Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:09-05-2016 Executado por PC (administrador) em PC-PC (09-05-2016 15:33:19) Executando a partir de C:\Users\PC\Desktop Perfis Carregados: PC (Perfis Disponíveis: PC) Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil) Internet Explorer Versão 8 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe () C:\ProgramData\CloudPrinter\CloudPrinter.exe () C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\jnsb1FB.tmp () C:\ProgramData\Lamzap\Lamzap.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\sqlservr.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\hnsg2046.tmp (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\knslE0AF.tmpfs (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231\qnsgB7BC.tmp (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe (HsljuT) C:\Program Files (x86)\sunnyday\otutnetwork.exe (HsljuT) C:\Program Files (x86)\mobilepcstarterkit\otutnetwork.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe () C:\Users\PC\AppData\Local\SunnyDay21\usun.exe () C:\Program Files (x86)\sunnyday\wincom_K5T.exe () C:\Users\PC\AppData\Roaming\cpuminer\cpm.exe () C:\Program Files (x86)\mobilepcstarterkit\wincom_0LT.exe (ImageEd) C:\Users\PC\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe (JUASz) C:\Program Files\Caster\wizzcaster.exe () C:\ProgramData\msiql.exe () C:\LedCommerce\Utilitarios\Backup_Automatico.exe () C:\Program Files (x86)\SunnyDay21\SunnyDay.exe () C:\Program Files (x86)\comoBoss\comowin.exe () C:\Program Files (x86)\badu\uc.exe (VLOME) C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe () C:\Users\PC\AppData\Roaming\msiql.exe () C:\Users\PC\AppData\Local\Temp\30269\Setup.exe () C:\Program Files (x86)\Torrent Search\IEEF\INFoanSeSFZQ.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe () C:\Program Files (x86)\CalendarTool\2.0.0.11189\calendar.exe () C:\Program Files\UBar\UbarService.exe (UBar Plugin Soft) C:\Program Files\UBar\ubar.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\SunnyDay21\SunnyDay.exe () C:\Program Files (x86)\comoBoss\comowin.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [IDSCCOMZZ2] => "C:\Program Files\Sound+\idsccom_ZZ2.exe" HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe" HKLM\...\Run: [WINCOMK5T] => C:\Program Files (x86)\sunnyday\wincom_K5T.exe [4325888 2016-05-09] () HKLM\...\Run: [cpuminer] => C:\Users\PC\AppData\Roaming\cpuminer\cpm.exe [1417216 2016-03-31] () HKLM\...\Run: [WINCOM0LT] => C:\Program Files (x86)\mobilepcstarterkit\wincom_0LT.exe [4325888 2016-05-09] () HKLM-x32\...\Run: [LedBackup] => C:\LedCommerce\Utilitarios\Backup_Automatico.exe [752640 2015-08-27] () HKLM-x32\...\Run: [sun21] => C:\Program Files (x86)\SunnyDay21\SunnyDay.exe [4332032 2016-05-09] () HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4325888 2016-05-08] () HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [307290 2016-05-08] () HKLM\...\RunOnce: [OTUTPRODUCT_XKCHZ] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [188928 2016-05-09] (HsljuT) HKLM\...\RunOnce: [OTUTPRODUCT_XOIOP] => C:\Program Files (x86)\mobilepcstarterkit\otutnetwork.exe [188928 2016-05-09] (HsljuT) HKLM-x32\...\RunOnce: [usun.exe] => C:\Users\PC\AppData\Local\SunnyDay21\usun.exe [3294720 2016-05-09] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ GbPluginCef: C:\Program Files (x86)\GbPlugin\gbiehCef.dll [2015-09-22] (Caixa Economica Federal) HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [ImageEd] => C:\Users\PC\AppData\Roaming\ImageCropResize\ImageEd\ImageEd.exe [395944 2016-05-05] (ImageEd) HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [YeaInstaller] => C:\Users\PC\AppData\Local\Temp\REXDG78NH\REXDG78NH.exe [1970176 2016-05-09] (TZ) <===== ATENÇÃO HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [Caster] => C:\Program Files\Caster\wizzcaster.exe [172032 2016-05-09] (JUASz) HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [msiql] => c:\users\pc\appdata\roaming\msiql.exe [1920000 