Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01
Executado por Cliente (administrador) em CLIENTE-PC (25-03-2016 23:18:22)
Executando a partir de C:\Users\Cliente\Downloads
Perfis Carregados: Cliente (Perfis Disponíveis: Cliente)
Platform: Microsoft Windows 7 Professional  (X86) Idioma: Português (Brasil)
Internet Explorer Versão 8 (Navegador padrão não detectado!)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Navigation Co., Ltd.) C:\Users\Cliente\AppData\Roaming\ntsvc\ntsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BavSvc.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
() C:\Program Files\03000200-1453137062-0500-0006-000700080009\knss3390.tmp
() C:\Users\Cliente\AppData\Roaming\DhicedOenovf\Oruuu.exe
() C:\Users\Cliente\AppData\Roaming\Eoticu\Eoticu.exe
() C:\Users\Cliente\AppData\Roaming\Lecleebn\Lecleebn.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
() C:\Program Files\NewExt\nssm.exe
() C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe
(DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
() C:\Users\Cliente\AppData\Roaming\NetService\netservice.exe
() C:\Users\Cliente\AppData\Local\03000200-1453129980-0500-0006-000700080009\snskAEF6.tmp
() C:\Program Files\NewExt\jsinjector.exe
() C:\Program Files\WeatherTool\1.2.2.10256\WeatherService.exe
(TFuns LIMITED) C:\ProgramData\BWdMB\WdMan.exe
() C:\Users\Cliente\AppData\Roaming\WinNetSvc\WinNetSvc.exe
() C:\Users\Cliente\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
() C:\Program Files\03000200-1453137062-0500-0006-000700080009\hnse5ADE.tmp
() C:\Users\Cliente\AppData\Local\03000200-1458940053-0500-0006-000700080009\qnskE0FE.tmp
() C:\Program Files\03000200-1453137062-0500-0006-000700080009\jnst2A79.tmp
() C:\Program Files\RegClean Pro\RegCleanPro.exe
() C:\Program Files\ToolsUpdatePlatform\UpdatePlatform.exe
() C:\Users\Cliente\AppData\Roaming\Eoticu\Lonrh.exe
() C:\Users\Cliente\AppData\Roaming\Lecleebn\Cevjhe.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Users\Cliente\AppData\Local\gmsd_br_005010211\upgmsd_br_005010211.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe
() C:\Program Files\gmsd_br_002030047\gmsd_br_002030047.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\rec_br_164\rec_br_164.exe
() C:\Program Files\gmsd_br_005010211\gmsd_br_005010211.exe
() C:\Program Files\mbot_en_037050277\mbot_en_037050277.exe
() C:\Program Files\rec_en_235\rec_en_235.exe
(Pay By Ads LTD) C:\Users\Cliente\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe
() C:\ProgramData\Windows Update\tmp\msiql.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Users\Cliente\AppData\Local\Temp\Rar$EXa0.642\Chrome-bin\chrome.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(Google Inc.) C:\Users\Cliente\AppData\Local\Temp\Rar$EXa0.642\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Cliente\AppData\Local\Temp\Rar$EXa0.642\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Cliente\AppData\Local\Temp\Rar$EXa0.642\Chrome-bin\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(peugeot) C:\Program Files\Hostify\idscservice.exe
() C:\Program Files\mbot_en_037050277\mbot_en_037050277.exe
() C:\Program Files\gmsd_br_002030047\gmsd_br_002030047.exe
() C:\Program Files\rec_br_164\rec_br_164.exe
() C:\Program Files\rec_en_235\rec_en_235.exe
() C:\Program Files\win_en_77\win_en_77.exe
() C:\Users\Cliente\AppData\Roaming\SeexaiAvo\Acewpoen.exe
() C:\Users\Cliente\AppData\Roaming\Pejjatmej\Pejjatmej.exe
() C:\Users\Cliente\AppData\Roaming\Pejjatmej\Utyrkegzau.exe
() C:\Program Files\Dhuavesecoaddi\Nusdoy.exe
() C:\Program Files\Dhuavesecoaddi\Bueyrxud.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
() C:\Program Files\Dhuavesecoaddi\Iesumbo.exe
() C:\Program Files\Dhuavesecoaddi\KalMatkys.exe
() C:\Program Files\gmsd_br_005010211\gmsd_br_005010211.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\Program Files\DNS Unlocker\dnswilliston.exe
() C:\Program Files\rec_br_164\rec_br_164.exe
(CBR1000) C:\Users\Cliente\AppData\Local\Temp\TY4KYBI2G\TY4KYBI2G.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2015-02-15] (AVAST Software)
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\BavTray.exe [1699688 2014-05-28] (Baidu, Inc.)
