Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão:12-06-2016 01 Executado por Ricardo (administrador) em RICARDO-NOTE (12-06-2016 23:58:30) Executando a partir de C:\Users\Ricardo\Desktop Perfis Carregados: Ricardo (Perfis Disponíveis: Ricardo) Platform: Windows 10 Home Single Language Versão 1511 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Edge) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Pokki) C:\Users\Ricardo\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Pokki) C:\Users\Ricardo\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) C:\Users\Ricardo\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) C:\Users\Ricardo\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.20961.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.20961.0_x64__8wekyb3d8bbwe\Video.UI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2016-05-20] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-04-01] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-421144188-1053493234-3588074340-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1728952 2015-06-22] (CyberLink Corp.) HKU\S-1-5-21-421144188-1053493234-3588074340-1001\...\Run: [uTorrent] => C:\Users\Ricardo\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-13] (BitTorrent Inc.) HKU\S-1-5-21-421144188-1053493234-3588074340-1001\...\RunOnce: [Uninstall C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Ricardo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-01] (AVAST Software) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{222002e1-ce0b-4ca4-a526-aa83c8368b62}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/3 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/3 HKU\S-1-5-21-421144188-1053493234-3588074340-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/3 HKU\S-1-5-21-421144188-1053493234-3588074340-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/3 HKU\S-1-5-21-421144188-1053493234-3588074340-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCON14/3 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-01] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-01] (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-17] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2016-06-04] () FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Sem Nome - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-17] [não assinado] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Sem Nome - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-17] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-03-02] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF Chrome: ======= CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Apresentações) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-01] CHR Extension: (Forge of Empires) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2016-04-18] CHR Extension: (Google Docs) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-01] CHR Extension: (Google Drive) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-01] CHR Extension: (Rapport) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-14] CHR Extension: (YouTube) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-01] CHR Extension: (Google Search) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-01] CHR Extension: (Planilhas do Google) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-01] CHR Extension: (HP SimplePass) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-03-02] CHR Extension: (Documentos Google off-line) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Avast Online Security) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-08] CHR Extension: (Visitantes para Facebook) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihjbpjahiibmjdlcgodcnmpelpmilamk [2016-05-12] CHR Extension: (Facebook Flat) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-05-12] CHR Extension: (Skype) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-12] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01] CHR Extension: (Gmail) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-01] CHR Profile: C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Apresentações) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-12] CHR Extension: (Google Docs) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-12] CHR Extension: (Google Drive) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-12] CHR Extension: (Rapport) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-12] CHR