:13 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-05-09 15:10 - 2016-05-09 15:10 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-05-09 15:10 - 2016-05-09 15:10 - 00000000 ____D C:\Users\PC\AppData\Local\csdi_monetize_220160509
2016-05-09 15:10 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\comoBoss
2016-05-09 15:09 - 2016-05-09 15:28 - 00000000 ____D C:\Users\PC\AppData\Local\SunnyDay21
2016-05-09 15:09 - 2016-05-09 15:13 - 00000324 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job
2016-05-09 15:09 - 2016-05-09 15:10 - 00000000 ____D C:\Users\PC\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-09 15:09 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\hohobnd
2016-05-09 15:09 - 2016-05-09 15:09 - 00008954 _____ C:\Windows\System32\Tasks\Lorckphsary Reports
2016-05-09 15:09 - 2016-05-09 15:09 - 00002946 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search2
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Users\PC\AppData\Roaming\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Users\PC\AppData\Local\tuto_monetize_120160509
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files\Caster
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files (x86)\SunnyDay21
2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files (x86)\Lorckphsary
2016-05-09 15:08 - 2016-05-09 15:25 - 00000324 _____ C:\Windows\Tasks\Update Service for Torrent Search.job
2016-05-09 15:08 - 2016-05-09 15:09 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-05-09 15:08 - 2016-05-09 15:08 - 00002644 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search
2016-05-09 15:07 - 2016-05-09 15:21 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-05-09 15:07 - 2016-05-09 15:08 - 00000000 ____D C:\Program Files (x86)\Torrent Search
2016-05-09 15:06 - 2016-05-09 15:06 - 00000000 ____D C:\Users\PC\AppData\Local\csdi_monetize_120160509
2016-05-09 15:05 - 2016-05-09 15:19 - 00000000 ____D C:\Program Files\Sound+
2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\Users\Todos os Usuários\UBar
2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\ProgramData\UBar
2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\Program Files\UBar
2016-05-09 15:04 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\HomePageDefender
2016-05-09 15:04 - 2016-05-09 15:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\ImageCropResize
2016-05-03 14:19 - 2016-05-03 14:19 - 00001014 _____ C:\Users\PC\Desktop\TagScanner.lnk
2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\TagScanner
2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\Program Files (x86)\TagScanner
2016-05-03 14:17 - 2016-05-03 14:18 - 02623253 _____ (Sergey Serkov ) C:\Users\PC\Downloads\tagscan-6.0.8-setup.exe
2016-05-03 14:16 - 2016-05-03 14:17 - 00000529 _____ C:\Windows\mp3tageditor.INI
2016-05-03 14:15 - 2016-05-03 14:15 - 00001028 _____ C:\Users\Public\Desktop\Reezaa MP3 Tag Editor.lnk
2016-05-03 14:15 - 2016-05-03 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reezaa MP3 Tag Editor
2016-05-03 14:15 - 2016-05-03 14:15 - 00000000 ____D C:\Program Files (x86)\Reezaa MP3 Tag Editor
2016-05-03 14:14 - 2016-05-03 14:14 - 00706136 _____ (Reezaa.com ) C:\Users\PC\Downloads\mp3tageditor.exe
2016-04-29 16:07 - 2016-04-29 16:07 - 00000000 ____D C:\Program Files (x86)\android-sdk
2016-04-29 15:27 - 2016-04-29 15:27 - 00000000 ____D C:\Windows\android-sdk-windows