HKLM\...\Run: [gmsd_br_002030047] => C:\Program Files\gmsd_br_002030047\gmsd_br_002030047.exe [3976848 2015-07-31] ()
HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe [14115328 2015-01-09] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2015-04-10] (Oracle Corporation)
HKLM\...\Run: [rec_br_164] => C:\Program Files\rec_br_164\rec_br_164.exe [3973296 2016-01-11] ()
HKLM\...\Run: [gmsd_br_005010211] => C:\Program Files\gmsd_br_005010211\gmsd_br_005010211.exe [3954352 2016-01-18] ()
HKLM\...\Run: [mbot_en_037050277] => C:\Program Files\mbot_en_037050277\mbot_en_037050277.exe [4054192 2016-03-24] ()
HKLM\...\Run: [rec_en_235] => C:\Program Files\rec_en_235\rec_en_235.exe [3965616 2016-03-22] ()
HKLM\...\Run: [win_en_77] => C:\Program Files\win_en_77\win_en_77.exe [4055256 2016-03-23] ()
HKLM\...\Run: [LightGate] => c:\programdata\windows update\tmp\lightgate.exe [1081344 2015-12-04] ()
HKLM\...\Run: [HomePageHelper] => c:\programdata\windows update\tmp\homepage.exe [1100288 2015-11-25] ()
HKLM\...\RunOnce: [upgmsd_br_005010211.exe] => C:\Users\Cliente\AppData\Local\gmsd_br_005010211\upgmsd_br_005010211.exe [3274928 2016-01-18] ()
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Hostify\idscservice.exe [515584 2016-03-25] (peugeot)
HKLM\...\RunOnce: [OTUTPRODUCT_9ZFII] => C:\Program Files\sunnyday\otutnetwork.exe [342528 2016-03-25] (CBR1000)
HKLM\...\Policies\Explorer\Run: [Google Update] => C:\ProgramData\lsass.exe [68096 2016-03-25] ()
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [HW_OPENEYE_OUC_] => C:\Program Files\VIVO INTERNET\UpdateDog\ouc.exe [110592 2009-07-27] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [Yahoo! Search] => C:\Users\Cliente\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe [660736 2015-07-31] (Pay By Ads LTD)
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [Music Chow] => C:\Program Files\Music Chow\Music Chow.exe [2939392 2015-03-09] ()
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [GoogleChromeAutoLaunch_D1CCFD373A288845D5B12F8F3A340216] => C:\Users\Cliente\AppData\Local\Chromium\Application\chrome.exe [664576 2015-07-21] (The Chromium Authors)
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036736 2016-03-23] ()
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [Pritc] => C:\Windows\TEMP\is-BJ0JQ.tmp\print.exe [2960896 2016-03-03] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [YeaInstaller] => C:\Users\Cliente\AppData\Local\Temp\JF1JJ7OFD\HYBEL4BNG.exe [1968128 2016-03-24] (TZ) <===== ATENÇÃO
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\Run: [msiql] => C:\ProgramData\Windows Update\tmp\msiql.exe [1888256 2016-03-02] ()
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\CurrentVersion\Windows: [Load] C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\lsass.exe <===== ATENÇÃO
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: {6b0f16b7-b468-11e3-bef8-b8911caa44e7} - E:\HPLauncher.exe
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: {bc419ff3-b6b5-11e3-9434-80ee73205588} - G:\AutoRun.exe
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: {c19d18a8-b51b-11e4-bd19-80ee73205588} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: {d7a99de6-b616-11e3-b1eb-80ee73205588} - E:\AutoRun.exe
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: {dcb22ff3-b69e-11e3-b3d7-80ee73205588} - E:\AutoRun.exe
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\...\MountPoints2: {ecebf4bc-b4df-11e3-9fc6-ebd8f4aeacde} - E:\HPLauncher.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-08-16] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll [2014-05-28] (Baidu, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Cliente\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\177323812.lnk [2016-03-25]
ShortcutTarget: 177323812.lnk -> C:\ProgramData\lsass.exe ()
Startup: C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\284356107.lnk [2016-03-25]
Startup: C:\Users\Cliente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2015-07-31]
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 177.84.162.99 200.220.192.88
Tcpip\..\Interfaces\{07A4279C-8221-4AC9-AC38-538A6861A8D0}: [NameServer] 82.163.143.177,82.163.142.179
Tcpip\..\Interfaces\{07A4279C-8221-4AC9-AC38-538A6861A8D0}: [DhcpNameServer] 192.168.1.254 177.84.162.99 200.220.192.88
Tcpip\..\Interfaces\{646B6A97-24F9-4700-BD8F-108C298B2ED5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{801B2642-5BB0-47A1-A14A-79A36219A48F}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 104.197.191.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0Sp3K5_OqSr8fYIVy9W5TjbQsePJaSbOCr5_J5IOmCj4A3Wdb4-0GFXZcalEvP8wTVg854N4r4OTNunqAtjsUYgLYYr6ezEt7vbjeNQUjlWnq3q4_3rNNGQ0xL2xQjY-OAGyDPsfLCXdbt2UXMkqaENz2w,,&q={searchTerms}
