Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão:05-03-2016 01
Executado por Francisca (administrador) em FRANCISCA-PC (02-04-2016 17:32:32)
Executando a partir de C:\Users\Francisca\Desktop
Perfis Carregados: Francisca (Perfis Disponíveis: Francisca)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Users\Francisca\AppData\Local\Apps\2.0\abril.exe
(Baidu) C:\Program Files\Baidu\update\baidujp_update.exe
() C:\Program Files\F1C72DDC-1459610267-11E1-8691-3F92A7999786\knse4332.tmpfs
() C:\Program Files\WeatherTool\2.0.0.11150\WeatherService.exe
(Microsoft Corporation) C:\Users\Francisca\AppData\Roaming\XBox\XBLive.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files\WeatherTool\2.0.0.11150\weather.exe
(UOTbi) C:\Program Files\Hostify\idscservice.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Users\Francisca\AppData\Local\mbot_en_037050286\upmbot_en_037050286.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Elex do Brasil Participações Ltda) C:\Users\Francisca\Downloads\yet_another_cleaner_sk_7004786.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Elex do Brasil Participações Ltda) C:\Users\Francisca\AppData\Local\Temp\ISAFE_00000002\uninstall.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software)
HKLM\...\Run: [SPDriver] => C:\Program Files\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Run: [mpck_en_005030286] => [X]
HKLM\...\Run: [rec_en_238] => C:\Program Files\rec_en_238\rec_en_238.exe [4056240 2016-03-25] ()
HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-04-02] (Wizzservices)
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Hostify\idscservice.exe [714240 2016-04-02] (UOTbi)
HKLM\...\RunOnce: [upmbot_en_037050286.exe] => C:\Users\Francisca\AppData\Local\mbot_en_037050286\upmbot_en_037050286.exe [3319984 2016-04-02] ()
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Run: [Facebook Update] => C:\Users\Francisca\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-17] (Facebook Inc.)
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Run: [SPDriver] => C:\Program Files\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] ()
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --workflow=CCM_workflow_launch --appletVersion=1.0 --mode=LBS --helperBridgeName={CEB745F7-05CE-4683-BF26-80A (a entrada de dados tem 284 mais caracteres).
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe --appletID=AppsPanel_BL --appletVersion=1.0 --helperBridgeName={CEB745F7-05CE-4683-BF26-80AFA4CD682D} --inputXmlP (a entrada de dados tem 329 mais caracteres).
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\MountPoints2: {0b88d800-26d0-11e4-ad5b-80ee73388693} - E:\LGAutoRun.exe
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-07] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [2015-05-14]
ShortcutTarget: Windows Explorer.lnk -> C:\Users\Francisca\AppData\Roaming\ljgnhqvh\cmdupdate64.exe (Microsoft Corporation)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53437;https=127.0.0.1:53437
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:53437;https=127.0.0.1:53437
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-04-02] ()
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1EA9180B-3BAD-400F-82B2-5E5C19781C5A}: [NameServer] 82.163.143.177,82.163.142.179
Tcpip\..\Interfaces\{9A66C490-0391-4FE7-97E1-86EE2B9CA34E}: [NameServer] 82.163.143.177,82.163.142.179
Tcpip\..\Interfaces\{9A66C490-0391-4FE7-97E1-86EE2B9CA34E}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130982927725727463&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130982927725797467&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> OldSearch URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=3cde7f20c16203a445e68728c99d39c3&c=pbbt&src=srch&inst=1446162154
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> OldSearch URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332198&octid=EB_ORIGINAL_CTID&ISID=M0C35873F-60FB-4EBD-B215-6F96AB7989EB&SearchSource=58&CUI=&UM=6&UP=SP4015BF45-DBB6-4757-B1BF-7915151620C0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=3cde7f20c16203a445e68728c99d39c3&c=pbbt&src=srch&inst=1446162154
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {4D547671-EDD5-48B9-A80D-A926FDF67804} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10196_swoc_campaign_150810__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Sem Nome -> {04a7f6bf-84c9-46c3-b217-8b8282802520} -> Nenhum Arquivo
BHO: Money Viking -> {c7c5384f-d9e9-4db1-8c72-135ecccbc571} -> C:\Program Files\Money Viking\Extensions\c7c5384f-d9e9-4db1-8c72-135ecccbc571.dll => Nenhum Arquivo
Handler: WSWSVCUchrome - Nenhum Valor CLSID -
FireFox:
========
FF ProfilePath: C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: hxxp://www.yessearches.com/?ts=AHEpCHMkCH8lB0..&v=20160329&uid=CC281FAEBE299666C3621A22EE674F73&ptid=wak&mode=ffseng
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: yessearches
FF Homepage: hxxp://www.yessearches.com/?ts=AHEpCHMkCH8lB0..&v=20160329&uid=CC281FAEBE299666C3621A22EE674F73&ptid=wak&mode=ffseng
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=CC281FAEBE299666C3621A22EE674F73&ptid=wak&ts=AHEpCHMkCH8lB0..&v=20160329&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-01] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4089434036-3335756982-1871828430-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Francisca\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\user.js [2015-12-18]
FF user.js: detected! => C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2015-12-18]
FF SearchPlugin: C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-02]
FF Extension: Firefox Helper - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\firefox@helper [2016-04-02] [não assinado]
FF Extension: Firefox Helper - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\Extensions\firefox@helper [2016-01-29] [não assinado]
FF Extension: Instagram for Firefox - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\Extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi [2015-12-18]
FF Extension: GsearchFinder - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29]
FF Extension: Instagram for Firefox - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi [2015-12-18]
FF HKLM\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files\Mozilla Firefox\extensions\search-snacks@search-snacks.com => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\extensions\defsearchp@gmail.com => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\extensions\deskCutv2@gmail.com => não encontrado (a)
FF HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Francisca\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
Chrome:
=======
CHR Profile: C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Whatsapp™ on pc) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknjcfihbbbgejkhmfiiikeicekcmhml [2014-10-13]
CHR Extension: (Android Application) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmmncpgjaaloalbpijeaphmmpmdpcjkf [2014-10-10]
CHR Extension: (Money Viking) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkggbkmanplombgcjkadbheeflajlim [2015-11-24] [UpdateUrl: hxxp://cdn.moneyviking.net/update] <==== ATENÇÃO
CHR Extension: (AirDroid) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2014-10-10]
CHR Extension: (Get The Results Hub) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfkebaagmhfblecpaedcpgcpmcfnngd [2015-11-23] [UpdateUrl: hxxp://cdn.getresultshub.com/update] <==== ATENÇÃO
CHR Extension: (Purple flowers) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgplpejojljhgndghinonhjpmbdmjamk [2014-11-03]
CHR Extension: (IOS 7 Home) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmapjnboohofgcploolgjojhcdedckha [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Instagram for Chrome) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-10-14]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-10-13]
CHR Profile: C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-24]
CHR Extension: (Google Drive) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-17]
CHR Extension: (YouTube) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Documentos Google off-line) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Avast Online Security) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-24]