2016-04-29 15:04 - 2016-04-29 15:04 - 00000000 ____D C:\Users\PC\.android
2016-04-29 15:03 - 2016-05-02 16:13 - 00000000 ____D C:\Users\PC\Desktop\com.ea.games.r3_row
2016-04-29 13:38 - 2016-04-29 13:38 - 00000000 ____D C:\Program Files\ZenFoneRootKit
2016-04-29 13:38 - 2016-04-29 13:38 - 00000000 ____D C:\Program Files (x86)\ZenFoneRootKit
2016-04-29 12:58 - 2016-04-29 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-04-29 12:58 - 2016-04-29 12:58 - 00000000 ____D C:\Program Files\7-Zip
2016-04-29 12:55 - 2016-04-29 12:56 - 01371668 _____ (Igor Pavlov) C:\Users\PC\Downloads\7z1514-x64.exe
2016-04-26 09:24 - 2016-04-26 09:24 - 00000009 ____N C:\Users\Todos os Usuários\a.bat
2016-04-26 09:24 - 2016-04-26 09:24 - 00000009 ____N C:\ProgramData\a.bat
2016-04-15 14:54 - 2016-04-15 15:07 - 00666240 _____ C:\Users\PC\Desktop\SINTEGRA MARÇO 2016.txt
2016-04-15 13:35 - 2016-04-15 16:58 - 00000000 ____D C:\Users\PC\Desktop\x
2016-04-15 13:30 - 2016-04-15 13:30 - 00000370 _____ C:\Users\PC\Desktop\123.txt
2016-04-12 20:02 - 2016-04-12 20:02 - 00395776 _____ C:\Users\PC\Documents\Untitled-1.cdr
2016-04-12 17:52 - 2016-04-12 17:49 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2016-04-12 17:50 - 2016-04-12 17:50 - 00000000 ____D C:\Users\Public\Documents\Corel
2016-04-12 17:49 - 2016-04-16 14:03 - 00000000 ____D C:\Users\Todos os Usuários\Corel
2016-04-12 17:49 - 2016-04-16 14:03 - 00000000 ____D C:\ProgramData\Corel
2016-04-12 17:49 - 2016-04-12 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
2016-04-12 17:49 - 2016-04-12 17:49 - 00000000 ____D C:\Program Files\Corel
2016-04-11 15:41 - 2016-04-11 15:41 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-04-11 13:09 - 2016-04-11 13:47 - 00660352 _____ C:\Users\PC\Desktop\SINTEGRA MARÇO.txt
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-05-09 15:32 - 2009-07-14 01:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-09 15:32 - 2009-07-14 01:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-09 15:31 - 2016-01-12 21:07 - 01657136 _____ C:\Windows\system32\prfh0416.dat
2016-05-09 15:31 - 2016-01-12 21:07 - 01017698 _____ C:\Windows\system32\prfc0416.dat
2016-05-09 15:31 - 2009-07-14 02:13 - 00006680 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-09 15:25 - 2016-03-03 12:36 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-05-09 15:24 - 2016-01-13 10:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-09 15:24 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-09 15:20 - 2016-01-13 16:48 - 00002031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-09 15:20 - 2016-01-13 10:06 - 00002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-09 15:20 - 2016-01-13 00:15 - 00002305 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-09 15:17 - 2016-01-13 10:04 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-09 15:13 - 2016-01-13 00:14 - 00000000 ____D C:\Users\PC
2016-05-09 15:10 - 2016-01-13 00:15 - 00002283 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-05-09 15:07 - 2016-03-28 18:15 - 00000766 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-05-09 15:07 - 2016-03-28 18:15 - 00000766 __RSH C:\ProgramData\ntuser.pol
2016-05-09 15:07 - 2016-01-13 09:59 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-09 15:07 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-05-09 14:49 - 2016-01-15 16:23 - 00011893 _____ C:\Windows\SysWOW64\BemaFI32.ini
