cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:16-05-2016
Executado por Ruy (administrador) em RUY-PC (17-05-2016 18:22:06)
Executando a partir de C:\Users\Ruy\RUY\Downloads
Perfis Carregados: Ruy (Perfis Disponíveis: Ruy)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\D6CDF0E7-1463071251-3B48-9B36-10C37BC48FAD\jnsx513B.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Users\Ruy\AppData\Local\Apps\2.0\abril.exe
() C:\Program Files (x86)\D6CDF0E7-1463071251-3B48-9B36-10C37BC48FAD\hnsh6CE7.tmp
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\WebShield\WebShield.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(BitTorrent Inc.) C:\Users\Ruy\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(BitTorrent Inc.) C:\Users\Ruy\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ruy\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [AdBlock] => C:\Windows\AdBlock.exe [303226 2016-05-07] ( )
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2557459687-2049365432-1700768065-1000\...\Run: [uTorrent] => C:\Users\Ruy\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-07] (BitTorrent Inc.)
HKU\S-1-5-21-2557459687-2049365432-1700768065-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
HKU\S-1-5-21-2557459687-2049365432-1700768065-1000\...\MountPoints2: {00142847-43ff-11e4-8642-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-2557459687-2049365432-1700768065-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ruy\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ruy\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ruy\AppData\Local\MEGAsync\ShellExtX64.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Ruy\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Ruy\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Ruy\AppData\Local\MEGAsync\ShellExtX32.dll Nenhum Arquivo

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

AutoConfigURL: [S-1-5-21-2557459687-2049365432-1700768065-1000] => hxxp://unstops.org/wpad.dat?8152465c8a77262b41e0fa9fa411e56c10028078
Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8382050E-C766-4030-810D-0C7BD6F6CB87}: [NameServer] 87.118.74.138,8.8.8.8
Tcpip\..\Interfaces\{8382050E-C766-4030-810D-0C7BD6F6CB87}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
ManualProxies: 0hxxp://unstops.org/wpad.dat?8152465c8a77262b41e0fa9fa411e56c10028078

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdks_inner_hp_09_hao123_br&guid=94a8680934edb9512754cf1818152cb8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdks_inner_hp_09_hao123_br&guid=94a8680934edb9512754cf1818152cb8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1428970238&from=tti&uid=SAMSUNGXHD322HJ_S1RLJ50SB74912&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1428970238&from=tti&uid=SAMSUNGXHD322HJ_S1RLJ50SB74912&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2557459687-2049365432-1700768065-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdks_inner_hp_09_hao123_br&guid=94a8680934edb9512754cf1818152cb8
SearchScopes: HKU\S-1-5-21-2557459687-2049365432-1700768065-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2557459687-2049365432-1700768065-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2557459687-2049365432-1700768065-1000 -> {CA38F46B-CE60-4A2D-A442-944E3B50654E} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-01] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-01] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.omniboxes.com/?type=sc&ts=1428970238&from=tti&uid=SAMSUNGXHD322HJ_S1RLJ50SB74912

FireFox:
========
FF ProfilePath: C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
FF DefaultSearchEngine: yessearches
FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
FF Homepage: hxxp://google.com.br
FF Keyword.URL: hxxp://www.yessearches.com/chrome.php?uid=B9238D673DA4F89F56CCEFBFBD8922F9&ptid=pmr&ts=AHEpBnUkAXYsBU..&v=20160301&mode=ffexttoolbar&q=
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-01] (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-08-20] (Nero AG)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF SearchPlugin: C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\hjpiqrlv.default\searchplugins\Search Provided by Yahoo.xml [2016-05-12]
FF SearchPlugin: C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\hjpiqrlv.default\searchplugins\yahoo-ysp.xml [2015-11-16]
FF SearchPlugin: C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yessearches.xml [2016-05-16]
FF Extension: iLivid - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\LVD-SAE@iacsearchandmedia.com.xpi [2015-10-14]
FF Extension: deskCut - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\hjpiqrlv.default\Extensions\1444773821_xpi [2015-10-14] [não assinado]
FF Extension: New Tab by Yahoo - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\hjpiqrlv.default\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [não assinado]