2016-05-09] () HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-16] () HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\Run: [Pritc] => C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe [2958848 2016-05-09] (VLOME) <===== ATENÇÃO HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\MountPoints2: {6b5aef56-0dfc-11e6-b5f2-f04da2e1c080} - F:\Setup.exe HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\MountPoints2: {6b5aef5c-0dfc-11e6-b5f2-f04da2e1c080} - F:\Setup.exe AppInit_DLLs: C:\ProgramData\Lamzap\RoundLex.dll => C:\ProgramData\Lamzap\RoundLex.dll [361984 2016-05-09] () AppInit_DLLs-x32: C:\ProgramData\Lamzap\Homestrong.dll => C:\ProgramData\Lamzap\Homestrong.dll [257536 2016-05-09] () ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll [1888480 2015-09-22] (Caixa Economica Federal) GroupPolicy: Restrição - Chrome <======= ATENÇÃO CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 189.45.16.18 189.45.16.19 8.8.8.8 Tcpip\..\Interfaces\{4DE7F42F-045F-4348-A79A-D59E5E3C4B61}: [DhcpNameServer] 189.45.16.18 189.45.16.19 8.8.8.8 Tcpip\..\Interfaces\{5378B1F5-46BC-4781-8E8D-7C4899370996}: [DhcpNameServer] 192.168.0.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms} HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms} HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms} HKU\S-1-5-21-2760107221-826286760-2741309303-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms} SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms} SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_sftrev_16_13¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0EtC0CtDzztD0AyEyB0EtN0D0Tzu0StCyDyEzztN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtD0FyCtA0ByEtBtGtCyC0CtBtGyCtD0CzytGtBzy0CyBtG0E0DyBzytC0FtByCyEzyyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0A0C0C0FyCtAyBtG0F0FtAtDtGyEyEtDtBtG0B0Ezy0EtGtC0DtA0D0C0A0C0B0DyE0Fzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D222502191%26a%3Djmb_sftrev_16_13%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional&p={searchTerms} SearchScopes: HKU\S-1-5-21-2760107221-826286760-2741309303-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPkaTcRWxZ4HWw0SszGYutIo3P7QEX3rgme3HBPySssOmBr4Q43wYshNuWQQDyO7ZToBCb6mZXaagVG0jX09qZ_OOnBYepv889gxmwvUimXiNYjz78ooJFsvKvk5Y9cCI-hqyUMxMHaYVuQ-pntAPm6HuxZ8G9IpsM-_aIHac5&q={searchTerms} BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\38w9icVLckkY.dll [2016-05-09] () BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\qcZtGKqHlUOe.dll [2016-05-09] () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2015-09-22] (Caixa Economica Federal) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default FF NewTab: C:\\ProgramData\\Lamzaps\\ff.NT FF DefaultSearchEngine: findit FF SelectedSearchEngine: Search Provided by Yahoo FF Homepage: hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=d597812f1438c972d602a1230a379e5f FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-13] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-13] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\searchplugins\findit.xml [2016-05-09] FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\searchplugins\Search Provided by Yahoo.xml [2016-03-28] FF Extension: Personas Plus - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\extensions\personas@christopher.beard.xpi [2016-04-17] FF Extension: TSearch - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\2xrplwy6.default\Extensions\{6E727987-C8EA-44DA-8749-310C0FBE3C3E} [2016-05-09] [não assinado] FF HKU\S-1-5-21-2760107221-826286760-2741309303-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => não encontrado (a) StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR DefaultSearchURL: ChromeDefaultData -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: ChromeDefaultData -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-13] CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-13] CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-13] CHR Extension: (Search Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bahkljhhdeciiaodlkppoonappfnheoi [2016-05-02] CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-13] CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-13] CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-13] CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Google Chrome to Phone Extension [DEPRECATED]) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2016-01-13] CHR Extension: (Marc Ecko) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk [2016-01-16] CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-13] CHR Extension: (Skype Calling) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\poghlonenmjdkfghdpfomojhhfggildk [2016-02-24] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx CHR HKU\S-1-5-21-2760107221-826286760-2741309303-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bahkljhhdeciiaodlkppoonappfnheoi] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [948736 2016-05-09] () [Arquivo não assinado] R2 forilysy; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\jnsb1FB.tmp [97792 2016-05-09] () [Arquivo não assinado] R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [593120 2015-09-22] (GAS Tecnologia) S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-04-27] () [Arquivo não assinado] S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2783744 2016-05-09] (TODO: ) [Arquivo não assinado] R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [948736 2016-05-09] () [Arquivo não assinado] S2 lrcReportsService; C:\Program Files (x86)\Lorckphsary\lrcReportsService.exe [1005736 2016-05-06] () R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-09] (DotC United Inc) R2 MSSQL$LEDWARE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\sqlservr.exe [62218696 2012-06-29] (Microsoft Corporation) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc) R2 rijufoze; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\hnsg2046.tmp [138240 2016-05-09] () [Arquivo não assinado] S4 SQLAgent$LEDWARE; C:\Program Files\Microsoft SQL Server\MSSQL10_50.LEDWARE\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-29] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11189\CalendarServ.exe [141960 2015-12-25] () R2 UbarPolicyProvider; C:\Program Files\UBar\UbarService.exe [96264 2016-05-09] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 zigipyro; C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231\qnsgB7BC.tmp [158720 2015-12-26] () [Arquivo não assinado] R2 syfyfubozbt; C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231\knslE0AF.tmpfs [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-12-08] (GAS Tecnologia) R2 inpoutx64; C:\Windows\System32\Drivers\inpoutx64.sys [15008 2016-01-19] (Highresolution Enterprises [www.highrez.co.uk]) R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-09] (DotC United Inc) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-29] (Microsoft Corporation) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation ) R2 UbarCalloutDriver; C:\Program Files\UBar\UbarDriver.sys [13392 2016-05-09] () R3 usbio; C:\Windows\System32\Drivers\usbio_x64.sys [48488 2012-11-12] () R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-12-08] (GAS Tecnologia LTDA) S1 gbpddfac; system32\drivers\gbpddfac64.sys [X] S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S3 netr28ux; system32\DRIVERS\netr28ux.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-09 15:33 - 2016-05-09 15:33 - 00023283 _____ C:\Users\PC\Desktop\FRST.txt 2016-05-09 15:33 - 2016-05-09 15:33 - 00000000 ____D C:\FRST 2016-05-09 15:31 - 2016-05-09 15:32 - 02381312 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe 2016-05-09 15:27 - 2016-05-09 15:27 - 00000000 ____D C:\Program Files (x86)\CalendarTool 2016-05-09 15:25 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC 2016-05-09 15:23 - 2016-05-09 15:23 - 00413439 _____ C:\Users\Todos os Usuários\xdo.zip 2016-05-09 15:23 - 2016-05-09 15:23 - 00413439 _____ C:\ProgramData\xdo.zip 2016-05-09 15:23 - 2016-04-26 18:03 - 01253376 _____ (eee) C:\Users\Todos os Usuários\apptj.exe 2016-05-09 15:23 - 2016-04-26 18:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe 2016-05-09 15:22 - 2016-05-09 15:22 - 00001011 _____ C:\Users\Public\Desktop\ttwifi.lnk 2016-05-09 15:22 - 2016-05-09 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ttwifi 2016-05-09 15:22 - 2016-05-09 15:22 - 00000000 ____D C:\Program Files (x86)\ttwifi 2016-05-09 15:21 - 2016-05-09 15:25 - 00003072 _____ C:\Windows\System32\Tasks\osTip 2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-05-09 15:21 - 2016-05-09 15:25 - 00000000 ____D C:\Program Files (x86)\osTip 2016-05-09 15:21 - 2016-05-09 15:21 - 00000000 ____D C:\Program Files (x86)\Hostify 2016-05-09 15:21 - 2016-05-09 15:13 - 00073402 _____ C:\Users\Todos os Usuários\YSIns.exe 2016-05-09 15:21 - 2016-05-09 15:13 - 00073402 _____ C:\ProgramData\YSIns.exe 2016-05-09 15:20 - 2016-05-09 15:25 - 00000000 ____D C:\Users\Todos os Usuários\Lamzap 2016-05-09 15:20 - 2016-05-09 15:25 - 00000000 ____D C:\ProgramData\Lamzap 2016-05-09 15:20 - 2016-05-09 15:20 - 00002397 _____ C:\Windows\SysWOW64\findit.xml 2016-05-09 15:20 - 2016-05-09 15:20 - 00000000 ____D C:\Users\Todos os Usuários\Lamzaps 2016-05-09 15:20 - 2016-05-09 15:20 - 00000000 ____D C:\ProgramData\Lamzaps 2016-05-09 15:20 - 2016-04-25 12:06 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe 2016-05-09 15:20 - 2016-04-25 12:06 - 01085440 _____ C:\ProgramData\delCalendarReg.exe 2016-05-09 15:19 - 2016-05-09 15:19 - 01626777 _____ C:\Users\PC\AppData\Roaming\TrippleQvofix.tst 2016-05-09 15:19 - 2016-05-09 15:19 - 00072717 _____ C:\Users\PC\AppData\Roaming\Tresplus.tst 2016-05-09 15:19 - 2016-05-09 15:19 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update 2016-05-09 15:19 - 2016-05-09 15:19 - 00000000 ____D C:\ProgramData\Windows Update 2016-05-09 15:19 - 2016-05-09 15:16 - 00948736 _____ C:\Users\PC\AppData\Roaming\TrippleQvofix.exe 2016-05-09 15:19 - 2016-04-19 05:58 - 00600312 _____ C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe 2016-05-09 15:19 - 2016-04-19 05:58 - 00600312 _____ C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2016-05-09 15:18 - 2016-05-09 15:18 - 00848437 _____ C:\Users\PC\AppData\Roaming\U-Saoin.bin 2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\MCorp 2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\gplyra 2016-05-09 15:18 - 2016-05-09 15:18 - 00000000 ____D C:\Users\PC\AppData\Roaming\cpuminer 2016-05-09 15:18 - 2016-05-09 15:16 - 00948736 _____ C:\Users\PC\AppData\Roaming\Tresplus.exe 2016-05-09 15:17 - 2016-05-06 01:51 - 01085440 _____ C:\Users\PC\AppData\Roaming\delCalendarReg.exe 2016-05-09 15:16 - 2016-05-09 15:27 - 02783744 _____ (TODO: ) C:\Users\PC\AppData\Roaming\svrupg.exe 2016-05-09 15:16 - 2016-05-09 15:23 - 00000000 ____D C:\Program Files (x86)\mobilepcstarterkit 2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Users\PC\AppData\Roaming\CalendarTool 2016-05-09 15:16 - 2016-05-09 15:16 - 00000000 ____D C:\Program Files (x86)\badu 2016-05-09 15:16 - 2016-05-09 03:45 - 01920000 _____ C:\Users\Todos os Usuários\msiql.exe 2016-05-09 15:16 - 2016-05-09 03:45 - 01920000 _____ C:\ProgramData\msiql.exe 2016-05-09 15:15 - 2016-05-09 15:16 - 00000000 ____D C:\Users\PC\AppData\Local\4C4C4544-1462806956-3610-8033-C6C04F535231 2016-05-09 15:15 - 2016-05-09 15:15 - 00000000 ____D C:\Program Files (x86)\CleanBrowser 2016-05-09 15:15 - 2016-04-19 05:58 - 00600312 _____ C:\Users\PC\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-05-09 15:14 - 2016-05-09 03:45 - 01920000 _____ C:\Users\PC\AppData\Roaming\msiql.exe 2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\Users\Todos os Usuários\service.exe 2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\Users\PC\AppData\Roaming\service.exe 2016-05-09 15:14 - 2016-04-27 09:46 - 01755136 _____ C:\ProgramData\service.exe 2016-05-09 15:13 - 2016-05-09 15:24 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk 2016-05-09 15:13 - 2016-05-09 15:13 - 00000286 __RSH C:\Users\PC\ntuser.pol 