Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:09-05-2016 Executado por Hammerschmidt (administrador) em HAMMER (11-05-2016 10:27:05) Executando a partir de C:\Users\Hammerschmidt\Downloads Perfis Carregados: Hammerschmidt (Perfis Disponíveis: Hammerschmidt) Platform: Windows 8.1 Pro (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe () C:\Program Files\BitTorrent\BitTorrent.exe () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe () C:\ProgramData\CloudPrinter\CloudPrinter.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (© 2015 Microsoft Corporation) C:\Users\Hammerschmidt\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\ProgramData\xifs\xifs.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation) HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [280576 2013-09-29] (Realtek Semiconductor Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-16] (NVIDIA Corporation) HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [vnlgp] => C:\Users\Hammerschmidt\AppData\Roaming\vnlgp\vnlgp\start.cmd [214 2016-04-04] () HKLM\...\Run: [gplyra] => C:\Users\Hammerschmidt\AppData\Roaming\gplyra\gplyra\start.cmd [216 2016-01-19] () HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mbot_br_014010305] => [X] HKLM-x32\...\Run: [rec_en_265] => [X] HKLM-x32\...\Run: [22] => C:\Users\HAMMER~1\AppData\Local\Temp\22.exe /start <===== ATENÇÃO HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\badu\Uninst.exe HKLM-x32\...\Run: [csrssf] => C:\Users\HAMMER~1\AppData\Local\Temp\csrssf <===== ATENÇÃO Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-10-20] (Banco do Brasil) HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [GoogleChromeAutoLaunch_A735F47BD52A2CB2FC8EE1815F8DE3F2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-27] (Google Inc.) HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [BingSvc] => C:\Users\Hammerschmidt\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation) HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.) HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [ProxyGate] => C:\Users\Hammerschmidt\AppData\Roaming\ProxyGate\MainService.exe HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [WindApp] => "C:\Users\Hammerschmidt\AppData\Roaming\Store\WindApp\WindApp.exe" /winstartup HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [Selection Tools] => "C:\Users\Hammerschmidt\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [MSConfig] => "C:\Users\Hammerschmidt\ooxxlwjj.exe" HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [svchost0] => C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [2055168 2016-04-16] () HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [Installer] => C:\Users\HAMMER~1\AppData\Local\Temp\nsf329A.tmp /autorun <===== ATENÇÃO HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\Run: [msiql] => c:\programdata\msiql.exe [1920000 2016-05-09] () HKU\S-1-5-21-2169231250-366527036-2133974707-1001\...\MountPoints2: {dde063df-84d8-11e5-be74-54271e251275} - "F:\setup.exe" HKU\S-1-5-18\...\Run: [Epztion] => C:\WINDOWS\system32\config\systemprofile\AppData\Local\Epztion\acdls.exe HKU\S-1-5-18\...\Run: [Oqflics] => regsvr32.exe C:\WINDOWS\system32\config\systemprofile\AppData\Local\Oqflics\Tosplugin.dll <===== ATENÇÃO HKU\S-1-5-18\...\Run: [Afczworks] => C:\Windows\SysWOW64\regsvr32.exe C:\WINDOWS\system32\config\systemprofile\AppData\Local\Epztion\cardsSvcs90.dll HKU\S-1-5-18\...\Run: [logagent] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\logagent.exe" HKU\S-1-5-18\...\Run: [TCPSVCS] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\TCPSVCS.EXE" HKU\S-1-5-18\...\Run: [WerFault] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WerFault.exe" HKU\S-1-5-18\...\Run: [mcbuilder] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mcbuilder.exe" HKU\S-1-5-18\...\Run: [verclsid] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\verclsid.exe" HKU\S-1-5-18\...\Run: [icacls] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\icacls.exe" HKU\S-1-5-18\...\Run: [cliconfg] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\cliconfg.exe" HKU\S-1-5-18\...\Run: [TapiUnattend] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\TapiUnattend.exe" HKU\S-1-5-18\...\Run: [msdt] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\msdt.exe" HKU\S-1-5-18\...\Run: [instnm] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\instnm.exe" HKU\S-1-5-18\...\Run: [resmon] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\resmon.exe" HKU\S-1-5-18\...\Run: [efsui] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\efsui.exe" HKU\S-1-5-18\...\Run: [whoami] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\whoami.exe" HKU\S-1-5-18\...\Run: [upnpcont] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\upnpcont.exe" HKU\S-1-5-18\...\Run: [cacls] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\cacls.exe" HKU\S-1-5-18\...\Run: [ByteCodeGenerator] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ByteCodeGenerator.exe" HKU\S-1-5-18\...\Run: [IntelCpHeciSvc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\IntelCpHeciSvc.exe" HKU\S-1-5-18\...\Run: [SndVol] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\SndVol.exe" HKU\S-1-5-18\...\Run: [Narrator] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\Narrator.exe" HKU\S-1-5-18\...\Run: [pcaui] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\pcaui.exe" HKU\S-1-5-18\...\Run: [waitfor] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\waitfor.exe" HKU\S-1-5-18\...\Run: [RdpSaProxy] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\RdpSaProxy.exe" HKU\S-1-5-18\...\Run: [srdelayed] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\srdelayed.exe" HKU\S-1-5-18\...\Run: [PkgMgr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\PkgMgr.exe" HKU\S-1-5-18\...\Run: [takeown] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\takeown.exe" HKU\S-1-5-18\...\Run: [logman] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\logman.exe" HKU\S-1-5-18\...\Run: [CameraSettingsUIHost] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CameraSettingsUIHost.exe" HKU\S-1-5-18\...\Run: [wuapp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\wuapp.exe" HKU\S-1-5-18\...\Run: [sdchange] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\sdchange.exe" HKU\S-1-5-18\...\Run: [doskey] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\doskey.exe" HKU\S-1-5-18\...\Run: [LaunchTM] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\LaunchTM.exe" HKU\S-1-5-18\...\Run: [MuiUnattend] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\MuiUnattend.exe" HKU\S-1-5-18\...\Run: [hh] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\hh.exe" HKU\S-1-5-18\...\Run: [mshta] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mshta.exe" HKU\S-1-5-18\...\Run: [netbtugc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\netbtugc.exe" HKU\S-1-5-18\...\Run: [WSManHTTPConfig] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WSManHTTPConfig.exe" HKU\S-1-5-18\...\Run: [label] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\label.exe" HKU\S-1-5-18\...\Run: [dialer] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dialer.exe" HKU\S-1-5-18\...\Run: [ARP] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ARP.EXE" HKU\S-1-5-18\...\Run: [mountvol] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mountvol.exe" HKU\S-1-5-18\...