FF Extension: iLivid - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\hjpiqrlv.default\Extensions\LVD-SAE@iacsearchandmedia.com.xpi [2015-10-14]
FF Extension: PriceFountain - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\hjpiqrlv.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-10-14] [não assinado]
FF Extension: deskCut - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\1444773821_xpi [2016-03-12] [não assinado]
FF Extension: GsearchFinder - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-01]
FF Extension: New Tab by Yahoo - C:\Users\Ruy\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-10-08] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-09-25] [não assinado]
FF HKU\S-1-5-21-2557459687-2049365432-1700768065-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR DefaultSearchURL: Profile 10 -> hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Profile 10 -> Yahoo
CHR DefaultSuggestURL: Profile 10 -> hxxps://br.search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Sem Nome) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-15]
CHR Extension: (Sem Nome) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-15]
CHR Extension: (Sem Nome) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-15]
CHR Extension: (Sem Nome) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-05-15]
CHR Extension: (Sem Nome) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2016-05-15]
CHR Extension: (Sem Nome) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-15]
CHR Profile: C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10
CHR Extension: (Google Apresentações) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-17]
CHR Extension: (Google Docs) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-17]
CHR Extension: (Google Drive) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-17]
CHR Extension: (YouTube) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-17]
CHR Extension: (Planilhas do Google) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-17]
CHR Extension: (Documentos Google off-line) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-17]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-17]
CHR Extension: (Yahoo Web) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2016-05-17]
CHR Extension: (Search Manager) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-05-17]
CHR Extension: (Gmail) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-17]
CHR Profile: C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 9
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ruy\AppData\Local\Google\Chrome\User Data\Profile 9\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-14]
CHR HKU\S-1-5-21-2557459687-2049365432-1700768065-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-04-16] (Adobe Systems) [Arquivo não assinado]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 dowidoly; C:\Program Files (x86)\D6CDF0E7-1463071251-3B48-9B36-10C37BC48FAD\jnsx513B.tmp [244224 2016-05-12] () [Arquivo não assinado]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2783744 2016-05-12] (TODO: ) [Arquivo não assinado]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
R2 ProntSpooler; C:\Users\Ruy\AppData\Local\Apps\2.0\abril.exe [124928 2016-04-07] () [Arquivo não assinado]
R2 rijufoze; C:\Program Files (x86)\D6CDF0E7-1463071251-3B48-9B36-10C37BC48FAD\hnsh6CE7.tmp [138240 2016-05-12] () [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.0.5\WsAppService.exe [411648 2016-03-31] (Wondershare) [Arquivo não assinado]
R2 xWVnAarD; C:\Program Files (x86)\WebShield\WebShield.exe [349184 2016-04-29] () [Arquivo não assinado]
S2 Lonfovka; "C:\Users\Ruy\AppData\Roaming\HuosfeEisicxi\Atuyp.exe" -cms [X]
S4 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [X]
S4 Qiornipmue; "C:\Users\Ruy\AppData\Roaming\Veilrum\Veilrum.exe" -cms [X]
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Dr.Fone para Android\DriverInstall.exe" [X]
S2 zelumixezbt; C:\Program Files (x86)\D6CDF0E7-1463071251-3B48-9B36-10C37BC48FAD\knspE693.tmp [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-09-24] ()
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-05-12] (Cherimoya Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-15] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-05-17 18:21 - 2016-05-17 18:22 - 00000000 ____D C:\FRST
2016-05-17 12:01 - 2016-05-17 17:24 - 00000000 ____D C:\Users\Ruy\AppData\LocalLow\uTorrent
2016-05-16 11:53 - 2016-05-17 16:56 - 00000000 ____D C:\Users\Ruy\AppData\Local\D6CDF0E7-1463399602-3B48-9B36-10C37BC48FAD
2016-05-15 15:39 - 2016-05-17 17:15 - 00000000 ____D C:\Program Files (x86)\WebShield
2016-05-15 12:19 - 2016-05-15 12:19 - 00000000 _____ C:\autoexec.bat
2016-05-15 12:16 - 2016-05-15 12:16 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-14 17:22 - 2016-05-17 17:14 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-05-14 17:22 - 2016-05-17 17:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-14 17:22 - 2016-05-15 21:26 - 00000000 ____D C:\Qoobox