CHR Extension: (Instagram for Chrome) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-03-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-21]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843368 2015-09-04] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-07] (AVAST Software)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 ProntSpooler; C:\Users\Francisca\AppData\Local\Apps\2.0\abril.exe [111616 2016-03-21] () [Arquivo não assinado]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.0.11150\WeatherService.exe [153552 2015-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 XBox; C:\Users\Francisca\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE [X]
S2 ggbugreport; "C:\Program Files\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
R2 qozuwumyzbt; C:\Program Files\F1C72DDC-1459610267-11E1-8691-3F92A7999786\knse4332.tmpfs [X]
S2 Winsere; "C:\Program Files\Winsere\Winsere\Winsere.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-07] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-08-10] (Disc Soft Ltd)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [763536 2012-09-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation )
S2 sbmntr; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys [X]
S2 SPDRIVER_1.42.1.2719; \??\C:\Program Files\ShopperPro\JSDriver\1.42.1.2719\jsdrv.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-02 17:32 - 2016-04-02 17:33 - 00022148 _____ C:\Users\Francisca\Desktop\FRST.txt
2016-04-02 17:30 - 2016-04-02 17:32 - 00000000 ____D C:\FRST
2016-04-02 17:28 - 2016-04-02 17:25 - 02374144 ____N (Farbar) C:\Users\Francisca\Desktop\FRST64.exe
2016-04-02 17:28 - 2016-04-02 17:24 - 01725440 ____N (Farbar) C:\Users\Francisca\Desktop\FRST.exe
2016-04-02 16:45 - 2016-04-02 16:45 - 00146304 _____ C:\Windows\Minidump\040216-27190-01.dmp
2016-04-02 16:26 - 2016-04-02 16:29 - 27989848 ____N (Elex do Brasil Participações Ltda) C:\Users\Francisca\Downloads\yet_another_cleaner_sk_7004786.exe
2016-04-02 16:03 - 2016-04-02 17:23 - 00000516 _____ C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job
2016-04-02 16:03 - 2016-04-02 16:03 - 00000000 ____D C:\Program Files\Baidu
2016-04-02 16:02 - 2016-04-02 16:50 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\WeatherTool
2016-04-02 16:02 - 2016-04-02 16:02 - 00000000 ____D C:\Program Files\WeatherTool
2016-04-02 15:31 - 2016-04-02 15:31 - 00007597 _____ C:\Users\Francisca\AppData\Local\Resmon.ResmonCfg
2016-04-02 13:54 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-04-02 13:54 - 2015-11-25 14:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-04-02 13:53 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-04-02 13:53 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-04-02 13:24 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Todos os Usuários\msiql.exe
2016-04-02 13:24 - 2016-04-01 14:51 - 01917952 _____ C:\ProgramData\msiql.exe
2016-04-02 12:52 - 2016-04-02 12:54 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\UPUpdata
2016-04-02 12:49 - 2016-04-02 13:37 - 00000000 ____D C:\Users\Francisca\AppData\Local\app
2016-04-02 12:49 - 2016-04-02 12:49 - 00000000 ____D C:\Users\Francisca\AppData\Local\csdi_monetize_220160330
2016-04-02 12:49 - 2015-12-04 12:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-04-02 12:49 - 2015-12-04 12:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Francisca\AppData\Roaming\service.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe
2016-04-02 12:46 - 2016-04-02 12:47 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-04-02 12:46 - 2016-04-02 12:47 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-04-02 12:45 - 2016-04-02 12:54 - 00000000 ____D C:\Program Files\Hostify
2016-04-02 12:45 - 2016-04-02 12:46 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\Users\Todos os Usuários\5a0c35b2-1a73-1
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\Users\Todos os Usuários\5a0c35b2-0b25-0
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\ProgramData\5a0c35b2-1a73-1
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\ProgramData\5a0c35b2-0b25-0
2016-04-02 12:39 - 2016-04-02 13:57 - 00000000 ____D C:\Program Files\rec_en_238
2016-04-02 12:39 - 2016-04-02 12:39 - 00000000 ____D C:\Users\Francisca\AppData\Local\rec_en_238
2016-04-02 12:37 - 2016-04-02 12:43 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-04-02 12:37 - 2016-04-02 12:43 - 00000000 ____D C:\ProgramData\System32
2016-04-02 12:36 - 2016-04-02 12:36 - 00000000 ____D C:\Users\Francisca\AppData\Local\csdi_monetize_120160330
2016-04-02 12:34 - 2016-04-02 17:27 - 00000000 ____D C:\Users\Francisca\AppData\Local\mbot_en_037050286
2016-04-02 12:34 - 2016-04-02 14:47 - 00000000 ____D C:\Program Files\mbot_en_037050286
2016-04-02 12:32 - 2016-04-02 12:32 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\XBox
2016-04-02 12:30 - 2016-04-02 12:30 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-02 12:20 - 2016-04-02 13:42 - 00000000 ____D C:\Users\Francisca\AppData\Local\F1C72DDC-1459599601-11E1-8691-3F92A7999786
2016-04-02 12:20 - 2016-04-02 12:24 - 07337834 _____ C:\Users\Francisca\Downloads\Instagram-Followers-Hack-v2.0.rar
2016-04-02 12:18 - 2016-04-02 12:15 - 00001042 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-02 12:17 - 2016-04-02 13:00 - 00000000 ____D C:\Program Files\F1C72DDC-1459610267-11E1-8691-3F92A7999786
2016-04-02 12:01 - 2016-04-02 12:01 - 00000000 ____D C:\Users\Francisca\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-02 12:00 - 2016-04-02 12:00 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-02 11:54 - 2016-04-02 11:54 - 00088961 _____ C:\Users\Francisca\Downloads\Instagram Followers Hack 2016.zip
2016-03-31 12:25 - 2016-02-09 03:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-31 12:25 - 2016-02-08 18:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-31 12:25 - 2016-02-08 17:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-31 12:25 - 2016-02-08 17:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-31 12:25 - 2016-02-08 17:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-31 12:25 - 2016-02-08 17:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-31 12:25 - 2016-02-08 17:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-31 12:25 - 2016-02-08 17:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-31 12:25 - 2016-02-08 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-31 12:25 - 2016-02-08 17:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-31 12:25 - 2016-02-08 17:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-31 12:25 - 2016-02-08 17:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-31 12:25 - 2016-02-08 17:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-31 12:25 - 2016-02-08 17:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-31 12:25 - 2016-02-08 17:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-31 12:25 - 2016-02-08 17:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-31 12:25 - 2016-02-08 17:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-31 12:25 - 2016-02-08 17:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-31 12:25 - 2016-02-08 17:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-31 12:25 - 2016-02-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-31 12:25 - 2016-02-08 17:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-31 12:25 - 2016-02-08 17:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-31 12:25 - 2016-02-08 17:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-31 12:25 - 2016-02-08 17:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-31 12:25 - 2016-02-08 17:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-31 12:25 - 2016-02-08 17:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-31 12:25 - 2016-02-08 17:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-31 12:25 - 2016-02-08 17:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-31 12:25 - 2016-02-08 17:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-31 12:25 - 2016-02-08 17:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-31 12:25 - 2016-02-08 17:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-31 12:25 - 2016-02-08 17:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-31 12:25 - 2016-02-08 16:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-31 12:25 - 2016-02-08 16:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-31 12:25 - 2016-02-08 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-31 11:57 - 2016-02-11 15:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-31 11:57 - 2016-02-11 15:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-31 11:57 - 2016-02-11 15:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-31 11:57 - 2016-02-09 06:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-31 11:57 - 2016-02-04 15:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-31 11:57 - 2016-02-04 14:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-31 11:57 - 2016-02-03 14:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-31 11:56 - 2016-02-12 15:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-31 11:56 - 2016-02-12 15:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-31 11:56 - 2016-02-12 15:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-31 11:56 - 2016-02-12 15:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-31 11:56 - 2016-02-12 15:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-31 11:56 - 2016-02-12 15:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-31 11:56 - 2016-02-12 15:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-31 11:56 - 2016-02-11 15:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-31 11:56 - 2016-02-11 15:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-31 11:56 - 2016-02-11 15:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-31 11:56 - 2016-02-11 15:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-31 11:56 - 2016-02-11 15:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-31 11:56 - 2016-02-11 15:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-31 11:56 - 2016-02-11 15:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-31 11:56 - 2016-02-11 15:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-31 11:56 - 2016-02-11 15:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-31 11:56 - 2016-02-11 15:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-31 11:56 - 2016-02-11 15:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-31 11:56 - 2016-02-11 15:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-31 11:56 - 2016-02-11 15:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-31 11:56 - 2016-02-11 15:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-31 11:56 - 2016-02-11 15:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-31 11:56 - 2016-02-11 14:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-31 11:56 - 2016-02-11 14:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-31 11:56 - 2016-02-11 14:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-31 11:56 - 2016-02-11 14:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-31 11:56 - 2016-02-11 14:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-31 11:56 - 2016-02-11 14:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-31 11:56 - 2016-02-11 14:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-31 11:56 - 2016-02-11 14:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-31 11:56 - 2016-02-11 14:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-31 11:56 - 2016-02-03 15:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-31 11:56 - 2016-02-03 15:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-31 11:56 - 2016-02-03 15:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-31 11:51 - 2016-02-19 15:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-31 11:51 - 2016-02-19 15:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-31 11:51 - 2016-02-19 11:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-31 11:51 - 2016-02-11 11:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-31 11:51 - 2016-02-05 11:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-31 11:51 - 2016-02-05 11:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-31 11:51 - 2016-02-05 11:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-31 11:50 - 2016-02-05 15:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-31 11:50 - 2016-02-05 15:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-31 11:50 - 2016-02-05 15:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-31 11:50 - 2016-02-05 14:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-31 11:50 - 2016-02-05 14:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-31 11:45 - 2016-02-09 06:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-31 11:45 - 2016-02-09 06:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-31 11:45 - 2016-02-09 06:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-31 11:45 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-31 11:45 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-31 11:45 - 2016-01-11 15:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-19 18:33 - 2016-03-17 18:52 - 1125195035 ____N C:\Users\Francisca\Downloads\Vai Que Cola S03E31 Perfume Fatal.mp4
2016-03-07 19:26 - 2016-03-24 17:41 - 00000000 ____D C:\Users\Francisca\Desktop\Exportação sem título
2016-03-03 11:24 - 2016-03-03 11:24 - 00000000 ____D C:\Users\Francisca\AppData\Local\ElevatedDiagnostics
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-02 17:23 - 2014-08-13 17:20 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-02 17:23 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-02 16:54 - 2009-07-14 01:34 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-02 16:54 - 2009-07-14 01:34 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-02 16:45 - 2014-08-21 11:03 - 295559359 _____ C:\Windows\MEMORY.DMP
2016-04-02 16:45 - 2014-08-21 11:03 - 00000000 ____D C:\Windows\Minidump
2016-04-02 16:30 - 2014-08-17 22:25 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4089434036-3335756982-1871828430-1000UA.job
2016-04-02 16:22 - 2016-01-26 11:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-02 16:11 - 2014-08-17 14:58 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-02 16:03 - 2014-11-17 15:55 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\Baidu
2016-04-02 16:03 - 2014-11-17 15:53 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2016-04-02 16:03 - 2014-11-17 15:53 - 00000000 ____D C:\ProgramData\Baidu
2016-04-02 15:58 - 2014-08-13 17:20 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 14:53 - 2015-10-30 13:44 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interstat
2016-04-02 14:49 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-02 14:43 - 2014-12-09 18:29 - 00002163 _____ C:\Users\Francisca\Desktop\Google Chrome.lnk
2016-04-02 14:13 - 2014-08-13 17:19 - 00000000 ____D C:\Users\Francisca\AppData\Local\Apps\2.0
2016-04-02 14:03 - 2014-08-13 18:45 - 00002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-02 14:01 - 2014-08-13 18:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-02 13:39 - 2015-11-23 16:40 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\WarThunder
2016-04-02 13:37 - 2015-11-23 16:40 - 00002006 _____ C:\Users\Francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
2016-04-02 13:37 - 2014-08-13 18:11 - 00001795 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-02 13:37 - 2014-08-13 18:11 - 00001783 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-02 12:48 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-04-01 18:13 - 2014-08-17 14:58 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-01 18:13 - 2014-08-17 14:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-31 20:00 - 2014-07-07 12:03 - 01634498 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-31 20:00 - 2009-07-29 15:15 - 00705684 _____ C:\Windows\system32\prfh0416.dat
2016-03-31 20:00 - 2009-07-29 15:15 - 00147524 _____ C:\Windows\system32\prfc0416.dat
2016-03-31 19:52 - 2009-07-14 01:33 - 03621568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 19:49 - 2015-04-16 12:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-31 19:49 - 2014-12-10 15:07 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-31 12:33 - 2014-08-13 18:17 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-31 12:33 - 2014-08-13 18:17 - 00000000 ____D C:\Windows\system32\MRT
2016-03-30 18:50 - 2014-08-17 22:25 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4089434036-3335756982-1871828430-1000Core.job
2016-03-24 17:28 - 2015-08-17 19:48 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\PhotoScape
2016-03-24 17:26 - 2015-08-17 19:50 - 00003072 ____H C:\Users\Francisca\Desktop\photothumb.db