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0Sp3K5_OqSr8fYIVy9W5TjbQsePJaSbOCr5_J5IOmCj4A3Wdb4-0GFXZcalEvP8wTVS_R6AG-1o3UgZX_54bYpz2xfJDkmDJ0iOIkieFQAthotK9-S7qbbCBtZ-WfGj8LAdwRMkahtyhr3QMmazHDPqd-g,,
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.qqovd.com?oem=mbtkv5&uid=51G1C1O1T_TOSHIBAMK3259GSXP&tm=1438376441
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0Sp3K5_OqSr8fYIVy9W5TjbQsePJaSbOCr5_J5IOmCj4A3Wdb4-0GFXZcalEvP8wTVg854N4r4OTNunqAtjsUYgLYYr6ezEt7vbjeNQUjlWnq3q4_3rNNGQ0xL2xQjY-OAGyDPsfLCXdbt2UXMkqaENz2w,,&q={searchTerms}
HKU\S-1-5-21-2997136290-654796359-1393769141-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0Sp3K5_OqSr8fYIVy9W5TjbQsePJaSbOCr5_J5IOmCj4A3Wdb4-0GFXZcalEvP8wTVg854N4r4OTNunqAtjsUYgLYYr6ezEt7vbjeNQUjlWnq3q4_3rNNGQ0xL2xQjY-OAGyDPsfLCXdbt2UXMkqaENz2w,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0Sp3K5_OqSr8fYIVy9W5TjbQsePJaSbOCr5_J5IOmCj4A3Wdb4-0GFXZcalEvP8wTVg854N4r4OTNunqAtjsUYgLYYr6ezEt7vbjeNQUjlWnq3q4_3rNNGQ0xL2xQjY-OAGyDPsfLCXdbt2UXMkqaENz2w,,&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_bxi01_15_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutC0CyCyDzy0D0E0CtC0B0EyCyD0B0E0EtN0D0Tzu0StCtAtDyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyCyDtAyD0F0C0EtBtGyDtB0EzztG0EzzyC0AtGtCyB0D0AtGyCyE0FtDtA0E0DtA0F0A0BtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtDtC0F0EtD0DtGtByD0FyCtGyE0AyC0DtG0Bzz0AyCtGtB0DtCtDtC0CtCzz0DyC0C0B2QtN0A0LzuyE%26cr%3D1639134305%26a%3Dwncy_bxi01_15_32%26os%3DWindows%2B7%2BProfessional&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1438373104&z=76947975bea2e11fbde4ec8g2zdc3becam0c1efzcm&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> OldSearch URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> {CFFC94B6-696C-4D48-8AE4-B001110CDD20} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2997136290-654796359-1393769141-1000 -> {ielnksrch} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=TOSHIBAXMK3259GSXP_51G1C1O1TXX51G1C1O1T&ts=1438373568&type=default&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO: Greener Web 1.0.0.6 -> {1973d53b-7311-45d7-8270-f44571c041a0} -> C:\Program Files\Greener Web\GreenerWebBHO.dll => Nenhum Arquivo
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-29] (Thinkgood Co. Limited)
BHO: Dhuavesecoaddi -> {2EF1FED0-883D-4D2B-883C-198BCCC4C914} -> C:\Program Files\Dhuavesecoaddi\Rihthk.dll [2016-03-25] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-16] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-01-10] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_79-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-21] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-01-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-01-10] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-10] [não assinado]
FF HKLM\...\Firefox\Extensions: [{E3671B6D-7554-43F3-92B0-7D0BAFF220F6}] - C:\Program Files\shopperz180120161309\Firefox\{E3671B6D-7554-43F3-92B0-7D0BAFF220F6}.xpi => não encontrado (a)

Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0Sp3K5_OqSr8fYIVy9W5TjbQsePJaSbOCr5_J5IOmCj4A3Wdb4-0GFXZcalEvP8wTVgnM4Su_2dAZEVjQUxGtYllilUfqE3RrZP0ToYDdyf6vpihTnU9qy9KsLVtRo5Cc8V0estmfwRna4E7MNO1sTJGuA,,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0Sp3K5_OqSr8fYIVy9W5TjbQsePJaSbOCr5_J5IOmCj4A3Wdb4-0GFXZcalEvP8wTVgrBzwMk_a-1HKzLTUqz3Wn4M6tH7Pl6TSiudtC-uMnPz0R-HHV4sDoygomaRpobRXrawomBkNfohj8xaHRg1aaRQ,,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-25]
CHR Extension: (Google Drive) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-25]
CHR Extension: (YouTube) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-25]
CHR Extension: (Pesquisa do Google) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-25]
CHR Extension: (Documentos Google off-line) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-25]
CHR Extension: (Gmail) - C:\Users\Cliente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-25]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
StartMenuInternet: Google Chrome - chrome.exe

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 4487477B-EF55-405C-85F1-B1EC53FD44EE; C:\Program Files\Dhuavesecoaddi\Bueyrxud.exe [235880 2016-03-25] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-16] (AVAST Software)