Extension: (YouTube) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-12] CHR Extension: (HP SimplePass) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fidikogfgleiaefnjbmnjaplmgknppkg [2016-06-03] CHR Extension: (Documentos Google off-line) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-12] CHR Extension: (Avast Online Security) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-12] CHR Extension: (Skype) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-26] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-12] CHR Extension: (Gmail) - C:\Users\Ricardo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-12] CHR HKU\S-1-5-21-421144188-1053493234-3588074340-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-01] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Serviços (Whitelisted) ======================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [104824 2015-08-07] (Alps Electric Co., Ltd.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-04-01] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-06-04] (WildTangent) [Arquivo não assinado] S3 GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [210288 2016-06-04] (WildTangent, Inc.) [Arquivo não assinado] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company) R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation) R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-31] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] () R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [Arquivo não assinado] R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-05-30] (IBM Corp.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2016-05-20] (Realtek Semiconductor) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-01] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-01] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-01] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-04-01] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-04-01] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-04-01] (AVAST Software) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [259312 2015-07-31] (Intel Corporation) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] () R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184096 2015-06-29] (Intel Corporation) R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3509512 2015-11-05] (Intel Corporation) R1 RapportCerberus_1609041; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609041.sys [1157864 2016-06-09] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-30] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-30] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-30] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-30] (IBM Corp.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2016-05-20] (Realtek ) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-06-12 23:58 - 2016-06-12 23:59 - 00025676 _____ C:\Users\Ricardo\Desktop\FRST.txt 2016-06-12 23:58 - 2016-06-12 23:58 - 00000000 ____D C:\FRST 2016-06-12 23:54 - 2016-06-12 23:58 - 02385408 _____ (Farbar) C:\Users\Ricardo\Desktop\FRST64.exe 2016-06-12 20:41 - 2016-06-12 20:41 - 00209566 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160612 (4).jpe 2016-06-12 20:41 - 2016-06-12 20:41 - 00172509 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160612 (1).jpe 2016-06-12 20:41 - 2016-06-12 20:41 - 00165112 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160612 (3).jpe 2016-06-12 20:41 - 2016-06-12 20:41 - 00105316 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160612 (2).jpe 2016-06-12 20:41 - 2016-06-12 20:41 - 00044287 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160612.jpe 2016-06-12 15:43 - 2016-06-12 15:43 - 00106304 _____ () C:\Users\Ricardo\Downloads\FacebookGamesArcadeSetup.exe 2016-06-12 11:21 - 2016-06-12 11:21 - 00001109 _____ C:\WINDOWS\SysWOW64\nativelog.txt 2016-06-12 08:28 - 2016-06-12 08:30 - 01581839 _____ C:\Users\Ricardo\Desktop\Lição 11.pptx 2016-06-11 19:36 - 2016-06-11 19:37 - 00000000 ____D C:\Users\Ricardo\Desktop\Nova pasta (2) 2016-06-11 13:45 - 2016-06-11 14:00 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\.minecraft 2016-06-11 13:45 - 2016-06-11 13:45 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\java 2016-06-11 13:43 - 2016-06-11 14:51 - 00001474 _____ C:\Users\Ricardo\Downloads\nativelog.txt 2016-06-11 13:43 - 2016-06-11 13:45 - 00000000 ____D C:\Users\Ricardo\Downloads\game 