\Run: [proquota] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\proquota.exe" HKU\S-1-5-18\...\Run: [xpsrchvw] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\xpsrchvw.exe" HKU\S-1-5-18\...\Run: [DevicePairingWizard] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\DevicePairingWizard.exe" HKU\S-1-5-18\...\Run: [mfpmp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mfpmp.exe" HKU\S-1-5-18\...\Run: [SearchIndexer] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\SearchIndexer.exe" HKU\S-1-5-18\...\Run: [RMActivate_ssp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\RMActivate_ssp.exe" HKU\S-1-5-18\...\Run: [HOSTNAME] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\HOSTNAME.EXE" HKU\S-1-5-18\...\Run: [systeminfo] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\systeminfo.exe" HKU\S-1-5-18\...\Run: [RdpSa] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\RdpSa.exe" HKU\S-1-5-18\...\Run: [odbcconf] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\odbcconf.exe" HKU\S-1-5-18\...\Run: [rasdial] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rasdial.exe" HKU\S-1-5-18\...\Run: [setx] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\setx.exe" HKU\S-1-5-18\...\Run: [runas] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\runas.exe" HKU\S-1-5-18\...\Run: [fixmapi] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\fixmapi.exe" HKU\S-1-5-18\...\Run: [PasswordOnWakeSettingFlyout] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\PasswordOnWakeSettingFlyout.exe" HKU\S-1-5-18\...\Run: [CheckNetIsolation] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CheckNetIsolation.exe" HKU\S-1-5-18\...\Run: [fc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\fc.exe" HKU\S-1-5-18\...\Run: [ieUnatt] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ieUnatt.exe" HKU\S-1-5-18\...\Run: [rasphone] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rasphone.exe" HKU\S-1-5-18\...\Run: [Utilman] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\Utilman.exe" HKU\S-1-5-18\...\Run: [dcomcnfg] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dcomcnfg.exe" HKU\S-1-5-18\...\Run: [FlashPlayerApp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\FlashPlayerApp.exe" HKU\S-1-5-18\...\Run: [WerFaultSecure] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WerFaultSecure.exe" HKU\S-1-5-18\...\Run: [MRINFO] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\MRINFO.EXE" HKU\S-1-5-18\...\Run: [bitsadmin] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\bitsadmin.exe" HKU\S-1-5-18\...\Run: [OpenWith] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\OpenWith.exe" HKU\S-1-5-18\...\Run: [TSTheme] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\TSTheme.exe" HKU\S-1-5-18\...\Run: [DWWIN] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\DWWIN.EXE" HKU\S-1-5-18\...\Run: [sc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\sc.exe" HKU\S-1-5-18\...\Run: [UserAccountControlSettings] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\UserAccountControlSettings.exe" HKU\S-1-5-18\...\Run: [icsunattend] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\icsunattend.exe" HKU\S-1-5-18\...\Run: [esentutl] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\esentutl.exe" HKU\S-1-5-18\...\Run: [raserver] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\raserver.exe" HKU\S-1-5-18\...\Run: [eudcedit] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\eudcedit.exe" HKU\S-1-5-18\...\Run: [isoburn] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\isoburn.exe" HKU\S-1-5-18\...\Run: [LocationNotifications] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\LocationNotifications.exe" HKU\S-1-5-18\...\Run: [WMPDMC] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WMPDMC.exe" HKU\S-1-5-18\...\Run: [eventvwr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\eventvwr.exe" HKU\S-1-5-18\...\Run: [CloudStorageWizard] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CloudStorageWizard.exe" HKU\S-1-5-18\...\Run: [w32tm] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\w32tm.exe" HKU\S-1-5-18\...\Run: [CertEnrollCtrl] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CertEnrollCtrl.exe" HKU\S-1-5-18\...\Run: [openfiles] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\openfiles.exe" HKU\S-1-5-18\...\Run: [chkdsk] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\chkdsk.exe" HKU\S-1-5-18\...\Run: [poqexec] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\poqexec.exe" HKU\S-1-5-18\...\Run: [WPDShextAutoplay] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WPDShextAutoplay.exe" HKU\S-1-5-18\...\Run: [sdbinst] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\sdbinst.exe" HKU\S-1-5-18\...\Run: [lodctr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\lodctr.exe" HKU\S-1-5-18\...\Run: [shutdown] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\shutdown.exe" HKU\S-1-5-18\...\Run: [choice] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\choice.exe" HKU\S-1-5-18\...\Run: [cipher] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\cipher.exe" HKU\S-1-5-18\...\Run: [typeperf] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\typeperf.exe" HKU\S-1-5-18\...\Run: [rasautou] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rasautou.exe" HKU\S-1-5-18\...\Run: [winrs] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\winrs.exe" HKU\S-1-5-18\...\Run: [syskey] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\syskey.exe" HKU\S-1-5-18\...\Run: [rdrleakdiag] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rdrleakdiag.exe" HKU\S-1-5-18\...\Run: [mtstocom] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mtstocom.exe" HKU\S-1-5-18\...\Run: [getmac] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\getmac.exe" HKU\S-1-5-18\...\Run: [certreq] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\certreq.exe" HKU\S-1-5-18\...\Run: [grpconv] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\grpconv.exe" HKU\S-1-5-18\...\Run: [ipconfig] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ipconfig.exe" HKU\S-1-5-18\...\Run: [unlodctr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\unlodctr.exe" HKU\S-1-5-18\...\Run: [dccw] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dccw.exe" HKU\S-1-5-18\...\Run: [xwizard] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\xwizard.exe" HKU\S-1-5-18\...\Run: [Fondue] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\Fondue.exe" HKU\S-1-5-18\...\Run: [licensingdiag] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\licensingdiag.exe" HKU\S-1-5-18\...\Run: [EhStorAuthn] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\EhStorAuthn.exe" HKU\S-1-5-18\...\Run: [mmc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mmc.exe" HKU\S-1-5-18\...\Run: [dfrgui] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dfrgui.exe" HKU\S-1-5-18\...\RunOnce: [logagent] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\logagent.exe" HKU\S-1-5-18\...\RunOnce: [TCPSVCS] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\TCPSVCS.EXE" HKU\S-1-5-18\...\RunOnce: [WerFault] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WerFault.exe" HKU\S-1-5-18\...\RunOnce: [mcbuilder] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mcbuilder.exe" HKU\S-1-5-18\...\RunOnce: [verclsid] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\verclsid.exe" HKU\S-1-5-18\...\RunOnce: [icacls] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\icacls.exe" HKU\S-1-5-18\...\RunOnce: [cliconfg] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\cliconfg.exe" HKU\S-1-5-18\...\RunOnce: [TapiUnattend] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\TapiUnattend.exe" HKU\S-1-5-18\...\RunOnce: [msdt] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\msdt.exe" HKU\S-1-5-18\...\RunOnce: [instnm] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\instnm.exe" HKU\S-1-5-18\...\RunOnce: [resmon] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\resmon.exe" HKU\S-1-5-18\...\RunOnce: [efsui] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\efsui.exe" HKU\S-1-5-18\...\RunOnce: [whoami] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\whoami.exe" HKU\S-1-5-18\...\RunOnce: [upnpcont] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\upnpcont.exe" HKU\S-1-5-18\...\RunOnce: [cacls] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\cacls.exe" HKU\S-1-5-18\...\RunOnce: [ByteCodeGenerator] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ByteCodeGenerator.exe" HKU\S-1-5-18\...\RunOnce: [IntelCpHeciSvc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\IntelCpHeciSvc.exe" HKU\S-1-5-18\...\RunOnce: [SndVol] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\SndVol.exe" HKU\S-1-5-18\...\RunOnce: [Narrator] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\Narrator.exe" HKU\S-1-5-18\...\RunOnce: [pcaui] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\pcaui.exe" HKU\S-1-5-18\...\RunOnce: [waitfor] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\waitfor.exe" HKU\S-1-5-18\...\RunOnce: [RdpSaProxy] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\RdpSaProxy.exe" HKU\S-1-5-18\...\RunOnce: [srdelayed] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\srdelayed.exe" HKU\S-1-5-18\...\RunOnce: [PkgMgr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\PkgMgr.exe" HKU\S-1-5-18\...\RunOnce: [takeown] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\takeown.exe" HKU\S-1-5-18\...\RunOnce: [logman] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\logman.exe" HKU\S-1-5-18\...\RunOnce: [CameraSettingsUIHost] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CameraSettingsUIHost.exe" HKU\S-1-5-18\...\RunOnce: [wuapp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\wuapp.exe" HKU\S-1-5-18\...\RunOnce: [sdchange] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\sdchange.exe" HKU\S-1-5-18\...\RunOnce: [doskey] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\doskey.exe" HKU\S-1-5-18\...\RunOnce: [LaunchTM] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\LaunchTM.exe" HKU\S-1-5-18\...\RunOnce: [MuiUnattend] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\MuiUnattend.exe" HKU\S-1-5-18\...\RunOnce: [netbtugc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\netbtugc.exe" HKU\S-1-5-18\...\RunOnce: [mshta] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mshta.exe" HKU\S-1-5-18\...\RunOnce: [hh] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\hh.exe" HKU\S-1-5-18\...\RunOnce: [WSManHTTPConfig] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WSManHTTPConfig.exe" HKU\S-1-5-18\...\RunOnce: [label] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\label.exe" HKU\S-1-5-18\...\RunOnce: [dialer] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dialer.exe" HKU\S-1-5-18\...\RunOnce: [ARP] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ARP.EXE" HKU\S-1-5-18\...\RunOnce: [mountvol] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mountvol.exe" HKU\S-1-5-18\...\RunOnce: [proquota] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\proquota.exe" HKU\S-1-5-18\...\RunOnce: [xpsrchvw] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\xpsrchvw.exe" HKU\S-1-5-18\...\RunOnce: [DevicePairingWizard] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\DevicePairingWizard.exe" HKU\S-1-5-18\...\RunOnce: [mfpmp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mfpmp.exe" HKU\S-1-5-18\...\RunOnce: [SearchIndexer] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\SearchIndexer.exe" HKU\S-1-5-18\...\RunOnce: [RMActivate_ssp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\RMActivate_ssp.exe" HKU\S-1-5-18\...\RunOnce: [HOSTNAME] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\HOSTNAME.EXE" HKU\S-1-5-18\...\RunOnce: [systeminfo] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\systeminfo.exe" HKU\S-1-5-18\...\RunOnce: [rasdial] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rasdial.exe" HKU\S-1-5-18\...\RunOnce: [odbcconf] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\odbcconf.exe" HKU\S-1-5-18\...\RunOnce: [RdpSa] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\RdpSa.exe" HKU\S-1-5-18\...\RunOnce: [setx] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\setx.exe" HKU\S-1-5-18\...\RunOnce: [runas] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\runas.exe" HKU\S-1-5-18\...\RunOnce: [PasswordOnWakeSettingFlyout] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\PasswordOnWakeSettingFlyout.exe" HKU\S-1-5-18\...\RunOnce: [fixmapi] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\fixmapi.exe" HKU\S-1-5-18\...\RunOnce: [CheckNetIsolation] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CheckNetIsolation.exe" HKU\S-1-5-18\...\RunOnce: [fc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\fc.exe" HKU\S-1-5-18\...\RunOnce: [ieUnatt] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ieUnatt.exe" HKU\S-1-5-18\...\RunOnce: [rasphone] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rasphone.exe" HKU\S-1-5-18\...\RunOnce: [Utilman] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\Utilman.exe" HKU\S-1-5-18\...\RunOnce: [dcomcnfg] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dcomcnfg.exe" HKU\S-1-5-18\...\RunOnce: [FlashPlayerApp] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\FlashPlayerApp.exe" HKU\S-1-5-18\...\RunOnce: [WerFaultSecure] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WerFaultSecure.exe" HKU\S-1-5-18\...\RunOnce: [MRINFO] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\MRINFO.EXE" HKU\S-1-5-18\...\RunOnce: [bitsadmin] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\bitsadmin.exe" HKU\S-1-5-18\...\RunOnce: [OpenWith] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\OpenWith.exe" HKU\S-1-5-18\...\RunOnce: [TSTheme] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\TSTheme.exe" HKU\S-1-5-18\...\RunOnce: [DWWIN] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\DWWIN.EXE" HKU\S-1-5-18\...\RunOnce: [sc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\sc.exe" HKU\S-1-5-18\...\RunOnce: [UserAccountControlSettings] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\UserAccountControlSettings.exe" HKU\S-1-5-18\...\RunOnce: [icsunattend] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\icsunattend.exe" HKU\S-1-5-18\...\RunOnce: [esentutl] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\esentutl.exe" HKU\S-1-5-18\...\RunOnce: [raserver] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\raserver.exe" HKU\S-1-5-18\...\RunOnce: [eudcedit] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\eudcedit.exe" HKU\S-1-5-18\...\RunOnce: [LocationNotifications] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\LocationNotifications.exe" HKU\S-1-5-18\...\RunOnce: [isoburn] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\isoburn.exe" HKU\S-1-5-18\...\RunOnce: [WMPDMC] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WMPDMC.exe" HKU\S-1-5-18\...\RunOnce: [eventvwr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\eventvwr.exe" HKU\S-1-5-18\...\RunOnce: [CloudStorageWizard] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CloudStorageWizard.exe" HKU\S-1-5-18\...\RunOnce: [w32tm] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\w32tm.exe" HKU\S-1-5-18\...\RunOnce: [CertEnrollCtrl] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\CertEnrollCtrl.exe" HKU\S-1-5-18\...\RunOnce: [openfiles] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\openfiles.exe" HKU\S-1-5-18\...\RunOnce: [chkdsk] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\chkdsk.exe" HKU\S-1-5-18\...\RunOnce: [poqexec] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\poqexec.exe" HKU\S-1-5-18\...\RunOnce: [WPDShextAutoplay] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\WPDShextAutoplay.exe" HKU\S-1-5-18\...\RunOnce: [sdbinst] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\sdbinst.exe" HKU\S-1-5-18\...\RunOnce: [lodctr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\lodctr.exe" HKU\S-1-5-18\...\RunOnce: [shutdown] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\shutdown.exe" HKU\S-1-5-18\...\RunOnce: [choice] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\choice.exe" HKU\S-1-5-18\...\RunOnce: [cipher] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\cipher.exe" HKU\S-1-5-18\...\RunOnce: [typeperf] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\typeperf.exe" HKU\S-1-5-18\...\RunOnce: [rasautou] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rasautou.exe" HKU\S-1-5-18\...\RunOnce: [winrs] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\winrs.exe" HKU\S-1-5-18\...\RunOnce: [syskey] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\syskey.exe" HKU\S-1-5-18\...\RunOnce: [mtstocom] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mtstocom.exe" HKU\S-1-5-18\...\RunOnce: [rdrleakdiag] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\rdrleakdiag.exe" HKU\S-1-5-18\...\RunOnce: [getmac] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\getmac.exe" HKU\S-1-5-18\...\RunOnce: [certreq] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\certreq.exe" HKU\S-1-5-18\...\RunOnce: [grpconv] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\grpconv.exe" HKU\S-1-5-18\...\RunOnce: [ipconfig] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\ipconfig.exe" HKU\S-1-5-18\...\RunOnce: [unlodctr] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\unlodctr.exe" HKU\S-1-5-18\...\RunOnce: [dccw] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dccw.exe" HKU\S-1-5-18\...\RunOnce: [xwizard] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\xwizard.exe" HKU\S-1-5-18\...\RunOnce: [Fondue] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\Fondue.exe" HKU\S-1-5-18\...\RunOnce: [licensingdiag] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\licensingdiag.exe" HKU\S-1-5-18\...\RunOnce: [EhStorAuthn] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\EhStorAuthn.exe" HKU\S-1-5-18\...\RunOnce: [mmc] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mmc.exe" HKU\S-1-5-18\...\RunOnce: [dfrgui] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\dfrgui.exe" HKU\S-1-5-18\...\Policies\Explorer: [Run] "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\mmc.exe" HKU\S-1-5-18\...\Command Processor: "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\EhStorAuthn.exe" <===== ATENÇÃO HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\{56D2E405-A7BE-C2B5-BC81-DEB6CA237825}\EhStorAuthn.exe AppInit_DLLs: C:\ProgramData\xifs\Vivacore.dll => C:\ProgramData\xifs\Vivacore.dll [363008 2016-05-11] () AppInit_DLLs-x32: C:\ProgramData\xifs\FaxNamcom.dll => C:\ProgramData\xifs\FaxNamcom.dll [257536 2016-05-11] () IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1945472 2015-10-20] (Banco do Brasil) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2015-11-02] ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.25.1 Tcpip\..\Interfaces\{3AF4CBB8-0673-428E-AE9F-D19B5D1E41FA}: [DhcpNameServer] 172.23.216.2 172.23.32.5 172.23.32.8 Tcpip\..\Interfaces\{BBDD952E-41F9-4326-8BEA-0638EF1761CE}: [DhcpNameServer] 192.168.25.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=cb678b90a60b81f063177c30cdc47656 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=cb678b90a60b81f063177c30cdc47656 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1446560144&z=276fe109a769a07548651fcg3zez3q3waq5e7g8z3z&from=smt&uid=hgstxhts721010a9e630_jr10006p1ma95f1ma95fx&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1446560144&z=276fe109a769a07548651fcg3zez3q3waq5e7g8z3z&from=smt&uid=hgstxhts721010a9e630_jr10006p1ma95f1ma95fx&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446560144&z=276fe109a769a07548651fcg3zez3q3waq5e7g8z3z&from=smt&uid=hgstxhts721010a9e630_jr10006p1ma95f1ma95fx&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1446560144&z=276fe109a769a07548651fcg3zez3q3waq5e7g8z3z&from=smt&uid=hgstxhts721010a9e630_jr10006p1ma95f1ma95fx&q={searchTerms} HKU\S-1-5-21-2169231250-366527036-2133974707-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerEQGQVeOKDQtz33FDS5MTS7GBm7r87M5XMviRJ-LqdOUmje0XjSHHNr6HgzRnuObW8pS9GYIvnEEJda_j24NzjmhDlTDCuUtyhH40SH6VWwSYeOa3z7b81YU4MGYOSjgloVEC9yJGhSFiuwqEmHYfs7YN1Mvhic,&q={searchTerms} HKU\S-1-5-21-2169231250-366527036-2133974707-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/ HKU\S-1-5-21-2169231250-366527036-2133974707-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerEQGQVeOKDQtz33FDS5MTS7GBm7r87M5XMviRJ-LqdOUmje0XjSHHNr6HgzRnuObW8pS9GYIvnEEJda_j24NzjmhDlTDCuUtyhH40SH6VWwSYeOa3z7b81YU4MGYOSjgloVEC9yJGhSFiuwqEmHYfs7YN1Mvhic,&q={searchTerms} HKU\S-1-5-21-2169231250-366527036-2133974707-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerEQGQVeOKDQtz33FDS5MTS7GBm7r87M5XMviRJ-LqdOUmje0XjSHHNr6HgzRnuObW8pS9GYIvnEEJda_j24NzjmhDlTDCuUtyhH40SH6VWwSYeOa3z7b81YU4MGYOSjgloVEC9yJGhSFiuwqEmHYfs7YN1Mvhic,&q={searchTerms} SearchScopes: HKLM -> DefaultScope valor está ausente SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerEQGQVeOKDQtz33FDS5MTS7GBm7r87M5XMviRJ-LqdOUmje0XjSHHNr6HgzRnuObW8pS9GYIvnEEJda_j24NzjmhDlTDCuUtyhH40SH6VWwSYeOa3z7b81YU4MGYOSjgloVEC9yJGhSFiuwqEmHYfs7YN1Mvhic,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2169231250-366527036-2133974707-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerEQGQVeOKDQtz33FDS5MTS7GBm7r87M5XMviRJ-LqdOUmje0XjSHHNr6HgzRnuObW8pS9GYIvnEEJda_j24NzjmhDlTDCuUtyhH40SH6VWwSYeOa3z7b81YU4MGYOSjgloVEC9yJGhSFiuwqEmHYfs7YN1Mvhic,&q={searchTerms} SearchScopes: HKU\S-1-5-21-2169231250-366527036-2133974707-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerEQGQVeOKDQtz33FDS5MTS7GBm7r87M5XMviRJ-LqdOUmje0XjSHHNr6HgzRnuObW8pS9GYIvnEEJda_j24NzjmhDlTDCuUtyhH40SH6VWwSYeOa3z7b81YU4MGYOSjgloVEC9yJGhSFiuwqEmHYfs7YN1Mvhic,&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [2015-10-20] (Banco do Brasil) FireFox: ======== FF ProfilePath: C:\Users\Hammerschmidt\AppData\Roaming\Mozilla\Firefox\Profiles\u3vsjx1i.default FF DefaultSearchEngine: findit FF Homepage: C:\ProgramData\xifss\ff.HP FF NewTab: C:\ProgramData\xifss\ff.NT FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-25] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Hammerschmidt\AppData\Roaming\Mozilla\Firefox\Profiles\u3vsjx1i.default\searchplugins\findit.xml [2016-05-11] FF Extension: Ant Video Downloader - C:\Users\Hammerschmidt\AppData\Roaming\Mozilla\Firefox\Profiles\u3vsjx1i.default\extensions\anttoolbar@ant.com [2016-05-10] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br CHR StartupUrls: Default -> "search.mpc.am" CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaHA8ARicheZerEQGQVeOKDQtz33FDS5MTS7GBm7r87M5XMviRJ-LqdOUmje0XjSHHNr6HgzRnuObW8pFBCRGjTftJrfVzJGQuFD4w2Q0c_Q9MP4LCi36jPrs2UCYPfnAdYkjCqTxkWJcIUdT11RifXgRQ07ldEZsbuB-67stLR0,&q={searchTerms} CHR DefaultSearchKeyword: Default -> feed.sonic-search.com CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms} CHR Profile: C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-03] CHR Extension: (Google Docs) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-03] CHR Extension: (Google Drive) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-03] CHR Extension: (YouTube) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-03] CHR Extension: (Google Search) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03] CHR Extension: (Ad.Block) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgajgakmdbmoankhonldmlnfokhbdagn [2016-02-06] CHR Extension: (Planilhas do Google) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-03] CHR Extension: (Documentos Google off-line) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (Ad Block - Chega de Publicidade) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjdkfeeffbfcoanbnkeedjccphcmpehm [2016-05-02] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Gmail) - C:\Users\Hammerschmidt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-03] CHR HKU\S-1-5-21-2169231250-366527036-2133974707-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [35328 2013-05-07] (Realtek Semiconductor Corporation) [Arquivo não assinado] R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-05-10] () [Arquivo não assinado] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [66560 2013-10-08] () [Arquivo não assinado] R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [948736 2016-05-10] () [Arquivo não assinado] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-05] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-05] (Dropbox, Inc.) R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [593120 2015-09-22] (GAS Tecnologia) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-16] (NVIDIA Corporation) S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-05-11] () [Arquivo não assinado] R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Arquivo não assinado] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-16] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-16] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-16] (NVIDIA Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-14] (Electronic Arts) R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-05-27] (CLEVO CO.) [Arquivo não assinado] S2 rijufoze; C:\Users\Hammerschmidt\AppData\Roaming\015BFA80-1462933698-0000-0000-000000000000\hnsi388B.tmp [138240 2016-05-10] () [Arquivo não assinado] S2 rocufyky; C:\Users\Hammerschmidt\AppData\Roaming\015BFA80-1462933698-0000-0000-000000000000\jnsv1830.tmp [389632 2016-05-10] () [Arquivo não assinado] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Arquivo não assinado] S2 updaieexkcdvtemp; C:\Users\Hammerschmidt\AppData\Local\Con-trans.exe [28160 2016-05-10] () [Arquivo não assinado] R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [904928 2015-11-04] (GAS Tecnologia LTDA) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-11-02] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-11-02] (Microsoft Corporation) R2 xifs; C:\ProgramData\\xifs\\xifs.exe [692736 2016-05-11] () [Arquivo não assinado] S2 vumyjebi; C:\Users\Hammerschmidt\AppData\Roaming\015BFA80-1462933698-0000-0000-000000000000\knsiF7D1.tmpfs [X] ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2015-11-03] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2016-05-11] (GAS Tecnologia) R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-12] (GAS Tecnologia) R2 IntelHaxm; C:\Windows\system32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-16] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [548056 2013-09-05] (Realtek Semiconductor Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) S1 ucdadkwy; C:\WINDOWS\system32\drivers\ucdadkwy.sys [55168 2016-05-11] (Microsoft Corporation) R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-08-12] (GAS Tecnologia LTDA) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-11-02] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-11-02] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-11-02] (Microsoft Corporation) R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-07-07] (Basil) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [101080 2016-05-11] (GAS Tecnologia) R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [103640 2015-03-18] (GAS Tecnologia) S0 gbpddreg; system32\drivers\gbpddreg64.sys [X] S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QMUdisk64.sys [X] S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\softaal64.sys [X] S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-11 10:27 - 2016-05-11 10:27 - 00062761 _____ C:\Users\Hammerschmidt\Downloads\FRST.txt 2016-05-11 10:26 - 2016-05-11 10:27 - 00000000 ____D C:\FRST 2016-05-11 10:26 - 2016-05-11 10:26 - 02381312 _____ (Farbar) C:\Users\Hammerschmidt\Downloads\FRST64.exe 2016-05-11 10:22 - 2016-05-11 10:22 - 01732096 _____ (Farbar) C:\Users\Hammerschmidt\Downloads\FRST.exe 2016-05-11 10:17 - 2016-05-11 10:18 - 00009088 _____ C:\Users\Hammerschmidt\Desktop\fixlist.txt 2016-05-11 10:03 - 2016-05-11 10:03 - 00000000 ____D C:\Users\Todos os Usuários\xifss 2016-05-11 10:03 - 2016-05-11 10:03 - 00000000 ____D C:\ProgramData\xifss 2016-05-11 10:02 - 2016-05-11 10:03 - 00000000 ____D C:\Users\Todos os Usuários\xifs 2016-05-11 10:02 - 2016-05-11 10:03 - 00000000 ____D C:\ProgramData\xifs 2016-05-11 00:20 - 2016-05-11 00:20 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ucdadkwy.sys 2016-05-11 00:13 - 2016-05-11 00:13 - 00002135 _____ C:\Users\Public\Desktop\Command & Conquer™ Red Alert™ 3 Uprising.lnk 2016-05-11 00:09 - 2016-05-11 00:09 - 00002259 _____ C:\Users\Todos os Usuários\webad.xml 2016-05-11 00:09 - 2016-05-11 00:09 - 00002259 _____ C:\ProgramData\webad.xml 2016-05-11 00:08 - 2016-05-11 00:08 - 01755136 _____ C:\Users\Todos os Usuários\service.exe 2016-05-11 00:08 - 2016-05-11 00:08 - 01755136 _____ C:\ProgramData\service.exe 2016-05-11 00:08 - 2016-05-11 00:08 - 00000000 ____D C:\Users\Public\Documents\Tools 2016-05-11 00:08 - 2016-05-11 00:08 - 00000000 ____D C:\Users\Public\Documents\Guid 2016-05-11 00:08 - 2016-05-11 00:08 - 00000000 ____D C:\Users\Public\Documents\Baidu 2016-05-11 00:08 - 2016-05-11 00:08 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\UPUpdata 2016-05-11 00:08 - 2016-05-11 00:08 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\gplyra 2016-05-11 00:08 - 2016-05-09 03:45 - 01920000 _____ C:\Users\Todos os Usuários\msiql.exe 2016-05-11 00:08 - 2016-05-09 03:45 - 01920000 _____ C:\ProgramData\msiql.exe 2016-05-11 00:07 - 2016-05-11 00:08 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\cpuminer 2016-05-11 00:07 - 2016-05-11 00:07 - 00003030 _____ C:\WINDOWS\System32\Tasks\svchost 2016-05-11 00:07 - 2016-05-03 05:40 - 01443152 _____ ( ) C:\Users\Hammerschmidt\AppData\Roaming\AutoTime_51477.exe 2016-05-11 00:06 - 2016-05-11 00:06 - 00003030 _____ C:\WINDOWS\System32\Tasks\ttwifi 2016-05-11 00:06 - 2016-05-11 00:06 - 00002926 _____ C:\WINDOWS\System32\Tasks\osTip 2016-05-11 00:06 - 2016-05-11 00:06 - 00000000 ____D C:\Users\Todos os Usuários\WindowsMsg 2016-05-11 00:06 - 2016-05-11 00:06 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Local\app 2016-05-11 00:06 - 2016-05-11 00:06 - 00000000 ____D C:\ProgramData\WindowsMsg 2016-05-10 23:57 - 2016-05-10 23:57 - 00009458 _____ C:\WINDOWS\SysWOW64\ealregsnapshot1.reg 2016-05-10 23:57 - 2016-05-10 23:57 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Local\Downloaded Installations 2016-05-10 23:55 - 2016-05-10 23:55 - 00002047 _____ C:\Users\Public\Desktop\Command & Conquer™ Red Alert™ 3.lnk 2016-05-10 23:52 - 2016-05-11 00:09 - 00000000 ____D C:\Program Files (x86)\Electronic Arts 2016-05-10 23:51 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll 2016-05-10 23:51 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll 2016-05-10 23:51 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll 2016-05-10 23:51 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll 2016-05-10 23:51 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll 2016-05-10 23:51 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll 2016-05-10 23:51 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll 2016-05-10 23:51 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll 2016-05-10 23:51 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll 2016-05-10 23:51 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll 2016-05-10 23:51 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll 2016-05-10 23:51 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll 2016-05-10 23:31 - 2016-05-10 23:36 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Local\015BFA80-1462923087-0000-0000-000000000000 2016-05-10 23:29 - 2016-05-10 23:36 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\ImageCropResize 2016-05-10 23:28 - 2016-05-10 23:28 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\015BFA80-1462933698-0000-0000-000000000000 2016-05-10 23:28 - 2016-04-06 09:58 - 00000822 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2016-05-10 23:20 - 2016-05-10 23:20 - 00000000 ____D C:\Users\Todos os Usuários\Thunder Network 2016-05-10 23:20 - 2016-05-10 23:20 - 00000000 ____D C:\Users\Public\Thunder Network 2016-05-10 23:20 - 2016-05-10 23:20 - 00000000 ____D C:\ProgramData\Thunder Network 2016-05-10 23:19 - 2016-05-11 10:03 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml 2016-05-10 23:19 - 2016-05-11 10:01 - 00000000 ____D C:\Program Files\BitTorrent 2016-05-10 23:19 - 2016-05-10 23:39 - 00000000 ____D C:\Users\Hammerschmidt\Downloads\DAEMON Tools Pro 7.1.0.0595 + Crack 2016-05-10 23:19 - 2016-05-10 23:19 - 06494208 _____ C:\Users\Hammerschmidt\AppData\Roaming\agent.dat 2016-05-10 23:19 - 2016-05-10 23:19 - 01626777 _____ C:\Users\Hammerschmidt\AppData\Roaming\Qvoity.tst 2016-05-10 23:19 - 2016-05-10 23:19 - 00189556 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Flextrax.bin 2016-05-10 23:19 - 2016-05-10 23:19 - 00126464 _____ C:\Users\Hammerschmidt\AppData\Roaming\noah.dat 2016-05-10 23:19 - 2016-05-10 23:19 - 00065568 _____ C:\Users\Hammerschmidt\AppData\Roaming\Config.xml 2016-05-10 23:19 - 2016-05-10 23:19 - 00041472 _____ C:\Users\Hammerschmidt\AppData\Local\Con-trans.dat 2016-05-10 23:19 - 2016-05-10 23:19 - 00028160 _____ C:\Users\Hammerschmidt\AppData\Local\Con-trans.exe 2016-05-10 23:19 - 2016-05-10 23:19 - 00018432 _____ C:\Users\Hammerschmidt\AppData\Roaming\Main.dat 2016-05-10 23:19 - 2016-05-10 23:19 - 00000187 _____ C:\Users\Hammerschmidt\AppData\Local\Con-trans.exe.config 2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\Users\Todos os Usuários\Ronzaps 2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\Users\Todos os Usuários\CloudPrinter 2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\ProgramData\Ronzaps 2016-05-10 23:19 - 2016-05-10 23:19 - 00000000 ____D C:\ProgramData\CloudPrinter 2016-05-10 23:19 - 2016-05-10 23:16 - 00948736 _____ C:\Users\Hammerschmidt\AppData\Roaming\Qvoity.exe 2016-05-10 23:18 - 2016-05-10 23:19 - 00005568 _____ C:\Users\Hammerschmidt\AppData\Roaming\md.xml 2016-05-10 23:18 - 2016-05-10 23:18 - 00848437 _____ C:\Users\Hammerschmidt\AppData\Roaming\K-com.bin 2016-05-10 23:18 - 2016-05-10 23:18 - 00126464 _____ C:\Users\Hammerschmidt\AppData\Roaming\lobby.dat 2016-05-10 23:18 - 2016-05-10 23:18 - 00072717 _____ C:\Users\Hammerschmidt\AppData\Roaming\KanCom.tst 2016-05-10 23:18 - 2016-05-10 23:18 - 00054272 _____ C:\Users\Hammerschmidt\AppData\Roaming\ApplicationHosting.dat 2016-05-10 23:18 - 2016-05-10 23:16 - 00948736 _____ C:\Users\Hammerschmidt\AppData\Roaming\KanCom.exe 2016-05-10 23:17 - 2016-05-10 23:35 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\ssn 2016-05-10 23:16 - 2016-05-10 23:17 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\vnlgp 2016-05-10 23:05 - 2016-05-10 23:18 - 00000000 ____D C:\Users\Hammerschmidt\Downloads\DAEMON Tools Pro Advanced v5.2.0. 0348 Including Crack 2016-05-10 23:02 - 2016-05-10 23:02 - 00692072 _____ (Disc Soft Ltd.) C:\Users\Hammerschmidt\Downloads\DTLiteInstaller.exe 2016-05-10 16:55 - 2016-05-10 22:12 - 00000000 ____D C:\Users\Hammerschmidt\Downloads\Command.And.Conquer.Red.Alert.3-RELOADED 2016-05-09 22:07 - 2016-05-09 22:19 - 656679482 _____ C:\Users\Hammerschmidt\Downloads\Maplesoft Maple 17 (64bit).7z 2016-05-09 11:22 - 2016-05-11 00:15 - 00000000 ____D C:\Users\Hammerschmidt\AppData\LocalLow\uTorrent 2016-05-06 17:51 - 2016-05-06 17:51 - 00001577 _____ C:\Users\Hammerschmidt\Desktop\Android Studio.lnk 2016-05-06 13:47 - 2016-05-06 14:12 - 00000000 ____D C:\Users\Hammerschmidt\.AndroidStudio2.1 2016-05-06 13:46 - 2016-04-22 22:54 - 00000000 ____D C:\Users\Hammerschmidt\Downloads\android-studio 2016-05-06 12:48 - 2016-05-06 13:06 - 300627540 _____ C:\Users\Hammerschmidt\Downloads\android-studio-ide-143.2790544-windows.zip 2016-05-06 11:40 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\WINDOWS\SysWOW64\fmcodec.DLL 2016-05-06 10:41 - 2016-05-06 11:21 - 283731247 _____ C:\Users\Hammerschmidt\Downloads\Não confirmado 761949.crdownload 2016-04-28 10:07 - 2016-04-28 10:07 - 00889816 _____ C:\WINDOWS\Minidump\042816-20062-01.dmp 2016-04-27 21:23 - 2016-04-27 21:23 - 00000073 _____ C:\Users\Hammerschmidt\Desktop\Application.txt 2016-04-27 20:15 - 2016-04-27 20:15 - 00001092 _____ C:\Users\Hammerschmidt\Desktop\Ex 9 não terminado.alg 2016-04-27 17:29 - 2016-04-27 17:29 - 00000000 ____D C:\Program Files\TAP-Windows 2016-04-24 10:10 - 2016-04-27 19:07 - 00000000 ____D C:\Users\Hammerschmidt\Desktop\Entrega de algorítmos 2016-04-24 10:07 - 2016-04-24 10:07 - 00335522 _____ C:\Users\Hammerschmidt\Downloads\Aula2.pptx 2016-04-24 10:07 - 2016-04-24 10:07 - 00251105 _____ C:\Users\Hammerschmidt\Downloads\Aula6.pptx 2016-04-21 21:40 - 2016-04-21 21:44 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 2016-04-21 21:40 - 2016-04-21 21:40 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Local\UCBrowser 2016-04-21 21:35 - 2016-04-21 21:35 - 00005120 _____ C:\Users\Hammerschmidt\AppData\Roaming\GiftBag.db 2016-04-21 21:35 - 2016-04-21 21:35 - 00000000 ____D C:\Users\Todos os Usuários\TXQMPC 2016-04-21 21:35 - 2016-04-21 21:35 - 00000000 ____D C:\ProgramData\TXQMPC 2016-04-21 21:35 - 2016-04-21 21:35 - 00000000 ____D C:\Program Files\Common Files\Tencent 2016-04-21 21:34 - 2016-04-21 