R2 BAVSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BAVSvc.exe [2015088 2014-05-28] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432 2014-05-28] (Baidu, Inc.)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [952320 2016-03-24] () [Arquivo não assinado]
R2 Dhuavesecoaddi Updater; C:\Program Files\Dhuavesecoaddi\Nusdoy.exe [169832 2016-03-25] ()
R2 dozysifuzbt; C:\Program Files\03000200-1453137062-0500-0006-000700080009\knss3390.tmp [254464 2016-01-31] () [Arquivo não assinado]
R2 Eieriia; C:\Users\Cliente\AppData\Roaming\DhicedOenovf\Oruuu.exe [125784 2016-03-24] ()
R2 Gegyl; C:\Users\Cliente\AppData\Roaming\Eoticu\Eoticu.exe [174424 2016-03-24] ()
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-01-11] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-25] (TODO:  ) [Arquivo não assinado]
R2 Huuph; C:\Users\Cliente\AppData\Roaming\Lecleebn\Lecleebn.exe [174448 2016-03-24] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [Arquivo não assinado]
S4 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-29] () [Arquivo não assinado]
R2 JsInjector; C:\Program Files\NewExt\nssm.exe [294912 2016-03-24] () [Arquivo não assinado]
R3 KalMatkys; C:\Program Files\Dhuavesecoaddi\KalMatkys.exe [428904 2016-03-25] ()
R2 MaintainerSvc4.07.4104264; C:\ProgramData\398c0b96-ebd3-4f67-a5c7-1899a15c12be\maintainer.exe [128200 2016-01-10] ()
R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [349152 2016-01-18] (DotC United Inc)
R2 NetTcpHandler; C:\Users\Cliente\AppData\Roaming\NetService\netservice.exe [173088 2015-07-08] ()
R2 rowugoqo; C:\Users\Cliente\AppData\Local\03000200-1453129980-0500-0006-000700080009\snskAEF6.tmp [225792 2016-01-18] () [Arquivo não assinado]
R2 Rumlahte; C:\Users\Cliente\AppData\Roaming\SeexaiAvo\Acewpoen.exe [125800 2016-03-25] ()
R2 Sed; C:\Users\Cliente\AppData\Roaming\ntsvc\ntsvc.exe [371408 2015-07-30] (Navigation Co., Ltd.) [Arquivo não assinado]
R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\1.2.2.10256\WeatherService.exe [143848 2015-06-14] ()
R2 Tytrato; C:\Users\Cliente\AppData\Roaming\Pejjatmej\Pejjatmej.exe [174440 2016-03-25] ()
R2 WdMan; C:\ProgramData\BWdMB\WdMan.exe [274600 2016-03-24] (TFuns LIMITED)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
R2 WinNetSvc; C:\Users\Cliente\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
R2 WMPNetworkAcSvc; C:\Users\Cliente\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [4984448 2016-03-15] ()
R2 wucotusy; C:\Program Files\03000200-1453137062-0500-0006-000700080009\hnse5ADE.tmp [416256 2016-01-18] () [Arquivo não assinado]
R2 zigipyro; C:\Users\Cliente\AppData\Local\03000200-1458940053-0500-0006-000700080009\qnskE0FE.tmp [158720 2015-12-26] () [Arquivo não assinado]
R2 zutuzuni; C:\Program Files\03000200-1453137062-0500-0006-000700080009\jnst2A79.tmp [307712 2016-01-18] () [Arquivo não assinado]
S2 Fiswihao; "C:\Users\Cliente\AppData\Roaming\FacbuSuwru\Gijjeni.exe" -cms [X]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-16] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-16] (AVAST Software) [Arquivo não assinado]
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-16] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2015-02-15] () [Arquivo não assinado]
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2015-02-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-16] ()
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\BdApiUtil.sys [121184 2014-05-28] (Baidu, Inc.)
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\BdCameraProtect.sys [21152 2014-05-27] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [48448 2014-05-27] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [29504 2014-05-27] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [94976 2014-05-28] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [70496 2014-05-27] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [51584 2014-05-27] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [155968 2014-05-28] (Baidu, Inc.)
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [30624 2016-03-25] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [62272 2016-03-25] (Cherimoya Ltd)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-01-30] (Huawei Technologies Co., Ltd.)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-17] (Intel Corporation)
S3 Spring; C:\Program Files\Baidu Security\Baidu Antivirus\Spring.sys [96608 2014-06-18] ()
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-13] (Microsoft Corporation) [Arquivo não assinado]
R1 {34ab94d7-028f-4b79-b946-f5785e74c181}Gw; C:\Windows\System32\drivers\{34ab94d7-028f-4b79-b946-f5785e74c181}Gw.sys [43112 2016-01-10] (StdLib)