2016-03-11 09:58 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-03 11:08 - 2009-07-13 23:04 - 00000538 _____ C:\Windows\win.ini
==================== Arquivos na raiz de alguns diretórios =======
2015-10-29 20:42 - 2015-10-29 20:42 - 0000000 _____ () C:\Users\Francisca\AppData\Roaming\14D9.tmp
2015-10-28 19:32 - 2015-10-28 19:32 - 0000000 _____ () C:\Users\Francisca\AppData\Roaming\puris.txt
2016-04-02 12:48 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Francisca\AppData\Roaming\service.exe
2014-10-10 12:08 - 2014-10-13 11:08 - 0000003 _____ () C:\Users\Francisca\AppData\Local\proxy.log
2016-04-02 15:31 - 2016-04-02 15:31 - 0007597 _____ () C:\Users\Francisca\AppData\Local\Resmon.ResmonCfg
2014-10-17 14:26 - 2014-10-17 14:26 - 0000000 _____ () C:\Users\Francisca\AppData\Local\{1810CF37-CEB7-40E2-B814-2F94CC2D91F4}
2014-11-17 15:55 - 2014-11-17 15:55 - 0000165 _____ () C:\ProgramData\bc.ini
2016-04-02 13:53 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2016-04-02 13:54 - 2015-11-25 14:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-04-02 12:49 - 2015-12-04 12:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-04-02 13:24 - 2016-04-01 14:51 - 1917952 _____ () C:\ProgramData\msiql.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe
2015-11-23 16:35 - 2015-11-23 16:35 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Francisca\AppData\Local\Temp\1046.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\389_9304br_Upcleaner.exe
C:\Users\Francisca\AppData\Local\Temp\3979.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\5753.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\5tr4buas.xyt.exe
C:\Users\Francisca\AppData\Local\Temp\5WQ4JXL6P5.exe
C:\Users\Francisca\AppData\Local\Temp\7C12.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\98F9.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\A544.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\ADB.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\AdobePhotoshopLightroomCC611__11652_il92035.exe
C:\Users\Francisca\AppData\Local\Temp\appshat_generic.exe
C:\Users\Francisca\AppData\Local\Temp\ASIns.exe
C:\Users\Francisca\AppData\Local\Temp\B90FP7HDSJ.exe
C:\Users\Francisca\AppData\Local\Temp\BA0B.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.94925.exe
C:\Users\Francisca\AppData\Local\Temp\BE5.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\BE5F.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\cszcogxr.uqn.exe
C:\Users\Francisca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiph7ou.dll
C:\Users\Francisca\AppData\Local\Temp\E946.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\EB48.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\F122.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe
C:\Users\Francisca\AppData\Local\Temp\F529.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\FE1E.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\FE2D.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\gb3c52me.nbn.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540752630.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54089EAB0.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540A06030.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540DB1B50.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540DC5DC0.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54104BF90.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd5410C5D40.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541634D71.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54185BE91.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541A1E9B1.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541D81EA2.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541F69570.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541F69691.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54203AFB1.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54244ADA0.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd545649E71.exe
C:\Users\Francisca\AppData\Local\Temp\ICReinstall_winzip18-mediafire.exe
C:\Users\Francisca\AppData\Local\Temp\ipc3lab4.wl1.exe
C:\Users\Francisca\AppData\Local\Temp\KMQQ5AFN0M.exe
C:\Users\Francisca\AppData\Local\Temp\mr3nifiy.f3g.exe
C:\Users\Francisca\AppData\Local\Temp\nsgE969.exe
C:\Users\Francisca\AppData\Local\Temp\nspF127.exe
C:\Users\Francisca\AppData\Local\Temp\offer-E6538ED3-5DD4-4782-8279-A736318B084C.exe
C:\Users\Francisca\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Francisca\AppData\Local\Temp\pcspeedup.exe
C:\Users\Francisca\AppData\Local\Temp\PRE0MYLZD6.exe
C:\Users\Francisca\AppData\Local\Temp\spark_install.exe
C:\Users\Francisca\AppData\Local\Temp\Spark_Setup_all.exe
C:\Users\Francisca\AppData\Local\Temp\ultimate_pc_cleaner.exe
C:\Users\Francisca\AppData\Local\Temp\Uninstall.exe
C:\Users\Francisca\AppData\Local\Temp\ZMGAO6V7RZ.exe
C:\Users\Francisca\AppData\Local\Temp\{1133BBBC-AB90-4187-9BBE-2F67BA28F162}-47.0.2526.73_chrome_installer.exe
C:\Users\Francisca\AppData\Local\Temp\{5950DF21-FACE-4389-A16F-55A77CEE1F41}-47.0.2526.106_46.0.2490.80_chrome_updater_3stage.exe
C:\Users\Francisca\AppData\Local\Temp\{E766887B-4B87-4EB4-A873-652B99F6BB53}-49.0.2623.87_48.0.2564.116_chrome_updater.exe
C:\Users\Francisca\AppData\Local\Temp\{EEDF81A0-9060-41AB-B904-888EDCCBD9D8}-45.0.2454.85_44.0.2403.157_chrome_updater.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2015-11-24 17:00
==================== Fim de FRST.txt ============================
Executado por Francisca (administrador) em FRANCISCA-PC (02-04-2016 17:32:32)
Executando a partir de C:\Users\Francisca\Desktop
Perfis Carregados: Francisca (Perfis Disponíveis: Francisca)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: IE)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
(Adobe Systems, Incorporated) C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Users\Francisca\AppData\Local\Apps\2.0\abril.exe
(Baidu) C:\Program Files\Baidu\update\baidujp_update.exe
() C:\Program Files\F1C72DDC-1459610267-11E1-8691-3F92A7999786\knse4332.tmpfs
() C:\Program Files\WeatherTool\2.0.0.11150\WeatherService.exe
(Microsoft Corporation) C:\Users\Francisca\AppData\Roaming\XBox\XBLive.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files\WeatherTool\2.0.0.11150\weather.exe
(UOTbi) C:\Program Files\Hostify\idscservice.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
() C:\Users\Francisca\AppData\Local\mbot_en_037050286\upmbot_en_037050286.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\rec_en_238\rec_en_238.exe
() C:\ProgramData\WindowsMsg\osmsg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Elex do Brasil Participações Ltda) C:\Users\Francisca\Downloads\yet_another_cleaner_sk_7004786.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Elex do Brasil Participações Ltda) C:\Users\Francisca\AppData\Local\Temp\ISAFE_00000002\uninstall.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registro (Whitelisted) ===========================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-11-06] (AVAST Software)
HKLM\...\Run: [SPDriver] => C:\Program Files\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Run: [mpck_en_005030286] => [X]
HKLM\...\Run: [rec_en_238] => C:\Program Files\rec_en_238\rec_en_238.exe [4056240 2016-03-25] ()
HKLM\...\RunOnce: [WINDOWS_SCREEN_MANAGER_UPDATER_1] => C:\Program Files\Windows Screen Manager\Windows screen manage updater.exe [16896 2016-04-02] (Wizzservices)
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Hostify\idscservice.exe [714240 2016-04-02] (UOTbi)
HKLM\...\RunOnce: [upmbot_en_037050286.exe] => C:\Users\Francisca\AppData\Local\mbot_en_037050286\upmbot_en_037050286.exe [3319984 2016-04-02] ()
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Run: [Facebook Update] => C:\Users\Francisca\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-17] (Facebook Inc.)
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Run: [SPDriver] => C:\Program Files\ShopperPro\JSDriver\1.42.1.2719\jsdrv.exe
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2036224 2016-02-09] ()
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --workflow=CCM_workflow_launch --appletVersion=1.0 --mode=LBS --helperBridgeName={CEB745F7-05CE-4683-BF26-80A (a entrada de dados tem 284 mais caracteres).
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\RunOnce: [Application Restart #2] => C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe --appletID=AppsPanel_BL --appletVersion=1.0 --helperBridgeName={CEB745F7-05CE-4683-BF26-80AFA4CD682D} --inputXmlP (a entrada de dados tem 329 mais caracteres).
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\MountPoints2: {0b88d800-26d0-11e4-ad5b-80ee73388693} - E:\LGAutoRun.exe
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-07] (AVAST Software)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll Nenhum Arquivo
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-17]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [2015-05-14]
ShortcutTarget: Windows Explorer.lnk -> C:\Users\Francisca\AppData\Roaming\ljgnhqvh\cmdupdate64.exe (Microsoft Corporation)
GroupPolicy: Restrição - Chrome <======= ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
ProxyEnable: [.DEFAULT] => Proxy está habilitado.
ProxyServer: [.DEFAULT] => http=127.0.0.1:53437;https=127.0.0.1:53437
AutoConfigURL: [.DEFAULT] => http=127.0.0.1:53437;https=127.0.0.1:53437
Winsock: Catalog5 07 C:\ProgramData\System32\SafeGuard32.dll [2771896 2016-04-02] ()
Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll [342016 2015-08-10] (Lavasoft Limited)
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1EA9180B-3BAD-400F-82B2-5E5C19781C5A}: [NameServer] 82.163.143.177,82.163.142.179
Tcpip\..\Interfaces\{9A66C490-0391-4FE7-97E1-86EE2B9CA34E}: [NameServer] 82.163.143.177,82.163.142.179
Tcpip\..\Interfaces\{9A66C490-0391-4FE7-97E1-86EE2B9CA34E}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130982927725727463&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130982927725797467&GUID=00000000-0000-0000-0000-000000000000
SearchScopes: HKLM -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> OldSearch URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=3cde7f20c16203a445e68728c99d39c3&c=pbbt&src=srch&inst=1446162154
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> OldSearch URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332198&octid=EB_ORIGINAL_CTID&ISID=M0C35873F-60FB-4EBD-B215-6F96AB7989EB&SearchSource=58&CUI=&UM=6&UP=SP4015BF45-DBB6-4757-B1BF-7915151620C0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=3cde7f20c16203a445e68728c99d39c3&c=pbbt&src=srch&inst=1446162154
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {4D547671-EDD5-48B9-A80D-A926FDF67804} URL = hxxps://br.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://br.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://br.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10196_swoc_campaign_150810__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089434036-3335756982-1871828430-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Sem Nome -> {04a7f6bf-84c9-46c3-b217-8b8282802520} -> Nenhum Arquivo
BHO: Money Viking -> {c7c5384f-d9e9-4db1-8c72-135ecccbc571} -> C:\Program Files\Money Viking\Extensions\c7c5384f-d9e9-4db1-8c72-135ecccbc571.dll => Nenhum Arquivo
Handler: WSWSVCUchrome - Nenhum Valor CLSID -
FireFox:
========
FF ProfilePath: C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF NewTab: hxxp://www.yessearches.com/?ts=AHEpCHMkCH8lB0..&v=20160329&uid=CC281FAEBE299666C3621A22EE674F73&ptid=wak&mode=ffseng
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF SelectedSearchEngine: yessearches
FF Homepage: hxxp://www.yessearches.com/?ts=AHEpCHMkCH8lB0..&v=20160329&uid=CC281FAEBE299666C3621A22EE674F73&ptid=wak&mode=ffseng
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=CC281FAEBE299666C3621A22EE674F73&ptid=wak&ts=AHEpCHMkCH8lB0..&v=20160329&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-01] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4089434036-3335756982-1871828430-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Francisca\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF user.js: detected! => C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\user.js [2015-12-18]
FF user.js: detected! => C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\user.js [2015-12-18]
FF SearchPlugin: C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-04-02]
FF Extension: Firefox Helper - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\firefox@helper [2016-04-02] [não assinado]
FF Extension: Firefox Helper - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\Extensions\firefox@helper [2016-01-29] [não assinado]
FF Extension: Instagram for Firefox - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\Extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi [2015-12-18]
FF Extension: GsearchFinder - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-29]
FF Extension: Instagram for Firefox - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid0-BumCY9dUzYckeJaH3JEeimjBpxM@jetpack.xpi [2015-12-18]
FF HKLM\...\Firefox\Extensions: [search-snacks@search-snacks.com] - C:\Program Files\Mozilla Firefox\extensions\search-snacks@search-snacks.com => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-18]
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\extensions\defsearchp@gmail.com => não encontrado (a)
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Francisca\AppData\Roaming\Mozilla\Firefox\Profiles\r3znbhy2.default-1415025754292\extensions\deskCutv2@gmail.com => não encontrado (a)
FF HKU\S-1-5-21-4089434036-3335756982-1871828430-1000\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Francisca\AppData\Local\GAS Tecnologia\GBBD\cef\xpi => não encontrado (a)
Chrome:
=======
CHR Profile: C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Whatsapp™ on pc) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknjcfihbbbgejkhmfiiikeicekcmhml [2014-10-13]
CHR Extension: (Android Application) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmmncpgjaaloalbpijeaphmmpmdpcjkf [2014-10-10]
CHR Extension: (Money Viking) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkkggbkmanplombgcjkadbheeflajlim [2015-11-24] [UpdateUrl: hxxp://cdn.moneyviking.net/update] <==== ATENÇÃO
CHR Extension: (AirDroid) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2014-10-10]
CHR Extension: (Get The Results Hub) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfkebaagmhfblecpaedcpgcpmcfnngd [2015-11-23] [UpdateUrl: hxxp://cdn.getresultshub.com/update] <==== ATENÇÃO
CHR Extension: (Purple flowers) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgplpejojljhgndghinonhjpmbdmjamk [2014-11-03]
CHR Extension: (IOS 7 Home) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmapjnboohofgcploolgjojhcdedckha [2014-10-10]
CHR Extension: (Google Wallet) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-10]
CHR Extension: (Instagram for Chrome) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2014-10-14]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-10-13]
CHR Profile: C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-24]
CHR Extension: (Google Drive) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-17]
CHR Extension: (YouTube) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Documentos Google off-line) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Avast Online Security) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-23]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-24]
CHR Extension: (Instagram for Chrome) - C:\Users\Francisca\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2016-03-31]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-21]
==================== Serviços (Whitelisted) ========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843368 2015-09-04] (Adobe Systems, Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-07] (AVAST Software)
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1747456 2016-03-31] () [Arquivo não assinado]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 ProntSpooler; C:\Users\Francisca\AppData\Local\Apps\2.0\abril.exe [111616 2016-03-21] () [Arquivo não assinado]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado]
R2 TheDesktopWeatherService; C:\Program Files\WeatherTool\2.0.0.11150\WeatherService.exe [153552 2015-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 XBox; C:\Users\Francisca\AppData\Roaming\XBox\XBLive.exe [5906904 2016-02-27] (Microsoft Corporation)
S2 BrsHelper; C:\PROGRA~1\YTDOWN~1\BROWSE~2.EXE [X]
S2 ggbugreport; "C:\Program Files\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
R2 qozuwumyzbt; C:\Program Files\F1C72DDC-1459610267-11E1-8691-3F92A7999786\knse4332.tmpfs [X]
S2 Winsere; "C:\Program Files\Winsere\Winsere\Winsere.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
===================== Drivers (Whitelisted) ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-07] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-08-10] (Disc Soft Ltd)
S3 RTL8192Ce; C:\Windows\System32\DRIVERS\rtl8192Ce.sys [763536 2012-09-13] (Realtek Semiconductor Corporation )
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1334856 2013-05-02] (Realtek Semiconductor Corporation )
S2 sbmntr; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys [X]
S2 SPDRIVER_1.42.1.2719; \??\C:\Program Files\ShopperPro\JSDriver\1.42.1.2719\jsdrv.sys [X]
S1 ssnfd; system32\drivers\ssnfd.sys [X]
S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um Mês Criados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-02 17:32 - 2016-04-02 17:33 - 00022148 _____ C:\Users\Francisca\Desktop\FRST.txt
2016-04-02 17:30 - 2016-04-02 17:32 - 00000000 ____D C:\FRST
2016-04-02 17:28 - 2016-04-02 17:25 - 02374144 ____N (Farbar) C:\Users\Francisca\Desktop\FRST64.exe
2016-04-02 17:28 - 2016-04-02 17:24 - 01725440 ____N (Farbar) C:\Users\Francisca\Desktop\FRST.exe
2016-04-02 16:45 - 2016-04-02 16:45 - 00146304 _____ C:\Windows\Minidump\040216-27190-01.dmp
2016-04-02 16:26 - 2016-04-02 16:29 - 27989848 ____N (Elex do Brasil Participações Ltda) C:\Users\Francisca\Downloads\yet_another_cleaner_sk_7004786.exe
2016-04-02 16:03 - 2016-04-02 17:23 - 00000516 _____ C:\Windows\Tasks\BaiduJP_Update_{8099779F-A13B-403e-B39A-65133857586B}.job
2016-04-02 16:03 - 2016-04-02 16:03 - 00000000 ____D C:\Program Files\Baidu
2016-04-02 16:02 - 2016-04-02 16:50 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\WeatherTool
2016-04-02 16:02 - 2016-04-02 16:02 - 00000000 ____D C:\Program Files\WeatherTool
2016-04-02 15:31 - 2016-04-02 15:31 - 00007597 _____ C:\Users\Francisca\AppData\Local\Resmon.ResmonCfg
2016-04-02 13:54 - 2015-11-25 14:31 - 01100288 _____ C:\Users\Todos os Usuários\HomePage.exe
2016-04-02 13:54 - 2015-11-25 14:31 - 01100288 _____ C:\ProgramData\HomePage.exe
2016-04-02 13:53 - 2016-02-24 06:18 - 01085440 _____ C:\Users\Todos os Usuários\delCalendarReg.exe
2016-04-02 13:53 - 2016-02-24 06:18 - 01085440 _____ C:\ProgramData\delCalendarReg.exe
2016-04-02 13:24 - 2016-04-01 14:51 - 01917952 _____ C:\Users\Todos os Usuários\msiql.exe
2016-04-02 13:24 - 2016-04-01 14:51 - 01917952 _____ C:\ProgramData\msiql.exe
2016-04-02 12:52 - 2016-04-02 12:54 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\UPUpdata
2016-04-02 12:49 - 2016-04-02 13:37 - 00000000 ____D C:\Users\Francisca\AppData\Local\app
2016-04-02 12:49 - 2016-04-02 12:49 - 00000000 ____D C:\Users\Francisca\AppData\Local\csdi_monetize_220160330
2016-04-02 12:49 - 2015-12-04 12:14 - 01081344 _____ C:\Users\Todos os Usuários\LightGate.exe
2016-04-02 12:49 - 2015-12-04 12:14 - 01081344 _____ C:\ProgramData\LightGate.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Todos os Usuários\service.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 01747456 _____ C:\Users\Francisca\AppData\Roaming\service.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 01747456 _____ C:\ProgramData\service.exe
2016-04-02 12:46 - 2016-04-02 12:47 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-04-02 12:46 - 2016-04-02 12:47 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-04-02 12:45 - 2016-04-02 12:54 - 00000000 ____D C:\Program Files\Hostify
2016-04-02 12:45 - 2016-04-02 12:46 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\Users\Todos os Usuários\5a0c35b2-1a73-1
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\Users\Todos os Usuários\5a0c35b2-0b25-0
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\ProgramData\5a0c35b2-1a73-1
2016-04-02 12:45 - 2016-04-02 12:45 - 00000000 ____D C:\ProgramData\5a0c35b2-0b25-0
2016-04-02 12:39 - 2016-04-02 13:57 - 00000000 ____D C:\Program Files\rec_en_238
2016-04-02 12:39 - 2016-04-02 12:39 - 00000000 ____D C:\Users\Francisca\AppData\Local\rec_en_238
2016-04-02 12:37 - 2016-04-02 12:43 - 00000000 ____D C:\Users\Todos os Usuários\System32
2016-04-02 12:37 - 2016-04-02 12:43 - 00000000 ____D C:\ProgramData\System32
2016-04-02 12:36 - 2016-04-02 12:36 - 00000000 ____D C:\Users\Francisca\AppData\Local\csdi_monetize_120160330
2016-04-02 12:34 - 2016-04-02 17:27 - 00000000 ____D C:\Users\Francisca\AppData\Local\mbot_en_037050286
2016-04-02 12:34 - 2016-04-02 14:47 - 00000000 ____D C:\Program Files\mbot_en_037050286
2016-04-02 12:32 - 2016-04-02 12:32 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\XBox
2016-04-02 12:30 - 2016-04-02 12:30 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-02 12:20 - 2016-04-02 13:42 - 00000000 ____D C:\Users\Francisca\AppData\Local\F1C72DDC-1459599601-11E1-8691-3F92A7999786
2016-04-02 12:20 - 2016-04-02 12:24 - 07337834 _____ C:\Users\Francisca\Downloads\Instagram-Followers-Hack-v2.0.rar
2016-04-02 12:18 - 2016-04-02 12:15 - 00001042 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-04-02 12:17 - 2016-04-02 13:00 - 00000000 ____D C:\Program Files\F1C72DDC-1459610267-11E1-8691-3F92A7999786
2016-04-02 12:01 - 2016-04-02 12:01 - 00000000 ____D C:\Users\Francisca\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-04-02 12:00 - 2016-04-02 12:00 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-04-02 11:54 - 2016-04-02 11:54 - 00088961 _____ C:\Users\Francisca\Downloads\Instagram Followers Hack 2016.zip
2016-03-31 12:25 - 2016-02-09 03:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-31 12:25 - 2016-02-08 18:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-31 12:25 - 2016-02-08 17:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-31 12:25 - 2016-02-08 17:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-31 12:25 - 2016-02-08 17:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-31 12:25 - 2016-02-08 17:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-31 12:25 - 2016-02-08 17:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-31 12:25 - 2016-02-08 17:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-31 12:25 - 2016-02-08 17:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-31 12:25 - 2016-02-08 17:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-31 12:25 - 2016-02-08 17:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-31 12:25 - 2016-02-08 17:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-31 12:25 - 2016-02-08 17:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-31 12:25 - 2016-02-08 17:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-31 12:25 - 2016-02-08 17:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-31 12:25 - 2016-02-08 17:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-31 12:25 - 2016-02-08 17:28 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-31 12:25 - 2016-02-08 17:23 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-31 12:25 - 2016-02-08 17:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-31 12:25 - 2016-02-08 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-31 12:25 - 2016-02-08 17:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-31 12:25 - 2016-02-08 17:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-31 12:25 - 2016-02-08 17:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-31 12:25 - 2016-02-08 17:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-31 12:25 - 2016-02-08 17:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-31 12:25 - 2016-02-08 17:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-31 12:25 - 2016-02-08 17:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-31 12:25 - 2016-02-08 17:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-31 12:25 - 2016-02-08 17:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-31 12:25 - 2016-02-08 17:02 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-31 12:25 - 2016-02-08 17:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-31 12:25 - 2016-02-08 17:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-31 12:25 - 2016-02-08 16:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-31 12:25 - 2016-02-08 16:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-31 12:25 - 2016-02-08 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-31 11:57 - 2016-02-11 15:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-03-31 11:57 - 2016-02-11 15:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-31 11:57 - 2016-02-11 15:41 - 01310232 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-31 11:57 - 2016-02-09 06:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-31 11:57 - 2016-02-04 15:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-31 11:57 - 2016-02-04 14:46 - 02387456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-31 11:57 - 2016-02-03 14:59 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-31 11:56 - 2016-02-12 15:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-31 11:56 - 2016-02-12 15:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-31 11:56 - 2016-02-12 15:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-31 11:56 - 2016-02-12 15:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-31 11:56 - 2016-02-12 15:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-31 11:56 - 2016-02-12 15:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-31 11:56 - 2016-02-12 15:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-31 11:56 - 2016-02-12 15:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-31 11:56 - 2016-02-11 15:44 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-31 11:56 - 2016-02-11 15:44 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-31 11:56 - 2016-02-11 15:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-31 11:56 - 2016-02-11 15:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-31 11:56 - 2016-02-11 15:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-31 11:56 - 2016-02-11 15:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-31 11:56 - 2016-02-11 15:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-31 11:56 - 2016-02-11 15:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-31 11:56 - 2016-02-11 15:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-31 11:56 - 2016-02-11 15:33 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-31 11:56 - 2016-02-11 15:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-31 11:56 - 2016-02-11 15:31 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-31 11:56 - 2016-02-11 15:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-31 11:56 - 2016-02-11 15:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-31 11:56 - 2016-02-11 15:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-31 11:56 - 2016-02-11 15:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-31 11:56 - 2016-02-11 14:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-31 11:56 - 2016-02-11 14:37 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-31 11:56 - 2016-02-11 14:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-31 11:56 - 2016-02-11 14:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-31 11:56 - 2016-02-11 14:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-31 11:56 - 2016-02-11 14:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-31 11:56 - 2016-02-11 14:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-31 11:56 - 2016-02-11 14:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-31 11:56 - 2016-02-11 14:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-31 11:56 - 2016-02-03 15:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-31 11:56 - 2016-02-03 15:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\olepro32.dll
2016-03-31 11:56 - 2016-02-03 15:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-31 11:51 - 2016-02-19 15:50 - 00034240 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-31 11:51 - 2016-02-19 15:41 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-31 11:51 - 2016-02-19 11:07 - 01206784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-31 11:51 - 2016-02-11 11:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-31 11:51 - 2016-02-05 11:07 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-31 11:51 - 2016-02-05 11:07 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-31 11:51 - 2016-02-05 11:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-31 11:50 - 2016-02-05 15:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-31 11:50 - 2016-02-05 15:44 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-31 11:50 - 2016-02-05 15:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-31 11:50 - 2016-02-05 14:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-31 11:50 - 2016-02-05 14:43 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-31 11:50 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-31 11:45 - 2016-02-09 06:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-31 11:45 - 2016-02-09 06:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-31 11:45 - 2016-02-09 06:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-31 11:45 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-31 11:45 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-31 11:45 - 2016-01-11 15:54 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-19 18:33 - 2016-03-17 18:52 - 1125195035 ____N C:\Users\Francisca\Downloads\Vai Que Cola S03E31 Perfume Fatal.mp4
2016-03-07 19:26 - 2016-03-24 17:41 - 00000000 ____D C:\Users\Francisca\Desktop\Exportação sem título
2016-03-03 11:24 - 2016-03-03 11:24 - 00000000 ____D C:\Users\Francisca\AppData\Local\ElevatedDiagnostics
==================== Um Mês Modificados arquivos e pastas ========
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2016-04-02 17:23 - 2014-08-13 17:20 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-02 17:23 - 2009-07-14 01:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-02 16:54 - 2009-07-14 01:34 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-02 16:54 - 2009-07-14 01:34 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-02 16:45 - 2014-08-21 11:03 - 295559359 _____ C:\Windows\MEMORY.DMP
2016-04-02 16:45 - 2014-08-21 11:03 - 00000000 ____D C:\Windows\Minidump
2016-04-02 16:30 - 2014-08-17 22:25 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4089434036-3335756982-1871828430-1000UA.job
2016-04-02 16:22 - 2016-01-26 11:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-02 16:11 - 2014-08-17 14:58 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-02 16:03 - 2014-11-17 15:55 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\Baidu
2016-04-02 16:03 - 2014-11-17 15:53 - 00000000 ____D C:\Users\Todos os Usuários\Baidu
2016-04-02 16:03 - 2014-11-17 15:53 - 00000000 ____D C:\ProgramData\Baidu
2016-04-02 15:58 - 2014-08-13 17:20 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 14:53 - 2015-10-30 13:44 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Interstat
2016-04-02 14:49 - 2009-07-14 01:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-02 14:43 - 2014-12-09 18:29 - 00002163 _____ C:\Users\Francisca\Desktop\Google Chrome.lnk
2016-04-02 14:13 - 2014-08-13 17:19 - 00000000 ____D C:\Users\Francisca\AppData\Local\Apps\2.0
2016-04-02 14:03 - 2014-08-13 18:45 - 00002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-02 14:01 - 2014-08-13 18:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-04-02 13:39 - 2015-11-23 16:40 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\WarThunder
2016-04-02 13:37 - 2015-11-23 16:40 - 00002006 _____ C:\Users\Francisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
2016-04-02 13:37 - 2014-08-13 18:11 - 00001795 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-04-02 13:37 - 2014-08-13 18:11 - 00001783 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-04-02 12:48 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\inf
2016-04-01 18:13 - 2014-08-17 14:58 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-04-01 18:13 - 2014-08-17 14:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-03-31 20:00 - 2014-07-07 12:03 - 01634498 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-31 20:00 - 2009-07-29 15:15 - 00705684 _____ C:\Windows\system32\prfh0416.dat
2016-03-31 20:00 - 2009-07-29 15:15 - 00147524 _____ C:\Windows\system32\prfc0416.dat
2016-03-31 19:52 - 2009-07-14 01:33 - 03621568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-31 19:49 - 2015-04-16 12:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-31 19:49 - 2014-12-10 15:07 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-31 12:33 - 2014-08-13 18:17 - 141270216 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-31 12:33 - 2014-08-13 18:17 - 00000000 ____D C:\Windows\system32\MRT
2016-03-30 18:50 - 2014-08-17 22:25 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4089434036-3335756982-1871828430-1000Core.job
2016-03-24 17:28 - 2015-08-17 19:48 - 00000000 ____D C:\Users\Francisca\AppData\Roaming\PhotoScape
2016-03-24 17:26 - 2015-08-17 19:50 - 00003072 ____H C:\Users\Francisca\Desktop\photothumb.db
2016-03-11 09:58 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\system32\NDF
2016-03-03 11:08 - 2009-07-13 23:04 - 00000538 _____ C:\Windows\win.ini
==================== Arquivos na raiz de alguns diretórios =======
2015-10-29 20:42 - 2015-10-29 20:42 - 0000000 _____ () C:\Users\Francisca\AppData\Roaming\14D9.tmp
2015-10-28 19:32 - 2015-10-28 19:32 - 0000000 _____ () C:\Users\Francisca\AppData\Roaming\puris.txt
2016-04-02 12:48 - 2016-03-31 11:32 - 1747456 _____ () C:\Users\Francisca\AppData\Roaming\service.exe
2014-10-10 12:08 - 2014-10-13 11:08 - 0000003 _____ () C:\Users\Francisca\AppData\Local\proxy.log
2016-04-02 15:31 - 2016-04-02 15:31 - 0007597 _____ () C:\Users\Francisca\AppData\Local\Resmon.ResmonCfg
2014-10-17 14:26 - 2014-10-17 14:26 - 0000000 _____ () C:\Users\Francisca\AppData\Local\{1810CF37-CEB7-40E2-B814-2F94CC2D91F4}
2014-11-17 15:55 - 2014-11-17 15:55 - 0000165 _____ () C:\ProgramData\bc.ini
2016-04-02 13:53 - 2016-02-24 06:18 - 1085440 _____ () C:\ProgramData\delCalendarReg.exe
2016-04-02 13:54 - 2015-11-25 14:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
2016-04-02 12:49 - 2015-12-04 12:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
2016-04-02 13:24 - 2016-04-01 14:51 - 1917952 _____ () C:\ProgramData\msiql.exe
2016-04-02 12:48 - 2016-03-31 11:32 - 1747456 _____ () C:\ProgramData\service.exe
2015-11-23 16:35 - 2015-11-23 16:35 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\delCalendarReg.exe
C:\ProgramData\HomePage.exe
C:\ProgramData\LightGate.exe
C:\ProgramData\msiql.exe
C:\ProgramData\service.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\delCalendarReg.exe
C:\Users\Todos os Usuários\HomePage.exe
C:\Users\Todos os Usuários\LightGate.exe
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\service.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Alguns arquivos em TEMP:
====================
C:\Users\Francisca\AppData\Local\Temp\1046.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\389_9304br_Upcleaner.exe
C:\Users\Francisca\AppData\Local\Temp\3979.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\5753.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\5tr4buas.xyt.exe
C:\Users\Francisca\AppData\Local\Temp\5WQ4JXL6P5.exe
C:\Users\Francisca\AppData\Local\Temp\7C12.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\98F9.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\A544.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\ADB.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\AdobePhotoshopLightroomCC611__11652_il92035.exe
C:\Users\Francisca\AppData\Local\Temp\appshat_generic.exe
C:\Users\Francisca\AppData\Local\Temp\ASIns.exe
C:\Users\Francisca\AppData\Local\Temp\B90FP7HDSJ.exe
C:\Users\Francisca\AppData\Local\Temp\BA0B.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\Baidu_Secure_SystemUp_5.0.7.94925.exe
C:\Users\Francisca\AppData\Local\Temp\BE5.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\BE5F.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\cszcogxr.uqn.exe
C:\Users\Francisca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiph7ou.dll
C:\Users\Francisca\AppData\Local\Temp\E946.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\EB48.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\F122.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\f4f2a446-6cf6-458d-b85a-dcb16e8ac472.exe
C:\Users\Francisca\AppData\Local\Temp\F529.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\FE1E.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\FE2D.tmp.exe
C:\Users\Francisca\AppData\Local\Temp\gb3c52me.nbn.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540752630.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54089EAB0.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540A06030.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540DB1B50.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd540DC5DC0.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54104BF90.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd5410C5D40.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541634D71.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54185BE91.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541A1E9B1.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541D81EA2.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541F69570.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd541F69691.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54203AFB1.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd54244ADA0.exe
C:\Users\Francisca\AppData\Local\Temp\GPUpd545649E71.exe
C:\Users\Francisca\AppData\Local\Temp\ICReinstall_winzip18-mediafire.exe
C:\Users\Francisca\AppData\Local\Temp\ipc3lab4.wl1.exe
C:\Users\Francisca\AppData\Local\Temp\KMQQ5AFN0M.exe
C:\Users\Francisca\AppData\Local\Temp\mr3nifiy.f3g.exe
C:\Users\Francisca\AppData\Local\Temp\nsgE969.exe
C:\Users\Francisca\AppData\Local\Temp\nspF127.exe
C:\Users\Francisca\AppData\Local\Temp\offer-E6538ED3-5DD4-4782-8279-A736318B084C.exe
C:\Users\Francisca\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\Francisca\AppData\Local\Temp\pcspeedup.exe
C:\Users\Francisca\AppData\Local\Temp\PRE0MYLZD6.exe
C:\Users\Francisca\AppData\Local\Temp\spark_install.exe
C:\Users\Francisca\AppData\Local\Temp\Spark_Setup_all.exe
C:\Users\Francisca\AppData\Local\Temp\ultimate_pc_cleaner.exe
C:\Users\Francisca\AppData\Local\Temp\Uninstall.exe
C:\Users\Francisca\AppData\Local\Temp\ZMGAO6V7RZ.exe
C:\Users\Francisca\AppData\Local\Temp\{1133BBBC-AB90-4187-9BBE-2F67BA28F162}-47.0.2526.73_chrome_installer.exe
C:\Users\Francisca\AppData\Local\Temp\{5950DF21-FACE-4389-A16F-55A77CEE1F41}-47.0.2526.106_46.0.2490.80_chrome_updater_3stage.exe
C:\Users\Francisca\AppData\Local\Temp\{E766887B-4B87-4EB4-A873-652B99F6BB53}-49.0.2623.87_48.0.2564.116_chrome_updater.exe
C:\Users\Francisca\AppData\Local\Temp\{EEDF81A0-9060-41AB-B904-888EDCCBD9D8}-45.0.2454.85_44.0.2403.157_chrome_updater.exe
==================== Bamital & volsnap =================
(Não há correção automática para arquivos que não passaram na verificação.)
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
LastRegBack: 2015-11-24 17:00
==================== Fim de FRST.txt ============================