21:47 - 00000000 ____D C:\Users\Todos os Usuários\Tencent 2016-04-21 21:34 - 2016-04-21 21:47 - 00000000 ____D C:\ProgramData\Tencent 2016-04-21 21:34 - 2016-04-21 21:35 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\Tencent 2016-04-21 21:34 - 2016-04-21 21:34 - 00087864 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys 2016-04-21 21:34 - 2016-04-21 21:34 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2016-04-21 21:34 - 2016-04-21 21:34 - 00000000 ____D C:\Program Files (x86)\Tencent 2016-04-21 21:24 - 2016-04-21 21:25 - 00000920 _____ C:\WINDOWS\SysWOW64\${LOGFILE} 2016-04-21 21:24 - 2016-04-21 21:24 - 00848437 _____ C:\Users\Hammerschmidt\AppData\Roaming\Contraxis.bin 2016-04-21 21:23 - 2016-05-10 23:18 - 00127488 _____ C:\Users\Hammerschmidt\AppData\Roaming\Installer.dat 2016-04-21 21:23 - 2016-05-10 23:18 - 00016992 _____ C:\Users\Hammerschmidt\AppData\Roaming\InstallationConfiguration.xml 2016-04-21 21:23 - 2016-04-21 21:23 - 00201490 _____ C:\Users\Hammerschmidt\AppData\Roaming\inst.lat 2016-04-21 21:22 - 2016-05-10 23:35 - 00000000 _____ C:\Users\Hammerschmidt\AppData\Roaming\1.txt 2016-04-21 21:21 - 2016-04-21 21:28 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\Store 2016-04-21 21:21 - 2016-04-21 21:27 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\WTools 2016-04-21 21:20 - 2016-04-21 21:25 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\Nosibay 2016-04-21 21:18 - 2016-04-21 21:18 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Local\Geckofx 2016-04-21 20:44 - 2016-04-21 20:49 - 191429978 _____ C:\Users\Hammerschmidt\Downloads\IGG-Enter.the.Gungeon.rar 2016-04-17 13:40 - 2016-04-17 13:40 - 00000062 _____ C:\Users\Hammerschmidt\Desktop\Importante - Diagramas de Venn.txt 2016-04-16 12:24 - 2016-04-16 12:24 - 00000720 _____ C:\Users\Hammerschmidt\Desktop\Logica dividir moedas.alg 2016-04-16 12:23 - 2016-04-16 17:04 - 00001372 _____ C:\Users\Hammerschmidt\Desktop\Contador Altura.alg 2016-04-15 23:02 - 2016-04-15 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-04-14 19:07 - 2016-04-14 19:07 - 00068895 _____ C:\Users\Hammerschmidt\Downloads\Aula15(Busca Binaria).pptx 2016-04-13 19:54 - 2016-04-13 19:54 - 00063580 _____ C:\Users\Hammerschmidt\Downloads\Aula13(Busca Sequencial).pptx 2016-04-12 21:04 - 2016-04-12 21:04 - 00002048 _____ C:\Users\Hammerschmidt\Downloads\XYN.EXE ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-05-11 10:08 - 2015-11-07 17:07 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\Skype 2016-05-11 10:06 - 2015-11-02 13:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2169231250-366527036-2133974707-1001 2016-05-11 10:04 - 2015-11-02 16:30 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-11 10:03 - 2016-01-08 09:09 - 00002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-05-11 10:03 - 2016-01-08 09:09 - 00002037 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-05-11 10:03 - 2015-11-02 18:09 - 00002170 _____ C:\Users\Hammerschmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-05-11 10:03 - 2015-11-02 16:30 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-11 10:03 - 2015-11-02 16:30 - 00002342 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-11 10:02 - 2015-11-05 23:32 - 00000000 ___RD C:\Users\Hammerschmidt\Dropbox 2016-05-11 10:01 - 2015-11-07 20:38 - 00000000 ____D C:\Program Files (x86)\Steam 2016-05-11 10:01 - 2015-11-05 23:29 - 00001044 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2016-05-11 10:01 - 2015-11-02 16:30 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-11 10:01 - 2015-11-02 13:43 - 00000000 __SHD C:\Users\Hammerschmidt\IntelGraphicsProfiles 2016-05-11 00:25 - 2014-11-20 20:10 - 01800588 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-11 00:25 - 2014-11-20 19:18 - 00775938 _____ C:\WINDOWS\system32\prfh0416.dat 2016-05-11 00:25 - 2014-11-20 19:18 - 00159030 _____ C:\WINDOWS\system32\prfc0416.dat 2016-05-11 00:25 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Inf 2016-05-11 00:20 - 2015-11-03 15:59 - 00000000 ____D C:\WINDOWS\AutoKMS 2016-05-11 00:20 - 2015-11-02 13:51 - 00000000 ____D C:\Program Files\KMSpico 2016-05-11 00:19 - 2015-11-09 11:55 - 00028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys 2016-05-11 00:18 - 2016-03-01 11:40 - 00000093 _____ C:\HaxLogs.txt 2016-05-11 00:18 - 2015-11-20 09:19 - 00101080 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys 2016-05-11 00:18 - 2015-11-09 11:55 - 00000000 ____D C:\Program Files (x86)\GbPlugin 2016-05-11 00:17 - 2015-11-09 11:55 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin 2016-05-11 00:17 - 2015-11-09 11:55 - 00000000 ____D C:\ProgramData\GbPlugin 2016-05-11 00:17 - 2013-08-22 11:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-11 00:17 - 2013-08-22 10:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-05-11 00:16 - 2015-11-02 13:40 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Roaming\uTorrent 2016-05-10 23:34 - 2015-11-05 23:29 - 00001048 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2016-05-10 21:13 - 2016-03-01 12:46 - 00000000 ____D C:\Users\Hammerschmidt\AndroidStudioProjects 2016-05-10 20:43 - 2016-03-01 11:40 - 00000000 ____D C:\Users\Hammerschmidt\.android 2016-05-10 17:58 - 2015-11-02 16:30 - 00004062 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-10 17:58 - 2015-11-02 16:30 - 00003826 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-10 16:45 - 2015-11-02 18:32 - 00000000 ____D C:\Users\Hammerschmidt\Downloads\Jogos 2016-05-10 00:13 - 2015-11-02 19:04 - 00000000 ____D C:\KMPlayer 2016-05-09 23:54 - 2015-11-02 19:01 - 00846848 ___SH C:\Users\Hammerschmidt\Downloads\Thumbs.db 2016-05-09 23:53 - 2015-11-02 18:39 - 00000000 ___HD C:\Users\Hammerschmidt\Downloads\Vídeos 2016-05-07 18:09 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-07 18:09 - 2013-08-22 12:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-05-07 13:34 - 2016-01-30 09:07 - 00000129 _____ C:\Users\Hammerschmidt\Desktop\Nomes.txt 2016-05-06 17:57 - 2015-11-04 10:10 - 00110592 ___SH C:\Users\Hammerschmidt\Desktop\Thumbs.db 2016-05-06 17:44 - 2015-11-02 17:51 - 00000000 ____D C:\Program Files\Intel 2016-05-06 14:04 - 2016-03-01 12:46 - 00000000 ____D C:\Users\Hammerschmidt\.gradle 2016-05-06 13:47 - 2015-11-02 17:55 - 00000000 ____D C:\Users\Hammerschmidt 2016-05-06 11:40 - 2015-11-06 09:41 - 00001202 _____ C:\Users\Public\Desktop\aTube Catcher.lnk 2016-05-06 11:40 - 2015-11-06 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2016-05-06 11:22 - 2015-11-02 19:33 - 00000000 ____D C:\Users\Todos os Usuários\realtek 2016-05-06 11:22 - 2015-11-02 19:33 - 00000000 ____D C:\ProgramData\realtek 2016-05-05 12:59 - 2015-11-29 09:28 - 00000080 _____ C:\Users\Hammerschmidt\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 2016-04-28 19:42 - 2015-11-03 15:25 - 00000000 ____D C:\Users\Todos os Usuários\Adobe 2016-04-28 19:42 - 2015-11-03 15:25 - 00000000 ____D C:\ProgramData\Adobe 2016-04-28 18:44 - 2015-11-04 11:52 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Local\Eclipse 2016-04-28 18:44 - 2015-11-04 11:04 - 00000000 ____D C:\Users\Hammerschmidt\.p2 2016-04-28 10:07 - 2015-11-26 08:46 - 527064724 _____ C:\WINDOWS\MEMORY.DMP 2016-04-28 10:07 - 2015-11-26 08:46 - 00000000 ____D C:\WINDOWS\Minidump 2016-04-26 17:21 - 2016-03-03 18:37 - 00000000 ____D C:\Users\Hammerschmidt\Downloads\portugol 2016-04-23 10:09 - 2015-12-23 08:52 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-04-23 10:09 - 2015-11-07 17:07 - 00000000 ____D C:\Users\Todos os Usuários\Skype 2016-04-23 10:09 - 2015-11-07 17:07 - 00000000 ____D C:\ProgramData\Skype 2016-04-21 21:47 - 2013-08-22 11:44 - 05108536 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-21 21:25 - 2015-11-02 19:09 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-04-20 11:12 - 2016-03-31 12:38 - 00000000 ____D C:\Users\Hammerschmidt\Downloads\mk 2016-04-15 23:03 - 2015-11-05 23:29 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-04-15 11:05 - 2015-11-05 23:29 - 00000000 ____D C:\Users\Hammerschmidt\AppData\Local\Dropbox ==================== Arquivos na raiz de alguns diretórios ======= 2016-04-21 21:22 - 2016-05-10 23:35 - 0000000 _____ () C:\Users\Hammerschmidt\AppData\Roaming\1.txt 2016-05-10 23:19 - 2016-05-10 23:19 - 6494208 _____ () C:\Users\Hammerschmidt\AppData\Roaming\agent.dat 2016-05-10 23:18 - 2016-05-10 23:18 - 0054272 _____ () C:\Users\Hammerschmidt\AppData\Roaming\ApplicationHosting.dat 2016-05-11 00:07 - 2016-05-03 05:40 - 1443152 _____ ( ) C:\Users\Hammerschmidt\AppData\Roaming\AutoTime_51477.exe 2016-04-21 21:18 - 2016-04-21 21:22 - 0001282 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Bubble Dock.boostrap.log 2016-04-21 21:19 - 2016-04-21 21:21 - 0005762 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Bubble Dock.installation.log 2015-11-03 19:12 - 2015-11-03 19:12 - 0000096 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Camdata.ini 2015-11-03 19:12 - 2015-11-03 19:12 - 0000408 _____ () C:\Users\Hammerschmidt\AppData\Roaming\CamLayout.ini 2015-11-03 19:12 - 2015-11-03 19:12 - 0000408 _____ () C:\Users\Hammerschmidt\AppData\Roaming\CamShapes.ini 2015-11-03 19:12 - 2015-11-03 19:12 - 0004537 _____ () C:\Users\Hammerschmidt\AppData\Roaming\CamStudio.cfg 2016-05-10 23:19 - 2016-05-10 23:19 - 0065568 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Config.xml 2016-04-21 21:24 - 2016-04-21 21:24 - 0848437 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Contraxis.bin 2016-05-10 23:19 - 2016-05-10 23:19 - 0189556 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Flextrax.bin 2016-04-21 21:35 - 2016-04-21 21:35 - 0005120 _____ () C:\Users\Hammerschmidt\AppData\Roaming\GiftBag.db 2016-04-21 21:23 - 2016-04-21 21:23 - 0201490 _____ () C:\Users\Hammerschmidt\AppData\Roaming\inst.lat 2016-04-21 21:23 - 2016-05-10 23:18 - 0016992 _____ () C:\Users\Hammerschmidt\AppData\Roaming\InstallationConfiguration.xml 2016-04-21 21:23 - 2016-05-10 23:18 - 0127488 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Installer.dat 2016-05-10 23:18 - 2016-05-10 23:18 - 0848437 _____ () C:\Users\Hammerschmidt\AppData\Roaming\K-com.bin 2016-05-10 23:18 - 2016-05-10 23:16 - 0948736 _____ () C:\Users\Hammerschmidt\AppData\Roaming\KanCom.exe 2016-05-10 23:18 - 2016-05-10 23:18 - 0072717 _____ () C:\Users\Hammerschmidt\AppData\Roaming\KanCom.tst 2016-05-10 23:18 - 2016-05-10 23:18 - 0126464 _____ () C:\Users\Hammerschmidt\AppData\Roaming\lobby.dat 2016-05-10 23:19 - 2016-05-10 23:19 - 0018432 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Main.dat 2016-05-10 23:18 - 2016-05-10 23:19 - 0005568 _____ () C:\Users\Hammerschmidt\AppData\Roaming\md.xml 2016-05-10 23:19 - 2016-05-10 23:19 - 0126464 _____ () C:\Users\Hammerschmidt\AppData\Roaming\noah.dat 2016-05-10 23:19 - 2016-05-10 23:16 - 0948736 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Qvoity.exe 2016-05-10 23:19 - 2016-05-10 23:19 - 1626777 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Qvoity.tst 2016-04-21 21:21 - 2016-04-21 21:21 - 0000078 _____ () C:\Users\Hammerschmidt\AppData\Roaming\Selection Tools.installation.log 2016-05-10 23:19 - 2016-05-10 23:19 - 0001150 _____ () C:\Users\Hammerschmidt\AppData\Roaming\uninstall_temp.ico 2015-11-03 19:10 - 2015-11-03 19:10 - 0000096 _____ () C:\Users\Hammerschmidt\AppData\Roaming\version2.xml 2016-04-21 21:19 - 2016-04-21 21:19 - 0000097 _____ () C:\Users\Hammerschmidt\AppData\Roaming\WindApp.boostrap.log 2016-04-21 21:21 - 2016-04-21 21:21 - 0000078 _____ () C:\Users\Hammerschmidt\AppData\Roaming\WindApp.installation.log 2015-11-02 19:34 - 2016-05-11 10:01 - 1269133 _____ () C:\Users\Hammerschmidt\AppData\Local\BTServer.log 2016-05-10 23:19 - 2016-05-10 23:19 - 0041472 _____ () C:\Users\Hammerschmidt\AppData\Local\Con-trans.dat 2016-05-10 23:19 - 2016-05-10 23:19 - 0028160 _____ () C:\Users\Hammerschmidt\AppData\Local\Con-trans.exe 2016-05-10 23:19 - 2016-05-10 23:19 - 0000187 _____ () C:\Users\Hammerschmidt\AppData\Local\Con-trans.exe.config 2015-11-06 13:17 - 2015-11-06 14:14 - 0006656 _____ () C:\Users\Hammerschmidt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-02 18:21 - 2015-11-02 18:21 - 0000017 _____ () C:\Users\Hammerschmidt\AppData\Local\resmon.resmoncfg 2016-05-11 00:08 - 2016-05-09 03:45 - 1920000 _____ () C:\ProgramData\msiql.exe 2016-05-11 00:08 - 2016-05-11 00:08 - 1755136 _____ () C:\ProgramData\service.exe 2016-05-11 00:09 - 2016-05-11 00:09 - 0002259 _____ () C:\ProgramData\webad.xml Arquivos para serem movidos ou deletados: ==================== C:\ProgramData\msiql.exe C:\ProgramData\service.exe C:\Users\Todos os Usuários\msiql.exe C:\Users\Todos os Usuários\service.exe Alguns arquivos em TEMP: ==================== C:\Users\Hammerschmidt\AppData\Local\Temp\ads.exe C:\Users\Hammerschmidt\AppData\Local\Temp\appstart.exe C:\Users\Hammerschmidt\AppData\Local\Temp\atcMedia1771462534064.exe C:\Users\Hammerschmidt\AppData\Local\Temp\BingSvc.exe C:\Users\Hammerschmidt\AppData\Local\Temp\bitool.dll C:\Users\Hammerschmidt\AppData\Local\Temp\Browser_V5.6.11466.7_r_4714_(Build1603281525).exe C:\Users\Hammerschmidt\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Hammerschmidt\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Hammerschmidt\AppData\Local\Temp\csrssf.exe C:\Users\Hammerschmidt\AppData\Local\Temp\drm_dyndata_7390006.dll C:\Users\Hammerschmidt\AppData\Local\Temp\drm_dyndata_7400006.dll C:\Users\Hammerschmidt\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpv2go3a.dll C:\Users\Hammerschmidt\AppData\Local\Temp\jre-8u66-windows-au.exe C:\Users\Hammerschmidt\AppData\Local\Temp\jre-8u71-windows-au.exe C:\Users\Hammerschmidt\AppData\Local\Temp\jre-8u73-windows-au.exe C:\Users\Hammerschmidt\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Hammerschmidt\AppData\Local\Temp\MediaPlayer__3137.exe C:\Users\Hammerschmidt\AppData\Local\Temp\msconfig.exe C:\Users\Hammerschmidt\AppData\Local\Temp\nscC853.exe C:\Users\Hammerschmidt\AppData\Local\Temp\patchw32.dll C:\Users\Hammerschmidt\AppData\Local\Temp\qqpcmgr_v10.5.15816.217_70557_Silence.exe C:\Users\Hammerschmidt\AppData\Local\Temp\qqpcmgr_v11.5.17490.219_45464_Silence.exe C:\Users\Hammerschmidt\AppData\Local\Temp\set.exe C:\Users\Hammerschmidt\AppData\Local\Temp\setdebug.exe C:\Users\Hammerschmidt\AppData\Local\Temp\setup.dll C:\Users\Hammerschmidt\AppData\Local\Temp\setup.exe C:\Users\Hammerschmidt\AppData\Local\Temp\Setup__2140_il38.exe C:\Users\Hammerschmidt\AppData\Local\Temp\Setup__2140_il65.exe C:\Users\Hammerschmidt\AppData\Local\Temp\SkypeSetup.exe C:\Users\Hammerschmidt\AppData\Local\Temp\smt_istartsurf.exe C:\Users\Hammerschmidt\AppData\Local\Temp\ui.dll C:\Users\Hammerschmidt\AppData\Local\Temp\Uninstall.exe C:\Users\Hammerschmidt\AppData\Local\Temp\xldl.dll ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-05-08 19:58 ==================== Fim de FRST.txt ============================