2016-05-14 17:22 - 2016-05-15 16:46 - 00000000 ___SD C:\ComboFix
2016-05-14 17:22 - 2016-05-14 17:22 - 00000000 ____D C:\Windows\ERDNT
2016-05-14 17:22 - 2016-05-14 17:22 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\Malwarebytes
2016-05-14 17:22 - 2010-12-20 18:09 - 00038224 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2016-05-14 17:22 - 2010-12-20 18:08 - 00020952 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbam.sys
2016-05-14 17:16 - 2016-05-14 17:17 - 00000000 ____D C:\AdwCleaner
2016-05-14 17:14 - 2016-05-17 17:14 - 00000000 ____D C:\Users\Ruy\RUY\Downloads\Documents\hiriens
2016-05-14 17:14 - 2016-05-14 17:14 - 00003160 _____ C:\Windows\System32\Tasks\{AE7C55C1-EDD9-431A-84B2-74ADB3D76AD2}
2016-05-14 17:13 - 2016-05-14 17:13 - 00000000 ____D C:\zoek_backup
2016-05-14 16:50 - 2016-05-15 16:46 - 00000000 ____D C:\Windows\pss
2016-05-13 22:35 - 2016-05-15 21:23 - 00000000 ____D C:\e1f860810e1e86c0b3d9
2016-05-13 20:55 - 2016-05-13 21:42 - 00000000 ____D C:\Users\Ruy\AppData\Local\D6CDF0E7-1463172953-3B48-9B36-10C37BC48FAD
2016-05-12 14:44 - 2016-05-17 17:44 - 00000262 _____ C:\Windows\Tasks\{43542AF5-7CF6-D200-D5C1-5448EEE3AF73}.job
2016-05-12 14:44 - 2016-05-15 15:05 - 00000000 ____D C:\Users\Ruy\AppData\Local\Setup551681
2016-05-12 14:44 - 2016-05-15 15:05 - 00000000 ____D C:\Users\Ruy\AppData\Local\cemi
2016-05-12 14:44 - 2016-05-12 14:44 - 00003190 _____ C:\Windows\System32\Tasks\{43542AF5-7CF6-D200-D5C1-5448EEE3AF73}
2016-05-12 14:04 - 2016-05-12 14:34 - 00000000 ____D C:\Windows\system32\dea
2016-05-12 13:57 - 2016-05-07 00:14 - 00303226 _____ ( ) C:\Windows\AdBlock.exe
2016-05-12 13:48 - 2016-05-17 17:18 - 00003076 _____ C:\Windows\System32\Tasks\osTip
2016-05-12 13:48 - 2016-05-17 17:14 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg
2016-05-12 13:48 - 2016-05-17 17:14 - 00000000 ____D C:\ProgramData\WindowsMsg
2016-05-12 13:48 - 2016-05-15 15:05 - 00000000 ____D C:\Program Files (x86)\osTip
2016-05-12 13:48 - 2016-05-12 13:55 - 00000000 ____D C:\Users\Ruy\AppData\Local\app
2016-05-12 13:46 - 2016-05-17 17:14 - 00000000 ____D C:\Users\Todos os Usuários\Windows Update
2016-05-12 13:46 - 2016-05-17 17:14 - 00000000 ____D C:\ProgramData\Windows Update
2016-05-12 13:45 - 2016-05-09 03:45 - 01920000 _____ C:\Users\Todos os Usuários\msiql.exe
2016-05-12 13:45 - 2016-05-09 03:45 - 01920000 _____ C:\ProgramData\msiql.exe
2016-05-12 13:44 - 2016-05-15 15:05 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\UPUpdata
2016-05-12 13:44 - 2016-05-12 14:34 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\cpuminer
2016-05-12 13:44 - 2016-05-12 14:34 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2016-05-12 13:44 - 2016-05-12 13:44 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\gplyra
2016-05-12 13:41 - 2016-05-12 13:39 - 00001190 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-05-12 13:40 - 2016-05-15 12:12 - 00000000 ____D C:\Program Files (x86)\D6CDF0E7-1463071251-3B48-9B36-10C37BC48FAD
2016-05-12 13:40 - 2016-05-12 22:57 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\MCorp
2016-05-12 13:39 - 2016-05-12 14:34 - 00000000 ____D C:\Program Files\Caster
2016-05-12 13:39 - 2016-05-12 13:39 - 00000000 ____D C:\Users\Ruy\AppData\Local\csdi_monetize_220160512
2016-05-12 13:31 - 2016-05-12 13:31 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\SpringFiles
2016-05-12 13:29 - 2016-05-15 21:26 - 00000000 ____D C:\uninst
2016-05-12 13:29 - 2016-05-12 14:34 - 00000000 ____D C:\Users\Ruy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2016-05-12 13:29 - 2016-05-12 13:29 - 00000000 ____D C:\Users\Ruy\AppData\Local\Tempfolder
2016-05-12 13:29 - 2016-05-12 13:29 - 00000000 ____D C:\Users\Ruy\AppData\Local\csdi_monetize_120160512
2016-05-12 10:55 - 2016-05-12 13:29 - 00082240 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2016-05-11 11:40 - 2016-04-23 14:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 11:40 - 2016-04-23 13:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 11:40 - 2016-04-23 02:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 11:40 - 2016-04-23 02:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 11:40 - 2016-04-23 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 11:40 - 2016-04-23 02:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 11:40 - 2016-04-23 02:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 11:40 - 2016-04-23 02:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 11:40 - 2016-04-23 02:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 11:40 - 2016-04-23 02:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 11:40 - 2016-04-23 02:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 11:40 - 2016-04-23 01:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 11:40 - 2016-04-23 01:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 11:40 - 2016-04-23 01:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 11:40 - 2016-04-23 01:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 11:40 - 2016-04-23 01:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 11:40 - 2016-04-23 01:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 11:40 - 2016-04-23 01:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 11:40 - 2016-04-23 01:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 11:40 - 2016-04-23 01:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 11:40 - 2016-04-23 01:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 11:40 - 2016-04-23 01:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 11:40 - 2016-04-23 01:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 11:40 - 2016-04-23 01:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 11:40 - 2016-04-23 01:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 11:40 - 2016-04-23 01:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 11:40 - 2016-04-23 01:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 11:40 - 2016-04-23 01:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 11:40 - 2016-04-23 01:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 11:40 - 2016-04-23 01:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 11:40 - 2016-04-23 01:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 11:40 - 2016-04-23 01:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 11:40 - 2016-04-23 01:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 11:40 - 2016-04-23 01:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 11:40 - 2016-04-23 01:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 11:40 - 2016-04-23 01:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 11:40 - 2016-04-23 01:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 11:40 - 2016-04-23 01:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 11:40 - 2016-04-23 01:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 11:40 - 2016-04-23 01:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 11:40 - 2016-04-23 01:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 11:40 - 2016-04-23 01:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 11:40 - 2016-04-23 01:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 11:40 - 2016-04-23 00:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 11:40 - 2016-04-23 00:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 11:40 - 2016-04-23 00:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 11:40 - 2016-04-23 00:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 11:40 - 2016-04-23 00:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 11:40 - 2016-04-23 00:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 11:40 - 2016-04-23 00:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 11:40 - 2016-04-23 00:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 11:40 - 2016-04-23 00:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 11:40 - 2016-04-23 00:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 11:40 - 2016-04-23 00:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 11:40 - 2016-04-23 00:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 11:40 - 2016-04-23 00:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 11:40 - 2016-04-23 00:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 11:40 - 2016-04-23 00:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 11:40 - 2016-04-23 00:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 11:40 - 2016-04-23 00:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 11:40 - 2016-04-23 00:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 11:40 - 2016-04-23 00:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 11:40 - 2016-04-23 00:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 11:40 - 2016-04-23 00:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 11:40 - 2016-04-23 00:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 11:40 - 2016-04-23 00:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 11:40 - 2016-04-14 10:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 11:40 - 2016-04-14 10:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 11:40 - 2016-04-09 04:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 11:40 - 2016-04-09 04:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 11:40 - 2016-04-09 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 11:40 - 2016-04-09 03:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 11:40 - 2016-04-09 03:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 11:40 - 2016-04-09 03:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 11:40 - 2016-04-09 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 11:40 - 2016-04-09 02:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 