2016-05-09 14:49 - 2016-01-15 16:23 - 00000000 ____D C:\LedCommerce
2016-05-09 11:21 - 2016-01-25 09:33 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics
2016-05-08 12:00 - 2016-01-20 07:42 - 00002294 _____ C:\Retorno.txt
2016-05-08 12:00 - 2016-01-15 16:23 - 00011877 _____ C:\Windows\BemaFI32.ini
2016-05-03 12:37 - 2016-03-16 15:26 - 00000000 ___RD C:\Users\PC\Desktop\Léo
2016-04-29 15:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-04-19 08:39 - 2016-04-08 14:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-04-17 11:59 - 2016-04-08 14:52 - 00000000 ___SD C:\Users\PC\AppData\LocalLow\Temp
2016-04-15 16:53 - 2016-01-19 13:21 - 00000109 _____ C:\Windows\ODBC.INI
2016-04-15 16:01 - 2016-01-13 10:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-04-15 14:24 - 2016-02-01 09:24 - 00000000 ____D C:\Program Files (x86)\Validador Sintegra 2015
2016-04-12 17:59 - 2016-04-08 16:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\Corel
2016-04-12 17:59 - 2016-04-08 15:53 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64
2016-04-12 17:59 - 2016-04-08 15:53 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64
2016-04-12 17:59 - 2016-01-13 09:54 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2016-04-12 17:51 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-09 08:06 - 2009-07-14 01:45 - 00494312 _____ C:\Windows\system32\FNTCACHE.DAT
==================== Arquivos na raiz de alguns diretórios =======
2016-05-09 15:11 - 2016-05-09 15:20 - 6494208 _____ () C:\Users\PC\AppData\Roaming\agent.dat
2016-05-09 15:11 - 2016-05-09 15:19 - 0054272 _____ () C:\Users\PC\AppData\Roaming\ApplicationHosting.dat
2016-05-09 15:10 - 2016-05-09 15:11 - 0001222 _____ () C:\Users\PC\AppData\Roaming\Bubble Dock.boostrap.log
2016-05-09 15:11 - 2016-05-09 15:20 - 0065568 _____ () C:\Users\PC\AppData\Roaming\Config.xml
2016-05-09 15:17 - 2016-05-06 01:51 - 1085440 _____ () C:\Users\PC\AppData\Roaming\delCalendarReg.exe
2016-05-09 15:11 - 2016-05-09 15:10 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Greenjob.exe
2016-05-09 15:11 - 2016-05-09 15:11 - 1626777 _____ () C:\Users\PC\AppData\Roaming\Greenjob.tst
2016-05-09 15:10 - 2016-05-09 15:16 - 0015888 _____ () C:\Users\PC\AppData\Roaming\InstallationConfiguration.xml
2016-05-09 15:10 - 2016-05-09 15:16 - 0127488 _____ () C:\Users\PC\AppData\Roaming\Installer.dat
2016-05-09 15:11 - 2016-05-09 15:19 - 0126464 _____ () C:\Users\PC\AppData\Roaming\lobby.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 0018432 _____ () C:\Users\PC\AppData\Roaming\Main.dat
2016-05-09 15:11 - 2016-05-09 15:20 - 0005568 _____ () C:\Users\PC\AppData\Roaming\md.xml
2016-05-09 15:14 - 2016-05-09 03:45 - 1920000 _____ () C:\Users\PC\AppData\Roaming\msiql.exe
2016-05-09 15:11 - 2016-05-09 15:20 - 0126464 _____ () C:\Users\PC\AppData\Roaming\noah.dat
2016-05-09 15:11 - 2016-05-09 15:10 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Ranksoft.exe
2016-05-09 15:11 - 2016-05-09 15:11 - 0072717 _____ () C:\Users\PC\AppData\Roaming\Ranksoft.tst
2016-05-09 15:14 - 2016-04-27 09:46 - 1755136 _____ () C:\Users\PC\AppData\Roaming\service.exe
2016-05-09 15:16 - 2016-05-09 15:27 - 2783744 _____ (TODO: ) C:\Users\PC\AppData\Roaming\svrupg.exe
2016-05-09 15:18 - 2016-05-09 15:16 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Tresplus.exe
2016-05-09 15:19 - 2016-05-09 15:19 - 0072717 _____ () C:\Users\PC\AppData\Roaming\Tresplus.tst
2016-05-09 15:19 - 2016-05-09 15:16 - 0948736 _____ () C:\Users\PC\AppData\Roaming\TrippleQvofix.exe
2016-05-09 15:19 - 2016-05-09 15:19 - 1626777 _____ () C:\Users\PC\AppData\Roaming\TrippleQvofix.tst
2016-05-09 15:11 - 2016-05-09 15:11 - 0848437 _____ () C:\Users\PC\AppData\Roaming\Trisdax.bin
2016-05-09 15:18 - 2016-05-09 15:18 - 0848437 _____ () C:\Users\PC\AppData\Roaming\U-Saoin.bin
2016-05-09 15:20 - 2016-05-09 15:20 - 0032038 _____ () C:\Users\PC\AppData\Roaming\uninstall_temp.ico
2016-05-09 15:11 - 2016-05-09 15:11 - 0000097 _____ () C:\Users\PC\AppData\Roaming\WindApp.boostrap.log
2016-05-09 15:15 - 2016-04-19 05:58 - 0600312 _____ () C:\Users\PC\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe
2016-01-15 12:36 - 2016-01-15 12:36 - 0000000 _____ () C:\Users\PC\AppData\Local\{4D7C917B-F5B0-4829-BAE9-328C57C05325}
2016-04-26 09:24 - 2016-04-26 09:24 - 0000009 ____N () C:\ProgramData\a.bat
2010-08-28 17:43 - 2010-08-28 17:43 - 0577335 ____N () C:\ProgramData\adb.exe
2010-08-28 17:43 - 2010-08-28 17:43 - 0096256 ____N (Google, inc) C:\ProgramData\AdbWinApi.dll
2010-08-28 17:43 - 2010-08-28 17:43 - 0060928 ____N (Google, inc) C:\ProgramData\AdbWinUsbApi.dll
2016-05-09 15:23 - 2016-04-26 18:03 - 1253376 _____ (eee) C:\ProgramData\apptj.exe
2016-05-09 15:20 - 2016-04-25 12:06 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2010-08-28 17:43 - 2010-08-28 17:43 - 0356009 ____N () C:\ProgramData\fastboot.exe
2016-05-09 15:16 - 2016-05-09 03:45 - 1920000 _____ () C:\ProgramData\msiql.exe
2016-05-09 15:14 - 2016-04-27 09:46 - 1755136 _____ () C:\ProgramData\service.exe
2016-05-09 15:23 - 2016-05-09 15:23 - 0413439 _____ () C:\ProgramData\xdo.zip
2016-05-09 15:19 - 2016-04-19 05:58 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2016-05-09 15:21 - 2016-05-09 15:13 - 0073402 _____ () C:\ProgramData\YSIns.exe
Arquivos para serem movidos ou deletados:
====================
C:\Users\PC\AppData\Local\Temp\REXDG78NH\REXDG78NH.exe
C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe
C:\ProgramData\a.bat
C:\ProgramData\adb.exe
C:\ProgramData\AdbWinApi.dll
C:\ProgramData\AdbWinUsbApi.dll
C:\ProgramData\apptj.exe
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\fastboot.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\ProgramData\YSIns.exe
C:\Users\Todos os Usuários\a.bat
C:\Users\Todos os Usuários\adb.exe
C:\Users\Todos os Usuários\AdbWinApi.dll
C:\Users\Todos os Usuários\AdbWinUsbApi.dll
C:\Users\Todos os Usuários\apptj.exe
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\fastboot.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\YSIns.exe
Alguns arquivos em TEMP:
====================
C:\Users\PC\AppData\Local\Temp\23333.exe
C:\Users\PC\AppData\Local\Temp\4JLBC1ZZFT.exe
C:\Users\PC\AppData\Local\Temp\Browser_V5.6.12150.8_r_4644_(Build1604251144).exe
C:\Users\PC\AppData\Local\Temp\fsd6F65.exe
C:\Users\PC\AppData\Local\Temp\KP2M706SE7.exe
C:\Users\PC\AppData\Local\Temp\MPCSetup_1.exe
C:\Users\PC\AppData\Local\Temp\nsd45E7.tmp.exe
C:\Users\PC\AppData\Local\Temp\nsrFFD3.tmp.exe
C:\Users\PC\AppData\Local\Temp\TransliterationCines.dll
C:\Users\PC\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\PC\AppData\Local\Temp\Y0ESCU6E07.exe
C:\Users\PC\AppData\Local\Temp\YD92TCRPY2.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2016-05-09 09:05
==================== Fim de FRST.txt ============================