R1 {34ab94d7-028f-4b79-b946-f5785e74c181}w; C:\Windows\System32\drivers\{34ab94d7-028f-4b79-b946-f5785e74c181}w.sys [43200 2015-01-13] (StdLib)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [52928 2014-06-11] (StdLib)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 cpuz134; \??\C:\Users\Cliente\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 ppfd_vt_1_10_0_21; system32\drivers\ppfd_vt_1_10_0_21.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-25 23:24 - 2016-03-25 23:24 - 00000000 ____D C:\Users\Cliente\AppData\Local\tuto_monetize_120160325
2016-03-25 23:21 - 2016-03-25 23:21 - 00000000 ____D C:\Users\Cliente\AppData\Local\tuto_monetize_220160325
2016-03-25 23:21 - 2016-03-25 23:21 - 00000000 ____D C:\Program Files\comowin_otut_20160325
2016-03-25 23:18 - 2016-03-25 23:21 - 00031874 _____ C:\Users\Cliente\Downloads\FRST.txt
2016-03-25 23:17 - 2016-03-25 23:18 - 00000000 ____D C:\FRST
2016-03-25 23:16 - 2016-03-25 23:21 - 00000000 ____D C:\Program Files\sunnyday
2016-03-25 23:11 - 2016-03-25 23:13 - 01725440 _____ (Farbar) C:\Users\Cliente\Downloads\FRST (1).exe
2016-03-25 23:11 - 2016-03-25 23:11 - 00030624 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2016-03-25 23:11 - 2016-03-25 23:11 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\SeexaiAvo
2016-03-25 23:11 - 2016-03-25 23:11 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Pejjatmej
2016-03-25 23:11 - 2016-03-25 23:11 - 00000000 ____D C:\Program Files\Dhuavesecoaddi
2016-03-25 23:10 - 2016-03-25 23:13 - 01725440 _____ (Farbar) C:\Users\Cliente\Downloads\FRST.exe
2016-03-25 23:07 - 2016-03-25 23:09 - 00000000 ____D C:\Program Files\DNS Unlocker
2016-03-25 23:06 - 2016-03-25 23:06 - 00000909 _____ C:\Users\Cliente\Desktop\Hostify.lnk
2016-03-25 22:53 - 2016-03-25 22:53 - 00000000 ____D C:\Windows\system32\suo
2016-03-25 21:12 - 2016-03-25 21:12 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-03-25 21:12 - 2016-03-25 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrivLauncher
2016-03-25 21:12 - 2016-03-25 21:12 - 00000000 ____D C:\Program Files\FrivLauncher
2016-03-25 21:07 - 2016-03-25 21:08 - 00000000 ____D C:\Users\Cliente\AppData\Local\03000200-1458940053-0500-0006-000700080009
2016-03-25 20:27 - 2016-03-25 20:27 - 00000000 ____D C:\Windows\system32\lee
2016-03-25 20:12 - 2016-03-25 23:11 - 00062272 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-03-25 13:04 - 2016-03-25 13:04 - 00068096 _____ C:\Users\Todos os Usuários\lsass.exe
2016-03-25 13:04 - 2016-03-25 13:04 - 00068096 _____ C:\ProgramData\lsass.exe
2016-03-25 12:17 - 2016-03-25 12:17 - 00000000 ____D C:\Windows\system32\fil
2016-03-25 11:54 - 2016-03-25 12:00 - 00000925 _____ C:\Windows\system32\${LOGFILE}
2016-03-25 10:15 - 2016-03-25 10:17 - 00000000 ____D C:\Users\Cliente\otPokemon
2016-03-25 01:05 - 2016-03-25 01:07 - 08111996 _____ (otPokemon ) C:\Users\Cliente\Downloads\OTP_NewClientLauncher_21.exe
2016-03-25 00:31 - 2016-03-25 00:31 - 00001672 ____R C:\Yeabeats Browser.lnk
2016-03-25 00:31 - 2016-03-25 00:31 - 00000000 _____ C:\Users\Cliente\AppData\LocalLow\localStorageIE_backup.txt
2016-03-25 00:31 - 2015-11-25 15:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-03-25 00:31 - 2015-11-25 15:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-03-25 00:30 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-03-25 00:30 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-03-25 00:01 - 2015-12-04 13:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-03-25 00:01 - 2015-12-04 13:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-03-24 23:59 - 2016-03-25 01:04 - 00015482 _____ C:\Users\Todos os Usuários\webad.xml
2016-03-24 23:59 - 2016-03-25 01:04 - 00015482 _____ C:\ProgramData\webad.xml
2016-03-24 23:56 - 2016-03-24 23:56 - 00000000 ____D C:\Windows\system32\nipy
2016-03-24 23:56 - 2016-03-02 10:49 - 01888256 _____ C:\Users\Todos os Usuários\msiql.exe
2016-03-24 23:56 - 2016-03-02 10:49 - 01888256 _____ C:\ProgramData\msiql.exe
2016-03-24 23:54 - 2016-03-25 23:10 - 00000000 ____D C:\Program Files\win_en_77
2016-03-24 23:54 - 2016-03-25 12:00 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Nosibay
2016-03-24 23:54 - 2016-03-24 23:54 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Eoticu
2016-03-24 23:54 - 2016-03-24 23:54 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\DhicedOenovf
2016-03-24 23:54 - 2016-03-24 23:54 - 00000000 ____D C:\Users\Cliente\AppData\Local\win_en_77
2016-03-24 23:53 - 2016-03-24 23:53 - 00000074 _____ C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-24 23:53 - 2016-03-24 23:53 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-03-24 23:53 - 2016-03-24 23:53 - 00000000 ____D C:\Users\Todos os Usuários\BWdMB
2016-03-24 23:53 - 2016-03-24 23:53 - 00000000 ____D C:\ProgramData\BWdMB
2016-03-24 23:53 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Todos os Usuários\service.exe
2016-03-24 23:53 - 2016-01-11 15:49 - 01734656 _____ C:\ProgramData\service.exe
2016-03-24 23:52 - 2016-01-11 15:49 - 01734656 _____ C:\Users\Cliente\AppData\Roaming\service.exe
2016-03-24 23:50 - 2016-03-25 21:04 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\mysites123
2016-03-24 23:49 - 2016-03-24 23:50 - 00294912 _____ C:\Users\Cliente\Downloads\Não confirmado 226935.crdownload
2016-03-24 23:47 - 2016-03-24 23:47 - 00000000 ____D C:\Users\Todos os Usuários\9b5a4a70-6533-0
2016-03-24 23:47 - 2016-03-24 23:47 - 00000000 ____D C:\ProgramData\9b5a4a70-6533-0
2016-03-24 23:46 - 2016-03-25 23:10 - 00000000 ____D C:\Program Files\Hostify
2016-03-24 23:46 - 2016-03-24 23:53 - 00000000 ____D C:\Program Files\NewExt
2016-03-24 23:46 - 2016-03-24 23:47 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-03-24 23:46 - 2016-03-24 23:46 - 00000000 ____D C:\Users\Todos os Usuários\9b5a4a70-68f3-1
2016-03-24 23:46 - 2016-03-24 23:46 - 00000000 ____D C:\ProgramData\9b5a4a70-68f3-1
2016-03-24 23:44 - 2016-03-24 23:53 - 00000000 ____D C:\00e4675bce478f9683
2016-03-24 23:37 - 2016-03-24 23:37 - 00000000 ____D C:\Windows\system32\xefu
2016-03-24 23:35 - 2016-03-24 23:35 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Mozilla
2016-03-24 23:35 - 2016-03-24 23:35 - 00000000 ____D C:\489cde3a416ccfafe2
2016-03-24 23:34 - 2016-03-24 23:34 - 00002397 _____ C:\Windows\system32\findit.xml
2016-03-24 23:34 - 2016-03-24 23:34 - 00000000 ____D C:\Users\Todos os Usuários\Silqvodoxs
2016-03-24 23:34 - 2016-03-24 23:34 - 00000000 ____D C:\ProgramData\Silqvodoxs
2016-03-24 23:32 - 2016-03-24 23:32 - 06493696 _____ C:\Users\Cliente\AppData\Roaming\agent.dat
2016-03-24 23:32 - 2016-03-24 23:32 - 01621131 _____ C:\Users\Cliente\AppData\Roaming\Scotlatlex.tst
2016-03-24 23:32 - 2016-03-24 23:32 - 00126464 _____ C:\Users\Cliente\AppData\Roaming\noah.dat
2016-03-24 23:32 - 2016-03-24 23:32 - 00065424 _____ C:\Users\Cliente\AppData\Roaming\Config.xml
2016-03-24 23:32 - 2016-03-24 23:32 - 00018432 _____ C:\Users\Cliente\AppData\Roaming\Main.dat
2016-03-24 23:31 - 2016-03-24 23:23 - 00952320 _____ C:\Users\Cliente\AppData\Roaming\Scotlatlex.exe
2016-03-24 23:30 - 2016-03-24 23:32 - 00005568 _____ C:\Users\Cliente\AppData\Roaming\md.xml
2016-03-24 23:30 - 2016-03-24 23:30 - 00848437 _____ C:\Users\Cliente\AppData\Roaming\Zendox.bin
2016-03-24 23:30 - 2016-03-24 23:30 - 00126464 _____ C:\Users\Cliente\AppData\Roaming\lobby.dat
2016-03-24 23:30 - 2016-03-24 23:30 - 00072706 _____ C:\Users\Cliente\AppData\Roaming\GeoSolotam.tst
2016-03-24 23:30 - 2016-03-24 23:30 - 00054272 _____ C:\Users\Cliente\AppData\Roaming\ApplicationHosting.dat
2016-03-24 23:30 - 2016-03-24 23:30 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter
2016-03-24 23:30 - 2016-03-24 23:30 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-03-24 23:30 - 2016-03-24 23:23 - 00952320 _____ C:\Users\Cliente\AppData\Roaming\GeoSolotam.exe
2016-03-24 23:29 - 2016-03-25 00:01 - 00000000 ____D C:\Users\Cliente\AppData\Local\Setup Wizard
2016-03-24 23:23 - 2016-03-24 23:28 - 00015936 _____ C:\Users\Cliente\AppData\Roaming\InstallationConfiguration.xml
2016-03-24 23:23 - 2016-03-24 23:23 - 00127488 _____ C:\Users\Cliente\AppData\Roaming\Installer.dat
2016-03-24 23:23 - 2016-03-24 23:23 - 00053069 _____ C:\Users\Cliente\AppData\Roaming\inst.lat
2016-03-24 23:22 - 2016-03-24 23:22 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Lecleebn
2016-03-24 22:53 - 2016-03-25 22:59 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\WMPNetworkAcSvc
2016-03-24 22:42 - 2016-03-24 22:42 - 00000000 ____D C:\Users\Cliente\AppData\Local\rec_en_235
2016-03-24 22:42 - 2016-03-24 22:42 - 00000000 ____D C:\Program Files\rec_en_235
2016-03-24 22:32 - 2016-03-24 22:32 - 00000000 ___HD C:\Users\Cliente\AppData\Local\35a15a695e112a0f
2016-03-24 22:28 - 2016-03-25 00:00 - 00000000 ____D C:\Users\Cliente\AppData\Local\mbot_en_037050277
2016-03-24 22:28 - 2016-03-24 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
2016-03-24 22:28 - 2016-03-24 22:28 - 00000000 ____D C:\Program Files\mbot_en_037050277
2016-03-24 22:04 - 2016-03-24 22:04 - 00987728 _____ (Google Inc.) C:\Users\Cliente\Downloads\ChromeSetup.exe