11:40 - 2016-04-06 12:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-11 11:40 - 2016-03-09 15:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 11:40 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 11:39 - 2016-04-09 04:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 11:39 - 2016-04-09 04:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 11:39 - 2016-04-09 04:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 11:39 - 2016-04-09 04:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 11:39 - 2016-04-09 04:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 11:39 - 2016-04-09 03:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 11:39 - 2016-04-09 03:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 11:39 - 2016-04-09 03:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 11:39 - 2016-04-09 03:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 02:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 11:39 - 2016-04-09 02:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 11:39 - 2016-04-09 02:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 11:39 - 2016-04-09 02:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 11:39 - 2016-04-09 02:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 11:39 - 2016-04-09 02:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 11:39 - 2016-04-09 02:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 11:39 - 2016-04-09 02:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 11:39 - 2016-04-09 02:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 11:39 - 2016-04-09 02:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 11:39 - 2016-04-09 02:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 11:39 - 2016-04-09 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 11:39 - 2016-04-09 02:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 11:39 - 2016-04-09 02:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 11:39 - 2016-04-09 02:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 11:39 - 2016-04-09 02:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 11:39 - 2016-04-09 02:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 11:39 - 2016-04-09 02:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 02:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 02:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:39 - 2016-04-09 02:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:38 - 2016-04-09 01:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 11:38 - 2016-04-09 00:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-04 17:46 - 2016-05-04 17:46 - 00000000 ____D C:\Users\Todos os Usuários\wsr
2016-05-04 17:46 - 2016-05-04 17:46 - 00000000 ____D C:\ProgramData\wsr
2016-05-04 17:41 - 2016-05-04 17:41 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\HMYGSetting
2016-05-04 17:41 - 2016-05-04 17:41 - 00000000 ____D C:\Users\Ruy\AppData\Local\Wondershare
2016-05-04 17:41 - 2016-05-04 17:41 - 00000000 ____D C:\Users\Ruy\.android
2016-05-04 17:41 - 2015-02-27 10:35 - 00000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2016-05-04 17:40 - 2016-05-04 17:49 - 00000000 ___HD C:\Program Files (x86)\DrFoneAndroid_Temp
2016-05-04 17:40 - 2016-05-04 17:49 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-05-04 17:40 - 2016-05-04 17:41 - 00000000 ____D C:\Users\Todos os Usuários\Wondershare
2016-05-04 17:40 - 2016-05-04 17:41 - 00000000 ____D C:\ProgramData\Wondershare

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-05-17 18:20 - 2015-03-25 17:49 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\uTorrent
2016-05-17 18:18 - 2009-07-14 14:55 - 00706610 _____ C:\Windows\system32\prfh0416.dat
2016-05-17 18:18 - 2009-07-14 14:55 - 00147948 _____ C:\Windows\system32\prfc0416.dat
2016-05-17 18:18 - 2009-07-14 02:13 - 01638336 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-17 18:18 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-05-17 18:16 - 2014-09-24 13:39 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-17 17:31 - 2009-07-14 01:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-17 17:31 - 2009-07-14 01:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-17 17:24 - 2015-08-31 09:55 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e3ec54e15c38.job
2016-05-17 17:16 - 2015-08-31 09:55 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3ec54061432.job
2016-05-17 17:16 - 2014-09-24 13:31 - 00000000 ____D C:\Users\Ruy
2016-05-17 17:16 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-17 17:14 - 2016-04-14 12:28 - 00000000 ____D C:\Users\Ruy\.receitanet
2016-05-17 17:14 - 2016-02-20 20:42 - 00000000 ____D C:\Users\Ruy\contatos ig
2016-05-17 17:14 - 2016-02-17 17:27 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2016-05-17 17:14 - 2015-03-25 17:38 - 00000000 ____D C:\Users\Ruy\AppData\Roaming\vlc
2016-05-17 17:14 - 2015-01-22 02:13 - 00000000 ___RD C:\Users\Ruy\RUY