2016-05-09 15:11 - 2016-05-09 15:23 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter 2016-05-09 15:11 - 2016-05-09 15:23 - 00000000 ____D C:\ProgramData\CloudPrinter 2016-05-09 15:11 - 2016-05-09 15:20 - 06494208 _____ C:\Users\PC\AppData\Roaming\agent.dat 2016-05-09 15:11 - 2016-05-09 15:20 - 00126464 _____ C:\Users\PC\AppData\Roaming\noah.dat 2016-05-09 15:11 - 2016-05-09 15:20 - 00065568 _____ C:\Users\PC\AppData\Roaming\Config.xml 2016-05-09 15:11 - 2016-05-09 15:20 - 00018432 _____ C:\Users\PC\AppData\Roaming\Main.dat 2016-05-09 15:11 - 2016-05-09 15:20 - 00005568 _____ C:\Users\PC\AppData\Roaming\md.xml 2016-05-09 15:11 - 2016-05-09 15:19 - 00126464 _____ C:\Users\PC\AppData\Roaming\lobby.dat 2016-05-09 15:11 - 2016-05-09 15:19 - 00054272 _____ C:\Users\PC\AppData\Roaming\ApplicationHosting.dat 2016-05-09 15:11 - 2016-05-09 15:11 - 01626777 _____ C:\Users\PC\AppData\Roaming\Greenjob.tst 2016-05-09 15:11 - 2016-05-09 15:11 - 00848437 _____ C:\Users\PC\AppData\Roaming\Trisdax.bin 2016-05-09 15:11 - 2016-05-09 15:11 - 00072717 _____ C:\Users\PC\AppData\Roaming\Ranksoft.tst 2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Users\Todos os Usuários\Statdex 2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Users\PC\AppData\LocalLow\TSearch 2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\ProgramData\Statdex 2016-05-09 15:11 - 2016-05-09 15:11 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1462817460-3610-8033-C6C04F535231 2016-05-09 15:11 - 2016-05-09 15:10 - 00948736 _____ C:\Users\PC\AppData\Roaming\Ranksoft.exe 2016-05-09 15:11 - 2016-05-09 15:10 - 00948736 _____ C:\Users\PC\AppData\Roaming\Greenjob.exe 2016-05-09 15:11 - 2016-05-09 15:08 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-05-09 15:10 - 2016-05-09 15:16 - 00127488 _____ C:\Users\PC\AppData\Roaming\Installer.dat 2016-05-09 15:10 - 2016-05-09 15:16 - 00015888 _____ C:\Users\PC\AppData\Roaming\InstallationConfiguration.xml 2016-05-09 15:10 - 2016-05-09 15:13 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-05-09 15:10 - 2016-05-09 15:10 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys 2016-05-09 15:10 - 2016-05-09 15:10 - 00000000 ____D C:\Users\PC\AppData\Local\csdi_monetize_220160509 2016-05-09 15:10 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\comoBoss 2016-05-09 15:09 - 2016-05-09 15:28 - 00000000 ____D C:\Users\PC\AppData\Local\SunnyDay21 2016-05-09 15:09 - 2016-05-09 15:13 - 00000324 _____ C:\Windows\Tasks\Update Service for Torrent Search2.job 2016-05-09 15:09 - 2016-05-09 15:10 - 00000000 ____D C:\Users\PC\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 2016-05-09 15:09 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\hohobnd 2016-05-09 15:09 - 2016-05-09 15:09 - 00008954 _____ C:\Windows\System32\Tasks\Lorckphsary Reports 2016-05-09 15:09 - 2016-05-09 15:09 - 00002946 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search2 2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Users\PC\AppData\Roaming\CCACCBF1-7AB4-4CF5-B32D-668C686A539F 2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Users\PC\AppData\Local\tuto_monetize_120160509 2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files\Caster 2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files (x86)\SunnyDay21 2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Program Files (x86)\Lorckphsary 2016-05-09 15:08 - 2016-05-09 15:25 - 00000324 _____ C:\Windows\Tasks\Update Service for Torrent Search.job 2016-05-09 15:08 - 2016-05-09 15:09 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-05-09 15:08 - 2016-05-09 15:08 - 00002644 _____ C:\Windows\System32\Tasks\Update Service for Torrent Search 2016-05-09 15:07 - 2016-05-09 15:21 - 00000000 ____D C:\Program Files (x86)\sunnyday 2016-05-09 15:07 - 2016-05-09 15:08 - 00000000 ____D C:\Program Files (x86)\Torrent Search 2016-05-09 15:06 - 2016-05-09 15:06 - 00000000 ____D C:\Users\PC\AppData\Local\csdi_monetize_120160509 2016-05-09 15:05 - 2016-05-09 15:19 - 00000000 ____D C:\Program Files\Sound+ 2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\Users\Todos os Usuários\UBar 2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\ProgramData\UBar 2016-05-09 15:05 - 2016-05-09 15:08 - 00000000 ____D C:\Program Files\UBar 2016-05-09 15:04 - 2016-05-09 15:10 - 00000000 ____D C:\Program Files (x86)\HomePageDefender 2016-05-09 15:04 - 2016-05-09 15:04 - 00000000 ____D C:\Users\PC\AppData\Roaming\ImageCropResize 2016-05-03 14:19 - 2016-05-03 14:19 - 00001014 _____ C:\Users\PC\Desktop\TagScanner.lnk 2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\TagScanner 2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner 2016-05-03 14:19 - 2016-05-03 14:19 - 00000000 ____D C:\Program Files (x86)\TagScanner 2016-05-03 14:17 - 2016-05-03 14:18 - 02623253 _____ (Sergey Serkov ) C:\Users\PC\Downloads\tagscan-6.0.8-setup.exe 2016-05-03 14:16 - 2016-05-03 14:17 - 00000529 _____ C:\Windows\mp3tageditor.INI 2016-05-03 14:15 - 2016-05-03 14:15 - 00001028 _____ C:\Users\Public\Desktop\Reezaa MP3 Tag Editor.lnk 2016-05-03 14:15 - 2016-05-03 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reezaa MP3 Tag Editor 2016-05-03 14:15 - 2016-05-03 14:15 - 00000000 ____D C:\Program Files (x86)\Reezaa MP3 Tag Editor 2016-05-03 14:14 - 2016-05-03 14:14 - 00706136 _____ (Reezaa.com ) C:\Users\PC\Downloads\mp3tageditor.exe 2016-04-29 16:07 - 2016-04-29 16:07 - 00000000 ____D C:\Program Files (x86)\android-sdk 2016-04-29 15:27 - 2016-04-29 15:27 - 00000000 ____D C:\Windows\android-sdk-windows 2016-04-29 15:04 - 2016-04-29 15:04 - 00000000 ____D C:\Users\PC\.android 2016-04-29 15:03 - 2016-05-02 16:13 - 00000000 ____D C:\Users\PC\Desktop\com.ea.games.r3_row 2016-04-29 13:38 - 2016-04-29 13:38 - 00000000 ____D C:\Program Files\ZenFoneRootKit 2016-04-29 13:38 - 2016-04-29 13:38 - 00000000 ____D C:\Program Files (x86)\ZenFoneRootKit 2016-04-29 12:58 - 2016-04-29 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-04-29 12:58 - 2016-04-29 12:58 - 00000000 ____D C:\Program Files\7-Zip 2016-04-29 12:55 - 2016-04-29 12:56 - 01371668 _____ (Igor Pavlov) C:\Users\PC\Downloads\7z1514-x64.exe 2016-04-26 09:24 - 2016-04-26 09:24 - 00000009 ____N C:\Users\Todos os Usuários\a.bat 2016-04-26 09:24 - 2016-04-26 09:24 - 00000009 ____N C:\ProgramData\a.bat 2016-04-15 14:54 - 2016-04-15 15:07 - 00666240 _____ C:\Users\PC\Desktop\SINTEGRA MARÇO 2016.txt 2016-04-15 13:35 - 2016-04-15 16:58 - 00000000 ____D C:\Users\PC\Desktop\x 2016-04-15 13:30 - 2016-04-15 13:30 - 00000370 _____ C:\Users\PC\Desktop\123.txt 2016-04-12 20:02 - 2016-04-12 20:02 - 00395776 _____ C:\Users\PC\Documents\Untitled-1.cdr 2016-04-12 17:52 - 2016-04-12 17:49 - 00003015 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk 2016-04-12 17:50 - 2016-04-12 17:50 - 00000000 ____D C:\Users\Public\Documents\Corel 2016-04-12 17:49 - 2016-04-16 14:03 - 00000000 ____D C:\Users\Todos os Usuários\Corel 2016-04-12 17:49 - 2016-04-16 14:03 - 00000000 ____D C:\ProgramData\Corel 2016-04-12 17:49 - 2016-04-12 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit) 2016-04-12 17:49 - 2016-04-12 17:49 - 00000000 ____D C:\Program Files\Corel 2016-04-11 15:41 - 2016-04-11 15:41 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk 2016-04-11 13:09 - 2016-04-11 13:47 - 00660352 _____ C:\Users\PC\Desktop\SINTEGRA MARÇO.txt ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-09 15:32 - 2009-07-14 01:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-09 15:32 - 2009-07-14 01:45 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-09 15:31 - 2016-01-12 21:07 - 01657136 _____ C:\Windows\system32\prfh0416.dat 2016-05-09 15:31 - 2016-01-12 21:07 - 01017698 _____ C:\Windows\system32\prfc0416.dat 2016-05-09 15:31 - 2009-07-14 02:13 - 00006680 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-09 15:25 - 2016-03-03 12:36 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-05-09 15:24 - 2016-01-13 10:04 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-09 15:24 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-09 15:20 - 2016-01-13 16:48 - 00002031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-09 15:20 - 2016-01-13 10:06 - 00002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-09 15:20 - 2016-01-13 00:15 - 00002305 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-09 15:17 - 2016-01-13 10:04 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-09 15:13 - 2016-01-13 00:14 - 00000000 ____D C:\Users\PC 2016-05-09 15:10 - 2016-01-13 00:15 - 00002283 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2016-05-09 15:07 - 2016-03-28 18:15 - 00000766 __RSH C:\Users\Todos os Usuários\ntuser.pol 2016-05-09 15:07 - 2016-03-28 18:15 - 00000766 __RSH C:\ProgramData\ntuser.pol 2016-05-09 15:07 - 2016-01-13 09:59 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-09 15:07 - 2009-07-14 00:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-05-09 14:49 - 2016-01-15 16:23 - 00011893 _____ C:\Windows\SysWOW64\BemaFI32.ini 2016-05-09 14:49 - 2016-01-15 16:23 - 00000000 ____D C:\LedCommerce 2016-05-09 11:21 - 2016-01-25 09:33 - 00000000 ____D C:\Users\PC\AppData\Local\ElevatedDiagnostics 2016-05-08 12:00 - 2016-01-20 07:42 - 00002294 _____ C:\Retorno.txt 2016-05-08 12:00 - 2016-01-15 16:23 - 00011877 _____ C:\Windows\BemaFI32.ini 2016-05-03 12:37 - 2016-03-16 15:26 - 00000000 ___RD C:\Users\PC\Desktop\Léo 2016-04-29 15:08 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf 2016-04-19 08:39 - 2016-04-08 14:50 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent 2016-04-17 11:59 - 2016-04-08 14:52 - 00000000 ___SD C:\Users\PC\AppData\LocalLow\Temp 2016-04-15 16:53 - 2016-01-19 13:21 - 00000109 _____ C:\Windows\ODBC.INI 2016-04-15 16:01 - 2016-01-13 10:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-04-15 14:24 - 2016-02-01 09:24 - 00000000 ____D C:\Program Files (x86)\Validador Sintegra 2015 2016-04-12 17:59 - 2016-04-08 16:14 - 00000000 ____D C:\Users\PC\AppData\Roaming\Corel 2016-04-12 17:59 - 2016-04-08 15:53 - 00000000 ____D C:\Users\Todos os Usuários\CorelDRAW Graphics Suite X7 x64 2016-04-12 17:59 - 2016-04-08 15:53 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X7 x64 2016-04-12 17:59 - 2016-01-13 09:54 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc 2016-04-12 17:51 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-04-09 08:06 - 2009-07-14 01:45 - 00494312 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-09 15:11 - 2016-05-09 15:20 - 6494208 _____ () C:\Users\PC\AppData\Roaming\agent.dat 2016-05-09 15:11 - 2016-05-09 15:19 - 0054272 _____ () C:\Users\PC\AppData\Roaming\ApplicationHosting.dat 2016-05-09 15:10 - 2016-05-09 15:11 - 0001222 _____ () C:\Users\PC\AppData\Roaming\Bubble Dock.boostrap.log 2016-05-09 15:11 - 2016-05-09 15:20 - 0065568 _____ () C:\Users\PC\AppData\Roaming\Config.xml 2016-05-09 15:17 - 2016-05-06 01:51 - 1085440 _____ () C:\Users\PC\AppData\Roaming\delCalendarReg.exe 2016-05-09 15:11 - 2016-05-09 15:10 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Greenjob.exe 2016-05-09 15:11 - 2016-05-09 15:11 - 1626777 _____ () C:\Users\PC\AppData\Roaming\Greenjob.tst 2016-05-09 15:10 - 2016-05-09 15:16 - 0015888 _____ () C:\Users\PC\AppData\Roaming\InstallationConfiguration.xml 2016-05-09 15:10 - 2016-05-09 15:16 - 0127488 _____ () C:\Users\PC\AppData\Roaming\Installer.dat 2016-05-09 15:11 - 2016-05-09 15:19 - 0126464 _____ () C:\Users\PC\AppData\Roaming\lobby.dat 2016-05-09 15:11 - 2016-05-09 15:20 - 0018432 _____ () C:\Users\PC\AppData\Roaming\Main.dat 2016-05-09 15:11 - 2016-05-09 15:20 - 0005568 _____ () C:\Users\PC\AppData\Roaming\md.xml 2016-05-09 15:14 - 2016-05-09 03:45 - 1920000 _____ () C:\Users\PC\AppData\Roaming\msiql.exe 2016-05-09 15:11 - 2016-05-09 15:20 - 0126464 _____ () C:\Users\PC\AppData\Roaming\noah.dat 2016-05-09 15:11 - 2016-05-09 15:10 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Ranksoft.exe 2016-05-09 15:11 - 2016-05-09 15:11 - 0072717 _____ () C:\Users\PC\AppData\Roaming\Ranksoft.tst 2016-05-09 15:14 - 2016-04-27 09:46 - 1755136 _____ () C:\Users\PC\AppData\Roaming\service.exe 2016-05-09 15:16 - 2016-05-09 15:27 - 2783744 _____ (TODO: ) C:\Users\PC\AppData\Roaming\svrupg.exe 2016-05-09 15:18 - 2016-05-09 15:16 - 0948736 _____ () C:\Users\PC\AppData\Roaming\Tresplus.exe 2016-05-09 15:19 - 2016-05-09 15:19 - 0072717 _____ () C:\Users\PC\AppData\Roaming\Tresplus.tst 2016-05-09 15:19 - 2016-05-09 15:16 - 0948736 _____ () C:\Users\PC\AppData\Roaming\TrippleQvofix.exe 2016-05-09 15:19 - 2016-05-09 15:19 - 1626777 _____ () C:\Users\PC\AppData\Roaming\TrippleQvofix.tst 2016-05-09 15:11 - 2016-05-09 15:11 - 0848437 _____ () C:\Users\PC\AppData\Roaming\Trisdax.bin 2016-05-09 15:18 - 2016-05-09 15:18 - 0848437 _____ () C:\Users\PC\AppData\Roaming\U-Saoin.bin 2016-05-09 15:20 - 2016-05-09 15:20 - 0032038 _____ () C:\Users\PC\AppData\Roaming\uninstall_temp.ico 2016-05-09 15:11 - 2016-05-09 15:11 - 0000097 _____ () C:\Users\PC\AppData\Roaming\WindApp.boostrap.log 2016-05-09 15:15 - 2016-04-19 05:58 - 0600312 _____ () C:\Users\PC\AppData\Roaming\YeaPlayer_br_IBD_Bundle.exe 2016-01-15 12:36 - 2016-01-15 12:36 - 0000000 _____ () C:\Users\PC\AppData\Local\{4D7C917B-F5B0-4829-BAE9-328C57C05325} 2016-04-26 09:24 - 2016-04-26 09:24 - 0000009 ____N () C:\ProgramData\a.bat 2010-08-28 17:43 - 2010-08-28 17:43 - 0577335 ____N () C:\ProgramData\adb.exe 2010-08-28 17:43 - 2010-08-28 17:43 - 0096256 ____N (Google, inc) C:\ProgramData\AdbWinApi.dll 2010-08-28 17:43 - 2010-08-28 17:43 - 0060928 ____N (Google, inc) C:\ProgramData\AdbWinUsbApi.dll 2016-05-09 15:23 - 2016-04-26 18:03 - 1253376 _____ (eee) C:\ProgramData\apptj.exe 2016-05-09 15:20 - 2016-04-25 12:06 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe 2010-08-28 17:43 - 2010-08-28 17:43 - 0356009 ____N () C:\ProgramData\fastboot.exe 2016-05-09 15:16 - 2016-05-09 03:45 - 1920000 _____ () C:\ProgramData\msiql.exe 2016-05-09 15:14 - 2016-04-27 09:46 - 1755136 _____ () C:\ProgramData\service.exe 2016-05-09 15:23 - 2016-05-09 15:23 - 0413439 _____ () C:\ProgramData\xdo.zip 2016-05-09 15:19 - 2016-04-19 05:58 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe 2016-05-09 15:21 - 2016-05-09 15:13 - 0073402 _____ () C:\ProgramData\YSIns.exe Arquivos para serem movidos ou deletados: ==================== C:\Users\PC\AppData\Local\Temp\REXDG78NH\REXDG78NH.exe C:\Users\PC\AppData\Local\Temp\00028825\casrss.exe C:\ProgramData\a.bat C:\ProgramData\adb.exe C:\ProgramData\AdbWinApi.dll C:\ProgramData\AdbWinUsbApi.dll C:\ProgramData\apptj.exe C:\ProgramData\delCalendarReg.exe C:\ProgramData\fastboot.exe C:\ProgramData\msiql.exe C:\ProgramData\service.exe C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe C:\ProgramData\YSIns.exe C:\Users\Todos os Usuários\a.bat C:\Users\Todos os Usuários\adb.exe C:\Users\Todos os Usuários\AdbWinApi.dll C:\Users\Todos os Usuários\AdbWinUsbApi.dll C:\Users\Todos os Usuários\apptj.exe C:\Users\Todos os Usuários\delCalendarReg.exe C:\Users\Todos os Usuários\fastboot.exe C:\Users\Todos os Usuários\msiql.exe C:\Users\Todos os Usuários\service.exe C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe C:\Users\Todos os Usuários\YSIns.exe Alguns arquivos em TEMP: ==================== C:\Users\PC\AppData\Local\Temp\23333.exe C:\Users\PC\AppData\Local\Temp\4JLBC1ZZFT.exe C:\Users\PC\AppData\Local\Temp\Browser_V5.6.12150.8_r_4644_(Build1604251144).exe C:\Users\PC\AppData\Local\Temp\fsd6F65.exe C:\Users\PC\AppData\Local\Temp\KP2M706SE7.exe C:\Users\PC\AppData\Local\Temp\MPCSetup_1.exe C:\Users\PC\AppData\Local\Temp\nsd45E7.tmp.exe C:\Users\PC\AppData\Local\Temp\nsrFFD3.tmp.exe C:\Users\PC\AppData\Local\Temp\TransliterationCines.dll C:\Users\PC\AppData\Local\Temp\vlc-2.2.1-win32.exe C:\Users\PC\AppData\Local\Temp\Y0ESCU6E07.exe C:\Users\PC\AppData\Local\Temp\YD92TCRPY2.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente C:\Windows\explorer.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\Windows\system32\services.exe => O arquivo é assinado digitalmente C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-05-09 09:05 ==================== Fim de FRST.txt ============================