2016-06-11 13:43 - 2016-06-11 13:43 - 01247112 _____ (Mojang) C:\Users\Ricardo\Downloads\Minecraft.exe 2016-06-11 13:43 - 2016-06-11 13:43 - 00000000 ____D C:\Users\Ricardo\Downloads\runtime 2016-06-11 13:42 - 2016-06-11 13:42 - 02314240 _____ C:\Users\Ricardo\Downloads\MinecraftInstaller.msi 2016-06-05 12:15 - 2016-06-05 12:15 - 00000000 ____D C:\WINDOWS\LastGood 2016-06-04 18:51 - 2016-06-04 19:04 - 01726709 _____ C:\Users\Ricardo\Desktop\CULTO.pptx 2016-06-04 18:51 - 2016-06-04 18:51 - 00000165 ____H C:\Users\Ricardo\Desktop\~$CULTO.pptx 2016-06-04 18:27 - 2016-06-04 20:34 - 00116039 _____ C:\Users\Ricardo\Desktop\NO CAMINHO DO MILAGRE.pptx 2016-06-04 18:27 - 2016-06-04 18:27 - 00000165 ____H C:\Users\Ricardo\Desktop\~$NO CAMINHO DO MILAGRE.pptx 2016-06-03 17:16 - 2016-06-03 17:16 - 634993850 _____ C:\WINDOWS\MEMORY.DMP 2016-06-03 17:16 - 2016-06-03 17:16 - 00211788 _____ C:\WINDOWS\Minidump\060316-20359-01.dmp 2016-06-03 17:16 - 2016-06-03 17:16 - 00000000 ____D C:\WINDOWS\Minidump 2016-06-02 11:13 - 2016-06-02 11:13 - 00003905 _____ C:\Users\Ricardo\Desktop\images.jpe 2016-06-02 11:03 - 2016-06-12 17:02 - 00003266 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRicardo 2016-06-02 11:02 - 2016-06-12 17:02 - 00000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRicardo.job 2016-05-29 08:58 - 2016-05-29 08:58 - 00000165 ____H C:\Users\Ricardo\Desktop\~$lbjlio9-conflitosfamiliares-160424150342.pptx 2016-05-28 23:50 - 2016-05-28 23:53 - 01535744 _____ C:\Users\Ricardo\Desktop\lbjlio9-conflitosfamiliares-160424150342.pptx 2016-05-28 02:36 - 2016-05-28 02:37 - 17142165 _____ C:\Users\Ricardo\Downloads\EU VIREI GAY PARÓDIA Jorge Mateus - Sosseguei.mp4 2016-05-26 12:49 - 2016-05-26 12:51 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2016-05-23 23:27 - 2016-05-23 23:27 - 00000000 ___RD C:\Users\Ricardo\3D Objects 2016-05-22 22:39 - 2016-05-22 22:39 - 00089352 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160522.jpe 2016-05-22 12:12 - 2016-05-22 12:12 - 00215127 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160515 (2).jpe 2016-05-22 12:12 - 2016-05-22 12:12 - 00176655 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160515 (1).jpe 2016-05-22 12:12 - 2016-05-22 12:12 - 00173348 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160515 (3).jpe 2016-05-22 12:12 - 2016-05-22 12:12 - 00170832 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160515.jpe 2016-05-22 12:12 - 2016-05-22 12:12 - 00165070 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160515 (4).jpe 2016-05-20 19:30 - 2016-05-20 19:29 - 00886528 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys 2016-05-20 19:30 - 2016-05-20 19:29 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2016-05-20 19:26 - 2016-05-20 19:24 - 35222128 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2016-05-20 19:26 - 2016-05-20 19:24 - 02918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 02702552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2016-05-20 19:26 - 2016-05-20 19:24 - 01749208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 01413776 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 01310936 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 01104040 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00943784 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00734376 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00454288 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00369296 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00329360 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00329360 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll 2016-05-20 19:26 - 2016-05-20 19:24 - 00250536 _____ (TODO: ) C:\WINDOWS\system32\slprp64.dll 2016-05-20 19:26 - 2016-05-20 19:23 - 01576976 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll 2016-05-18 21:14 - 2016-05-18 21:02 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll 2016-05-18 20:13 - 2016-05-18 20:14 - 00000798 _____ C:\Users\Ricardo\Desktop\ckfiles.txt 2016-05-18 20:01 - 2016-05-18 20:02 - 00468480 _____ () C:\Users\Ricardo\Desktop\CKScanner.exe 2016-05-18 19:41 - 2016-05-18 19:41 - 00000000 ____D C:\Users\Todos os Usuários\Intel.sav 2016-05-18 19:41 - 2016-05-18 19:41 - 00000000 ____D C:\ProgramData\Intel.sav 2016-05-17 21:40 - 2016-05-17 21:40 - 00132349 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160517.jpe 2016-05-17 21:40 - 2016-05-17 21:40 - 00108124 _____ C:\Users\Ricardo\Downloads\WhatsApp-Image-20160517 (1).jpe 2016-05-17 21:08 - 2016-05-17 21:08 - 00020115 _____ C:\ZA-Scan.txt 2016-05-17 21:02 - 2016-05-17 21:02 - 00000000 ____D C:\zoek_backup 2016-05-17 20:59 - 2016-05-17 21:02 - 01370112 _____ C:\Users\Ricardo\Desktop\ZA-Scan.exe 2016-05-17 20:54 - 2016-06-09 13:15 - 00002277 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-17 20:54 - 2016-06-09 13:15 - 00002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-17 20:51 - 2016-06-12 23:07 - 00001102 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-17 20:51 - 2016-06-12 22:07 - 00001098 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-17 20:51 - 2016-05-17 21:02 - 00004160 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-17 20:51 - 2016-05-17 21:02 - 00003928 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-17 20:49 - 2016-05-17 20:50 - 00987728 _____ (Google Inc.) C:\Users\Ricardo\Downloads\ChromeSetup.exe 2016-05-15 21:26 - 2016-05-15 21:26 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-05-15 01:05 - 2016-05-15 01:12 - 00233758 _____ C:\Users\Ricardo\Desktop\LIÇÃO 7 - O PAPEL DA ESPOSA.pptx 2016-05-15 01:04 - 2016-05-15 01:12 - 00214062 _____ C:\Users\Ricardo\Desktop\LIÇÃO 6 - O PAPEL DO MARIDO.pptx 2016-05-14 19:21 - 2016-05-22 09:12 - 00000000 ____D C:\Users\Ricardo\Desktop\Nova pasta 2016-05-14 18:42 - 2016-05-14 18:47 - 52626998 _____ C:\Users\Ricardo\Downloads\C.e.Q-Q.E.Q.A.Pb tudodownloadsgospel.net.rar 2016-05-13 23:49 - 2016-05-13 23:49 - 00000000 ____D C:\Program Files\CCleaner 2016-05-13 21:40 - 2016-05-13 21:40 - 00000000 ____D C:\Program Files\Realtek 2016-05-13 21:40 - 2016-05-13 21:40 - 00000000 ____D C:\Program Files\Apoint2K 2016-05-13 21:39 - 2016-05-18 19:39 - 00000000 ____D C:\Program Files\Intel 2016-05-13 21:32 - 2016-05-13 21:33 - 00000000 ____D C:\Windows.old 2016-05-13 21:21 - 2016-05-13 21:54 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-05-13 21:21 - 2016-05-13 21:21 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-05-13 21:21 - 2016-05-13 21:21 - 00000000 ____D C:\Program Files\MSBuild 2016-05-13 21:21 - 2016-05-13 21:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-05-13 21:21 - 2016-05-13 21:21 - 00000000 ____D C:\inetpub ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2016-06-12 22:11 - 2016-05-13 21:42 - 02014294 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-12 22:11 - 2016-02-13 14:31 - 00854394 _____ C:\WINDOWS\system32\prfh0416.dat 2016-06-12 22:11 - 2016-02-13 14:31 - 00183788 _____ C:\WINDOWS\system32\prfc0416.dat 2016-06-12 22:11 - 2015-10-30 04:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-12 22:10 - 2016-03-01 15:38 - 00000000 ____D C:\Users\Ricardo\AppData\Local\SweetLabs App Platform 2016-06-12 22:09 - 2016-03-01 16:00 - 00000000 ____D C:\Users\Ricardo\Documents\Youcam 2016-06-12 22:06 - 2016-03-01 15:39 - 00000000 __SHD C:\Users\Ricardo\IntelGraphicsProfiles 2016-06-12 22:05 - 2016-05-13 21:40 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-06-12 22:04 - 2016-02-13 14:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-12 21:05 - 2016-03-01 16:11 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C8486B06-C2A1-47F9-8200-4BCBCC570EB2} 2016-06-12 15:21 - 2016-03-08 10:10 - 00000000 ____D C:\Users\Ricardo\AppData\Local\ElevatedDiagnostics 2016-06-12 13:32 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-12 11:21 - 2016-03-01 15:39 - 00000000 ____D C:\Users\Ricardo\AppData\Local\VirtualStore 2016-06-12 11:20 - 2016-04-01 16:46 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-06-12 11:19 - 2016-05-13 21:43 - 00000000 ____D C:\Users\Ricardo 2016-06-11 12:53 - 2015-10-30 04:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-09 00:06 - 2016-03-14 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer 2016-06-05 12:15 - 2015-05-07 12:15 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-06-04 10:50 - 2015-05-07 12:28 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2016-06-03 15:32 - 2016-03-01 16:47 - 00000000 ____D C:\nQuestor 2016-05-30 17:04 - 2016-03-14 20:55 - 00470056 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys 2016-05-30 17:04 - 2016-03-14 20:55 - 00215560 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys 2016-05-27 18:02 - 2016-03-02 15:11 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-05-23 18:16 - 2016-05-13 22:42 - 00002425 _____ C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-05-23 18:16 - 2016-03-02 14:53 - 00000000 ___RD C:\Users\Ricardo\OneDrive 2016-05-20 22:11 - 2015-10-30 04:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-20 21:39 - 2016-05-13 21:40 - 00005691 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip 2016-05-20 19:30 - 2015-05-07 12:14 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-05-20 19:29 - 2014-03-31 22:07 - 00000000 ____D C:\SWSetup 2016-05-20 19:28 - 2015-05-07 12:15 - 00000000 ___HD C:\Program Files (x86)\Temp 2016-05-20 19:27 - 2016-05-13 21:40 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-05-20 19:24 - 2016-03-02 14:41 - 04514008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2016-05-20 19:24 - 2016-03-02 14:41 - 03234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2016-05-20 19:24 - 2016-03-02 14:41 - 02930904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll 2016-05-20 19:24 - 2016-03-02 14:41 - 00184688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2016-05-18 19:59 - 2016-04-08 16:38 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\uTorrent 2016-05-18 19:53 - 2015-10-30 03:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-05-18 19:43 - 2015-05-07 12:13 - 00000000 ____D C:\Users\Todos os Usuários\Intel 2016-05-18 19:43 - 2015-05-07 12:13 - 00000000 ____D C:\ProgramData\Intel 2016-05-18 19:42 - 2016-04-01 17:08 - 00000000 ____D C:\Program Files\Common Files\Intel 2016-05-18 19:42 - 2016-02-13 14:55 - 00000000 ____D C:\Users\Administrador 2016-05-18 19:42 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default.migrated 2016-05-18 19:41 - 2016-04-01 17:08 - 00000000 ____D C:\Program Files (x86)\Cisco 2016-05-18 19:41 - 2015-05-07 12:10 - 00000000 ____D C:\Program Files (x86)\Intel 2016-05-18 19:08 - 2015-05-07 12:20 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache 2016-05-18 19:08 - 2015-05-07 12:20 - 00000000 ____D C:\ProgramData\Package Cache 2016-05-17 22:20 - 2016-03-14 10:36 - 00000000 ____D C:\Users\Ricardo\Documents\_PORTAL NO ALEGRETE 2016-05-17 20:31 - 2016-03-04 16:18 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-17 20:16 - 2016-03-04 16:17 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-17 19:44 - 2016-03-01 16:53 - 00000000 ___RD C:\Users\Ricardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Questor 2016-05-17 19:44 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-05-17 19:44 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-05-17 19:44 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-05-17 19:44 - 2015-10-30 03:28 - 00000000 ____D C:\WINDOWS\servicing 2016-05-17 19:44 - 2014-05-13 19:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard 2016-05-17 19:43 - 2016-03-31 20:49 - 00000000 ____D C:\Users\Ricardo\AppData\Roaming\WildTangent 2016-05-17 19:43 - 2016-03-01 16:53 - 00000000 ___RD C:\Users\Ricardo\Desktop\Questor 2016-05-17 19:42 - 2015-05-07 12:28 - 00000000 ____D C:\Users\Todos os Usuários\WildTangent 2016-05-17 19:42 - 2015-05-07 12:28 - 00000000 ____D C:\ProgramData\WildTangent 2016-05-17 19:19 - 2015-10-30 04:24 - 00000000 ____D C:\WINDOWS\registration 2016-05-16 23:05 - 2016-03-01 16:11 - 00000000 ____D C:\Program Files (x86)\Google 2016-05-14 14:18 - 2016-03-01 15:39 - 00000000 ____D C:\Users\Ricardo\AppData\Local\Packages 2016-05-14 00:00 - 2016-05-13 21:36 - 00000000 ___DC C:\WINDOWS\Panther 2016-05-13 22:23 - 2015-05-07 12:10 - 00000000 ____D C:\Intel 2016-05-13 22:11 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows NT 2016-05-13 21:47 - 2014-05-13 19:16 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-05-13 21:31 - 2016-02-13 14:44 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-13 21:31 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-05-13 21:31 - 2015-10-30 04:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-05-13 21:01 - 2016-02-13 15:51 - 00000000 ___HD C:\$WINDOWS.~BT ==================== Arquivos na raiz de alguns diretórios ======= 2016-05-12 20:00 - 2016-05-12 20:00 - 0001309 _____ () C:\Users\Ricardo\AppData\Roaming\Bubble Dock.boostrap.log 2016-05-12 20:00 - 2016-05-12 20:00 - 0000097 _____ () C:\Users\Ricardo\AppData\Roaming\WindApp.boostrap.log Alguns arquivos em TEMP: ==================== C:\Users\Ricardo\AppData\Local\Temp\{EEE98463-07EF-4AF2-8E93-FBA6D3E133E7}-51.0.2704.84_50.0.2661.102_chrome_updater.exe ==================== Bamital & volsnap ================= (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2016-06-11 14:55 ==================== Fim de FRST.txt ============================