2016-05-17 17:14 - 2014-12-10 14:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-17 17:14 - 2014-09-25 17:47 - 00000000 ____D C:\Users\Todos os Usuários\Adobe
2016-05-17 17:14 - 2014-09-25 17:47 - 00000000 ____D C:\ProgramData\Adobe
2016-05-17 17:14 - 2014-09-25 17:04 - 00000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2016-05-17 17:14 - 2014-09-25 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-05-17 17:14 - 2009-07-14 15:11 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-17 17:14 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\servicing
2016-05-17 17:14 - 2009-07-14 00:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-05-17 17:13 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
2016-05-17 17:10 - 2014-09-25 16:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-05-16 13:36 - 2009-07-14 01:45 - 00421640 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-16 11:21 - 2016-02-17 17:28 - 00000000 ____D C:\Users\Todos os Usuários\GAS Tecnologia
2016-05-16 11:21 - 2016-02-17 17:28 - 00000000 ____D C:\ProgramData\GAS Tecnologia
2016-05-15 17:16 - 2014-09-24 13:50 - 00110880 _____ C:\Users\Ruy\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-15 16:59 - 2016-02-29 17:50 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-15 16:46 - 2015-04-04 21:19 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-15 14:28 - 2015-07-27 18:43 - 00001877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-14 17:36 - 2014-09-24 13:39 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-14 17:35 - 2015-07-27 18:43 - 00001865 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-13 19:56 - 2009-07-14 02:38 - 00067584 ____S C:\Windows\bootstat(11).dat
2016-05-12 15:03 - 2014-12-03 15:12 - 00000000 ____D C:\Users\Ruy\AppData\Local\Apps\2.0
2016-05-12 14:46 - 2015-07-27 22:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-12 14:34 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-05-12 14:15 - 2014-11-14 11:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-05-12 14:04 - 2014-11-14 11:06 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-05-11 18:48 - 2015-07-24 14:15 - 00121344 _____ C:\Users\Ruy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-11 13:40 - 2014-09-24 18:02 - 00000000 ____D C:\Windows\system32\MRT
2016-05-11 13:29 - 2014-09-24 18:02 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-10 21:19 - 2015-08-31 09:55 - 00004066 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e3ec54e15c38
2016-05-10 21:19 - 2015-08-31 09:55 - 00003814 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e3ec54061432
2016-05-08 20:50 - 2015-11-04 17:40 - 00598528 ___SH C:\Users\Ruy\Desktop\Thumbs.db
2016-05-05 22:54 - 2015-04-04 21:19 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-01 12:37 - 2015-03-05 11:41 - 00000000 ____D C:\Users\Todos os Usuários\Oracle
2016-05-01 12:37 - 2015-03-05 11:41 - 00000000 ____D C:\ProgramData\Oracle
2016-05-01 12:19 - 2016-04-12 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-01 12:19 - 2015-07-27 18:35 - 00000000 ____D C:\Program Files (x86)\Java
2016-05-01 12:10 - 2016-04-12 21:44 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-05-01 12:10 - 2016-04-10 19:14 - 00000000 ____D C:\Users\Ruy\.oracle_jre_usage
2016-04-25 01:18 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-22 04:57 - 2014-09-24 14:32 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Arquivos na raiz de alguns diretórios =======

2016-04-10 19:11 - 2016-04-10 19:11 - 0734784 _____ (Oracle Corporation) C:\Program Files (x86)\IRPF2016Win32v1.2.exe
2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 _____ () C:\Users\Ruy\AppData\Roaming\3azwUEFvS5Mr2Muyiw
2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 _____ () C:\Users\Ruy\AppData\Roaming\65FIMr0EzRaXnGDnPh
2015-03-09 18:30 - 2015-03-09 18:30 - 0005487 _____ () C:\Users\Ruy\AppData\Roaming\DPPGY
2015-03-09 18:30 - 2015-03-09 18:30 - 0005487 _____ () C:\Users\Ruy\AppData\Roaming\GUBRMR
2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 _____ () C:\Users\Ruy\AppData\Roaming\jMD4fMuBh2T3cgLwpFL8rFG
2015-04-19 09:20 - 2015-04-19 09:20 - 0005872 _____ () C:\Users\Ruy\AppData\Roaming\p5UJaVmN7IvgNIKQqLlEzxM
2015-10-27 20:17 - 2016-03-13 17:07 - 0027136 ___SH () C:\Users\Ruy\AppData\Roaming\Thumbs.db
2014-12-07 19:07 - 2015-10-26 21:33 - 0018526 _____ () C:\Users\Ruy\AppData\Roaming\UserTile.png
2015-03-09 18:30 - 2015-03-09 18:30 - 0005487 _____ () C:\Users\Ruy\AppData\Roaming\WNRFINKI
2015-03-09 18:30 - 2015-03-09 18:30 - 0005487 _____ () C:\Users\Ruy\AppData\Roaming\YLEMZV
2015-09-11 22:25 - 2015-09-12 22:22 - 0000084 _____ () C:\Users\Ruy\AppData\Local\A4AOA1AWA3A4AI.BIZ
2015-07-24 14:15 - 2016-05-11 18:48 - 0121344 _____ () C:\Users\Ruy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-11 22:24 - 2015-09-11 22:24 - 0000000 _____ () C:\Users\Ruy\AppData\Local\FILEGVT.txt