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-03-25 23:20 - 2015-07-31 17:09 - 00000598 _____ C:\Windows\Tasks\{3B7FD029-D932-411b-AF15-C96CF8EF0C18}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job
2016-03-25 23:12 - 2016-01-18 14:30 - 00000000 ____D C:\Users\Cliente\AppData\Local\gmsd_br_005010211
2016-03-25 23:11 - 2016-01-18 14:25 - 00000000 ____D C:\Users\Cliente\AppData\Local\Tempfolder
2016-03-25 23:07 - 2014-03-26 11:09 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-25 23:05 - 2016-01-18 14:13 - 00000000 ____D C:\Users\Cliente\AppData\Local\03000200-1453129980-0500-0006-000700080009
2016-03-25 22:59 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\tracing
2016-03-25 22:58 - 2015-07-31 17:09 - 00000000 ____D C:\Users\Todos os Usuários\ToolsUpdatePlatform
2016-03-25 22:58 - 2015-07-31 17:09 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2016-03-25 22:55 - 2015-07-31 17:09 - 00000422 _____ C:\Windows\Tasks\ToolsUpdatePlatform_ScheduledTask.job
2016-03-25 22:55 - 2009-07-14 01:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-25 22:55 - 2009-07-14 01:34 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-25 22:54 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-25 22:41 - 2015-07-31 17:32 - 00000278 _____ C:\Windows\Tasks\UpdateTask.job
2016-03-25 21:05 - 2016-01-18 14:23 - 00000000 ____D C:\Program Files\shopperz180120161309
2016-03-25 20:51 - 2015-02-15 11:08 - 00000000 ____D C:\Program Files\InstallAffixationInfo
2016-03-25 20:48 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-03-25 20:39 - 2016-01-12 16:53 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\otPokemon
2016-03-25 10:15 - 2014-03-25 16:22 - 00000000 ____D C:\Users\Cliente
2016-03-25 01:24 - 2014-03-25 16:27 - 01003290 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-25 01:24 - 2009-07-29 15:38 - 00146118 _____ C:\Windows\system32\prfc0416.dat
2016-03-25 01:24 - 2009-07-29 15:38 - 00067360 _____ C:\Windows\system32\prfh0416.dat
2016-03-25 01:07 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-25 00:23 - 2015-07-31 17:08 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\WeatherTool
2016-03-25 00:02 - 2015-12-25 10:53 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-03-25 00:02 - 2015-12-25 10:53 - 00000000 ____D C:\ProgramData\Windows Update
2016-03-24 23:25 - 2015-12-17 10:05 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-03-24 23:25 - 2015-12-17 10:05 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-03-24 22:59 - 2014-03-26 11:15 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\Skype
2016-03-24 22:59 - 2014-03-26 11:14 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-03-24 22:59 - 2014-03-26 11:14 - 00000000 ____D C:\ProgramData\Skype
2016-03-24 22:53 - 2015-12-17 09:59 - 00000000 _____ C:\END
2016-03-24 22:53 - 2015-07-31 18:00 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\RunDir
2016-03-24 22:53 - 2014-09-28 10:15 - 00002096 __RSH C:\Users\Todos os Usuários\ntuser.pol
2016-03-24 22:53 - 2014-09-28 10:15 - 00002096 __RSH C:\ProgramData\ntuser.pol
2016-03-24 22:42 - 2015-12-11 10:54 - 00000000 ____D C:\Program Files\Games-desktop
2016-03-24 22:37 - 2014-06-12 15:14 - 00000000 ____D C:\Users\Cliente\AppData\Roaming\baidu
2016-03-24 22:32 - 2016-01-10 17:32 - 00000152 _____ C:\Users\Cliente\AppData\Roaming\WB.CFG
2016-03-24 22:10 - 2015-08-04 20:59 - 00000000 ____D C:\Users\Cliente\AppData\Local\ElevatedDiagnostics
2016-03-24 22:01 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF

==================== Arquivos na raiz de alguns diretórios =======

2015-12-30 18:56 - 2015-12-30 18:59 - 6420480 _____ () C:\Program Files\GUT9C01.tmp
2016-03-24 23:32 - 2016-03-24 23:32 - 6493696 _____ () C:\Users\Cliente\AppData\Roaming\agent.dat
2016-03-24 23:30 - 2016-03-24 23:30 - 0054272 _____ () C:\Users\Cliente\AppData\Roaming\ApplicationHosting.dat
2016-03-24 23:45 - 2016-03-24 23:46 - 0001237 _____ () C:\Users\Cliente\AppData\Roaming\Bubble Dock.boostrap.log
2016-03-24 23:53 - 2016-03-24 23:54 - 0002222 _____ () C:\Users\Cliente\AppData\Roaming\Bubble Dock.installation.log
2016-03-24 23:32 - 2016-03-24 23:32 - 0065424 _____ () C:\Users\Cliente\AppData\Roaming\Config.xml
2015-08-08 11:29 - 2015-12-15 15:05 - 0001054 _____ () C:\Users\Cliente\AppData\Roaming\FileShred.log
2016-03-24 23:30 - 2016-03-24 23:23 - 0952320 _____ () C:\Users\Cliente\AppData\Roaming\GeoSolotam.exe
2016-03-24 23:30 - 2016-03-24 23:30 - 0072706 _____ () C:\Users\Cliente\AppData\Roaming\GeoSolotam.tst
2016-03-24 23:23 - 2016-03-24 23:23 - 0053069 _____ () C:\Users\Cliente\AppData\Roaming\inst.lat
2016-03-24 23:23 - 2016-03-24 23:28 - 0015936 _____ () C:\Users\Cliente\AppData\Roaming\InstallationConfiguration.xml
2016-03-24 23:23 - 2016-03-24 23:23 - 0127488 _____ () C:\Users\Cliente\AppData\Roaming\Installer.dat
2016-03-24 23:30 - 2016-03-24 23:30 - 0126464 _____ () C:\Users\Cliente\AppData\Roaming\lobby.dat
2016-03-24 23:32 - 2016-03-24 23:32 - 0018432 _____ () C:\Users\Cliente\AppData\Roaming\Main.dat
2016-03-24 23:30 - 2016-03-24 23:32 - 0005568 _____ () C:\Users\Cliente\AppData\Roaming\md.xml
2016-03-24 23:32 - 2016-03-24 23:32 - 0126464 _____ () C:\Users\Cliente\AppData\Roaming\noah.dat
2016-03-24 23:31 - 2016-03-24 23:23 - 0952320 _____ () C:\Users\Cliente\AppData\Roaming\Scotlatlex.exe
2016-03-24 23:32 - 2016-03-24 23:32 - 1621131 _____ () C:\Users\Cliente\AppData\Roaming\Scotlatlex.tst
2016-03-24 23:52 - 2016-01-11 15:49 - 1734656 _____ () C:\Users\Cliente\AppData\Roaming\service.exe
2016-03-24 23:33 - 2016-03-24 23:33 - 0032038 _____ () C:\Users\Cliente\AppData\Roaming\uninstall_temp.ico
2016-01-10 17:32 - 2016-03-24 22:32 - 0000152 _____ () C:\Users\Cliente\AppData\Roaming\WB.CFG
2016-03-24 23:46 - 2016-03-24 23:46 - 0000097 _____ () C:\Users\Cliente\AppData\Roaming\WindApp.boostrap.log
2016-03-24 23:30 - 2016-03-24 23:30 - 0848437 _____ () C:\Users\Cliente\AppData\Roaming\Zendox.bin
2015-12-15 14:33 - 2015-11-26 06:58 - 4127064 _____ () C:\ProgramData\ch_dl_url
2016-03-25 00:30 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2016-03-25 00:31 - 2015-11-25 15:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-03-25 00:01 - 2015-12-04 13:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-03-25 13:04 - 2016-03-25 13:04 - 0068096 _____ () C:\ProgramData\lsass.exe
2016-03-24 23:56 - 2016-03-02 10:49 - 1888256 _____ () C:\ProgramData\msiql.exe
2016-03-24 23:53 - 2016-01-11 15:49 - 1734656 _____ () C:\ProgramData\service.exe
2016-03-24 23:59 - 2016-03-25 01:04 - 0015482 _____ () C:\ProgramData\webad.xml
2015-12-15 16:08 - 2015-12-19 15:16 - 0001449 _____ () C:\ProgramData\xcgui_debug.txt
2016-03-24 23:53 - 2016-03-24 23:53 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Arquivos para serem movidos ou deletados:
====================
C:\Windows\TEMP\is-BJ0JQ.tmp\print.exe
C:\Users\Cliente\AppData\Local\Temp\JF1JJ7OFD\HYBEL4BNG.exe
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\lsass.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\lsass.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Alguns arquivos em TEMP:
====================
C:\Users\Cliente\AppData\Local\Temp\495F.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\4DB5.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\7DSFZDXXUI.exe
C:\Users\Cliente\AppData\Local\Temp\9991.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\AF14.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\amisetup7357__16165.exe
C:\Users\Cliente\AppData\Local\Temp\BavPro_Setup_Mini_051.exe
C:\Users\Cliente\AppData\Local\Temp\bdgC0D0.exe
C:\Users\Cliente\AppData\Local\Temp\BESUZGHUM3.exe
C:\Users\Cliente\AppData\Local\Temp\C0E0.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\C217.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvyi3w2.dll
C:\Users\Cliente\AppData\Local\Temp\F1CD.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\FDFD.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\fsd64EA.exe
C:\Users\Cliente\AppData\Local\Temp\fsd9CFA.exe
C:\Users\Cliente\AppData\Local\Temp\fsdE91.exe
C:\Users\Cliente\AppData\Local\Temp\ICReinstall_4DB5.tmp.exe
C:\Users\Cliente\AppData\Local\Temp\ICReinstall_music-chow-32-bits.exe
C:\Users\Cliente\AppData\Local\Temp\ICSW1.11_0B1T1L2V1T1J1L1V1G1P2W0S1J1L1GtB1.11.exe
C:\Users\Cliente\AppData\Local\Temp\IminentSetup_No_DrWeb.exe
C:\Users\Cliente\AppData\Local\Temp\InstallHelper.exe
C:\Users\Cliente\AppData\Local\Temp\MHMXBXWL9V.exe
C:\Users\Cliente\AppData\Local\Temp\MXQBOPCETT.exe
C:\Users\Cliente\AppData\Local\Temp\oprun6145.exe
C:\Users\Cliente\AppData\Local\Temp\PAB4Z5XCRW.exe
C:\Users\Cliente\AppData\Local\Temp\Q4876ZQPMJ.exe
C:\Users\Cliente\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Cliente\AppData\Local\Temp\spark_install.exe
C:\Users\Cliente\AppData\Local\Temp\TB1QK7SYUY.exe
C:\Users\Cliente\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll
[2009-07-13 20:12] - [2009-07-13 20:12] - 0269824 ____A (Microsoft Corporation) 73F3B146EA8E30C61586A851492A98DA

C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-01-31 13:10

==================== Fim de FRST.txt ============================