2014-12-03 16:41 - 2014-12-03 16:41 - 0004096 ____H () C:\Users\Ruy\AppData\Local\keyfile3.drm
2015-07-24 00:29 - 2015-07-24 00:29 - 0613255 _____ (CMI Limited) C:\Users\Ruy\AppData\Local\nsi8C14.tmp
2015-07-23 15:57 - 2015-07-23 15:57 - 0613255 _____ (CMI Limited) C:\Users\Ruy\AppData\Local\nsj120C.tmp
2015-07-22 20:03 - 2015-07-22 20:03 - 0613255 _____ (CMI Limited) C:\Users\Ruy\AppData\Local\nsuCFFF.tmp
2014-09-25 11:11 - 2014-09-25 11:11 - 0007605 _____ () C:\Users\Ruy\AppData\Local\Resmon.ResmonCfg
2014-09-24 13:45 - 2014-09-24 13:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-12 13:45 - 2016-05-09 03:45 - 1920000 _____ () C:\ProgramData\msiql.exe
2015-10-10 20:17 - 2015-10-10 20:17 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Arquivos para serem movidos ou deletados:
====================
C:\ProgramData\msiql.exe
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Todos os Usuários\msiql.exe
C:\Users\Todos os Usuários\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Windows\Tasks\{43542AF5-7CF6-D200-D5C1-5448EEE3AF73}.job


Alguns arquivos em TEMP:
====================
C:\Users\Ruy\AppData\Local\Temp\10F1.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\1397.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\13CF.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\14DA.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\1BA8.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\1E2F.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\20D9.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\2359.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\2983.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\2AFC.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\2C8D.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\331B.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\3342.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\33E4.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\3964.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\4950.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\4A04.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\5293.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\6187.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\62E3.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\6400.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\6AA0.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\7E86.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\7FA7.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\7FF7.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\7za.exe
C:\Users\Ruy\AppData\Local\Temp\803F.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\8184.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\877A.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\89F1.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\8CA7.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\932F.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\999E.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\A302.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\A651.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\A96C.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\B1B2.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\B89E.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\C45B.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\C7D.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\CCC3.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\D175.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\D2DB.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\D642.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\DD36.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\DFC5.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\E45.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\F112.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\F25A.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\FA4A.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\fsd96F2.exe
C:\Users\Ruy\AppData\Local\Temp\hijackthis.exe
C:\Users\Ruy\AppData\Local\Temp\ICReinstall_5293.tmp.exe
C:\Users\Ruy\AppData\Local\Temp\InstallHelper.exe
C:\Users\Ruy\AppData\Local\Temp\NirCmd.exe
C:\Users\Ruy\AppData\Local\Temp\PEVZ.EXE
C:\Users\Ruy\AppData\Local\Temp\Quarantine.exe
C:\Users\Ruy\AppData\Local\Temp\remove.exe
C:\Users\Ruy\AppData\Local\Temp\sed.exe
C:\Users\Ruy\AppData\Local\Temp\shortcut.exe
C:\Users\Ruy\AppData\Local\Temp\sqlite3.dll
C:\Users\Ruy\AppData\Local\Temp\swreg.exe
C:\Users\Ruy\AppData\Local\Temp\swxcacls.exe
C:\Users\Ruy\AppData\Local\Temp\wget.exe
C:\Users\Ruy\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


ATENÇÃO: ==> Não foi possível acessar BCD.


LastRegBack: 2016-05-08 18:12

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité